PRIVACY POLICY OF “Rating Hunter”
Dear Interested Party, “Rating Hunter”. has great respect for the privacy of Users.
The data that may be communicated through the Site will be treated with the utmost care and with all the tools necessary to ensure their security, in full compliance with current legislation placed to protect the confidentiality of data. We wish to inform you that the “European Regulation 2016/679 on the Protection of Individuals with regard to the Processing of Personal Data and on the free movement of such data” (henceforth “Regulation” or “GDPR”) provides for the protection of individuals with regard to the processing of data of a personal nature as a fundamental right. Therefore, pursuant to Article 13 of the GDPR, we would like to inform you of the following.
“Rating Hunter” offers its users a software platform called “Rating Hunter”, accessible through the website of the same name which, through a series of features and interactions with external providers, allows Customers to:
(a) Centrally manage the reviews of their end customers, also selecting a carousel of the best reviews that they can display on their landing pages;
“Rating Hunter”, in accordance with the GDPR Regulations, acts as:
– Data Controller, with respect to the data of Users who own businesses of various kinds and/or further business activities (hereinafter “Merchants”) and browsing data, in particular the data referred to in points a) and b) of Article 2 of this Policy.
– Processor for the data of end customers (i.e. those who review the Merchant’s business) conferred by Merchants in the context of requesting, creating and organizing reviews. The processing carried out by “Rating Hunter” in relation to these categories of data is governed by the “Data Processor Addendum” pursuant to Article 28 of the Regulations. The Addendum constitutes an integral part of the contractual relationship between “Rating Hunter” and The Merchant, together with this notice and the terms and conditions.
“Rating Hunter” does not use the data provided by Merchants for its own purposes, such as marketing, market research, communication to third parties, or dissemination. It is understood that Merchants ensure that end customers have been adequately informed that their data will also be processed through external data processors and, in particular, by “Rating Hunter”.
“Addendum” is the document that governs the relationship between the Merchant and “Rating Hunter” regarding privacy. “Personal Data” means any information concerning an identified or identifiable natural person, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
“Rating Hunter” is the company – Mail: “hello@ratinghunter.com”
“Processor” the natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Controller.
“Controller” the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including security measures.
“User(s)” and/or “Customer(s)” “Data Subject(s)” the individual who visits the website “www.ratinghunter.com” and uses the service, i.e. the one to whom the Personal Data refers who, unless otherwise specified, coincides with the Data Subject.
The Controller collects directly from its Users, Personal Data and other information as part of the online registration processes on the website “www.ratinghunter.com”, in order to provide the services requested by Users (typically these are data such as e-mail address, first name, last name, contact telephone number of a contact person).
The subject of processing may be personal data of Users such as:
“Rating Hunter” will process personal data necessary to register properly on the site to allow access to the platform and the use of related services. This data is provided directly by the Data Subject and may include personal data and contact details, including but not limited to first name, last name, date of birth, e-mail address and telephone number. “Rating Hunter” will also process data necessary for the payment of non-free services by the registered User, including any billing information. If the User authorizes it, or through the use of cookies, “Rating Hunter” may store authentication or payment and billing data, which the User may delete at any time and will be used only for the purposes of contract performance.
The computer systems and applications dedicated to the operation of the “Rating Hunter” website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used by Users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.. ) and other parameters regarding the operating system, browser and computer environment used by the user, name of the internet service provider (ISP), date and time of visit, web page of the visitor’s origin (referral) and exit.
The voluntary and explicit sending of electronic mail to the addresses indicated in the different access channels of this site does not imply a request for consent and involves the acquisition of the sender’s address and data, necessary to respond to requests, as well as any other personal data included in the message. These data are understood to be voluntarily provided by the User at the time of the request for the provision of the service. By entering a comment or other information, the User expressly accepts this document, and in particular agrees that the contents entered may also be freely disseminated to third parties. On the contrary, specific summary information will be reported or displayed on the pages of the site set up for particular services on request (forms). The user must therefore explicitly consent to the use of the data in these forms in order to send the request.
“Rating Hunter” processes the data provided by Merchants as a data processor and in accordance with the requirements contained in the Addendum. In particular, “Rating Hunter” guarantees to comply with the instructions of the Merchant and not to use such data for its own purposes, such as marketing, market research, communication to third parties or dissemination.
The site uses cookies. The data collected through cookies may be used to access parts of the site or for statistical purposes or to make the browsing experience more pleasant and more efficient in the future, trying to assess user behavior and to modify the proposition of offering content according to their behavior. For more information visit here “www.ratinghunter.com.”
The site also incorporates/incorporates social media plug-ins and/or buttons to enable easy sharing of content on your favorite social networks. Such plug-ins are programmed not to set any cookies when you access the page, to safeguard your privacy. Eventually cookies are set, if so provided by the social networks, only when the user makes actual and voluntary use of the plug-in. Keep in mind that if the user browses while being logged into the social network then he/she has already consented to the use of cookies conveyed through this site at the time of registration with the social network. The collection and use of information obtained by means of the plug-in is governed by the respective privacy policies of the social networks, to which please refer.
Personal data held by the Owner are collected directly from the Data Subject. End-customer data are uploaded by Merchants as part of the use of services.
The processing of Users’ data has the following purposes and legal basis:
Purpose: authentication and use of the site. Legal basis: contractual fulfillment.
Purpose: access to certain purposes of the service. Legal basis: contractual fulfillment.
Purpose: to speed up the purchase process. Without consent, nothing will be stored. Legal basis: consent of the User.
Purpose: Communications for marketing, promotional and/or commercial purposes. Legal basis: consent of the User.
Purpose: to send e-mail about news and topics of interest. Legal basis: consent of the User.
Purpose: updates on the Owner’s products and services. Legal basis: legitimate interest of the Owner.
Purpose: Use of aggregated and anonymous data to improve the service. Legal basis: legitimate interest of the Owner.
Purpose: To detect, prevent or stop fraudulent activities on the site. Legal basis: legitimate interest of the Owner and legal obligation.
Legal basis: legal obligation.
Purpose: to comply with legal obligations. Legal basis: legal obligation.
Purpose: to ensure and improve the web browsing experience. Legal basis: the legitimate interest of the Data Controller.
Purpose: is the purpose inherent in the request to enter that data. Legal basis: consent of the User.
The provision of personal data for the purposes referred to in point 1 and 2 of this article is necessary to allow you to register on the platform and to conclude the contract. Therefore, in the absence of the aforementioned data, you will not be able to use our services.
Consent for the purposes referred to in point 3, 4 and 5 is optional and does not entail any negative consequences for Users’ experience.
To the extent relevant to the stated processing purposes, Users’ data may be disclosed to partners, consulting companies, private companies, third-party technical service providers, hosting providers, IT companies, communications agencies.
If the suppliers process personal data on behalf of the Data Controller, they will be appointed as data processors ex art. 28 GDPR.
The “Rating Hunter” website may share some of the data collected with services located outside the European Union area. In particular, through social plug-ins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of the EU Regulation 2016/679, so it does not require specific authorizations.
According to the principle of storage limitation (art.5, GDPR), the verification of the obsolescence of the stored data in relation to the purposes for which they were collected is carried out periodically.
In particular:
(a) automatically collected data are processed, for the time strictly necessary, for the sole purpose of
derive statistical information on the use of the site and to check its regular operation,
also for security purposes or according to the deadlines stipulated by legal regulations;
legal regulations.
The Data Subject always has the right to request from the Data Controller access to his/her data, rectification or erasure of data, restriction of processing or the possibility to object to processing, to request data portability, to revoke consent to processing by asserting these and other rights under the GDPR by simple communication to the Data Controller. The Data Subject may also lodge a complaint with a supervisory authority.
The Interested Party may forward these requests to the following e-mail address: “YOUR EMAIL”
10.DATA PROCESSING METHODS.
The personal data provided by the Users will be subject to processing operations in compliance with the aforementioned regulations and the obligations of confidentiality that inspire the activity of the Data Controller. The data will be processed both with computer tools and on paper media as well as on any other type of suitable media, in compliance with the adequate security measures pursuant to Article 5 par. 1 letter F of the GDPR.
11.FINAL NOTES AND WAY OF UPDATING
The information is provided only for the “Rating Hunter” website and not also for other websites that may be consulted by the user through links contained in this site. The policy may be subject to change due to the introduction of new legislation in this regard, therefore the User is invited to periodically check the Privacy Policy in order to be updated on the latest legislative changes.
ADDENDUM DATA CONTROLLER
APPOINTMENT OF DATA CONTROLLER
The User (hereinafter “Owner” or “Customer” or “Data Controller”),
by express acceptance of the Terms and Conditions of “Ratinghunter” (hereinafter “Provider” or the “Data Processor”), accepts this addendum on the processing of personal data, which constitutes an integral part of the relationship between the Parties. This Addendum is signed pursuant to Article 28 of Regulation 679/2016 and governs the manner in which the Data Processor will process personal data on behalf of the Data Controller. Data Controller and Data Processor, may also be referred to individually as the “Party” and jointly as the “Parties”.
WHEREAS.
-the processing operations of personal data carried out by the Data Controller are listed in the register of processing operations kept by the Data Controller;
-for some processing operations the Data Controller makes use of the cooperation of the Supplier;
-the Supplier, as part of the services offered to the Data Controller, as better detailed in the specific contract in place, may carry out personal data processing on behalf of the Data Controller;
-the Data Controller and the Provider have signed an agreement for the provision of an integrated web and tablet for creating, managing and sending review requests (“Service”), of which this document is an integral part;
-with reference to the Service made available by the Provider, the latter may process data personal data owned by the Controller and, more specifically, common data (first name, last name, contact details) of the Holder’s end customers;
-the purpose of the processing is to provide a technological solution that allows the Holder to be able to take advantage of the Service;
-in accordance with Article 28.1 of Regulation (EU) 2016/679, General Data Protection Regulation (henceforth “GDPR”), “where a processing is to be carried out on behalf of the Controller of the Processing, the latter shall only use data controllers.”
-the Data Controller has verified that the Provider, again pursuant to Article 28.1 of the GDPR, presents “sufficient guarantees to put in place appropriate technical and organizational measures so that the processing meets the requirements of the Regulation and ensures the protection of the rights of the data subject.”
The Data Controller appoints the Provider as the “PERSONAL DATA PROCESSING RESPONSIBLE” (henceforth also simply “Processor” or “Processor”), with respect to the personal data that Supplier may process in the performance of its activities and those that may be entrusted to Supplier in the future.
In accordance with the GDPR, the activity performed by the Processor will be governed as follows:
1. DURATION. This appointment shall be effective for the duration of the Processor’s relationship with the Controller and shall be deemed automatically revoked in the event of termination of the same.
2. PURPOSE OF THE PROCESSING. The data that are entrusted to the Manager, as part of the activities entrusted to him/her for the use of the Service, may be processed only for the purposes indicated in the mandate entrusted and/or in the contract entered into with the Owner. In particular, the data will be processed by the Provider only for the purpose of being able to guarantee the provision of the Service to the Owner who, in any case, will remain the only entity obliged to have to communicate to the end customer the purposes and obtain consent to the processing, as well as the communication of the data to third parties.
3. METHODS OF PROCESSING. The data may be processed on paper or digital media, depending on the activities carried out, provided that the tools are properly identified and inventoried by the Manager and systematically communicated to the Owner for his approval. In particular, the data will be processed by means of the “Ratinghunter” software platform.
4. DUTIES AND TASKS OF THE RESPONSIBLE PERSON. The Data Processor, as stipulated in Article 28 of the GDPR, undertakes to:
(a) process the entrusted personal data only on the documented instruction of the Controller, even in case of transfer of personal data to a third country, unless otherwise provided by law. In this case, the Responsible Party is still obliged to inform the Controller;
(b) ensure that the persons authorized to process have committed to confidentiality, or have an appropriate legal obligation of confidentiality. To this end, the Responsible Party to periodically verify that the persons in charge: (i) carry out the processing in a lawful and correct manner, exclusively for the purpose of providing the services covered by the contractual relationship between the Parties; (ii) process personal data solely for purposes inherent to the tasks assigned to them; (iii) do not communicate or disseminate personal data without the prior authorization of the Data Controller; (iv) verify, in case of even temporary interruption of work, that the processed personal data are not accessible to unauthorized third parties; (v) guard and keep authentication credentials strictly confidential; (vi) comply with the security measures required by the Data Controller and/or the Data Controller;
(c) ensure adequate and proven training for persons authorized to process, pursuant to Article 29 of the GDPR;
(d) take, pursuant to Article 32 of the GDPR, all appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art and the costs of implementation, as well as the nature, object, context and purposes of the processing, as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons, so as to minimize the risks of destruction or loss, including accidental loss of the data themselves, of unauthorized access or processing that is not permitted or not in accordance with the purposes of collection
e) to inform the Data Controller, in accordance with Article 28 GDPR, if it is necessary to use another Data Processor;
f) assist the Controller in complying with the legal obligations under Articles 32 (Security of Processing), 33 (Notification of a Personal Data Breach to the Supervisory Authority), 34 (Notification of a Personal Data Breach to the Data Subject), 35 (Data Protection Impact Assessment), 36 (Prior Consultation), taking into account the nature of the processing and the information available to the Controller.
g) provide for the updating, modification, rectification of personal data if this is necessary in relation to the purposes of the processing, and delete or return promptly, upon the request of the Controller, all personal data and existing copies of which the Responsible is in possession without being able to retain any copies, unless expressly agreed otherwise or provided for by law. In any case, delete and/or destroy, as required by law (such as “wiping” for digital data), personal data when the purposes for which the data were collected and processed have been achieved in the absence of a legal obligation or the need for further retention;
h) allow the Controller to exercise the power of control under Article 28 GDPR: in this context, make available to the Controller all information necessary to demonstrate compliance with the obligations of this Addendum and to demonstrate compliance with legal obligations and allow verification activities (Audit), carried out by the Controller or by third parties commissioned by the Controller, in order to ascertain the observation of these data processing methods and compliance with legal requirements. The Data Controller shall have the right to verify, with at least 20 (twenty) working days’ notice, also at the Data Controller’s premises, the compliance of the procedures adopted by the latter with what is indicated in this Addendum or required by law;
i) undertake to comply with the General Provision of the Guarantor for the Protection of Personal Data of November 27, 2008 “Measures and expedients prescribed for the holders of data processing carried out with electronic instruments in relation to the attributions of the functions of system administrator” as amended by the Order of the Guarantor of June 25, 2009 “Amendments to the order of November 27, 2008 on prescriptions to the holders of processing carried out with electronic tools with regard to the attributions of system administrator and extension of the time limits for their fulfillment,” as may be amended or replaced by the same Guarantor, and to any other relevant measure of the Authority;
j) to cooperate for the purposes of the exact application of the law, including through periodic meetings and to act within the scope and limits of their duties, autonomously, but always in accordance with the directives established by the Controller.
5. SUPERVISION. The Data Controller may supervise the punctual compliance with the instructions given herein to the Data Processor and will verify the continuation of the requirements of experience, capacity and reliability that influenced the designation of the Data Processor.
6. VIOLATION. The Processor is hereby made aware that if he/she violates the provisions of the law by independently determining the purposes and means of the Processing, or disregarding the instructions received from the Controller, he/she will be considered the Controller of the Processing in question;
7. ASSISTANCE TO THE CONTROLLER IN CASE OF A BREACH. In the event of a personal data breach, the Provider agrees to inform the Controller without undue delay from the time it has knowledge of the breach. The Supplier shall assist the Holder by initiating a preliminary analysis aimed at collecting data concerning the anomaly and compiling an event sheet, containing all information collected and at that time available, such as, but not limited to:
– Date of event, also the presumed date of occurrence of the violation (in which case it should be specified)
– Date and time when knowledge of the violation was obtained;
– Reporting source;
– Type of violation and information involved;
– Description of abnormal event;
– Number of data subjects involved;
– Numerousness of personal information alleged to have been breached;
– Indication of the date, including alleged date, of the breach and when it became
Knowledge;
– Indication of the place where the data breach occurred, also specifying whether it occurred
Occurred as a result of loss of devices or portable media;
– Concise description of the data processing or storage systems involved, with
indication of their location.
8. CONFIDENTIALITY. The Processor agrees to keep strictly confidential and
confidential and to use only for the performance of the obligations under the contract, any information relating to the other Party and/or those involved in the processing of personal data and/or products, services, organization, business or technical strategy received from the other Party or of which come to their knowledge during the execution of the contract related to the Service (hereinafter referred to as “Confidential Information”). The Responsible Party undertakes not to use the Confidential Information outside the purposes envisaged by this agreement, nor to disclose it to parties not envisaged by this agreement, without the written approval of the Owner. The Manager shall take all necessary measures not to disclose or make available in any way the Confidential Information of the Owner and/or interested parties to third parties, and shall in any case be held directly liable to the Owner for any violation by its employees and/or subcontractors of the confidentiality obligations set forth in this article. The provisions of this Article shall not apply or shall cease to apply to those individual pieces of information that the Controller can prove: (i) have already become public knowledge for reasons other than the breach by the Controller itself; (ii) were already known prior to having been received by the Controller; (iii) were disclosed or disclosed in compliance with a lawful order of any authority or by virtue of a legal obligation. Disclosed Confidential Information shall remain the property of the Data Controller. Upon written request by the Owner itself such information shall be returned or destroyed by the Responsible Party.
9. AMENDMENTS AND ADDITIONS. The Parties shall have the right to make such amendments and adjustments to this Agreement as may be necessary at any time, including to comply with any regulatory updates. Notice of any request for amendment will be given to the Manager by registered letter with return receipt or certified e-mail. Following the aforementioned change request, the Manager will have 60 days to withdraw from the agreement. After this period, the changes will be deemed accepted by the Processor. For anything not expressly provided for in this agreement, please refer to the general provisions in force regarding the protection of personal data.
10. APPLICABLE LAWS. In the event of any dispute concerning the validity, interpretation, performance and termination of this Addendum, the Parties agree to seek a fair and amicable settlement among themselves. Should the dispute not be settled amicably, it shall be deemed to fall under the exclusive jurisdiction of the Judicial Authority of the Court of Budapest. For the resolution of any dispute concerning the validity, interpretation, execution and termination of this agreement the Italian Law will be applied.
It is understood that this appointment does not imply any right of the Supplier to any specific compensation and/or indemnity and/or reimbursement arising from this appointment, beyond what is already provided for in the terms and conditions.