Privacy Policy for the website www.misterwhat.com administered by FABULABS S.p.A. The original version of this document is in Italian. In the event of any discrepancy between a translated version of this Agreement and the Italian version, the Italian version shall prevail.
This Privacy Policy (“Policy”) for https://www.misterwhat.com (“Site”) describes who we are, what Personal Data we collect on or through the Site, how we obtain and use such information, what are the legal grounds for processing Personal Data, who has access to Personal Data, and what are the rights of the data subjects. Read this Policy carefully.
By visiting the Site, or by using the Service, you accept the privacy practices described in this Policy.
Data subjects have the right to object to the processing of their Personal Data carried out for our legitimate interests or for marketing purposes. Please refer to the section “Rights of the data subjects” for more information.
This Policy is incorporated into, and is subject to, the MisterWhat Terms of Use. Capitalized terms used but not defined in this Policy have the meaning given to them in the MisterWhat Terms of Use.
Fabulabs S.p.a.
Registered address: Galleria Polidoro 7 - 43121 - Parma - Italy
VAT N. IT02531310346
Email:
Fabulabs S.p.a. is the “controller” of the personal data provided by Users and Visitors.
When Users or Visitors use the Service, they may provide, and we may collect Personal Data. Personal data is any information which identifies a person, whether directly (for example name and surname) or indirectly (for example, information about the use of our Services). Visitors and Users may provide us with Personal Data in various ways on the Service. For example, when they register for an Account, use the Service, request that we publish their business listing or send us customer service requests.
We collect the following Personal Data:
3.1 Information provided by Users and Visitors
3.2 “Automatically Collected" Information
We track the use of the Site through cookies and other similar technologies so that we can provide important features and functionality of the Service, monitor the use of the Site and provide a more personalized experience.
This “automatically collected" information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the Visitor or User views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. Please refer to our Cookie Policy for more information.
We also may use these technologies to collect information regarding a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is collected on an aggregate level from all Users and Visitors.
3.3 Information provided by Integrated Services
Visitors and Users may be given the option to access or register for the Service through the use of their username and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of their Google account, or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect with an Integrated Service, Visitors and Users authorize us to access and store their name, email address, age range, gender, country, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy. Visitors and Users should check their privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate. Visitors and Users should review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.
3.4 Information from Other Sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
Information about companies, professionals, associations, when not provided directly by the company and/or professional, is gathered from various public sources, including company websites, professional registers, leaflets, etc. This information is processed for the purposes of publishing the company listings in our directory and providing the best possible service to Users and Visitors.
We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:
4.1 Operations
We use Personal Data to:
4.2 Improvements to the Service
We use the information to:
Should this purpose require MisterWhat to process Personal Data, then the data will only be used in anonymized or aggregated form.
4.3 Cookies and tracking technologies
We use automatically collected information and other information collected on the Service through cookies and similar technologies to:
Please read our Cookie Policy for more information.
We also may use tracking technologies to collect information regarding how Visitors or Users interact with the email messages we send, to get information like the time and day they opened our emails and the type of device they used to open them. We use this information to analyze the effectiveness of our email communication in order to improve it and to provide a better and more personalized service.
4.4 Analytics
We use Google Analytics to measure and evaluate access to and traffic on the Public Area of the Site, and create user navigation reports for our Site administrators. Google operates independently from us and has its own privacy policy, which we strongly suggest Visitors and Users to review. Google may use the information collected through Google Analytics to evaluate Users' and Visitors’ activity on our Site. For more information, see Google Analytics Privacy and Data Sharing.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify Visitors or Users.
4.5 Communications
We use Personal Data to:
4.6 Enquiries, complaints and disputes
We use Personal Information to help us respond to any enquiries or complaints, or deal with any disputes which may arise while we provide our products and services, in the most effective way.
4.7 Fraud prevention and compliance with legal obligations
Under certain circumstances, we use Personal Data to the extent required in order to enable us to comply with our legal obligations, for example to investigate, detect and prevent fraud. This may require us to provide Personal Data to law enforcement agencies or officials, if they request it.
4.8 Internal training
We may use Personal Data for internal training purposes, so that our staff has the skills needed to provide our Visitors and Users with the best possible experience. For example, if a User or Visitor contacts us by email, we may use their email for training purposes to improve our customer support.
4.9 Market research and analysis
We may use Personal Data to better understand the needs of our Users. We may also invite some Users to take part in surveys or market research. If a User accepts our invitation, we will use the feedback to improve our products and services.
4.10 Internal records and accuracy
Like any company, we process Personal Data to administer and maintain our internal records. For example, we process Personal Data to verify that the information we have about a User is accurate.
The General Data Protection Regulation (GDPR) lists several legal grounds for the lawful processing of Personal Data, and requires us to only process Personal Data if we satisfy one or more legal grounds.
We rely on a number of different legal grounds for the processing of Personal Data:
The data subject has given consent to the processing of his or her personal data for one or more specific purposes
In some cases we process Personal Data after obtaining a User’s or Visitor’s consent to do so for the purposes of:
Processing is necessary for the performance of a contract to which the data subject is party
It is necessary for us to process Personal Data, and information about the business that a User represents, for the performance of the contract between us and Visitor/User, and to provide the Service.
Data processing is necessary to:
If a Visitor or User chooses not to give some or all the aforementioned information, this may affect our ability to provide our products and services to them.
Processing is necessary for compliance with our legal obligations
Under certain circumstances, we may process Personal Data to comply with our legal obligations, for example to investigate, detect and prevent fraud.
Processing is necessary for the purposes of our legitimate interests
To consider this as lawful basis for processing, a business must have legitimate interests which are not overridden by individuals' interests, rights or freedoms.
Collecting and processing Personal Data is necessary for our legitimate business interests, which are:
We may process Personal Data based on our legitimate interests except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
We have assessed these aspects carefully and, on balance, we believe that our interests described above are balanced with the fundamental interests, rights or freedoms of the data subjects.
Where we think there is a risk that one of the fundamental interests or freedoms of a Visitor or User may be compromised, we will not process their data unless there is another lawful legal basis for doing so (if we have obtained their consent to the processing or to comply with our legal obligations or if processing is necessary for the performance of a contract with them).
Except as described in this Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without the consent of the applicable Visitor or User. We may disclose information to third parties if a Visitor or User consent to us doing so, as well as in the following circumstances:
6.1 Unrestricted Information
Any information that a User voluntarily chooses to include in a Public Area of the Service, such as a public profile page or business listing, will be available to any Visitor or User who has access to that content.
6.2 Service Providers
We may provide Personal Data to our service providers, who provide us with certain services and act as "processors" of Personal Data on our behalf. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions.
6.3 Law Enforcement
We may disclose Personal Data:
6.4 Change of Ownership
Information about Users and Visitors, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the Personal Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.
In some cases, the Personal Data we collect for the above purposes may be transferred outside the European Economic Area (EEA), and such destinations may not have laws protecting Personal Data to the same extent as in the European Economic Area. Data protection law requires us to ensure that where we or our "processors" transfer Personal Data outside the European Economic Area, it is processed securely and protected from unauthorized access, loss, destruction, unlawful processing, and any type of processing that is not consistent with the purposes outlined in this Policy.
We will comply with GDPR requirements providing adequate protection for the transfer of personal information outside of the European Economic Area (EEA).
The table below lists the third parties to whom we currently disclose Personal Data. The table also explains how these organizations use Personal Data, if they are our "processors" (they process the data on our behalf, and only in line with our instructions), or if they are "controllers" (they use Personal Data for their own purposes, after receiving them). The table indicates if the treatment is performed outside the EEA, and the safeguards that are used to protect Personal Data if this is the case.
This information may be updated periodically.
Recipient |
Why we share Personal Data |
Where Personal Data is processed |
Safeguards that are used to protect Personal Data outside the EEA |
Service providers acting as “Processors” |
|||
OVH |
OVH hosts our data. |
Canada |
The European Commission has so far acknowledged that Canada provides an adequate level of data protection, and that data may be transferred to Canada without any further safeguard being necessary. In other words, transfers to the country in question will be assimilated to data transmissions within the EU. |
SendGrid |
Provides email delivery services. |
SendGrid uses data centers all over the world to provide its services. |
SendGrid's GDPR Data Processing Addendum, signed between Sendgrid and Fabulabs S.p.a., states that: “To the extent that SendGrid processes (or causes to be processed) any Personal Data originating from the EEA in a country that has not been designated by the European Commission as providing an adequate level of protection for Personal Data, the Personal Data shall be deemed to have adequate protection (within the meaning of EU Data Protection Legislation) by virtue of SendGrid's self-certification to the Privacy Shield. SendGrid shall agree to apply the Privacy Shield Principles when processing (or causing to be processed) any EEA or Swiss Personal Data under this Agreement.” The contract also lists a number of additional security measures and GDPR obligations that Sendgrid is subject to under the Agreement. |
|
Monitoring and aggregate analysis of website traffic through Google Analytics. |
EEA, US |
Please refer to https://policies.google.com/technologies/partner-sites for more information on how Google uses information from sites or apps that use its services
Google is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and is committed to GDPR compliance across its services. For more information: |
Other organizations we share Personal Data with, acting as "Controllers”
|
|||
|
Traffic monetization through targeted online advertising (Google AdSense). |
EEA, US |
See “Google” above” |
As a consequence of our use of Google products, some of the ad technology providers listed below may receive your Personal Data. Ad technology providers (including Google and other ad networks and vendors) use data about users, for example, for the purposes of ads personalization and measurement. These ad technology providers have provided Google with information about their compliance with the GDPR.
We only retain the Personal Data for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.
The retention period may vary depending on the type of data. To determine retention periods, we consider a variety of factors, such as:
We securely delete Personal Data from our systems when they are no longer needed.
The GDPR provides the following rights for individuals:
1. Right to be informed
Data subjects have the right to receive concise, transparent, intelligible, easily accessible information on how we use their Personal Data. This is why we provide the information contained in this Privacy Policy.
2. Right of access
Data subjects have the right to obtain:
3. Right to rectification
Data subjects have the right to have inaccurate Personal Data rectified, or completed if it is incomplete.
4. Right to erasure ("right to be forgotten")
Data subjects have the right to request the deletion or removal of their Personal Data, if:
This is not a general right to erasure; there are exceptions.
5. Right to restrict processing
In certain circumstances, data subjects have the right to restrict the processing of their Personal Data. When processing is restricted, we are permitted to store the Personal Data, but not use it.
6. Right to data portability
Data subjects have the right to receive their Personal Data in a structured, commonly used and machine readable format.
7. Right to object
Data subjects have the right to object to the processing of their Personal Data in certain circumstances (when data is being used for direct marketing, or when processing is based upon our legitimate interests).
8. Right to withdraw consent to processing
If data subjects have given their consent to the processing of their Personal Data for a particular purpose (for example, direct marketing), they have the right to withdraw their consent at any time.
9. Your California Privacy Rights
We will not share any Personal Data with third-parties for their direct marketing purposes to the extent prohibited by California law. If our practices change, we will do so in accordance with applicable laws and will notify you in advance.
10. Do Not Track Policy
California law requires that operators of websites and online services disclose how they respond to a Do Not Track signal. Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the website or online service that a visitor visits, indicating that the visitor does not wish to be tracked. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signal. We continue to work with the online industry to define a common understanding of how to treat Do Not Track signals.
In the meantime, you may opt out of receiving interest based advertising from advertising networks that may be delivered on our Site, https://adssettings.google.com.
11. California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) establishes various rights for California state residents. CCPA requires giving residents the right to opt out of the “sale” of their “personal information” (as the law defines those terms), with the opt-out offered via a prominent “Do Not Sell My Personal Information” link on the “selling” party’s homepage. You can opt-out of the “sale” of your “personal information” with the opt-out offered via the prominent “Do Not Sell My Personal Information” link on our homepage or on this Privacy Policy.
12. Minors and children’s privacy
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 16, and we do not knowingly collect Personal Data from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an Account on the Service, then you may alert us (see ‘How to contact us’ below’) and request that we delete that child’s Personal Data from our systems.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information that Visitors and Users transmit to us or that is stored on the Service, and Visitors and Users use the Site at their own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If a User or Visitor believes that their Personal Data has been compromised, they should contact us as set forth in the “How to contact us” section.
If we learn of a security systems breach, we will inform Visitors and Users and the authorities of the occurrence of the breach in accordance with applicable law.
Please contact us with any questions or comments about this Policy, Personal Data, or if you would like to exercise your data protection rights, or if you have any concerns or complaints about this Policy or your Personal Data, by sending an email to:
The Site contains features or links to websites and services provided by third parties. This Privacy Policy does not apply to those other websites. Any information that Visitors and Users provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. the contents and for the privacy practices of such third party websites, and Visitors and Users use such websites is at their own risk. We encourage our Visitors and Users to learn about third parties’ privacy and security policies before providing them with information.
This Privacy Policy was last updated on 23 Dec 2019.
This Privacy Policy may be updated from time to time so Visitors and Users may wish to revisit this page each time they provide Personal Data to us. Continued use of the Service by Visitors and Users after the revised Policy has become effective indicates that they have read, understood and agreed to the current version of the Policy.