Privacy Policy
Privacy Policy
In this section, in accordance with the European legislation introduced by Regulation EU 679/2016 and Italian law (Legislative Decree no. 196/2003), information is provided regarding the processing of personal data of Users who browse the pages of the website bythatsoft.com or who use the purchasing services made available on it (hereinafter "Users" or "Data Subjects").
This information is provided exclusively for the Website and not for other websites that may be accessed by the user via links within the Website.
Data Controller
The Data Controller of the personal data of users of the bythatsoft.com website is ThatSoft, Registration number: 08974150727, with registered office in Italy, Altamura, via dei Mille 88f. Email address: info@bythatsoft.com
Email to contact the controller and request the deletion of your data, if collected, subject to your consent: info@bythatsoft.com
A – Types of Data Processed
Identification Data
In accordance with the European legislation introduced by Regulation EU 679/2016, browsing the Website and purchasing products on the Website may involve the processing of data capable of directly or indirectly identifying a natural person, such as: name, surname, residence address, email address, phone number, IP address.
The Website does not require the Data Subject to provide so-called "special categories" of data, that is, according to GDPR (Art. 9), personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health, or data concerning a person’s sex life or sexual orientation. Should the requested service require the processing of such data, the Data Subject will receive specific information in advance and will be asked to provide explicit consent.
Banking Data
When purchasing products on the Website, banking data such as the card number or bank account used for payment, cardholder, and account holder will also be processed.
These data may only be processed by third-party companies that manage the payment methods used on the website.
The Website uses the following payment services, and the privacy policies regarding data processing are provided below:
- PayPal: https://www.paypal.com/it/webapps/mpp/ua/privacy-full
- Google Pay: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en-GB
- Amazon Pay: https://www.amazon.in/gp/help/customer/display.html?nodeId=202136010
- Visa: https://usa.visa.com/legal/privacy-policy.html
- Mastercard: https://mea.mastercard.com/en-region-mea/about-mastercard/what-we-do/privacy.html
- American Express: https://www.americanexpress.com/it-it/chi-siamo/legal/centro-di-privacy/dichiarazione-sulla-privacy/
Browsing Data
Browsing data are automatically acquired by the systems and programs used to operate the Website and are necessary for accessing web services [e.g., IP addresses, browser used, domain names of systems used by users to connect to the web portal, addresses in URI (Uniform Resource Identifier) notation of the requested resources, time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (success, error, etc.), and other parameters related to the user's operating system and IT environment].
These data are acquired even without registration on the Website or a request for information.
Browsing data are used exclusively in aggregate form to process anonymous statistics on Website usage and to ensure proper functioning. They do not allow the identification of the users involved and are deleted immediately after being processed in anonymous form.
However, they may be used to determine responsibility in the event of computer crimes committed against the website.
Data Provided Voluntarily by the User
Personal data voluntarily provided by the User (such as name, surname, phone number, email address) for the purpose of sending messages to the Website and/or purchasing products are used solely to respond to the Data Subject’s requests and to comply with legal obligations.
The legal basis for this processing is the fulfillment of services related to the requests made and the purchases made, as well as compliance with legal obligations.
The information that the Website User chooses to make public via the services and tools made available by the Website is provided by the User knowingly and voluntarily, exempting the Website from any liability for potential law violations.
It is the User’s responsibility to ensure that they have permission to input third-party personal data or content protected by national and international laws.
Data Collected Through Analytical Cookies
The Website also collects User data through the use of cookies.
For more information on data processed via cookies, on the types of cookies active, and on how to disable them, please refer to the cookie policy.
These cookies are used to track the User’s browsing preferences and for the collection of statistical data. Users can disable these cookies by accessing their browser settings, as indicated in the Website's cookie policy.
B – Purpose of Data Processing
The personal data collected are used for:
- Sending the purchased products to the User via email;
- Responding to contact requests sent by the User;
- Enabling the User to access the Customer Service;
- Obtaining anonymous statistical information on the use of the website;
- Ensuring the proper functioning of the website;
- Sending communications and newsletters, both in paper and electronic format, to the email address provided by the User: if the User decides to subscribe to the bythatsoft.com newsletter only after providing explicit consent, the personal data will be processed by the Data Controller to send commercial or promotional communications, updates on exclusive offers, special events, and promotions. To unsubscribe from the newsletter, simply click on the unsubscribe link at the bottom of the emails received or write to info@bythatsoft.com.
- Determining responsibility in the event of potential computer crimes against the website;
- Complying with any other legal obligations not included in the purposes mentioned above.
Data may only be disclosed following a request by judicial authorities in accordance with the law.
C – Legal Basis for Data Processing
The legal basis for processing personal data is the fulfillment of the obligations related to the agreement established through the acceptance of the Terms and Conditions, the Data Subject’s consent, compliance with legal obligations, and the legitimate interest of the Data Controller in carrying out the necessary processing for such purposes.
Contract Execution
The Controller processes personal data of the User when the processing is necessary for the execution of a contract with the User and/or for the implementation of pre-contractual measures.
Consent of the Data Subject
The optional, explicit, and voluntary sending of emails, messages, or any type of communication addressed to the contacts indicated on this Website results in the subsequent acquisition of the sender's address, phone number, or any other personal data that will be used to respond to the requests. This processing is based on the Data Subject's consent.
It is ensured that such processing will be conducted in compliance with the principles of lawfulness, fairness, transparency, adequacy, relevance, and necessity outlined in Article 5, paragraph 1 of the GDPR. Specific summary information will be progressively displayed or provided on the pages of the sites designed for particular requested services.
III. Compliance with Legal Obligations
Personal data processing may occur without the Data Subject’s consent if the Controller is required to fulfill a legal obligation.
Legitimate Interest of the Data Controller
The Controller processes personal data of the User when the processing is necessary to pursue the legitimate interest of the Controller or third parties.
Optional Nature of Data Provision
Apart from what is specified for the fulfillment of the contract or legal obligations, cookies, and browsing data, the user is free to provide or not their personal data. However, failure to provide such data may make it impossible to obtain the requested service.
D – Methods and Duration of Data Processing
Personal data are processed through electronic tools and in accordance with Regulation EU 679/2016.
The retention of processed data will last for the time necessary for the purposes described in this policy and, therefore, for the minimum necessary time, or until an explicit request is made by the Data Subject, in any case, within the time limits imposed by law.
The Controller undertakes to adopt all appropriate security measures to prevent the loss and alteration of personal data, as well as any unlawful or unauthorized use.
The data will be processed exclusively by individuals authorized by the Controller, including possible data processors, representatives, and public entities to fulfill the obligations provided by law, who perform their respective processing activities as autonomous data controllers.
Among the individuals authorized by the Controller who may process the data are, by way of example: collaborators from the commercial and legal departments, as well as third-party service providers, hosting providers, and IT companies (this list is not exhaustive). However, the processed data will not be disseminated to unspecified recipients.
Among the individuals authorized by the Controller who may process data for profiling purposes are the online marketing platforms "Shopify" (https://www.shopify.com/legal/privacy).
The security of the information collected cannot be guaranteed in the event of hacker attacks and, in general, violations of the security measures implemented for data protection.
In the event of attacks or breaches, they will be communicated to the affected parties and the competent authorities in accordance with legal requirements.
E – Place of Processing
The processing related to the web portal services is carried out by personnel identified and specifically designated for the specific purposes of the requested and subscribed services.
For the aforementioned processing, the Controller may use external companies, shippers, consultants, consortia, software and service providers operating, through identified and authorized personnel, within the purposes provided and in a manner that ensures maximum