INFORMATION FOR THE PROCESSING OF PERSONAL DATA
The company Popularise s.r.l (P. IVA 11997050965), with registered office in Milan (MI) at Via Aosta 4a as owner of the personal data processing (hereinafter the "Owner") of the web platform and App Popularise (hereinafter the " the Platform"), informs the Influencers of the Platform (hereinafter the "Data Subjects/Users") pursuant to art. 13 of the European regulation n. 2016/679, the General Data Protection Regulation (GDPR).
The Data Controller is aware of the importance of processing the personal data of the interested parties and, for this reason, takes care to indicate which data are processed and how they are processed. Proceeding in navigation within the Platform or indicating the willingness to use the services provided by the same, the interested party declares to have read and accepted this information (hereinafter "Information"), thus releasing the consent for the processing of personal data by the Owner.
For any information, doubts or requests relating to this Information, the Data Controller makes the following email address available to the interested parties:
What are the rights of the interested party in relation to the processing of personal data?
The interested party has the following rights:
-
right to be informed that there is ongoing data processing concerning him and, if so, to access the personal data processed;
-
right to rectification of personal data;
-
right to cancellation (right to be forgotten) of personal data concerning him;
-
right to limit the processing of personal data concerning him;
-
right to data portability to receive, or have personal data transmitted to another Data Controller in a structured format, commonly used and readable by an automatic device;
-
right to object to the processing of personal data;
-
right to withdraw the consent previously given;
-
right to lodge a complaint with the competent authorities for violation of the processing of personal data.
How to exercise your rights?
The interested party may exercise his rights by writing to the email address indicated above.
The Data Controller does not intend to make the Data Subjects incur any costs to exercise one of their rights, but to do so the Data Controller may request specific information to follow up on the communications of the Data Subject in relation to the rights.
The aforementioned communications are usually acknowledged within 30 days of receiving the communication itself, but if this term cannot be respected (e.g. due to excessive number of requests or complexity of the response) it will be the Owner's responsibility to communicate it to the interested party and keep him updated on the developments of the communication sent.
What personal data are processed?
The Data Controller processes the personal data that are provided to him both by the interested party and by third parties in order to be able to follow up on the contact requests of the interested party received through the Platform (hereinafter the "Services").
-
Data provided directly by the interested party
Category of personal data
Data types
Identification and contact details
Name, surname, date of birth, email address, telephone number, photo and video ID, social ID (such as, but not limited to: Instagram, Meta etc.)
Location data
Geolocation, location tracking.
Audiovisual data
Image
-
Data collected by third parties
Third party source of personal data
Data types
External suppliers
-
behavioral data
-
Technical data
Aggregate data
The Owner may collect, use and share aggregated data, such as statistical or demographic data, for any purpose.
The aggregated data may derive from the personal data of the interested party, but once aggregated they do not constitute personal data within the meaning of the GDPR as they are not able to directly or indirectly identify the interested party. However, if the Data Controller combines or connects the aggregated data with the personal data of the Data Subject in order to allow the identification of the Data Subject, directly or indirectly, the Data Controller will process the resulting data in accordance with the provisions of the Information.
Particular data
The Data Controller does not process any category of particular data of the interested party (by particular data we mean data relating to racial or ethnic origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, genetic, biometric and health data), as it does not process any data relating to criminal convictions and crimes relating to the interested party.
Why are personal data processed?
The Data Controller processes personal data for the following purposes indicated in the following table.
However, the GDPR requires that, for each purpose of processing personal data, the Data Controller has a legal basis for carrying out the processing.
The Data Controller may carry out the processing of the personal data of the interested parties through consent, contract or read obligations as a legal basis for the treatment. Consent can be withdrawn at any time, but the processing carried out up to the withdrawal of consent cannot be influenced.
Below is a summary table of the purposes and their description:
Purpose
Description
storage
Provide the Services
Fill in the form to verify the existence of the minimum requirements to access the platform
Apply for active campaigns on the platform.
Sponsor the products and brands of the Company's client companies through their Instagram stories.
Enjoy all the present and future services within the platform
​
Personal data will be kept until the interested party keeps their account active on the platform and for the 12 months following the closure of the account.
Request information
The interested party can, through the Platform, request to be contacted to receive information, appointments or quantifications of the activities carried out by the Data Controller.
The data will be kept until the request for support from the interested parties has been processed
Provide support to Data Subjects
Solve technical problems encountered by the interested parties during navigation, their requests for assistance, improve the Services and the Platform and provide the support requested by the interested parties.
The data will be kept until the request for support from the interested parties has been processed
​
Newsletters
The Data Controller may send updates, not of commercial content, to inform the Data Subject of developments in its business, such as agreements with commercial partners and participation in events.
The data will be kept for 24 months
​
Marketing
The Data Controller may send updates, with commercial content, to communicate discounts or economic advantages promoted by the Company to the interested party.
The data will be kept for 12 months
Comply with the legal, regulatory and protection obligations of the Owner's activity
The Data Controller may process the personal data of the interested party to comply with legislative and regulatory obligations, as well as to comply with the provisions of the judicial and administrative authorities.
Furthermore, the Data Controller may process the data to protect its rights and interests such as, for example, in the case of judicial protection or due diligence in the event of assessments of changes in the corporate structure.
Personal data will be kept for the period of time determined by law, regulation and/or the relevant authority.
What happens if the interested party does not provide the necessary personal data?
If the data is necessary to provide the Services and to provide support to the interested parties, the Data Controller will not be able to provide them and support the interested party in their requests. In this case, the Data Controller may, alternatively, request the integration of personal data or cancel the personal data of the interested party, preventing the provision of the Services.
For purposes other than the provision of the Services and to provide support to the interested parties, the provision of data is optional and failure to provide personal data will not affect the aforementioned processing purposes.
To whom are personal data communicated and disclosed?
-
Communication
The personal data of the interested parties may be disclosed to third parties other than the Data Controller, as better indicated in the table below:
Recipients
Purpose of communication
Providers
The suppliers of the Owner support him in the provision of the Services with, by way of example but not limited to, development of the Site, hosting, maintenance, backup, virtual infrastructure.
External consultants
In the event of legal obligations or obligations relating to a relationship established with the interested party, the Data Controller may communicate personal data to external consultants, such as, for example, the accountant and the lawyer.
Authorities and judicial proceedings
The Data Controller may communicate the personal data of the interested parties to state and/or administrative and/or judicial authorities if this is mandatory according to the law, regulations or provisions of the authorities or to defend one's own right and/or interests.
-
Spread
The personal data of the interested parties will not be disclosed.
Where do we store personal data?
The Data Controller keeps personal data in paper archives within the headquarters of the Data Controller, as well as computer archives located both within the European Union and outside if this is instrumental to the pursuit of the purposes indicated above. In the latter case, the Data Controller ensures that companies not having offices within the European Union are treating personal data with the utmost confidentiality in compliance with the adequacy decisions of the European Commission, any Privacy Shields or, if necessary, by entering into agreements that ensure an adequate level of protection.
How are personal data processed?
The Data Controller processes the personal data of the interested parties by adopting the appropriate security measures aimed at preventing unauthorized access, disclosure, modification and destruction.
Data processing is carried out through IT procedures, telematic means and, residually, on paper supports by specifically authorized internal subjects as well as by external managers if appointed, and this also on the basis of existing contractual agreements.
What is the policy on the processing of data for minors?
The Data Controller is aware of the delicacy of the data processing of minors. In particular, the Services do not want to be provided to minors under the age of 16 and the Data Controller does not voluntarily process data of minors under the age of 16: in this sense, the interested parties are requested not to request the provision of the Services if the age is less than 16 years.
The Data Controller encourages those who exercise parental responsibility over minors under the age of 14 to check that they do not request the provision of the Services and, in any case, to educate minors under the age of 14 not to release their personal data via the Platform
If the Data Controller becomes aware that some personal data refer to minors under the age of 14, the Data Controller will take steps to delete the personal data.
What if there are links to other websites?
The Data Controller informs the interested parties that this information only applies to the Platform and, if there are links to other websites, the interested party must check the information on said sites before releasing their personal data.
The Data Controller assumes no responsibility for the personal data provided by the interested parties on other websites.
Changes to the Policy
The Owner reserves the right to modify this Information at any time. In the event of changes, the Data Controller will upload the new information on this page and, in this sense, if he urges the interested party to check the changes to the information: the interested party will be able to see the history of the information by checking the date affixed.
By continuing to use the Platform after the changes, the interested party accepts these changes and consents to the data processing as modified.