QA Area
Contact

Y

Privacy Policy e Cookie Policy

 

Data Controller
Leonardo Natale– 444 Madison Avenue Ste 1206 New York – NY 10022
info@bravo-compliance.com – +1(201)9899436

  1. General Considerations

The safeguard of our visitor’s data privacy while browsing our site is a core concern for us. This Privacy Policy is to inform our users about which categories and types of information they provide while browsing our website will or may be collected and stored by the server Bravo-Compliance.com. This document also reports in detail cases, manners, and purposes for which your data may be subsequently forwarded to and processed by third-party such as internet services companies. The juridical base for the website to collect, forward, and utilize personal data from the user, as well as the user’s right to decline his/her consent to the aforesaid procedures is also outlined. Moreover, our users will be informed about how cookies and analytical tools are used on our site and in the web environment where our products and services are presented.

By agreeing to this Privacy Policy, you consent to the collection, processing, and use of your data in compliance with the data protection laws currently in force, as reported below. Please note that users under the legal age (18 years) are not allowed to provide any personal information, nor to attest their consent, without their parents’ or guardians’ previous approval. Any changes in our Privacy Policy will be posted on this site and our users, when necessary, will be notified by email.

  1. Our Contacts

If you have any questions or uncertainties about data processing activities carried out by Bravo-Compliance.com, please contact our data controller at the addresses written below:

Bravo Compliance

Privacy, Legal Service

11 E 44th Street Suite 800

New York, NY 10017 10022,

The fastest way to receive a response to your questions or issues is to contact us at the email address: info@bravo-compliance.com

  1. Your Rights

You can exercise your data safety rights at any time and at no cost with our website.

  • Pursuant to Article 15 of the General Data Protection Regulation (GDPR), you have the right to access and review your personal information used by our servers in the data processing context of operations, along with certain other information related to or implied in such procedures.
  • Pursuant to Article 16 of GDPR, you have the right to request the Controller for immediate rectification or removal of any inaccurate personal data wrongly processed.
  • Pursuant to Article 17 of GDPR, you have the right to request the Controller for immediate erasure of your personal data inaccurately reported, or otherwise, pursuant to Article 18 of GDPRs, processing restriction for such data.
  • Pursuant to Article 19 of GDPR, you have the right to request the Controller for confirming that all the third parties to whom your personal data were forwarded have been duly advised of any data processing rectifications, erasures, or restrictions that have been applied to such information.
  • Pursuant to Article 20 of GDPR, you have the right to receive the aforesaid data from us in form of one of the structured formats commonly useable and readable on electronic devices, and the right to forward them to other data processing controllers.
  • You have the right to partially or totally revoke your consent given pursuant to Article 17, Paragraph 3 of GDPR at any time. Moreover, in force of Article 21 of GDPR, you also have the right to oppose data processing of your personal information when Bravo-Compliance.com elaborates such data in view of its own legitimate interests. In this case, you have the right to block the use of your personal data by Bravo-Compliance.com for direct advertising purposes.
  • Pursuant to Article 77 of GDPR, you have the right to file a legal claim with public oversight authorities in the member state of your usual residence, or in the state where the alleged violation occurred.
  1. Where are your data stored?

Your data are stored in servers located within the European Economic Area (EEA). The data processing may also be performed abroad, in extra-European countries, to the extent permitted by law. Except for specific legal or contractual authorizations, we do data processing in non-EEA countries only if the specific requirements prescribed in Article 44 et seq. of GDPR are satisfied. It means that the data processing is performed in the context of certain warranties like an officially recognized level of data protection standards equivalent to the EEA’s (e.g., the US Privacy Shield), or its modalities are otherwise dictated by specific contractual obligations (the so-called standard contract clauses). For further information on this matter, please visit  http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087 e https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32000D0520.

  1. Data transfer

Your personal data are processed within the boundaries of the strictest confidentiality. Your information is not sold nor transferred for marketing purposes to third parties. However, Bravo-Compliance.com may make your data accessible to third parties (namely, other data controllers) when that is necessary to perform and deliver our services to you. The categories in which the aforesaid third parties fall are listed in point 9, along with their respective procedures. The aforesaid third-party service providers are bound to maximum confidentiality rules and can process the collected information exclusively for the services expressly requested by the user. Whenever possible, the personal information shall be anonymized or pseudo-anonymized. The transfer of our user’s data to recipients different from the ones listed in this Privacy Policy may only occur due to an obligation of law requiring the data controller to submit the information to the authorities.

  1. Data Erasure

Except when expressly indicated in the guidelines of this Privacy Policy, the data stored by our company get automatically erased as soon as they are no longer indispensable to accomplish the purposes of data protection to the extent established by articles 17 and 18 of GDPR, and provided that the erasure of such information doesn’t infringe any other data retention rules.

Whenever certain data, which would normally be erased pursuant to articles 17 and 18, cannot be removed from our directories due to any obligations of law, any further processing of such data will be restricted, which means that such information will be blocked and not reused for further processing. That is the case, for instance, of fiscal/financial data, which must be retained by requirements of law.

 

 

  1. Data Security

Bravo-Compliance.com attaches great importance to the security of your personal information when it comes to our data processing system, and it is proved by the high technological and usage standards of the security measures applied here. We protect your data from loss, destruction, alteration, publication, and unauthorized access by keeping our data security system constantly updated. Whenever possible, the information gets encrypted and anonymized to prevent third parties from viewing/reading it. Our data processing and transfer activities are empowered by the SSL system (Secure Socket Layer). We avail ourselves of physical and logical tools to control and restrict accesses, firewalls, recovery systems, and integrity tests. Our data security staff is periodically provided with training courses and activities dedicated to the most accurate practice of sensitive data. The Bravo Compliance operators are professionals juridically responsible for their accuracy in managing such kinds of information. They are bound by law to safeguard the confidential nature of the data by strictly operating within the current boundaries of the regulatory framework.

  1. Legal base for data processing activities

Except for different dispositions specifically mentioned in our Privacy Policy guidelines, the regulatory references for all the data processing activities carried out by Bravo Compliance are as follows:

–      Data collection and processing upon the user’s consent is regulated by Article 6, Paragraph 1, Letter a, and Article 7 of GDPR.

–      The data processing activities, as far as they concern the fulfillment of our statutory obligations toward the user, are regulated by Article 6, Paragraph 1, Letter c; while Article 6, Paragraph 1, Letter f is the legal base for data processing activities performed to safeguard legitimate interests of our company or third parties.

–      The subcontracting to third parties of data processing activities of our company is regulated by Article 28 of GDPR.

  1. Why and when do we need to process your information?

We process your personal information to provide you with the correct fruition modalities for our services and constantly update and improve them. Moreover, we use your data to accept our customers’ orders and requests for services and perform home deliveries.

The data processing purposes can be classified into the following categories:

9.1  Service Provision

Purposes and context for data processing

In general, we do not save any personal data when you simply visit our site. Our server log files only keep track of access data not directly referred to persons, namely: user’s IP address, browser version and operating system, along with the last web page previously visited (the so-called referrer URL), the current page visited, and the visit time.

The purpose of data collection and processing is to connect you to our site and guarantee the security and stability of the system while managing the technical administration of the network infrastructure. However, such kinds of data do not permit tracking your personal identity.

 

 

Data retention period and access to data

The information contained in log files must be kept for security reasons (e.g., as legal evidence in case of online frauds and/or unauthorized accesses) for a period not exceeding seven (7) days, after which the system automatically erases them.

None of your personal data is forwarded to third parties, except when doing so is indispensable to provide our services to certain categories of web operators, like hosting providers, web analytics companies, etc.

The legal base for data retention of personal information stored in log files on our corporate servers is Article 6, Paragraph 1, Letter f, which contemplates data processing activities aimed to promote and safeguard legitimate corporate purposes and interests, such as service optimization in the field of online fraud and unauthorized access prevention.

Data recording for online service provision, as well as data retention for the aforesaid purposes, subject to the terms indicated above, are activities technically indispensable for site management reasons. Hence, the site users do not have ground for rejecting such activities.

  1. Cookies, Analytic Tools, and Social Media Apps

10.1 Cookies

Cookies are small files used by the website to record specific information on electronic devices like PCs, smartphones, or similar, with which the user logs in to the web page. Once stored in the user’s device, the website will be able to recover the same information anytime the same device opens the same web page.  Cookies are necessary to constantly improve the user’s online experience on our website by making it easier, faster, and safer to browse and utilize it.

Moreover, since cookies can analyze – in anonymized form – how the user utilizes the site’s services, they may also be utilized for advertising purposes and/or marketing surveys.  We use cookies pursuant to Article 6, Paragraph 1, Letter f, in consideration of our legitimate purposes and interests tied in with analysis instruments indispensable to optimize the financial management of our online store.

“Third Party Cookies” are the ones generated by providers different from our site. Such kinds of cookies are defined as “permanent” or “persistent” if they remain stored on the user’s device after the browser session is over. Bravo Compliance.com mainly utilizes the so-called “session cookies”, i.e., the ones which get automatically erased by the server as soon as the user ends the browsing session on the site.

The categories of cookies most used are defined below, along with their respective purposes and characteristics:

  • Technical cookies – which cannot be disabled – are small files functional for the running of website activities. Without them, it would not be possible to perform essential functions like, for instance, browsing web pages. Hence, such cookies cannot be deactivated.
  • Analytics cookies – which can be disabled – analyze the website performance with the purpose of improving it, for example, by increasing the system speed, saving the selected page settings, and keeping on queue the user’s requests.  Analytics cookies are also employed for statistical purposes to assess how users utilize the website services as so to define the system management solutions to improve the service quality. The user is given the option to deny consent to analytics cookies. However, the deactivation of such files may involve a functional slow down and/or restrictions for the website browsing session.
  • Tracking or advertising cookies – which can be disabled – create user profiles with the purpose of forwarding advertising contents to the site visitors, based on their previous online choices. We utilize tracking cookies to analyze the preference of our website visitors (by instance, pages visited and/or products viewed.)  These cookies help the user to customize and make it easier his/her buying experience while assisting us to constantly improve our marketing communication. The user is given the option to deny consent to tracking cookies. However, in that case, the user may receive marketing communications unrelated to his/her actual purchase preferences.

Cookies record the following information: IP Address, Unique Device Identifier (UDID) and device model, domain, browser used and language selected, operative system and system settings, specific cookies identifying the country and time zone, as well as other cookie-related information, e.g., whether the software required to utilize certain functions is installed on the device, previously visited web pages, URL of the website from which the visitor was linked to our website, and history of interactions between the user and our site: access time log, the path followed by the user on the site, user’s preferences and purchases.

10.2 Google Analytics

We make use of web analysis services provided by Google Analytics on the base of our legitimate interests in the analysis, optimization, and marketing management of our online offer, pursuant to Article 6, Paragraph 1, Letter f of GDPR.

Google Analytics employs the small text files described above, which get saved on the user’s device with the purpose of analyzing how the user utilizes the website. We purchase such analytic services from Google to constantly update our information on all the activities related to our online offer and upgrade its modalities of use on the Internet. During the browsing sessions through our web pages, some data related to the usage of our site as made by the visitors (e.g., pages visited, products searched, viewed, or purchased, etc.) are generally forwarded to and stored by a Google server in the US, which proceeds to anonymize the IP address provided by us to Google Analytics by redacting its last eight digits. Only in exceptional cases such as juridical major force or legal obligations, a complete IP address may be forwarded in complete form. Then, the redacted IP address associated with the user’s browser in the context of Google Analytics activities shall not be crossed any longer with other Google data.

Google’s Privacy Shield certification guarantees compliance with EU regulations on data processing security. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

For further information, please visit the following page: https://www.google.com/intl/it_ALL/analytics/learn/privacy.html

Google Analytics can be disabled through the following link: https://support.google.com/analytics/answer/181881?hl=it

 

 

10.3 How to use social media plug-ins

The plug-in icons of Social Media Platforms like Facebook, Instagram, LinkedIn, and WhatsApp are active on our web pages. By clicking on the icon of the respective social media platform, the user gets linked to that server and the main web page of that platform opens. In that context, our website transmits the social media platform your IP address, along with the web pages browsed by you on our site and the timing of such visits.

If you have already logged in as a member into a social media platform while browsing our site, the platform server will store the aforesaid information (i.e., your IP address, along with our website pages browsed and the respective visiting time) on your personal account on that platform. This makes it possible for the social server to associate the anonymized information provided by our server when you plugged in with your user’s name on their platform. Hence, in certain cases, it could even be possible for the platform to identify your legal name and associate such information with your social media account.

You can prevent such occurrences by logging out of social media before using the plug-in icon on our website. You can find more extensive information on data collection and use by Facebook, Twitter, and Instagram, along with all you need to know about your rights and resources in the matter of privacy safeguard on the privacy policy statements of all the social media platforms.

Privacy and Cookies Policy updated on 05/07/2022