Why this notice
This page describes how PhraseExpander processes the personal data of users visiting its website.
This information note is provided in compliance with art. 13 of the Italian decree-law no. 196/2003 – Personal Data Protection Code and articles 13 and 14 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), to those who interact with the web services of PhraseExpander through electronic access to the address https://www.phraseexpander.com/, corresponding to the home page of the website of PhraseExpander.
Owner and data controller
Andrea Nagar – Via Marco Polo 22, 10129 Torino – Italy
Data owner contact email: firstname.lastname@example.org
The data owner does not intend to transfer personal data to a third country or international organization, different from EU member States.
Types of data collected
Among the types of Personal Data that the owner and data controller collects, by itself or through third parties, there are: first name, last name, email address, mailing address, phone number, credit card information, cookies and usage data.
The Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using PhraseExpander.
Users are responsible for any third-party Personal Data obtained, published or shared through PhraseExpander and confirm that they have the third party’s consent to provide the Data to the Owner.
Orders and Financial Information
Credit / Debit card numbers and data are not stored by phraseexpander.com
Ordering information is accepted on a Secure Order Processing page. Details will be encrypted by 256-bit industry-standard Secure Sockets Layer (SSL) technology to provide encryption of personal information such as name, address and credit card details.
Downloads, feedback forms and e-mail addresses
Providing a valid e-mail address is necessary in order to download the trial version of the software product and to purchase the software product after the trial version.
Supplying a valid phone number is optional: however, failure to provide it may imply the impossibility to obtain the requested contact.
Cookies are small files that a site or its service provider transfers to users’ computers hard drive through Web browsers (if allowed) that enables the sites or service providers systems to recognize users’ browser and capture and remember certain information.
No personal data of the users is acquired on the subject by this site.
Use of the so-called session cookies (which are not stored in a persistent manner on the user’s computer and are automatically removed when the browser is closed) includes, but is not limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary for allowing a safe and efficient site exploration.
Session cookies used in this site may be processed by third party softwares and technologies potentially capable of (partially) profiling users’ surfing activity in accordance with third parties’ own privacy policies.
Mode and place of processing the data
Methods of processing
The Data Owner processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
In addition to the Data Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner.
The updated list of these parties may be requested from the Data Owner at any time.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which the Owner is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
- processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract
The Data are processed at the Data Owner’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Owner.
The Data are kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Purpose of data processing
Users’ personal data are collected to allow PhraseExpander to provide its services, as well as for the purposes indicated below and using the following services:
Contacting the user
“Contact us” contact form
The user, by filling out the “Contact us” contact form with his/her personal data, agrees to the use of same to reply to the user’s requests for information, quotations, or of any other nature as indicated in the form.
Personal data collected: last name, first name, e-mail address, and other various types of data.
Interaction with social networks and external platforms
This kind of service allows interaction with social networks, or with other external platforms, directly from the pages of this site.
The interactions and information acquired by this site are subject to the user’s privacy settings related to each social network.
In case an interaction service with the social networks is installed, such service could collect traffic data related to the pages on which it is installed, even if the user does not use the service.
Some software applications may allow the Data Owner to monitor and analyze the traffic data with the purpose of tracking the user’s behavior. PhraseExpander may contract with third-party service providers in order to better understand its site visitors.
Any collected information may be used to improve PhraseExpander website and customer service, to administer a contest, promotion, survey or other site feature, to send periodic emails.
Detailed unsubscribe instructions are included at the bottom of each email, in case any subscriber would like to unsubscribe from receiving future e-mails.
No credit information supplied by customers in the purchasing process is available to PhraseExpander.
PhraseExpander implements effective security measures designed to maintain the safety of personal data and sensitive information eventually provided by its users on a voluntary basis including, but not limited to, the use of a secure server.
Optional disclosure of data
Apart from what was specified above, users may disclose other personal data when filling in the PhraseExpander contact forms or sending messages to PhraseExpander e-mail addresses.
For the reason of completeness it is important to mention that in some cases (not within the ordinary management of this site) the Authorities may request under current Italian and European legislation, for the purpose of monitoring the processing of personal data. In such event, the reply to such request is mandatory; any failure to do so shall result in an administrative sanction.
User’s rightsUsers may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
- Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority. The Italian supervisory authority is the following: Italian Data Protection Authority, Piazza di Monte Citorio 121, 00186 Roma, http://www.garanteprivacy.it/web/guest/home_en
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
This policy was last modified on May 23rd, 2018