HUBCORE.AI Ltd - Privacy Policy and Cookies

NOTICE ON THE PROCESSING OF PERSONAL DATA (pursuant to Article 13 of Regulation (EU) 2016/679)

Notice to Consumer customers pursuant to the data protection legislation

Dear Customer,

pursuant to Articles 13 and 14 of Regulation 2016/679/EU (General Data Protection Regulation – hereinafter GDPR), HUBCORE.AI Ltd provides you with the Information regarding the processing of your personal data.

Regulation (EU) 2016/679 (GDPR) provides for the right to protection of natural persons with regard to the processing of data. In compliance with this legislation, with reference to your personal data provided to us, Hubcore.ai Ltd wishes to inform you in advance, pursuant to Articles 12 and 13 GDPR, that such processing will be based on principles of lawfulness, fairness, transparency, and protection of your privacy and your rights as enshrined in Article 5 GDPR.

The "Data Controller" is Hubcore.ai Ltd, with registered office at Piazza G.Galilei 15, 09128 Cagliari, VAT number: 03188540920.

At any time, you can contact the Data Controller through the following channels:

Phone: +39.070.05557433

Registered Mail: Hubcore.ai Ltd, Via San Tommaso D’Aquino 18A - 09134 - Cagliari

Email: info@hubcore.ai

CONTACT DETAILS OF THE DATA PROTECTION OFFICER

The "Data Controller", in accordance with Article 37 GDPR, has appointed a Data Protection Officer (DPO).

DPO Contact Details: marcoparamucchi@ordineavvocatiroma.org

1) CATEGORIES OF PERSONAL DATA

HUBCORE.AI Ltd acquires and processes your personal data, such as:

Common data as per Article 4, point 1, GDPR: personal data (name, surname, gender, date and place of birth, tax code), contact data (landline and/or mobile phone number, postal and email address), access and identification data (e.g. username, password); data related to the products sold and services activated, billing data, payment data (IBAN, credit card details, etc.); data on the status and punctuality of payments, data relating to identification documents. Through cookies (mentioned below), it is possible to acquire and process data related to products, devices used (e.g., brand and model), and technical data, data related to contacts made with HUBCORE, data related to telematic traffic, connection data (e.g., IP address), and internet browsing data, profiling data, localization data;

When requesting a demo or contact through the website https://hubcore.ai/en/, the user connects to the platform at https://www.hubcore.ai, through which it is possible to request an appointment for the software products offered by Hubcore.ai Ltd. The data entered by filling in the appropriate fields will be processed exclusively for specific, explicit, and legitimate purposes and subsequently processed in a way that is not incompatible with those purposes. Specifically, HUBCORE.AI Ltd will process your personal data collected solely for the following purposes:

2) PURPOSES FOR WHICH DATA PROCESSING IS NECESSARY AND RELATED LEGAL BASIS

Your personal data, provided by you and/or acquired from third parties, even during the contractual or pre-contractual relationship, will be processed by HUBCORE.AI for the following purposes: related to the execution of the contract, including the pre-contractual phase: a) provision of requested services and management of the contract; b) technical maintenance, including remote, to ensure the highest level of service quality; c) delivery, installation, and maintenance of products, software, and/or devices; d) billing, including on behalf of third parties, of fees, traffic, and any additional products/services; e) assistance and management of any complaints and disputes; f) customer satisfaction survey; g) management of late/non-payments and credit recovery; h) assignment of credit to authorized companies; i) payment of fees through financing provided by a consumer credit company; l) retention and use of accounting data related to payment punctuality for reward policies; m) potential participation in reward or loyalty programs; n) ensuring the finalization and execution of the booking and provision of the requested service; o) communicating data to third parties who perform functions necessary or instrumental to the provision of the requested services; p) administrative, accounting, and fiscal management of practices related to the requested services; q) retention and archiving of the practice related to the requested service. The processing of your data for the above purposes is necessary to allow the booking of the services requested by the User, as well as to fulfill legal obligations to which the Data Controller is subject. The data provided by you will be processed for administrative management and for possible access to the services and products offered on the company's websites/portals, including: viewing invoices, checking the status and execution of payments, verifying the status of requests and/or fault reports, assistance, purchasing products and/or services. Specifically, if you intend to use the online or telephone technical assistance service, we inform you that for the execution of checks on the correct functionality of the line and modem, data relating to its configuration, connection methods, and related connected devices will be collected; technical data of the personal computer, browser, email client, and related configuration will be transmitted along with the ticket you send to HUBCORE Customer Care.

To pursue its legitimate interest in preventing non-payment and fraud in the activation and management of new or additional contracts, HUBCORE.AI Ltd may: i) acquire directly or through third-party companies information on your reliability and punctuality in payments from public archives or registers (e.g., adverse registrations and protests) and from credit information systems (e.g., financing relationships), as well as consult internal data already acquired (including those related to payments and any complaints) in relation to the contract to be activated and those possibly in progress or terminated with our Company; in this context, synthetic results or judgments (score) based on public data, credit information, and internal data may be processed and/or acquired, which will be retained by HUBCORE.AI for the time necessary to perform activities related to the perfection of the contract and for the management of any requests you may have for access to personal data and to prevent fraudulent activities; ii) verify the validity of the IBAN and its correct association with the Tax Code of the account holder provided for bank domiciliation, also communicating this data to any external Data Processors (the updated list is available upon request via email at info@hubcore.ai) for the purpose of verifying the authenticity of the data contained in the documents provided by customers (where deemed useful to ascertain their identity), as well as for exchanging information necessary for the prevention of fraud and combating identity theft. Your personal data may also be processed by HUBCORE.AI to pursue its legitimate interest to the extent strictly necessary and proportionate for administrative purposes, as well as to detect and counter non-compliant or fraudulent behavior (e.g., fraud).

Your personal data may be processed by HUBCORE.AI to assert or defend a right in court, as well as to fulfill legal obligations provided for by laws, regulations, or EU legislation and orders from supervisory authorities or other legitimate institutional entities (e.g., for sending communications as a result of urgent measures).

The provision of your data is necessary to achieve the above purposes; failure to provide, partial or inaccurate provision may result in the inability to provide the requested services.

3) FURTHER PURPOSES OF PROCESSING PURSUABLE WITH CONSENT

In case you have given specific consent at the time of activating the requested service or later, and in case of subscription to the newsletter service, HUBCORE.AI Ltd will process your personal data also for the following purposes: your personal data may be processed by HUBCORE.AI, using automated contact methods (SMS, MMS, fax, voice calls, email, and web applications) and traditional methods (phone calls with an operator), for marketing purposes, i.e., sending advertising material, direct sales, conducting market research, and commercial communication, regarding the offer of HUBCORE.AI products and services.

Moreover, if you consent, your personal data (including usage and access methods to the service, devices used, internet traffic, and browsing data) may be processed by HUBCORE.AI for profiling activities, in order to identify your specific behaviors and consumption habits, also through electronic processing, to improve the quality of services provided, meet your needs, and direct commercial proposals of interest. However, HUBCORE.AI may process the above data in aggregated form, in compliance with the measures prescribed by the Data Protection Authority and by virtue of the specific exemption from consent based on HUBCORE.AI's legitimate interest provided by the same Authority and/or data protection impact assessments previously carried out by HUBCORE.AI. These aggregated data processing activities are carried out to conduct analyses and electronic processing (e.g., classifying the entire customer base into homogeneous categories based on service levels, consumption, possible needs, service satisfaction, etc.) aimed at periodically monitoring the economic development and performance of HUBCORE.AI's activities, guiding related industrial and commercial processes, improving services and tariff plans, designing and implementing commercial communication campaigns through targeted and more satisfying offers. Moreover, after anonymization, the aforementioned data may be used for processing solely for statistical analysis purposes, without any direct effect on individual customers. For the methods of exercising the right to object, please refer to point 10 below.

If you consent, your personal data may be communicated by HUBCORE.AI to Group companies and affiliated companies (the updated list is available upon request via email at info@hubcore.ai), which will process them as independent Controllers for their marketing purposes, using automated contact methods (such as SMS, MMS, fax, voice calls, email, and web applications) and traditional methods (such as phone calls with an operator), until you express opposition to each of the Group companies and affiliated companies.

4) FURTHER PURPOSES OF PROCESSING FOR RECEIVING THIRD-PARTY ADVERTISING WITH CONSENT

If you have given specific consent at the time of activating the requested service or later, your personal data may be processed by HUBCORE.AI to communicate and/or send, using automated contact methods (such as SMS, MMS, fax, voice calls, email, and web applications) and traditional methods (such as phone calls with an operator), advertising material and commercial information from third parties. HUBCORE.AI may therefore send information and commercial offers, including from partner companies, in line with preferences and consumption habits detected through tracking of the user's browsing on the web pages of the site and from accesses made through the selection of offers sent via email; send advertising and informative material and/or commercial communications, including interactive ones. For sending personalized advertising information/newsletters, the data may be communicated to third-party companies, including outside the European Union, in compliance with the principles set out in Regulation EU 2016/679. For the processing of your personal data for the purposes stated in this section, your consent is required, which can be expressed by ticking the dedicated box on the web page containing the online form. Regarding user profiling activities and sending personalized advertising information/newsletters, HUBCORE.AI Ltd informs you that when you choose to register for our newsletter services by filling in the online form fields or accessing the website by clicking on a link in an email/newsletter, the website https://www.hubcore.ai tracks user interactions with the website and information provided by the browser, such as the detected geographical area, IP address, and repeated visits through the use of cookies released by Hubspot Inc.'s marketing automation software. In other cases, when not accessing via a click from the newsletter or not filling in the online form fields, data processing takes place exclusively in anonymous form.

5) WITHDRAWAL OF CONSENT

The provision of your data and your consent for the processing purposes mentioned in sections 3) and 4) is optional but may serve to improve our products and services and communicate updates of interest to you. You can still verify and withdraw any consent given for these purposes at any time by accessing the dedicated corporate portal for customers, contacting the free phone numbers: +39.070.05557433, or Registered Mail: Hubcore.ai Ltd, Via San Tommaso D’Aquino 18A - 09134 – Cagliari, or Email: info@hubcore.ai

In particular, the User who no longer wishes to subscribe to HUBCORE.AI Ltd's personalized advertising information/newsletter service can unsubscribe using the procedure described in the emails sent upon the user's request. Additionally, users who wish to be permanently removed from the archives can make an express request to info@hubcore.ai, or through the newsletter unsubscribe procedure as indicated above. You also have the right to partially oppose the processing of your data for marketing purposes (through automated or traditional contact methods). Following any denial or withdrawal of the aforementioned consent, HUBCORE.AI will process your data for the sole purposes indicated in section 2). The withdrawal of consent, however, does not affect the lawfulness of the processing based on the consent before its withdrawal.

6) RETENTION OF PERSONAL DATA

HUBCORE.AI will retain your personal data for a period not exceeding the achievement of the purposes for which they were collected or subsequently processed, as well as for the period provided by law for administrative purposes, management of any complaints, disputes, or criminal proceedings. Specifically, profiling data will be retained for 15 months, while data on the status and punctuality of payments and any complaints within ongoing or terminated contracts will be retained for up to five years from the date of any termination of the contractual relationship with HUBCORE.AI and, in any case, as long as the state of delinquency persists and credit recovery activities are ongoing.

Data processing is carried out through paper-based or computerized procedures by authorized internal personnel. These individuals have access to personal data to the extent necessary to perform processing activities related to you. Data, especially those belonging to special categories, are processed separately from others using pseudonymization or aggregation methods that do not allow easy and immediate identification of you. Additionally, to ensure the confidentiality and integrity of the personal information provided to us, personal data will be processed in a way that ensures adequate security, including protection through appropriate technical and organizational measures, from unauthorized or unlawful processing and accidental loss, destruction, or damage. HUBCORE.AI Ltd periodically checks the tools by which data is processed and the security measures provided for them, ensuring constant updating; it verifies, through authorized personnel, that unnecessary personal data is not collected, processed, stored, or retained, or that their purposes are fulfilled; it ensures that data is stored with guarantees of integrity and authenticity and used for the purposes of the processing activities actually carried out. HUBCORE.AI Ltd guarantees that data that, even after checks, is found to be excessive or irrelevant or unnecessary will not be used unless for the lawful retention, as per the law, of the document or document containing it. The data requested from you will be retained in a form that allows your identification for a period not exceeding the achievement of the purposes, after which your data will be permanently destroyed or anonymized in a permanent and irreversible manner. Specifically, concerning the purposes stated above, personal data will be retained according to the following criteria:

Additionally, data relating to the provision of services or products will be retained from the date of generation: a) for a maximum period of six months for billing and/or payment claims purposes, subject to further specific retention required as a result of a dispute, including judicial; b) for the period established in the contracts you may have entered into for the provision of value-added services and marketing services; c) up to seventy-two months for criminal purposes.

7) METHODS AND LOGIC OF PROCESSING

Data processing will be carried out manually and/or through computerized and telematic tools, with data organization and processing logics, related to the above purposes and, in any case, to ensure the security and confidentiality of data and communications.

Data will be retained at the aforementioned registered office of the Controller and may be communicated to other recipients for the performance of legal obligations, in compliance with all your rights. Data may be processed by authorized and instructed personnel, appointed to manage activities necessary to achieve the purposes.

Additionally, in case of a contact request, through the "REQUEST A DEMO" or "SEND APPLICATION" form or through access to the "CLIENT ACCESS" reserved area, personal data of the user, including those relating to access logs and activities carried out in the authenticated area of the site called "CLIENT ACCESS", will be retained for the same purposes and periods. The communication of personal data for the purposes just mentioned ("REQUEST A DEMO", "SEND APPLICATION", "CLIENT ACCESS") is optional but necessary to allow the booking of the requested services. The failure or incorrect communication of one of the information we need and marked as mandatory, will have as main possible consequences the inability to use the requested services and proceed with the contractual relationship. The failure to communicate information not marked as mandatory will have no impact on the provision of the requested service booking.

8) DATA CONTROLLER, DATA PROTECTION OFFICER, AND CATEGORIES OF AUTHORIZED PERSONS

The "Data Controller" is Hubcore.ai Ltd, with registered office at Piazza G. Galilei 15, 09128 Cagliari, VAT number: 03188540920. At any time, you can contact the Data Controller through the following channels:

Phone: +39.070.05557433

Registered Mail: Hubcore.ai Ltd, Via San Tommaso D’Aquino 18A - 09134 - Cagliari

Email: info@hubcore.ai

The "Data Controller", in accordance with Article 37 GDPR, has appointed a Data Protection Officer (DPO).

DPO Contact Details: marcoparamucchi@ordineavvocatiroma.org

Your personal data will be processed by HUBCORE.AI employees, who have been appointed as authorized persons for the processing of personal data and have received appropriate operational instructions in this regard.

9) CATEGORIES OF THIRD PARTIES TO WHOM DATA MAY BE DISCLOSED AS CONTROLLERS OR WHO MAY BECOME AWARE OF IT AS PROCESSORS

Where necessary, for the declared purposes, some processing of your personal data may also be carried out by third parties, including Group companies, to whom HUBCORE.AI entrusts certain activities (or parts of them) to pursue the purposes referred to in point 2) functional to the provision of the services requested by the customer and, if you have given consent, for the further purposes referred to in points 3) and 4). In such cases, these external parties, who will act as Data Processors, are essentially included in the following categories: credit recovery companies, companies responsible for printing and sending invoices to customers, consultancy companies (in particular, accounting and tax), credit assignment companies, technological service providers for the administrative management and booking of tourist services as well as Content Providers and CRM.

Personal data is mainly processed within the European Union, but third parties (Data Processors) may also be established abroad, in EU or non-EU countries; in the latter case, data transfer is carried out based on the existence of a European Commission decision on the adequacy of the level of data protection in the non-EU country or based on the appropriate and suitable safeguards provided for by Articles 46 or 47 GDPR (e.g., signing the "standard contractual clauses" for data protection adopted by the European Commission) or other legitimate transfer criteria provided for by Article 49 GDPR (e.g., execution of the requested or existing contract, customer's consent). These parties will act as independent Controllers or be designated Data Processors and are essentially included in the following categories: a) Subjects to whom HUBCORE.AI entrusts the creation and maintenance of computer/telematic systems and connections and/or the delivery, installation, and maintenance of devices and products; b) Subjects (e.g., call centers) to whom HUBCORE.AI entrusts customer assistance, advertising, promotions, and sales activities; c) Subjects to whom HUBCORE.AI sends the tax code/VAT number and IBAN to verify the correctness and validity of customer data; d) Credit recovery companies and credit assignment companies; e) Companies operating in the field of fraud prevention and providing credit, economic, and commercial information services; f) Companies that process data for billing; g) Companies responsible for printing and sending invoices and/or other documentation to customers; h) Banks and companies specialized in consumer credit for providing financing; f) Consultants; g) Agents, Business Finders, and Dealers; h) Companies conducting market research and surveys; o) Supervisory authorities (e.g., Data Protection Authority), Revenue Agency, Judicial Authority, Ministry of Economy and Finance, and any other legitimate public entity requesting data. For some services, we use tools (by way of example and not exhaustive, online services provided by Google LLC., Hubspot Inc., Survey Monkey Inc., along with their respective European subsidiaries) from companies headquartered in the United States of America in compliance with the standard clauses aimed at protecting the rights of the data subject according to GDPR provisions. For a better and more detailed information, it should be noted that the email service related to the Platform relies on the email service provided by Gmail managed by Google LLC, based in Mountain View, California, along with European subsidiaries, the list of which is available here (hereinafter "Google"). If the data subject does not intend to share information and personal data through Google, please do not send such information and data to the aforementioned email address and agree with the Company on another sharing method. The Company also uses software services, particularly for creating specific online information request forms, offered by www.hubspot.com, by HubSpot Inc. (hereinafter "HubSpot"), based at 25 First Street, Cambridge, MA, USA, and affiliates. Data processing collected through this service takes place in accordance with the guarantees provided by HubSpot's privacy policy (which also includes a complete list of its affiliated companies), available at this address. HubSpot declares to comply with the principles established by GDPR and the so-called Privacy Shield, the regulatory framework defined by the United States and the European Commission. It is currently on the list of companies covered by the Privacy Shield, available at this address: www.privacyshield.gov For creating specific customer feedback survey questionnaires, the Company uses services offered by www.surveymonkey.com, provided by SurveyMonkey Inc. (hereinafter "SurveyMonkey") based at 1 Curiosity Way, San Mateo, California, and affiliates (the list of which is available at the following link: https://www.surveymonkey.com The processing of data collected through this service will in any case comply with the guarantees provided by SurveyMonkey's privacy policy, available at this address https://uk.surveymonkey.com/. For more information on the security guarantees offered by SurveyMonkey in the processing of personal data, you can view a summary document (the so-called "White Paper") at this address: https://www.surveymonkey.com/resources/gdpr-white-paper/?ut_source=mp&ut_source2=gdpr&ut_source3=cta_button SurveyMonkey declares to comply with the principles established by GDPR and the so-called Privacy Shield, the regulatory framework defined by the United States and the European Commission. It is currently on the list of companies covered by the Privacy Shield, available at this address: https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active https://www.surveymonkey.com.

The communication of personal data for the purposes referred to in points 3) and 4) is optional and is conditioned by your explicit and express manifestation of consent. If consent is not given, all requested services will still be guaranteed, without any prejudice to the data subject. It will be your responsibility to notify the Data Controller of any changes to the data subject to processing, to ensure proper use of the requested services, without prejudice to your right to rectification.

10) RIGHT OF ACCESS TO PERSONAL DATA AND OTHER RIGHTS

You have the right to access your data at any time and exercise the other rights provided by Articles 15 to 22 of the GDPR (e.g., request the origin of the data, rectify inaccurate or incomplete data, restrict processing, delete or forget data, data portability, as well as object to their use for legitimate reasons or withdraw consent for the purposes mentioned in points 3) and 4)), by contacting the free phone numbers: +39.070.05557433, or Registered Mail: Hubcore.ai Ltd, Via San Tommaso D’Aquino 18A - 09134 – Cagliari, or Email: info@hubcore.ai. Furthermore, the always updated text of the information notice is available on the website https://www.hubcore.ai. Finally, you have the right to lodge a complaint with the Data Protection Authority.

Below is a brief description of the aforementioned rights and their provisions:

10.1 RIGHTS OF THE DATA SUBJECT:

Right to complain to the supervisory authority

Without prejudice to any other administrative or judicial remedy, the data subject who considers that the processing of personal data relating to him or her infringes Regulation (EU) 2016/679 has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work, or place of the alleged infringement.

Art. 15 GDPR - Right of access by the data subject

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed and, where that is the case, access to the personal data and the following information:

1. a) the purposes of the processing;
2. b) the categories of personal data concerned;
3. c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
4. d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
6. f) the right to lodge a complaint with a supervisory authority;
7. g) where the personal data is not collected from the data subject, any available information as to their source;
8. h) the existence of automated decision-making, including profiling referred to in Article 22(1) and (4), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.”

Art. 16 GDPR - Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.”

Art. 17 GDPR - Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2), and where there is no other legal ground for the processing;
3. c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
4. d) the personal data have been unlawfully processed;
5. e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
6. f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

1. a) for exercising the right of freedom of expression and information;
2. b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
4. d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. e) for the establishment, exercise, or defense of legal claims.

Art. 18 GDPR - Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

1. a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
4. d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

Art. 20 GDPR - Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

1. a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
2. b) the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Art. 21 GDPR - Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Art. 22 GDPR - Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. 

Paragraph 1 shall not apply if the decision: 

1. a) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
2. b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
3. c) is based on the data subject's explicit consent.

In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. 

Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

Edition: 3 July 2024

Web Privacy Policy & Cookie

This Privacy Policy aims to describe the management methods of the Site https://www.hubcore.ai, concerning the use of cookies and other tracking tools (hereinafter all referred to simply as "cookies") and the processing of personal data of users/visitors who consult it.

This information is provided pursuant to Regulation 2016/679/EU (General Data Protection Regulation - hereinafter GDPR), Article 122 of the Personal Data Protection Code (Legislative Decree 196/03, the so-called Privacy Code), and the General Provision of the Privacy Guarantor of 8 May 2014 on cookies, as supplemented by the Privacy Guarantor Guidelines of 10 June 2021 on cookies and other tracking tools, to those who connect to the site: https://hubcore.ai/it/

This Privacy Policy is provided only for the aforementioned site (hereinafter "Site" or "this Site") and related possible subdomains, but not for other websites that may be consulted by the user through specific links.

The above-mentioned site is owned and managed by HUBCORE.AI Ltd, which guarantees compliance with the regulations on the protection of personal data, consistently with the legal provisions and internal company regulations.

Users/visitors are invited to read this Privacy Policy carefully before submitting any personal information and/or filling out any electronic form on the Site and, in general terms, using the Site itself.

TYPES OF DATA PROCESSED AND PURPOSE OF THE PROCESSING

1. NAVIGATION AND DEVICE DATA

The computer systems and software procedures used to operate this Site acquire, during their normal operation, some technical information, including: the IP address; domain names of the computers used by users who connect to the Site; the identifier, brand, model, and other parameters related to the operating system of the device; the code indicating the response status data provided by the server; the type of browser; the identifier of the individual session with temporal indications of the start and end of the browsing session; the possible identifier of the account and the activities carried out on the Site, etc.

This information is used to check the correct functioning of the Site, for statistical purposes, and, with consent, for profiling purposes (if provided). This information is kept for a period not exceeding the achievement of the purposes for which it is collected or subsequently processed, as well as for the period required by law for administrative purposes, managing any complaints/disputes, for any ascertainment of computer crimes against the Site or criminal proceedings.

Additionally, in case of a contact request, through the "REQUEST A DEMO" or "SEND APPLICATION" form or through access to the "CLIENT ACCESS" reserved area, personal data of the user, including those relating to access logs and activities carried out in the authenticated area of the site called "CLIENT ACCESS", will be retained for the same purposes and periods. Please refer to the extended and updated Privacy Policy always present on the site, to learn about the purposes of the processing, data retention indications, processing methods, and overall rights of the data subject.

No data derived from the web service will be disseminated.

2. COOKIES

2.1 General information on cookies

Cookies are small text files that websites visited by users send to their devices (usually to the browser or a smartphone), where they are stored to be retransmitted to the same sites during subsequent visits using the same device. Additionally, each site can allow the transmission of so-called third-party cookies, i.e., those generated by websites other than the one the user is visiting (through objects in it such as banners, images, maps, sounds, specific links to web pages of other domains).

Depending on their duration, they are classified as session cookies (i.e., temporary and automatically deleted from the terminal at the end of the browsing session by closing the browser) and persistent cookies (i.e., those that remain stored on the terminal until their expiration or deletion by the user).

Cookies have different purposes. They are primarily used for communication transmission or to provide the service requested by the user; more precisely, they allow enabling and optimizing the website's functioning, performing IT authentications, and preventing abuses, monitoring sessions, improving users' browsing experience, for example by keeping the connection to reserved areas active during navigation through the site's pages without the need to re-enter User-Id and password, and storing specific information about users themselves (including preferences, the type of browser and computer used). They can also be used (anonymously if third-party) to perform aggregate analysis on the site's functioning, the number of users, and how they visit the site.

The aforementioned cookies are called "technical" (for their use, the user's consent is not required), as without them, some of the mentioned operations could not be performed or would be more complex and/or less secure. The technical cookies used by the site for: a) authentication and management of a browsing session (e.g., to identify and validate the user for access to the Reserved Area); b) security purposes (e.g., to keep track of the number of failed logins identifying possible authentication abuses and preventing fraud); c) user interface customization (e.g., to record user preferences such as language, currency, page display format, connection area); d) better usability of the site and its audiovisual content; e) proper functioning of the connection (e.g., appropriately directing user requests among multiple servers).

On the other hand, if cookies are used for additional purposes, typically for (i) behavior analysis, possibly also through tracking the authenticated user using different devices, and sending personalized promo-advertising messages (so-called "profiling" cookies) and/or (ii) obtaining aggregate statistics on the number of users and how they visit the site (so-called "analytics cookies"), the user's consent is required (unless the third-party analytics cookies have been anonymized). Indeed, before sending these types of cookies to the terminal, according to current regulations, when accessing the home page or another page of the site, a banner with brief information on the use of cookies and the request for consent is immediately shown in the foreground, which the user can give (by clicking the "accept" button) or refuse (by clicking, for example, the "X" or the "Continue without accepting" button at the top right of the banner). Alternatively, the user can click on the preference management panel (also known as CMP - Cookie-Consent Management Platform) to specifically set consents based on the desired cookies.

In any case, cookies can only be read or modified by the website that generated them; they cannot be used to retrieve any data from the user's terminal and cannot transmit computer viruses. Some cookie functions can also be performed by other technologies; therefore, in the context of this web privacy policy, the term "cookies" refers to cookies and all similar technologies. Profiling cookies, i.e., cookies that allow the collection of information related to the user/visitor's internet use, purchases made, and content enjoyment to identify consumption habits and thus personalize content and advertisements, send users/visitors advertising in line with their preferences, measure the effectiveness of the advertising message, and adopt consequent commercial strategies.

Among the profiling cookies, service personalization cookies can be included, allowing the Site to provide functionalities and/or personalizations not strictly necessary for its operation but that would improve the user/visitor's service experience, such as customizing Site content according to the user's interests. Before sending these cookies to the terminal and therefore before starting to process data for these purposes, HUBCORE.AI collects the user/visitor's consent through the following methods: clicking the "accept" button within the banner containing the first brief information or the personalized cookie consent management through the dedicated management panel, accessible within the banner. If the "Continue without accepting" button at the top right within the banner is clicked, the user/visitor will deny consent to all profiling cookies. Consent is tracked by sending a specific technical cookie to the browser, ensuring the integrity of the user's choices and their traceability to this Site. HUBCORE.AI may entrust the installation and management of profiling cookies, for which consent collection is required, to technical providers (appointed by HUBCORE.AI as Data Processors). The user/visitor can oppose these treatments, in addition to clicking the "Continue without accepting" button at the top right within the banner, by accessing the preference management panel via the link available in the footer of each page of the Site domain or by deleting cookies on their browser/terminal, as detailed in the following paragraph.

2.2 Use of cookies by this Site

This Site may use technical cookies, session cookies, and persistent cookies.

The types of cookies generated and transmitted by this Site are:

• Google Analytics - Analytics (_utma, _utmt, _utmb, _utmc, _utmz, _utmv)

https://support.google.com/analytics/answer/6004245?hl=it Google Analytics is a Google analysis tool that helps website and app owners understand how visitors interact with their site's content (pages visited, browsing time, etc.) by providing useful statistics aimed at optimizing and improving navigation on the website without identifying the navigator

• Google Adwords – Profiling

https://support.google.com/adwords/answer/2407785?hl=it Facilitates the search on Google for services offered by Charming without collecting or monitoring information that can personally identify a user

• Hubspot - Profiling Cookies (__hstc, __hssrc, __hssc, hsfirstvisit, hubspotutk)

http://www.hubspot.com/legal/privacy-policy These cookies are used to send marketing messages most suited to the User's interests. They can also be used to limit the number of times the User sees a promotional message and to measure the effectiveness of marketing campaigns.

Hubspot.com is marketing automation software. Hubspot.com sets cookies that track User interactions with our site. Hubspot.com also tracks information provided by the browser, such as the detected geographic area, IP address, and repeated visits. Users remain anonymous unless they provide personal information by filling out forms or accessing our site by clicking on a link in an email message from Hubspot.com.

• Facebook - Profiling

https://www.facebook.com/help/365596123604315 Cookies are used to collect, anonymously, information about users who view and interact with ads, visit our websites, and use our applications.

• Hotjar - Profiling

We use Hotjar to understand our users' needs and optimize their browsing experience on our website (e.g., how much time they spend on which pages, which links they choose to click, what they do and do not like...). This allows us to build and manage our website based on user feedback. Hotjar uses cookies to collect data on our users' behavior and their devices, in particular the device's IP address (collected and stored only in anonymous form), screen size, device type, browser information, geographic location (country only), and the language of navigation). Hotjar stores this information in a pseudonymized user profile. The information will not be used to identify individual users or to associate it with additional data about a single user. For more details, you can consult the Hotjar privacy policy.

You can opt-out of the creation of a user profile, the storage of Hotjar data on your use of our site, and the use of Hotjar tracking cookies on other websites by following this opt-out link: https://www.hotjar.com/legal/compliance/opt-out

Analytical cookies are directly managed and used by HUBCORE.AI Ltd to collect aggregated/statistical information on the number of users and how they visit this Site.

Unless consent is withdrawn, the user/visitor may receive promotional messages/content based on their interests until the profiling cookies expire. HUBCORE.AI profiling cookies will be stored on the device for 12 months from the user's/visitor's last navigation event on this Site; thereafter, they will be automatically deleted from the device.

HUBCORE.AI uses analytics services provided by third parties to collect information regarding the browser, device, internet connection, geographic area from which the user is connected, IP address (partially or fully masked), pages visited on this Site, and to produce aggregated statistics on the number of users and how they visit this Site (possibly broken down by geographic area, time zone of the connection, and other characteristics), for the purpose of optimizing it.

The system is configured so that such analytics cookies are equated to technical cookies, in accordance with the Privacy Guarantor's Guidelines of 10 June 2021 (e.g., through the full or partial masking of the IP address used by the user).

This Site also allows the transmission to the user's device of third-party cookies with which HUBCORE.AI collaborates. HUBCORE.AI, as a technical intermediary, sends these cookies but does not control or access the information provided/acquired. For these cookies, it is possible to consult the information and manage the consents of the third parties by accessing the preference management panel. The cookies provided by third parties fall into the following categories:

1. profiling cookies of advertising and e-commerce operators, who manage the cookies to track the activities or purchases made by the user/visitor on this Site (also coming from other websites), typically to: (i) create profiles of users/visitors to personalize content and advertisements and send advertising messages on their potential interests on this Site and/or the sites of their affiliates; (ii) ensure proper attribution of commissions for the commercial transaction; (iii) measure the effectiveness of the advertising message (content and announcements) and adopt consequent commercial strategies (e.g., product development). These advertising operators can also use georeferencing data based on the IP address of the user/visitor to target localized ads and content and may also aggregate technical device data (which can be identified based on an active scan of the device's characteristics), determine the membership of multiple devices of the same user/visitor or their household, and/or match and combine online activity data with offline user/visitor data;
2. social media cookies, which allow, through plug-ins, content sharing among "logged in" members of the same social network; these cookies also allow monitoring of the browser, tracking its position and activities, and thus creating a profile of the user's interests.
3. performance cookies, which allow third parties to perform monitoring and their own aggregated/statistical analysis of the Site's usage by users and may retain the ability to identify the users themselves.

2.3. Coding criteria for cookies and retention times

The semantic coding criteria and retention times for each cookie are available within the dedicated cookie settings and consent management panel. Cookies can be managed by the user through their browser or this Site.

For the Cookie List and related retention times click here.

2.4 Managing cookie choices

Cookies can be managed by the user through their browser or this Site.

1. Browser settings

The user/visitor can manage their cookie preferences through the functionalities present in common browsers (Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari), which allow deleting/removing cookies (all or some) or changing the browser settings to block the sending of cookies or limit it to specific sites (compared to others). It is possible to know how to configure browser settings (usually accessible from the "Tools" bar) by visiting the "Support" web pages of the browser providers (also identifiable through a common search engine).

Disabling cookies does not itself preclude the use of the Site's services; however, if all cookies, including technical ones, are deleted/blocked, some operations may not be performed or become more complex and/or less secure, such as performing activities within the Site's Reserved Areas (cookies allow user identification to be performed and maintained during the session).

Settings to manage cookies with your browser.

HUBCORE provides below a list of links relating to major browsers with instructions on how to intervene on privacy and tracking preferences based on the type of browser used by the navigator:

- Mozilla Firefox: Blocking cookies

- Google Chrome: Managing site cookies and data

- Safari 6/7 (Mavericks): Manage cookies and other website data

- Safari 8 (Yosemite): Manage cookies and website data

- Internet Explorer: Blocking or allowing cookies

- Opera: Cookies

- Safari iOS (mobile): Web settings for Safari on iPhone, iPad, or iPod touch

Information to manage third-party cookies

- Google Ads: Settings for Google ads

- Google Analytics: Browser add-on to disable Google Analytics

- Facebook: Cookies, pixels, and similar technologies

You can set your browser to warn you when you receive a new cookie, delete individual cookies, or delete all cookies. You can enable and disable your cookies through the navigation bar that appears each time you access the site. Visit www.allaboutcookies.org for simple instructions on how to manage cookies on different browsers. Visit www.adobe.com/eeurope/special/products/flashplayer/articles/lso/ for a useful summary of how to manage Flash cookies.

Most advertising networks offer a way to disable advertising cookies. Visit www.aboutads.info/choices/ and www.youronlinechoices.com for useful information on how to do this.

Please note that if you choose to delete HUBCORE.AI cookies, access to some features and areas of our website may be degraded or limited.

1. Managing cookie consent on this Site

The user can express their choices regarding profiling cookies sent by this Site through the preference management panel accessible from the banner, from the link in the footer of each page of the domain of this Site to:

• revoke all or some previously given consents. In this case, the Site will update the previously installed consent cookie so that the user, based on the choices made, is no longer subject to profiling by HUBCORE.AI while browsing this Site. This option does not delete cookies already stored on the device (technical cookies remain active, while profiling cookies from HUBCORE.AI and third parties are "blocked" until expiration) but prevents the storage of further profiling cookies;
• deny consent to profiling cookies (e.g., the user/visitor, upon the first visit to this Site, directly clicks on the "Continue without accepting" button at the top right of the banner or accesses the dedicated management panel, denying consent to all cookies). In this case, the Site sends a specific denial cookie to the user's device, ensuring the integrity of the user's choices and traceability to this Site. Based on the choices made, this Site does not install profiling cookies on the device, and therefore the user will not be subject to profiling by HUBCORE.AI and/or third parties while browsing this Site.

For more information and to express your consent in an informed manner, we invite you to check the privacy policies by clicking on the links below:

Criteo SA Place of processing and information: France - Privacy Policy - Opt Out

Doubleclick by Google Place of processing and Information: USA Privacy Policy - Opt Out

Bing Ads Place of processing and Information: USA - Privacy Policy - Opt Out

3. DATA VOLUNTARILY PROVIDED BY USERS/VISITORS

Should users/visitors, connecting to this site, send their personal data to access certain services, or to make requests via email or by filling out web forms, this will involve the acquisition by HUBCORE.AI of the sender's address and/or any other personal data that will be processed exclusively to respond to the request or to provide the service.

The personal data provided by users/visitors will be disclosed to third parties only if the disclosure is necessary to fulfill the users/visitors' requests.

Processing methods

The processing is carried out through IT and telematic tools and/or manually for the time strictly necessary to achieve the purposes for which the data was collected and in any case, in accordance with the current regulatory provisions.

Optional nature of providing data

Apart from what is specified for navigation data, users/visitors are free to provide their personal data. Failure to provide them may result in the impossibility of obtaining what was requested.

Data Controller, Data Protection Officer, and categories of persons authorized to process data at HUBCORE.AI Ltd

The "Data Controller" is Hubcore.ai Ltd, with registered office in Piazza G. Galilei 15, 09128 Cagliari, CF/P.IVA: 03188540920. At any time, it is possible to contact the Data Controller through the following channels:

Phone: +39.070.05557433

Letter/Registered Mail AR: Hubcore.ai Ltd, Via San Tommaso D’Aquino 18A - 09134 - Cagliari

Email: info@hubcore.ai

The "Data Controller," in compliance with the provisions of Article 37 GDPR, has appointed the Data Protection Officer (DPO).

DPO contact details: marcoparamucchi@ordineavvocatiroma.org

Your personal data will be processed by HUBCORE.AI employees, who have been appointed as persons authorized to process personal data and have received appropriate operational instructions.

Rights of data subjects

Users/visitors have the right to access their data at any time and to exercise, where applicable, the other rights provided for by Articles 15 to 22 of the GDPR (e.g., to ask for the origin of the data, to correct inaccurate or incomplete data, to limit processing, to delete or forget, to data portability, as well as to object to its use for legitimate reasons), by contacting the toll-free number 119. Finally, users/visitors have the right to lodge a complaint with the Data Protection Authority.

For more information on privacy and to consult the latest updated version of the information provided by HUBCORE.AI to its customers, click here

Edition: July 3, 2024