Privacy Policy

Owner’s email address: contacts@secreva.com

Types of Data collected

Among the Personal Data collected by secreva.com, independently or through third parties, there are: Cookies, Usage Data, emails and various types of Data.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically when using secreva.com.
Unless otherwise specified, all Data requested by secreva.com is mandatory. If the User refuses to communicate them, it may be impossible for secreva.com to provide the Service. In cases where secreva.com indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operation.
Users who have doubts about which Data is mandatory are encouraged to contact the Owner.
Any use of Cookies – or other tracking tools – by secreva.com or the owners of third-party services used by secreva.com, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the additional purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through secreva.com and guarantees that he or she has the right to communicate or disseminate them, freeing the Owner from any liability towards third parties.

Method and place of processing of the collected data

Treatment methods

The Data Controller adopts appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Owner, in some cases, other parties involved in the organization of secreva.com (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.

Legal basis of the processing

The Owner processes Personal Data relating to the User if one of the following conditions exists:

the User has given consent for one or more specific purposes; Note: in some jurisdictions the Owner may be authorized to process Personal Data without the User’s consent or another of the legal bases specified below, until the User objects (“opt-out”) to this treatment. However, this is not applicable if the processing of Personal Data is regulated by European legislation on the protection of Personal Data;
the processing is necessary for the execution of a contract with the User and/or the execution of pre-contractual measures;
the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
the processing is necessary for the execution of a task of public interest or for the exercise of public powers vested in the Data Controller;
the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

However, it is always possible to request the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on the law, provided for by a contract or necessary to conclude a contract.

Place

The Data is processed at the Owner’s operational offices and in any other place where the parties involved in the processing are located. For further information, contact the Owner.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can refer to the section relating to details on the processing of Personal Data.

The User has the right to obtain information regarding the legal basis of the transfer of Data outside the European Union or to an international organization governed by public international law or constituted by two or more countries, such as for example the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data.

The User can verify whether one of the transfers just described takes place by examining the section of this document relating to details on the processing of Personal Data or request information from the Data Controller by contacting him at the details indicated at the beginning.

Retention period

The Data is processed and stored for the time required by the purposes for which it was collected.

Therefore:

Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of this contract is completed.
Personal Data collected for purposes attributable to the legitimate interest of the Owner will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.

When the processing is based on the User’s consent, the Owner may retain the Personal Data for longer until such consent is revoked. Furthermore, the Owner may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this deadline the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Purpose of the Processing of Collected Data

The User’s Data is collected to allow the Owner to provide its Services, as well as for the following purposes: Statistics, Advertising, Contacting the User, Interaction with social networks and external platforms, Management of addresses and sending of email messages, Remarketing and behavioral targeting, Heat mapping and session recording, Hosting and backend infrastructure, Content and functionality performance testing (A/B testing), Data transfer outside the EU and Display of content from external platforms.

To obtain further detailed information on the purposes of the processing and on the Personal Data concretely relevant for each purpose, the User can refer to the relevant sections of this document.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Contact the user

Mailing List or Newsletter (secreva.com)

By registering on the mailing list or newsletter, the User’s email address is automatically added to a contact list to which email messages containing information, including commercial and promotional information, relating to secreva.com can be sent. The User’s email address may also be added to this list as a result of registering on secreva.com or after making a purchase.

Personal Data collected: email.

Management of addresses and sending of email messages

This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User.
These services may also allow the collection of data relating to the date and time of viewing of messages by the User, as well as the User’s interaction with them, such as information on clicks on links included in messages.

Heat mapping and session recording

Heat mapping services are used to identify which areas of a page are subject to cursor passage or mouse clicks in order to detect which of them attract the greatest interest. These services allow you to monitor and analyze traffic data and serve to keep track of the User’s behavior.
Some of these services may record your sessions and make them available for you to view later.

Hotjar Heat Maps & Recordings (Hotjar Ltd.)

Hotjar is a heat mapping and session recording service provided by Hotjar Ltd.
Hotjar respects generic “Do Not Track” headers. This means that the browser can tell the script not to collect any user data. This is a setting that is available in all major browsers. More information on opting out from Hotjar is available here.

Personal Data collected: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service.

Place of processing: Malta – Privacy Policy – Opt Out.

Hosting and backend infrastructure

This type of service has the function of hosting data and files that allow secreva.com to function, allow its distribution and provide a ready-to-use infrastructure to provide specific functions of secreva.com.
Some of these services work through servers that are geographically located in different locations, making it difficult to determine the exact location where Personal Data is stored.

DigitalOcean

Digital Ocean is a hosting and backend service provided by DigitalOcean LLC

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: USA – Privacy Policy. Subject adhering to the Privacy Shield.

Interaction with social networks and external platforms

This type of service allows you to interact with social networks, or other external platforms, directly from the pages of secreva.com.
The interactions and information acquired by secreva.com are in any case subject to the User’s privacy settings relating to each social network.
If an interaction service with social networks is installed, it is possible that, even if Users do not use the service, it collects traffic data relating to the pages on which it is installed.

(Sezioni Facebook/Twitter/Google+/LinkedIn invariati, solo dominio aggiornato dove presente.)

Advertising

…also detected outside of secreva.com.

Google AdSense (Google)
…tracks the use of secreva.com …

Direct Email Marketing (DEM) (secreva.com)

secreva.com uses the User’s Data to send proposals of a commercial nature relating to services and products provided by third parties or not related to the product or service provided by secreva.com.

Personal Data collected: email.

Remarketing and behavioral targeting

This type of service allows secreva.com and its partners to communicate, optimize and serve advertisements based on the User’s past use of secreva.com.

AdWords Remarketing / Facebook Remarketing / Custom Audience / etc.
…connects the activity of secreva.com with the respective advertising networks…

Statistics

Google Analytics
…tracking and examining the use of secreva.com…

Facebook Ads conversion tracking / Google Ads conversion tracking / Twitter / LinkedIn
…actions performed within secreva.com …

Performance testing of content and functionality (A/B testing)

…in relation to changes to the structure, text or any other component of secreva.com.

Transfer of Data outside the EU

Transfer to third countries based on consent (secreva.com)

… the Owner informs the Users and collects their consent through secreva.com …

Viewing content from external platforms

Google Fonts / YouTube Video Widget
…allows secreva.com to integrate such content…

Further information on Personal Data

(Sezione invariata, solo dominio aggiornato dove presente.)

…usage data collected through secreva.com…
…Within the purposes described in this document, secreva.com may use the User’s Personal Data…

How to exercise your rights

To exercise the User’s rights, Users can direct a request to the contact details of the Owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as quickly as possible, in any case within one month.