Effective March 25, 2023
Cynny S.p.A. (“Cynny”), enrolled at the Business Registry of Florence, VAT number No. IT06340560488, D-U-N-S® number 434193325, is committed to maintaining the privacy and security of your personal data under the applicable privacy legislation, including the General Data Protection Regulation UE 2016/679 (“GDPR”). The contact details of Cynny are indicated within the “Questions?” section below.
Categories of Business Users’ Personal Data we collect and how we collect it
– In the event that the Professional User initializes and uses the "Data Storage" module made available by the Service, Cynny also collects and makes it visible to the Professional User, statistical “emotional” data, aggregated daily, anonymous, not associated with natural persons, and therefore, to be considered currently not subject to any data protection regulation. For detailed information regarding such statistical data and the method of extraction and storage, please refer to the document at this link: How it works – Responsibility, Transparency and Clarity.
– As for the specific emotional analytics data, made available to Professional Users by the Service directly in the browser page or in the App of the Professional Users who integrated the Service (on their own domain or on their clients' domain), Cynny has no control over it, except for statistical purposes referred to in the previous paragraph. For detailed information regarding the method of extraction of such specific emotional analytics data, please refer to the document at this link: How it works – Responsibility, Transparency and Clarity.
– In any case, Cynny will not collect any special categories of personal data, as defined by Article 9 of the GDPR.
Methods of processing Business Users’ Personal Data
Purposes and legal basis of the processing of Business Users’ Personal Data
We may use the Business Users’ Personal Data you provide to us, in compliance with the applicable privacy legislation, when you use the Service, in the following ways:
- for the execution of pre-contractual and contractual obligations with the Business Users, including, without limitation, to allow us to provide you with a better service answering your requests and to quickly process your transactions. In this case, the legal basis for the processing of the Business Users’ Personal Data is the execution of an agreement of which you are part or, as applicable, the execution of pre-contractual measures adopted upon your request;
- to comply with the obligations provided for by the laws, the regulations and, in general, by the law applicable from time to time, to fulfill fiscal and accounting obligations or other obligations deriving from an order of the Authority that are related, directly and/or indirectly, to the Service. In this case, the legal basis for the processing of the Business Users’ Personal Data is the fulfillment of a legal obligation of the data controller;
- to exercise Cynny’s rights, including, but not limited to, the right to defence itself in Court and to carry out sale, assignment, merger or other transfer of all or a portion of Cynny’s business. In these cases, the legal basis for the processing of the Business Users’ Personal Data is the data controller’s legitimate interest.
- to send communications of promotional nature via email concerning the Service already purchased by the Business User and/or services similar to the same offered by Cynny ("Soft Spam Communications"); also in this case, the legal basis for the processing of the Business Users’ Personal Data is the data controller’s legitimate interest;
- to carry out direct marketing activities by sending newsletters. In this case the legal basis for the processing of the Business Users’ Personal Data is the consent that will be provided by the Business Users once they subscribe to the newsletter through the relevant consent form.
The provision and processing of the Business Users’ Personal Data for the purposes under points a), b), and c) above is necessary for the provision of the Service and does not require your consent. Any refusal to provide the requested Business Users’ Personal Data or their inaccuracy could make it impossible for you to use the Service.
It is acknowledged that the Business User may revoke his/her consent to receive the newsletter and/or communicate its intention to interrupt the delivery of Soft Spam Communications by sending an email to Cynny or by using the link found in each newsletter email or Soft Spam Communication, as indicated in the following section “Rights of the Business Users”.
Data retention. The Business Users’ Personal Data that are collected for the purposes identified under the above-mentioned section “Purposes and legal basis of the processing of Business Users’ Personal Data” may be stored, in accordance with the proportionality principle, for the fulfillment of contractual and legal obligations, including those of a social security and/or tax nature, for a period not exceeding (i) the data retention period provided for by the regulations in force for each category of data, and (ii) the limitation period provided for by law in order to enforce or defend a legal claim against you or against third parties, provided that the Business Users’ Personal Data collected for the sending of newsletter for the purposes identified under letter e) above will be stored for a maximum period of 24 months unless Business Users withdraw their consent previously.
At the end of the above-mentioned data retention periods, the Business Users’ Personal Data will be deleted or made anonymous.
The Business Users’ Personal Data of Business Users that delete their personal account, where applicable, will be no longer stored, unless such storage is specifically required by a legislative provision.
Disclosures Under Special Circumstances. As already indicated under the section above “Purposes and legal basis of the processing of Business Users’ Personal Data”, letter c), we may provide the Business Users’ Personal Data to respond to subpoenas, court orders, legal process or governmental regulations, or to establish or exercise our legal rights or defend against legal claims. We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any Business User or any other person, or as otherwise required by law.
Cynny understands that storing data in a secure manner is essential. Cynny stores the Business Users’ Personal Data and other data using industry standard physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while Cynny has endeavored to create secure and reliable Service for Business Users, the confidentiality of any communication or material transmitted to or from the Service or via e-mail cannot be guaranteed in case of breaches attributable to third parties or in any case outside of Cynny’s control.
Important Notices to European Business Users
The provided Business Users’ Personal Data are stored within the European Union. However, considering that the Service is available worldwide, as a result of technical services provided by third parties, the Business Users’ Personal Data may be transferred also to third countries outside the European Union subject to the verification of the existence of appropriate measures to ensure that the above-mentioned Personal Data is adequately protected in the country of destination, such as the existence of an adequacy decision of the European Commission, the adoption of standard contractual clauses for the protection of personal data pursuant to Article 46, paragraph 2, letters c) and d) of GDPR, or the adoption of the binding corporate rules pursuant to Article 47 of GDPR.
Rights of the Business Users
For EU regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22,
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.
2. The data subject has the right to be informed of:
- the source of the personal data;
- the purposes and methods of processing;
- the logic applied if the data are processed by electronic devices;
- the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
- the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.
3. The data subject is entitled to obtain:
- the updating, rectification or, where interested therein, integration of the data;
- the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
- certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- the portability of the data.
4. The data subject has the right to object, in whole or in part:
- on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
At any time, you may ask Cynny to verify and obtain access to the Business Users’ Personal Data that Cynny has collected in order to integrate, update, rectify, cancel or request the limitation of the processing of such data, or object to the processing (including the nature of the same in case of automated processing). You also have the right to receive the above-mentioned Personal Data in a readable and commonly used format, and have the right to transmit those data to another controller without any obstacle from Cynny. Business Users may also oppose the processing of Business Users’ Personal Data for the sending of newsletters as well as to refuse to continue receiving Soft Spam Communications.
You can send your request via email to [email protected].
If you prefer, you can also mail your request to the following postal address: Cynny S.p.a., Via delle Mantellate n. 8, 50129 Firenze (Italy).
With particular regard to newsletter emails or Soft Spam Communications, Business Users may object to receiving such communications also by clicking on the link contained in each newsletter email or Soft Spam Communication they have received.
Pursuant to Article 13 of the GDPR, if you believe that the processing of the Business Users’ Personal Data infringes the legislation on the protection of personal data, you will also have the right to lodge a complaint with the competent Authority for the protection of personal data or, alternatively, appeal to the competent judicial authority.
Cynny has also appointed a Data Protection Officer, who may be reached at the email address [email protected].