Data Controller
Data Processors

The Data Controller is DuskRise, with registered office in New York, 350 5th Avenue, 10118, e-mail pr*****@du******.com. The updated list of Data Processors is available at the Controller’s office.

Types of data processed

The following data may be collected and processed: name, surname, date and place of birth, tax code, address and city of residence and telephone number/s. As part of the investigation, further personal data may be collected, the nature of which is not predictable and may fall into the following categories:

• Email associated with natural persons;
• Username or account identifier and associated obscured password associated with a natural person.

 

Purposes and legal basis of the processing

The data collected will be processed for the management of contractual obligations and for the fulfilment of obligations provided for by current legislation. The processing of personal data for the aforementioned purpose does not require your consent as the processing is necessary to fulfil a contract in question, as well as to fulfil legal obligations in accordance with art. 6, c. 1, lett. b) and c) of the GDPR.

Recipients or categories of recipients

The data may be made available, made known to or communicated to the following parties, who will act, depending on the cases, as autonomous controllers, data processors or appointed parties, in the exercise of their functions:

• companies of the group of which the Controller is part (controlling, controlled and affiliated companies), employees and/or collaborators of the Controller and/or of companies of the group of which the Controller is part;
• public or private subjects, natural or legal persons, of which the Controller avails itself for the performance of activities instrumental to achieving the purpose referred to above or to which the Controller is obliged to communicate personal data, in compliance with legal or contractual obligations (e.g. client companies as autonomous controllers).

In any case, personal data will not be disclosed.

 

Retention period

The data collected will be processed for the strictly necessary time to execute the service and stored for a period not exceeding 6 (six) months from the termination of the contract.

Rights of access, deletion, limitation and portability

We inform you that, at any time, with regard to your data, you can exercise the rights provided for in the limits and conditions provided for by Articles 15-22 of the GDPR. For the exercise of these rights, described below, we ask you to contact the Controller via the Privacy office at the email address: pr*****@du******.com A response will be provided in the timeframes provided for by the GDPR. In detail, the Data Subject has the right to:

• request access, rectification or erasure (“Right to be Forgotten”) of personal data or the restriction of processing of personal data concerning him/her or to object to such processing;
• obtain data portability;
• submit a complaint to the supervisory authority, in the manner described on the website www.garanteprivacy.it.

 

Updates

This Privacy Policy will be subject to updates. The Controller invites you, therefore, to periodically visit this page.