Privacy Policy
This privacy policy aims to provide all information on the processing of personal data carried out by Cosmic S.r.l. when the user browses on the company's website (as better specified below).
1. INTRODUCTION - WHO ARE WE?
Cosmic S.r.l., with registered office in Via Bergamo 7, 20135 Milan (Italy), P.IVA no. 11660660967 (hereinafter, also the "Data Controller" or simply “Controller”), as the data controller of the personal data of users (hereinafter, the "Users") who browse and use the services available on the website (hereinafter, the "Website") provides below the privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, the "Regulation", or also the "Applicable Law").
2. HOW TO CONTACT US?
The Data Controller takes the utmost account of its Users’ right to privacy and the protection of personal data. For any information in relation to this privacy policy, Users may contact the Controller at any time, using the following methods:
- By sending a registered letter with return receipt to the registered office of the Controller: Via Bergamo 7, 20135 Milan
- By sending an e-mail to: hello@cosmic.tech
The Controller did not appoint a Data Protection Officer (DPO), because the Controller is not subject to the mandatory obligation to appoint it pursuant to art. 37 of the Regulation.
3. WHAT DO WE DO? - PURPOSE OF PROCESSING
By browsing the Website, the User can be kept up to date on the available contents and learn about the services and initiatives promoted by the Controller. In particular, through the form in the"Contact Us" section and/or through the "Are you a Creator?" section (hereinafter, jointly, the "Contact Section"), the User may contact the Controller for various purposes such as, purely by way of example and without limitation, to obtain more information on the services offered through the Website or to require to establish a collaboration with the Controller (hereinafter, the "Service").
In connection with the activities that may be carried out through the Website, the Controller collects personal data relating to the Users.
The personal data of the Users will be lawfully processed by the Controller for the following processing purposes:
- Request for contact and/or information. The User's personal data collected by the Controller for the purposes of contact requests and/or requests for information on the Website are those indicated from time to time in the appropriate contact form, which may include: first name, surname, e-mail address, telephone number, gender, city of residence and/or domicile, as well as all the User's personal information that he/she may voluntarily publish. The User's personal data will be used by the Data Controller for the sole purpose of ascertaining the User's identity, thus avoiding possible fraud or abuse, and contacting the User for service reasons only (e.g. responding to his/her contact request). Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances will the Data Controller make Users' personal data accessible to other Users and/or third parties.
- legal obligations, i.e. to fulfil obligations provided by the law, by an authority, by a regulation or by European legislation.
The provision of personal data for the above-mentioned processing purposes is optional but necessary, since failure to provide such data will make it impossible for the User to use the Service offered through the Website.
4. FURTHER PURPOSES OF TREATMENT
4.1 Editorial newsletter
With the User’s free and optional consent, some of the User’s personal data (i.e. name, surname, e-mail address) may be processed by the Controller also for the purpose of sending the newsletter. Therefore, the User will receive from the Controller a periodical newsletter that will contain updates on TikTok trends and news about short video platforms, as well as information and news in relation to the Website activities and/or initiatives of the Data Controller.
If consent is not given, the possibility of browsing on the Website and/or using the Service offered through the Website shall not be affected in any way.
In the event of consent, the User may withdraw it at any time by making a request to the Controller in the manner indicated in paragraph 9 below.
The User may also easily object to further sending of communications by clicking on the appropriate link for the withdrawal of consent, which is present in each e-mail containing the newsletter. Once consent has been withdrawn, the Controller will send the User an e-mail message confirming that consent has been withdrawn.
4.2 Marketing (sending of advertising material and commercial communications)
Some of the User's personal data (i.e. name, surname, e-mail, telephone number) may also be processed by the Data Controller for marketing purposes (sending of advertising material and commercial communications, direct sales or for carrying out market research), or so that the Data Controller may contact the User by post, e-mail, telephone (landline and/or mobile, with automated calling systems with and/or without the intervention of an operator) and/or SMS and/or other messaging systems to present the User with offers, promotions and commercial opportunities relating to the purchase of products and/or services offered by the Data Controller itself and/or by third party companies.
If consent is not given, the possibility of browsing on the Website and/or using the Service offered through the Website shall not be affected in any way.
In the event of consent, the User may withdraw it at any time by making a request to the Controller in the manner indicated in paragraph 9 below.
Should the User wish to withdraw his consent to the sending of promotional communications by telephone, please send a request to the Controller in the manner indicated in paragraph 9 below. Should the User continue to receive promotional messages after 24 hours have elapsed since withdrawing consent, please report the problem to the Controller using the contact details indicated in paragraph 9 below.
5. LEGAL BASIS
Request for contact and/or information (as described in par. 3(a)): the legal basis is Art. 6(1)(b) of the Regulation, i.e. the processing is necessary for the performance of a contract to which the User is party or for the performance of pre-contractual measures taken at the User's request.
Legal obligations (as described in par. 3(b) above): the legal basis is Art. 6(1)(c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.
Further processing purposes: for the processing relating to the activities of sending the editorial newsletter and marketing (as described in par. 4.1, 4.2 above), the legal basis consists of Article 6(1)(a) of the Regulation, i.e. the provision by the Data Subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Controller asks the User to provide specific free and optional consent to pursue each of these processing purposes.
6. PROCESSING METHODS AND DATA RETENTION PERIODS
The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, to guarantee the security and confidentiality of the data.
The personal data of the Users will be retained for the time strictly necessary to carry out the primary purposes explained in paragraph 3 above or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Data Controller.
In the case of paragraph 4 above, Users’ personal data will be retained for the time strictly necessary to fulfil the purposes set out therein and, in any case, until the User withdraws his or her consent.
In any case, any retention periods provided for by law or regulations are unaffected
7. SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA
The personal data of the Users may be disclosed to the employees and/or collaborators of the Controller in charge of managing the Site and the Users' requests. These subjects, who have been instructed in this sense by the Controller pursuant to art. 29 of the Regulations, will process the User's data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Law.
Users' personal data may also come to the knowledge of third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, by way of example, suppliers of IT and logistical services functional to the operation of the Website, suppliers of outsourcing or cloud computing services, professionals, and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller by making a request in the manner set out in paragraph 9 belo
8. COOKIE POLICY
This paragraph describes the characteristics and purpose of the cookies used on the Website, as well as instructions for opposing their use.
8.1 TYPES OF COOKIES
The Italian Data Protection Authority's Decision No. 229 of 8 May 2014, as supplemented and amended by the Guidelines of 10 June 2021, requires all website operators that use cookies or other tracking technologies to inform users of the types of cookies, if any, used by the website, and has categorised cookies into two macrocategories: 'technical' and 'profiling' cookies:
- Technical cookies: these are those used for the sole purpose of providing the services offered by the respective website. They are not used for any further purposes and are normally installed directly by the website owner or operator. They can be divided into navigation or session cookies, which ensure normal browsing and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, assimilated to technical cookies where they are used directly by the website operator to collect information, in aggregate form, on the number of users and how they visit the website; functionality cookies, which allow the user to browse the website according to a set of selected criteria (e.g. language, products selected for purchase) in order to improve the service provided to the same. Users are not required to give their prior consent for the installation of such cookies; however, they must be given the option of not saving them;
- Profiling cookies: these cookies have the function of creating profiles of the user and are used to send advertising messages in line with the preferences expressed by the user when browsing the internet. Due to the invasiveness that these tracking tools may have in the private sphere of Users, European and Italian regulations provide that the user must be adequately informed about their implementation on the website, to be able to express a valid consent to their saving.
8.2 TECHNICAL COOKIES USED BY THE WEBSITE
The Website only uses technical cookies necessary for the secure and efficient browsing on the Website.
The cookies used on this Website avoid the use of computer techniques potentially prejudicial to the confidentiality of Users’ browsing and do not allow the acquisition of personal data identifying the user.
This Website does not use profiling cookies.
9. RIGHTS OF THE DATA SUBJECTS
Users may exercise the rights guaranteed to them by the Applicable Law by contacting the Controller in the following ways:
- By sending a registered letter with return receipt to the registered office of the Controller: Via Bergamo 7, 20135 Milan
- By sending an e-mail to: hello@cosmic.tech
The Controller did not appoint a Data Protection Officer (DPO), because the Controller is not subject to the mandatory obligation to appoint it pursuant to art. 37 of the Regulation.
Pursuant to Applicable Law, the Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.
Furthermore, Users have the right to obtain:
a) access, updating, rectification, or, when interested, integration of data.
b) the cancellation, transformation into anonymous form or the restriction of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
c) certification to the effect that notification has been supplied of operations as per letters a) and b), as also regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.
Moreover, the Users have:
a) the right to revoke consent at any time, if the processing is based on their consent;
b) (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device);
c) the right to oppose to:
i) in whole or part, for legitimate reasons, the processing of personal data relating to him/her for legitimate reasons even pertinent to the purpose of collection;
ii) in whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;
iii) if personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling to the extent that it is related to such direct marketing.
d) if it is deemed that the processing concerning his/her personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which he/she usually resides, in the one in which he/she works or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).
The Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, the Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.