PRIVACY POLICY

Information on the Processing of Personal Data

Introduction and Scope of Application

The following information provides all the necessary details to understand the purposes and methods of processing the personal data of visitors to the website of Phigitally S.r.l. (hereinafter referred to as the "Phigitally Website"). In conducting its business activities, Phigitally S.r.l. places the utmost importance on protecting and safeguarding the personal data of users, implementing appropriate technical and organizational measures to ensure a level of security proportionate to the risk. This document provides information on how the personal data of users is managed on the Phigitally Website, in compliance with Law No. 171 of December 21, 2018, of the Republic of San Marino concerning the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the "San Marino Privacy Law") and Regulation (EU) No. 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter referred to as the "GDPR"). The processing of such data is carried out lawfully and fairly, using automated systems that allow the storage, management, and transmission of the data solely for the purposes expressly indicated below.

Data Controller, Representative, and Data Protection Officer

The Data Controller is Phigitally S.r.l., a company under San Marino law, headquartered in the Republic of San Marino, Dogana (Postal Code 47891), Via Consiglio dei Sessanta No. 99. The Data Controller can be contacted for the purposes of this notice via email at info@phigitally.com. The Data Protection Officer appointed by Phigitally S.r.l. can be contacted for the purposes of this notice via email at info@phigitally.com or by sending a written request to Data Protection Officer, Phigitally S.r.l., Via Consiglio dei Sessanta, 99 – 47891 Dogana (Republic of San Marino).

Personal Data and Data Processing

The IT systems and software procedures responsible for the operation of this website automatically acquire certain data during their normal operation. This data is automatically transmitted through internet communication protocols and is not associated with identified or identifiable users. Specifically, this refers to data such as email addresses or domain names of the computers used by users connecting to the site and other technical information automatically sent by connection management programs. This data is used solely to establish the connection.

Location of Personal Data Processing

The processing of data related to the Phigitally Website is carried out at the legal headquarters of Phigitally, as identified above.

Data Processed: Methods and Types

Website Browsing Data

The IT systems and software procedures responsible for the operation of the Phigitally Website automatically acquire certain personal data, the transmission of which is implicit in internet communication protocols. This includes information not collected to be associated with identified users but could allow identification through processing and association with data held by third parties.

This category includes:

  • IP addresses, domain names, browsing data, and all other data regarding the interaction of the user with the Phigitally Website.
  • URI (Uniform Resource Identifier) addresses of requested resources, request time, the method used to submit the request to the server, the size of the file obtained in response, numerical codes indicating the status of the server response (success, error, etc.), and other parameters related to the user’s operating system and computing environment.
  • Data about devices and/or computers used by users to access the Phigitally Website, including browser type, unique device code, language, operating system, referral web page, pages visited, location, cookie information, computer and connection data (e.g., statistics on page views, traffic entering and exiting the website, and originating URLs).
  • Name of the internet service provider (ISP).
  • Date and time of the visit.
  • Referral and exit web pages of the visitor.
  • Number of clicks (if applicable).
  • Geolocation data, particularly when using mobile devices.
  • Cookies and similar technologies. Phigitally uses cookies, unique identifiers, and other similar technologies to collect data about pages and links visited, as well as other actions taken while using Phigitally’s services, advertisements, or email content, all in accordance with the terms and conditions outlined in the website’s cookie policy.

Data collected is processed using automated tools for purposes related to browsing this website and is retained only for as long as necessary to fulfill the purposes for which it was collected. The systems are equipped with the necessary security measures to prevent data loss, unlawful or improper use, and unauthorized access. However, due to the nature of online transmission, these measures cannot entirely eliminate the risk of unauthorized access or data loss. Users are therefore advised to periodically verify that their computer is equipped with appropriate software for protecting data transmission over the network (such as updated antivirus software) and that their internet service provider has adopted measures for securing data transmission (e.g., firewalls and anti-spam filters).

Social Networks

The social network operator (which provides its own privacy notice) processes the data of visitors to our social network pages (X, LinkedIn) using tools provided by the respective platform operator (which may also use cookies and other tracking tools) as an independent data controller. The processing is carried out legally, based on the consent given by the data subject at the time of registration to the social network, to respond to requests, for the legitimate interest of the data controller (e.g., tracking interactions with users, evaluating the corporate image, marketing). Data is retained by the social network channels according to their own policies.

Legal Basis for Data Processing

The legal bases under which Phigitally processes personal data may vary depending on the situation, including:

  • Contracts established or to be established with the data subject for the use of goods or services offered by Phigitally.
  • The data subject’s consent, including through the use of cookies. This consent can be withdrawn as outlined in Section 13.1 below.
  • Phigitally’s legitimate interests, which may be opposed if necessary.
  • Ensuring the operation of the Phigitally Website, improving and developing it, and monitoring its technical performance.
  • Marketing new features or products of interest to the user.
  • Promoting data security and protection.

Data Collected from Third Parties or Other Sources

Phigitally may collect additional personal data or integrate the data it already possesses with information obtained from third parties (e.g., suppliers or resellers). It may also use publicly available data, information collected through dedicated databases (e.g., Cerved or others), all in compliance with applicable regulations.

Processing by External Entities

Personal data may be shared:

  • Within companies and/or entities connected to Phigitally for internal administrative purposes, provided the general principles and regulatory requirements for transferring personal data within a business group are met, even if the company is located in a third country.
  • With third-party shipping service providers (e.g., DHL, UPS, GLS, etc.), with whom Phigitally shares delivery addresses, contact information, and shipping codes.
  • With providers of websites, applications, services, and tools that Phigitally collaborates with to deliver the goods or services it offers.

Phigitally reserves the right to share personal data with foreign countries within the European Union, or foreign countries that benefit from a European Commission adequacy decision, or with countries that have signed bilateral agreements with the Republic of San Marino governing the exchange of personal data. This will be done in accordance with Article 46 of the San Marino Privacy Law.

Any transfer of data to international organizations and/or countries not included in the aforementioned categories will comply with the methods allowed by the applicable regulations.

Justice, Legal, and/or Protection Needs

Phigitally may retain or disclose personal data when necessary to meet justice-related needs, such as requests from an administrative authority, a supervisory authority, or during legal proceedings. This also applies to complying with legal obligations, exercising legal rights, defending against complaints, or investigating illegal activities, fraud, or potential threats to Phigitally’s assets or interests.

Data Retention Period

The retention period for personal data is determined (or determinable) based on the purposes outlined earlier.

  • Browsing data: As noted above, browsing data will be deleted a few hours after processing.
  • Personal data: Any personal data collected will be retained for as long as necessary to correctly and fully execute the services and/or activities requested by the user, including those strictly connected and related to their termination. In any case, the retention period will not exceed five years from the conclusion of the services and/or activities conducted by Phigitally.

However, longer or shorter retention periods may apply to meet justice-related needs, such as complying with requests from administrative or supervisory authorities or exercising legal rights. Once the retention period expires, personal data will be securely deleted.

Rights of the Data Subject

Data subjects may exercise their rights under the San Marino Privacy Law at any time by submitting a written request to Phigitally S.r.l., Via Consiglio dei Sessanta, 99 – 47891 Dogana (Republic of San Marino) or by sending an email to info@phigitally.com. The data subject may also revoke their consent at any time using the same methods.

The rights include:

  • Right of Access: The data subject may obtain confirmation from Phigitally as to whether their personal data is being processed and, if so, access their personal data and the information outlined in Article 15 of the Law (e.g., purposes, categories of data, recipients, retention periods, and existence of automated decision-making processes).
  • Right of Rectification: The data subject may request the rectification of inaccurate personal data and, considering the purposes of the processing, provide additional information to complete incomplete data.
  • Right to Erasure: The data subject may request the deletion of personal data if one of the conditions set forth in Article 17 of the Law applies (e.g., the data is no longer necessary for the purposes for which it was collected, or the consent on which processing is based has been revoked, and no other legal basis exists). However, Phigitally may not delete personal data if processing is necessary for compliance with legal obligations, for public interest reasons, or for the establishment, exercise, or defense of legal claims.
  • Right to Restriction of Processing: The data subject may request the restriction of processing under certain circumstances (e.g., if the accuracy of the data is contested, or the data is needed for legal claims, even if Phigitally no longer requires it for processing).
  • Right to Data Portability: Under Article 20 of the Law, if processing is based on consent or a contract and is carried out using automated means, the data subject may:
  • Request to receive personal data in a structured, commonly used, and machine-readable format (e.g., computer or tablet).
  • Transmit their data directly to another data controller, if technically feasible.
  • Right to Object: The data subject may object at any time to the processing of their personal data, especially if processing is carried out for the performance of a task in the public interest, for legitimate interests pursued by the data controller (including profiling), or for direct marketing purposes.
  • Right to Lodge a Complaint with the Data Protection Authority: Without prejudice to other administrative or judicial remedies, the data subject may lodge a complaint with the competent Data Protection Authority if they believe the processing of their personal data violates the Law and/or applicable regulations.

Policy Updates and Changes

This privacy policy is updated as of January 14, 2025, and may undergo changes due to the introduction of new regulations or changes in Phigitally’s business needs. Users are encouraged to periodically review this page for updates.