For us at Sybil Blue User/data subject data security is important and we want you to always feel protected and adequately informed about the types of processing carried out.

When the user/interested party uses and interacts with our website –  https://www.sybilblue.com/ or landing pages with the same domain – (hereinafter referred to collectively as the “site”) or services, communicate with us, visit our promotional pages and newsletters, in addition to other activities further described in the full Privacy Policy, we may collect, use, share, and process personal information (“personal data”). These highlights of the Privacy Policy summarise our personal data processing practices and the related rights of users/data subjects.

 

Information pursuant to Article 13 of the General Data Protection Regulation (“GDPR”) website

Identity and contact details of the data controller

Sybil Blue It is a company with registered and operational office at 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ, UNITED KINGDOM., email info@sybilblue.com is the data controller for the personal data of the user/data subject under Article 13 of EU Regulation 679/2016 – General Data Protection Regulation (“Regulation” or “GDPR”) and the Privacy Code as amended by Legislative Decree 101/2018.

Data Protection Officer

In accordance with Article 37 of EU Regulation No 679/2016, Sybil Blue has appointed a Data Protection Officer. Their contact details are: info@sybilblue.com.

Personal data subject to processing

The site offers numerous services for which registration or the provision of personal data is not required. However, in order to offer users/interested parties a wide range of services (e.g. the creation of a user account and e-commerce), we need to collect some personal information. The personal data processed by Sybil Blue they are collected directly from the data subjects and provided by them directly and freely.

a) Information collected automatically through the site:

1. Automatically collected navigation data from the platform: the IT systems and software procedures used to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. These data or part of them (IP addresses, device identifiers, etc.) may be processed by the Data Controller – subject to specific, prior, free and optional consent from the user/data subject – in order to track your activity on the site, to carry out market analysis and statistics, also to improve products and services. Sybil Blue and to make them more responsive to the needs of the user/interested party, as well as to send more targeted information and offers that may be of greater satisfaction and interest to the user/interested party.
2. Sybil Blue uses technology commonly referred to as ”cookies” to make its website easier and more intuitive. Cookies are small text files sent from the site to the user's terminal (usually the browser), where they are stored to be re-transmitted to the site on the next visit by the same user. Cookies, by showing us how our users navigate the site, provide us with information that allows us to make the browsing experience smoother and more efficient.

Sybil BlueWe use different types of cookies. For more information on all cookies used and how to give consent for their acceptance/refusal, the user/data subject can consult the site's cookie policy.

b) information provided by the user/data subject:

The optional, express, and voluntary sending of messages by users to the contact addresses indicated on this site and/or the completion of data collection forms and subscription to services Sybil Blue, involves the subsequent acquisition of the sender's first name, surname, and email address, which are necessary to respond to requests or to proceed with the execution of a contract or pre-contractual measures of which the user/data subject is part.

1. Newsletter sign-up: by obtaining the user's email address. This data will be processed for sending commercial/promotional/advertising communications using automated and traditional contact methods by the Data Controller, following the user's/data subject's specific consent.
2. Request for commercial information via the contact form on the website. The data that will be collected are: user's first name, surname, email address, and telephone number.
3. User registration on the website, creation of a personal account and purchase of services (e.g. courses) – the data that will be collected are: personal data (first name, surname, and tax domicile), email address, telephone number, as well as tax data necessary for issuing the electronic invoice (billing address, tax code and/or VAT number, unique code, PEC address).
4. Request from the user for a demo of the services provided by the Data Controller or registration for a webinar. The data that will be collected are: user's first name, surname, email address, and telephone number.
5. Partnership programmes. The data that will be collected is: first name, surname, email address, telephone number, and website of the potential partner.

Purpose and legal basis

Personal data acquired through the site will be processed by the Data Controller for the following purposes:

1. improvement of website navigation and usability, collection of aggregated and anonymous statistical information on website usage by users (number of visitors, pages visited, time spent, keywords, etc.);
2. purposes strictly connected and instrumental to the management of relations with interested parties, such as, for example, to respond to a contact request and/or information request from the user/interested party;
3. purposes strictly connected to the performance and implementation of the services requested, including the execution of a contract to which the data subject is party or the execution of pre-contractual measures adopted at their request, including to allow registration on the website www.sybilblue.com and access to restricted areas, the shopping basket, and for completing an online purchase;
4. purposes connected with obligations provided for by laws, as well as by provisions issued by authorities legitimately empowered by law;
5. for the ascertainment, exercise, or defence of a right in judicial and extrajudicial proceedings (legitimate interest) of the undersigned organisation.
6. For carrying out “customer relationship management” activities, consisting primarily of managing customer relations through IT systems and tools (CRM).
   
   Furthermore, exclusively and solely in the presence of specific and free consent from the user/data subject, Sybil Blue will be able to process personal data for the following further purposes:
7. promotion and sale of products and services, forwarding of commercial information, marketing and customer satisfaction surveys, sending of advertising material relating to products and services of the data controller and its business partners, both through methods
   
   traditional methods (i.e. postal mail and calls with an operator) and methods provided for by Article 130, paragraphs one and two, of the code (i.e. automated calls and similar methods (such as fax, e-mail, SMS, MMS, etc.);
8. purpose of analysing navigation data of the user/data subject for the purpose of improving marketing and business information offerings, direct sales, market research on products and services. This activity is also carried out using technologies such as cookies (for further information, please refer to the site's “Cookie Policy”);

The legal bases that legitimise the processing are:

• the legitimate interest of the data controller (paras 4.1 and 4.5);
• the fulfilment of legal obligations to which the controller is subject (para. 4.4).
• the performance of a contract to which the user/data subject is party, or the performance of pre-contractual measures taken at their request (sections 4.2, 4.3, 4.6);
• The data subject's consent (paras 4.7, 4.8);

The Data Subject will have the option to withdraw such consent by accessing the reserved area of the website www.sybilblue.com, or by writing to the email address  info@sybilblue.com. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Should the Data Controller intend to further process personal data for a purpose other than that for which it was collected, before such further processing, they shall provide the user/data subject with information about that different purpose and any other relevant information.

Nature of Treatment

The provision of personal data is mandatory solely for processing necessary for the provision of services (execution of pre-contractual or contractual measures or processing based on the fulfilment of legal obligations to which the Data Controller is subject).

Any refusal for the purpose of service provision makes it impossible to finalise the purchase of online services, as well as registration and access to certain reserved areas of the site, thereby compromising the completion of contractual agreements or pre-contractual measures requested by the data subject. For all other types of data, their provision is free and optional, and any refusal by the data subject will not result in any negative consequences on the provision of services offered within the website www.sybilblue.com. and its related applications.

Categories of recipients of personal data

The data provided will not be disseminated, but may be communicated to the following categories of recipients, for the execution of contractual or promotional activities, regardless of whether they are appointed data processors:

• to employees and collaborators of the Joint Controllers, in their capacity as authorised data processors (or so-called “data processors”);
• to professionals and consultants, for the performance of contractual obligations of an administrative and fiscal nature;
• public territorial bodies for legal compliance;
• to judicial or supervisory authorities, administrations, public bodies, and organisations (national and foreign);
• to Cloud infrastructure providers or domain registration and email service providers;
• to banking institutions for the management of collections relating to our invoices;
• debt collection companies;
• a commercial information company, for creditworthiness checks of a potential client;
• to companies tasked with maintaining our IT system;
• to law firms of our trust for the potential protection of our rights or for the management of disputes relating to the Contract;
• to judicial bodies, arbitration panels, mediation bodies and their mediators, party representatives, in the event of litigation;
• to subjects instructed by us for the execution of marketing activities (q) to commercial information companies.

A current list of such subjects may be requested from the Data Controller, in the manner indicated in the following paragraph “Rights of the Data Subject”.

Place and methods of treatment

The website is hosted on OVHcloud servers (hosting provider), the data centres are all located within the European Economic Area and, specifically, in France. The security management systems comply with the principles of ISO 27001. OVHcloud complies with numerous security standards, including: PCI DSS, HDS, TSP, CSA, ISO 27017, ISO 27018 and CISPE. The management and storage of personal data takes place in the cloud and on servers located within the European Union owned and/or at the disposal of the Data Controller and/or third party companies duly appointed as data processors. Any transfer of data abroad to non-EU countries takes place in compliance with the applicable regulations, as well as in compliance with the provisions adopted by the European Court of Justice and national and foreign Authorities on the protection of personal data. The processing of personal data may also be carried out in non-EU and non-EEA countries if deemed functional to the efficient performance of the purposes pursued in compliance with the guarantees in favour of the data subjects.

Should it become necessary for technical and/or operational reasons to engage the services of entities located outside the European Union, we hereby inform you that such entities will act as Data Processors in accordance with and for the purposes of Article 28 of the Regulation. The processing will be governed as provided for in Title V of the Regulation. All necessary precautions will therefore be taken to ensure

the most appropriate protection of the data subject's personal data based on that processing: a) on adequacy decisions of third countries of destination issued by the European Commission; b) on appropriate safeguards issued by the third-party recipient pursuant to Article 46 of the Regulation; c) on the adoption of binding corporate rules. The Data Subject may request further details from the Data Controller or Joint Controller regarding the specific guarantees adopted for data processing.

Profiling

Through the website, the Data Controller carries out activities such as the analysis of purchase habits and consumer choices of users/data subjects, mainly through the processing of data provided when creating specific user profiles on the website.

The information obtained in this way allows the Data Controller to create – with the user/data subject’s consent – profiles (individual and/or aggregated), to carry out market analyses and statistics, including for the improvement of its products and services to make them more responsive to customer needs, as well as to conduct targeted promotional campaigns that are more enjoyable and interesting to users/data subjects who have given specific consent.

With reference to the newsletters and landing pages transmitted, the system records browsing data relating to opening, reading, views, passages, clicks, areas of interest, as well as any further actions concerning each communication sent, preparing historical profiles of interests and preferences aimed at a better understanding of the user/data subject's needs in order to propose targeted commercial offers and to prepare individual and/or aggregated statistical purchase analysis reports.

The user/interested party has the option to modify or withdraw their consent to processing for profiling purposes by accessing their personal account on the website's “consents” section, at any time, or by sending an email to info@sybilblue.com.

Data retention

The processing of personal data is carried out predominantly using electronic procedures and tools (databases, CRM platforms, etc.) for the time strictly necessary to achieve the purposes for which the data was collected and, in any case, in compliance with the principles of lawfulness, fairness, data minimisation and relevance provided for by current privacy legislation and in particular:

• the data provided by sending emails to the website's email address will be kept for the time necessary to provide a response;
• The data provided upon registration to the site may be processed for the entire duration of the contractual relationship and, solely for tax purposes and the management of any disputes, may be retained for up to 10 years in accordance with current legislation and Articles 2220 and 2946 of the Civil Code.;
• Tax and accounting documents are kept for 10 years from the last legally recorded date (including tax obligations).
• As a general rule, we will retain data collected for marketing purposes until consent is revoked and/or the data subject requests deletion. The user/data subject has the option to revoke their consent for marketing purposes by accessing their reserved area of the website at any time in the appropriate “consents” section, or by clicking on the “unsubscribe” link present on all communications sent by the Data Controller, or by sending an email to info@sybilblue.com;
• Data acquired for analysis and profiling purposes will be retained for a maximum of 12 months. The user/data subject has the option to withdraw their consent for profiling purposes by accessing their reserved area of the site in the “consents” section at any time, or by sending an email to info@sybilblue.com.;

The Data Controller shall, after the expiry of the retention periods according to the indicated criteria, take measures aimed at the erasure or anonymisation of data that do not need to be retained for specific obligations.

Cookies and similar technologies

The computer systems and software procedures in charge of operating this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify users.

This data is used solely for the purpose of obtaining anonymous statistical information on the use of the Website and to monitor its proper functioning, and is deleted immediately after processing. The data may be used to ascertain liability.

In the event of hypothetical cybercrimes against the Site: barring this eventuality, currently, web contact data does not persist for more than seven days.

For more details, we invite you to read the Cookie Policy on the website.

Link to other websites and social media

The website may use so-called social plug-ins and links to external platforms. Social plug-ins are special tools that allow social network functionality to be embedded directly within the website (e.g. Facebook's “like” function).

All social plug-ins on the website are marked with the respective logo of the social network platform (e.g. Facebook, Instagram, Twitter, LinkedIn).

For information regarding the purposes, type, and methods of collection, processing, use, and storage of personal data by the social network platform, as well as the ways in which to exercise your rights, please consult the privacy policy adopted by the individual website or social network.

User/Data Subject Rights

At all times, the user/data subject may exercise their rights under applicable data protection law, including the right to:

• to receive confirmation of the existence of their Personal Data and access its content (rights of access);
• update, modify and/or correct their Personal Data (right to rectification);
• request their cancellation or restriction of processing of Data processed unlawfully, including Data that is no longer necessary to be kept in relation to the purposes for which the Data was collected or otherwise processed (right to erasure and right to restriction);
• Object to processing based on legitimate interest (right to object);
• to withdraw consent, without prejudice to the lawfulness of the processing based on consent given before withdrawal; to lodge a complaint with the supervisory authority in case of violation of the rules on personal data protection;
• receive a copy of the Data concerning them in electronic format and request that such Data be transmitted to another data controller (right to data portability).

Privacy Policy Changes

The constant evolution of our services may lead to changes in the characteristics of the Personal Data processing described herein. This privacy notice may undergo modifications and additions over time, as necessitated by new regulatory interventions concerning Personal Data protection, or by the evolution/modification of our services. We therefore invite you to periodically check the contents of our notice: where possible, we will endeavour to inform you promptly of any changes made and their consequences.