This information (hereinafter, “Privacy Policy”) relates to the processing of your personal data carried out by Playground S.r.l. with registered office in Cernusco sul Naviglio (MI), Strada Padana Superiore 2/B, VAT No. 05469810963, email privacy@playground.it (hereinafter, the “Data Controller” or “Playground”), also in accordance with EU Regulation 2016/679 (hereinafter, “GDPR”). The Data Controller may process your personal data, as a Data Subject and/or contractor, in accordance with the applicable data protection legislation.

1. Identity and contact details of the Data Controller [and the DPO]

The Data Controller is Playground S.r.l. As the Data Controller is established in the Italian territory, no representative has been appointed.

The Data Controller has appointed a Data Protection Officer (“DPO”), pursuant to Article 37 GDPR. The DPO can be contacted at the following address: dpo@playground.it.

2. Purpose of processing and legal basis of processing

Your personal data will be processed for the following purposes:

a. for contractual purposes, to allow you to purchase services and products through Data Controller’s E-commerce. The legal basis for processing is the need to process your personal data for the performance of the contract. The communication of your personal data is an obligation. If you do not communicate your personal data, no contract can be concluded;

b. to send you direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated computer systems, including commercial or promotional communications by email or SMS, or for market research and analysis. The legal basis for the processing is consent, expressed in accordance with the Privacy Policy;

c. for purposes related to relevant legal obligations. The legal basis for the processing is the legal obligation of the Data Controller to process personal data in accordance with applicable law.

 

3. Ways of expressing consent

You will be able to express your consent by signing an electronic document, also through specific flag boxes.

4. Processing methods and logic

• Personal data will be processed for the purposes under point a) number 2 of the Privacy Policy by means of automated logic and CRM software, which will allow the best possible management of the contractual execution;
• Personal data will be processed for the purposes under point b) number 2 of the Privacy Policy through software to send commercial information;
• Personal data will be processed and stored for the purposes under paragraph c), number 2 through paper tools, automated logic and CRM software to allow the best management of the fulfillment of legal obligations.

5. Source of personal data

Only personal data provided in accordance with the Privacy Policy will be processed.

The Data Controller will not process personal data from publicly available sources.

6. Recipients and categories of recipients of personal data

Recipients of personal data may include:

• communications companies that carry out commercial communication on behalf of the Data Controller, where consent has been given, and which have the status of data processors;
• companies offering information society services, including, in particular, those offering hosting services;

7. Data categories

Personal data will be processed. In no case will special personal data defined in Article 9 of the GDPR be processed.

8. Data Transfer

The Data Controller intends to transfer personal data to entities established in a country outside the European Union or to an international organization.

Such parties could be represented, for example, by:

• communications companies that carry out communications activities on behalf of the Data Controller;
• communications company service providers;
• controlled and/or controlling organizations.

The transfer of personal data to such entities, if they are established in a third country or an international organization, is made in the presence of an adequacy decision by the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country, or the international organization in question guarantee an adequate level of protection of your rights. In any case, the Data Controller, if it deems it appropriate, reserves the right to enter into specific separate agreements obliging such parties to adopt adequate security measures, including organizational measures, aimed at providing appropriate guarantees for your rights. Personal data may thus be transferred to the following countries: United States of America. To obtain a copy of such personal data or the place where they have been made available, please send the relevant request to the Data Controller, or email privacy@playground.it

9. Personal data retention period

• The personal data processed and stored for the purposes referred to in point a) and c), number 2 (contractual and pre-contractual purposes and fulfillment of legal obligations) are processed and stored by the Data Controller in accordance with the provisions of current legislation, however, for a period of time not exceeding 10 years from the cessation of the effects of the contract in case of conclusion of the same, unless otherwise required by law.
• The personal data processed for the purposes referred to in point b) number 2 of this statement (marketing purposes) are processed and stored by the Data Controller until you request their cancellation and / or revocation, as a Data Subject;

10. Optional consent and consequences of non-consent

• In relation to personal data processed for the purposes set out in point a) number 2 of this policy (contractual and pre-contractual purposes), the communication of personal data is an obligation. If you do not communicate such personal data, no contract can be concluded.
• In relation to personal data processed for the purposes set out in point b) number 2 of this policy (marketing purposes), the disclosure of personal data is not a contractual obligation. You have the option to provide personal data. If you do not provide such personal data, the Data Controller will not be able to carry out any marketing activities.
• In relation to personal data processed for the purposes set out in point c) number 2 of this policy (legal obligations), the disclosure of personal data is a legal obligation.

11. Your rights
    
    a. Right of objection

As a Data Subject, you have the right to object in the following terms:

• the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f) of the GDPR. The Data Controller will refrain from further processing your personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;
• where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you carried out for such purposes, including profiling insofar as it is related to direct marketing;
• if you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes. You may object to the processing of your personal data for direct marketing purposes, even if only in part, for example by objecting to the sending of promotional communications by automated and/or digital means, or to the sending of paper communications and/or the receiving of telephone communications;
• where your personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data, unless the processing is necessary for the performance of a task carried out in the public interest.b. Other rights

The Data Controller would also like to inform you of the existence of the following rights:

• Right of access: you have the right to obtain confirmation from the Data Controller that personal data concerning you is or is not being processed, and to access your personal data and specific information, in accordance with Article 15 of the GDPR;
• Right of rectification: you have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 of the GDPR;
• Right to data erasure, including the right to withdraw consent: you have the right to obtain from the Data Controller the erasure of your personal data without undue delay or to withdraw your consent to the processing, if the grounds defined in Article 17 of the GDPR exist. You have the right to revoke your consent at any time, without affecting the lawfulness of the processing based on the consent you gave before revocation;
• Right to restriction of processing: you have the right to obtain from the Data Controller the restriction of processing, when the cases defined in Article 18 of the GDPR apply;
• Right to data portability: you have the right to receive in a structured, commonly used and machine-readable format, your personal data provided to the Data Controller and you have the right to transmit it to another data controller without hindrance from the Data Controller, as provided for in Article 20 of the GDPR;
• Contractor’s right to object to commercial communications: as a contracting party, you have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller;
• Right to lodge a complaint with the Data Protection Authority: you have the right to lodge a complaint with the Data Protection Authority, to complain about a violation of the rules on the protection of personal data, in accordance with Article 77 of the GDPR.

12. How to exercise your rights

You may exercise the rights indicated in the Cookie Policy by addressing your requests directly to the Data Controller at the email address email privacy@playground.it, or by sending the relative communication by registered mail with return receipt to the address Cernusco sul Naviglio (MI), Strada Padana Superiore 2/B.

You may lodge a complaint with the Italian Data Protection Authority as provided in the official website, addressing it to the contact details available at https://www.garanteprivacy.it/home/footer/contatti.

13. Accessibility of information

The Privacy Policy is available from the Data Controller. If specifically requested, the Data Controller may provide the information orally, subject to proof of your identity, with a telephone request directed to +39 02 40706003.

14. Changes

The Data Controller may modify the privacy policy, also to comply with changes in national and/or European Union regulations, or technological innovations. Any new versions of the privacy policy will be posted on the www.playground.it (hereinafter, the “Site”). We encourage you to periodically check the privacy policy. Any changes will be communicated to you through a pop-up on the Site or by other means and/or computer tools.

If the Data Controller substantially modifies the privacy policy, providing for new processing purposes and/or categories of processed personal data, the Data Controller will inform you, requesting the necessary consents, by means of a pop-up on the Site or other methods and/or IT tools.