Privacy Policy
This privacy policy is to provide all the information on the processing of personal data carried out by Youlike S.r.l. (as better indicated below).
1. INTRODUCTION – WHO WE ARE?
Youlike S.r.l., with registered office in Via Santa Lucia 97, 80132 – Napoli, Italy, VAT No. and Fiscal Code No. 06769051217 (hereinafter, “Data Controller”), manager of the internet website https://www.cookist.com (hereinafter, the “Website”), in its capacity as data controller in relation to personal data pertaining to the users using the Website (hereinafter, the “Users”) hereby provides the privacy policy pursuant to art. 13 of the Regulation EU 2016/679 of the Council of 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).
2. HOW TO CONTACT US?
The Data Controller takes the utmost account of its Users’ right to privacy and protection of personal data.
For any information related to this privacy policy, Users may contact the Data Controller at any time, using the following methods:
- Sending a registered letter with return receipt to the registered offices of the Data Controller: Via Santa Lucia 97, 80132 – Napoli, Italy;
- Sending an electronic mail message to [email protected];
- Users may also contact the Data Protection Officer (DPO) at the following e-mail address: [email protected].
3. WHAT DO WE DO? – PROCESSING PURPOSES
By browsing the Website, Users can register on the Website itself using their social media accounts (hereinafter referred to as the “Service”), as well as they can contact the Data Controller by email using the email addresses found on the Website.
In relation to these activities, the Data Controller collects personal data concerning Users.
This Website and the services eventually offered through the Website are reserved to subjects over the age of 18 years old. Hereby, the Data Controller does not collect personal data pertaining to subjects under the age of 18 years old. At request of the Users, the Data Controller will promptly delete all the personal data, involuntary collected, pertaining to subjects under the age of 18 years old.
In particular, the personal data of the Users will be lawfully processed for the following purposes:
- processing the User’s request: the personal data of the Users are collected and processed by the Data Controller for the sole purpose of processing their request. The User’s data collected by the Data Controller for this purpose include name, last name, e-mail address and all other User data that may be voluntarily communicated by the User through the form or by e-mail to the contacts indicated on the Website. No other processing will be carried out by the Data Controller in relation to the Users’ personal data. Without prejudice to what is provided elsewhere in this privacy policy, in no case will the Data Controller make the personal data of the Users accessible to other Users and/or third parties.
The provision of personal data for the above-mentioned processing purposes is optional but necessary, since failure to provide such data will make it impossible for the User to make their request to the Data Controller. - Contractual obligations and provision of the Service following User registration: the Data Controller processes the User's personal data to enable them to register on the Website through their social media accounts and to allow them to access all the additional features of the Website.
The Data Controller informs that to register on the Website, the following methods shall be used: - Registration through the “Connect with Facebook” or equivalent service, where available. The data that may be communicated by the Facebook’s provider to the Data Controller through the “Connect with Facebook” service are: name, surname, email address, profile picture, gender, and date of birth (where available). The Data Controller will process such data exclusively for the purposes indicated in this notice, in accordance with the User's consents given from time to time. For further information about the “Connect with Facebook” service and to modify privacy settings related to this service, please refer to the following links:
- Registration via the “Connect with Google” or equivalent service, where available. The data that may be communicated by the provider Google to the Data Controller through the “Connect with Google” service are: name, surname, email address, profile picture, and, at User’s choice, gender, and date of birth. The Data Controller will process such data exclusively for the purposes indicated in this notice, in accordance with the User's consents given from time to time. For further information about the “Connect with Google” service and to modify privacy settings related to this service, please refer to the following links:
- Registration via the “Sign in with Apple” or equivalent service, where available. The data that may be communicated by the Apple’s provider to the Data Controller through the “Sign in with Apple” service are: name and surname (adjustable by the User at the time of registration), email address (with the possibility of using the “Hide my email” feature and providing a unique and random email address that forwards mail to your personal email address). The Data Controller will process such data exclusively for the purposes indicated in this notice, in accordance with the User's consents given from time to time. For further information about the “Sign in with Apple” service and to modify privacy settings related to this service, please refer to the following links:
- administrative and accounting purposes: i.e., to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
- legal obligations: i.e., to comply with obligations imposed by law, an authority, a regulation or European legislation.
4. LEGAL BASIS FOR PROCESSING
Processing the User’s request (as described in the previous paragraph 3, letter a)): the legal basis consists of art. 6, paragraph 1, lett. b) of the Regulation, or the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the data subject prior to entering into a contract.
Contractual obligations and provision of the Service following User registration (as described in the previous paragraph 3, letter b)): the legal basis is provided by art. 6, paragraph 1, letter b) of the Regulation, i.e. the processing is necessary for the performance of a contract to which the User is a party or for the execution of pre-contractual measures taken at the User's request.
Administrative and accounting purposes (as described in the previous paragraph 3, letter c)): the legal basis consists of art. 6, paragraph 1, lett. b) of the Regulation, as the processing is necessary for performance of a contract to which the User is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligations (as described in the previous paragraph 3, letter d)): the legal basis consists of art. 6, paragraph 1, lett. c) of the Regulation, as the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
5. PROCESSING METHODS AND DATA RETENTION PERIOD
The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
The personal data of Users will be retained for the time strictly necessary to carry out the main purposes explained in paragraph 3 above or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Data Controller.
6. TRANSMISSION AND DISSEMINATION OF DATA
The User’s personal data may be transferred outside the European Union, and, in this case, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate guarantees) of the Regulation.
The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website and the Users’ requests. These subjects, who have been instructed to do so by the Data Controller pursuant to Article 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “Data Processors” pursuant to Article 28 of the Regulation, such as, for example, IT and logistic service providers functional to the operation of the Data Controller’s Website, suppliers of outsourcing or cloud computing services, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller, making a request to the Data Controller in the manner indicated in paragraph 7 below.
7. RIGHTS OF THE DATA SUBJECTS
Users may exercise their rights granted by the Applicable Law by contacting the Data Controller as follows:
- Sending a registered letter with return receipt to the registered offices of the Data Controller: Via Santa Lucia 97, 80132 – Napoli, Italy;
- Sending an electronic mail message to [email protected];
- Users may also contact the Data Protection Officer (DPO) at the following e-mail address: [email protected].
Pursuant to the Applicable Law, Users have:
- the right to withdraw consent at any time, if the processing is based on their consent
- the right of access to personal data;
- (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure ("right to be forgotten");
- the right to object:
- in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
- in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
- if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located in Piazza Venezia n. 11, 00187 – Rome (http://www.garanteprivacy.it/ ).