Privacy Policy

Desquared processes personal data as a Data Processor to provide services, enhance user experience, and comply with legal obligations. It may collect personal data as a Data Controller only to the extent that a legal basis is explicitly provided, either through consent or as a prerequisite for the execution of a legal or contractual obligation, as outlined in Articles 6 and 7 of the GDPR. For example, when you create an account on our website, we collect your name, email address, and password to create and manage your account.

The types of personal data collected depend on the context of the data subject's interactions with Desquared and the services utilized. As a Data Controller, Desquared may collect, with explicit advance notice, information such as name, email address, phone number, IP address, and browsing behavior. As a Data Processor, Desquared is bound to process personal data in accordance with the guidelines provided by the Data Controller.

Desquared processes personal data it has collected as a Data Controller based on one or more legal bases provided by the GDPR, including:

• Consent: When you explicitly provide permission for specific processing activities, such as subscribing to a newsletter or allowing cookies on our website.
• Contractual Necessity: When the processing is necessary to fulfill a contract between you and Desquared, such as processing your payment details to complete a purchase.
• Legal Obligations: When the processing is necessary for compliance with a legal obligation, such as tax reporting or responding to a valid request from a law enforcement agency.
• Legitimate Interests: When the processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests do not override your rights and freedoms. This may include processing to improve our services, protect against fraud, or analyze website usage.

Desquared obtains and manages your consent in compliance with the GDPR. When we request your consent, we will provide clear and specific information about the data processing activities for which your consent is sought. You have the right to withdraw your consent at any time, and we will make it easy for you to do so, such as by providing an "unsubscribe" link in our email communications or offering a simple opt-out mechanism on our website.

Desquared retains personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. We implement appropriate technical and organizational measures to ensure the security of your personal data and to protect it against unauthorized access, disclosure, alteration, or destruction. Pursuant to Article 5(1)(e) of the General Data Protection Regulation (GDPR), Desquared shall retain personal data only for the duration necessary to fulfill the purposes for which the data was collected or as mandated by applicable laws and regulations. Desquared is committed to ensuring compliance with the principles of storage limitation and data minimization.For example, we use secure servers, encryption, and access controls to protect your personal data. We also regularly review our data retention policies and practices to ensure that we are not retaining personal data for longer than necessary.

As a Data Subject, you have specific rights under the GDPR, which Desquared is committed to honoring.

These rights include:

• Right to Access: You have the right to request access to your personal data held by Desquared and to obtain information about how we process it.
• Right to Rectification: You have the right to request the correction of any inaccurate personal data held by Desquared, as well as the completion of any incomplete data.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data held by Desquared, under certain conditions.
• Right to Restriction of Processing: You have the right to request that Desquared limit the processing of your personal data under certain circumstances.
• Right to Data Portability: You have the right to receive your personal data held by Desquared in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object: You have the right to object to Desquared's processing of your personal data under certain conditions.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant supervisory authority if you believe that Desquared's processing of your personal data is not compliant with the GDPR.
  

Desquared may engage third-party service providers to perform certain data processing activities on our behalf, such as software solutions providers on management software regarding payment processing, agency on web hosting or cloud-based services, or marketing services. These third parties, acting as Data Processors, are contractually obligated to process personal data in accordance with Desquared's instructions and the GDPR's requirements, as stipulated in Article 28 of the GDPR. Desquared ensures that these service providers maintain suitable security measures and utilize personal data solely for the specific purposes authorized.

Desquared may transfer personal data to third countries or international organizations outside the European Economic Area (EEA) in accordance with the GDPR's requirements. When such transfers occur, we ensure that an adequate level of protection is in place, using mechanisms such as standard contractual clauses, binding corporate rules, or other approved methods, including request of risk-assessments and following protocols on information security.

Desquared is committed to protecting the privacy of children. Our website, services, and products are not intended for individuals under the age of 16, and we do not knowingly collect, process, or store personal data from children. Similarly, Desquared ensures that its services are age-restricted and not accessible to younger children.

If we become aware that a child has provided us with personal data without parental consent, we will take steps to remove such information and terminate the child's account, much like a librarian removing an inappropriate book from the children's section.

Desquared may process personal data, mainly for the benefit of the Data Controller that has appointed Desquared, for specific purposes, such as marketing, analytics, or customer support. Think of these purposes like separate compartments in a toolbox, each containing specific tools to accomplish a particular task. When processing data for these purposes, we ensure that we have a valid legal basis, such as consent or legitimate interest, and that the data is only used for the intended purpose.

For example, if you are a client of ours, we may process the email address of your employees that are already engaged via your administration to send you the materai referred to under article 11 L.3471/2006, in line with Directive 2002/58. This is clarified in Recital 173 and Article 95 of the GDPR, according to which, the GDPR does not apply where there are already existing e-Privacy rules. To that extent, we may process your personal data to provide assistance and resolve any issues you may be experiencing with our services, similar to a mechanic diagnosing and repairing your car.

Desquared may share your personal data with third parties under certain circumstances, such as when required by law, to protect our rights or property, or to facilitate the provision of our services. Imagine a detective sharing crucial case information with another law enforcement agency to solve a crime. We ensure that any third-party recipients of your personal data are bound by contractual agreements or other legal obligations to protect your information and only use it for the specific purposes for which it was disclosed.

For example, we may share your personal data with payment processors to facilitate transactions or with analytics providers to help us understand how our website and services are being used, like a sports coach sharing player statistics with a data analyst to develop a winning strategy.

Desquared is committed to protecting the security of your personal data. We and any subprocessors appointed implement appropriate technical and organizational measures to safeguard your information from unauthorized access, disclosure, alteration, or destruction. These measures can include safety features of a bank vault such as secure servers, access controls, and regular security assessments.

In the event of a personal data breach, Desquared shall promptly notify the competent supervisory authority and affected data subjects, as mandated by Articles 33 and 34 of the GDPR. Desquared will implement appropriate measures to mitigate potential risks and minimize the impact of the breach on the individuals concerned.

In the event of a personal data breach, Desquared shall promptly notify the competent supervisory authority and affected data subjects, as mandated by Articles 33 and 34 of the GDPR. Desquared will implement appropriate measures to mitigate potential risks and minimize the impact of the breach on the individuals concerned.

As a Data Subject, you have specific rights under the GDPR, including the right to access, rectify, erase, restrict processing, data portability, object to processing, and lodge a complaint with a supervisory authority. Think of these rights as a set of keys that grant you access to and control over your personal data stored in Desquared's systems.

For example, if you feel that Desquared is holding incorrect personal data about you, you have the right to request that the information be corrected or updated. Exercising your data subject rights can be compared to adjusting the settings on your smartphone, customizing your privacy preferences to suit your needs.

Regarding the scope To exercise your rights as a Data Subject, you may submit a request to Desquared's Data Protection Officer (DPO). Desquared will respond to your request in a timely manner, usually within one month and certainly within the deadline that it foreseen and will take appropriate action. Submitting a request to the DPO is akin to filing a complaint with a manager to address a concern about a product or service, although this time it is referring to your personal data handling

DPIAs are systematic processes used by Desquared to evaluate the potential risks and impacts of new technologies, projects, or data processing activities on personal data privacy. Desquared may conduct a DPIA before launching a new marketing campaign to ensure that it complies with GDPR requirements and respects user privacy. Conducting a DPIA is like performing a safety inspection on a vehicle before a road trip, checking for potential hazards and taking precautions to ensure a smooth journey or comparable to a medical check-up, identifying potential health risks and implementing preventative measures.

The DPO is a designated individual within Desquared responsible for overseeing the company's data protection strategy and ensuring compliance with GDPR requirements. The DPO reviews data processing activities, provides guidance on data protection matters, and serves as a point of contact for Data Subjects and supervisory authorities.

In line with Article 37 of the GDPR, Desquared has appointed a Data Protection Officer (DPO) to oversee the company's data protection strategy and ensure adherence to GDPR requirements. The DPO is responsible for reviewing data processing activities, offering guidance on data protection matters, and acting as a liaison for Data Subjects and supervisory authorities, as outlined in the EDPB's guidelines on DPOs.

Desquared is committed to cooperating with supervisory authorities to ensure compliance with GDPR requirements and resolve any potential issues or disputes. If a supervisory authority requests information about Desquared's data processing activities, the company will promptly provide the necessary details via the DPO. This cooperation can be compared to a business partnering with a regulatory agency to maintain industry standards and ensure the best possible outcomes for all parties.

Privacy by Design and Default is a principle that guides Desquared in building privacy into its products and services from the ground up, ensuring that user privacy is protected by default. This principle can be compared to designing a car with safety features, like airbags and seat belts, incorporated from the beginning to protect passengers by default.

In accordance with Article 25 of the GDPR, Desquared adheres to the principles of Privacy by Design and Default, which require the incorporation of data protection measures into the design and operation of products and services from the outset. By implementing robust privacy safeguards, such as encryption and minimal data collection, Desquared ensures the protection of user privacy by default, analogous to integrating safety features like airbags and seat belts into a vehicle's design from the beginning.

Automated decision-making and profiling involve using algorithms and other automated tools to make decisions or analyze personal data without human intervention. In these cases Desquared may for example be asked to use an algorithm to analyze user preferences and recommend relevant content based on their interests. Automated decision-making can be compared to a self-checkout system in a supermarket, where the machine scans items and calculates the total price without human assistance. Profiling is like creating a personalized playlist for a user based on their listening habits and preferences, using algorithms to predict their taste in music. Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects them. Desquared must allow for human intervention in the decision-making process and provide the data subject with an opportunity to express their views and contest the decision. Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. This right applies to data used by Desquared for automated decision-making and profiling.

Desquared's Cookie Policy, in compliance with the GDPR and the ePrivacy Directive, sets forth the company's usage of cookies and similar technologies to enhance user experience, deliver personalized content, and analyze website traffic. Desquared may deploy cookies to recall a user's language preferences, facilitating a seamless browsing experience by displaying the website in their preferred language.

Desquared's Privacy Policy details the company's use of cookies and similar technologies, pursuant to Articles 6(1)(a) and 7 of the General Data Protection Regulation (GDPR) and in compliance with the guidelines provided by the European Data Protection Board (EDPB).

Desquared ensures that these cookies and technologies are used in a manner that respects user privacy and complies with the GDPR. The company is committed to providing clear and comprehensive information about the cookies it uses, obtaining user consent when required, and implementing appropriate safeguards as stipulated by the GDPR and EDPB guidelines. The following list contains the cookies and technologies are utilized by Desquared to enhance user experience, provide personalized content, and analyze website traffic and is updated over time:

• Essential cookies: Always Active
  These items are required to enable basic website functionality.
• Analytics: By choice
  These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.It is helpful to note that there are some initiatives on Privacy Shield 2 after the annulment of the first one by the European Court of Justice. The European Commission and the US Department of Commerce have been negotiating a new framework for EU-US data transfers since 2020. On 15 December 2021, the European Commission published a draft adequacy decision that endorses Privacy Shield 2.0 as a valid mechanism for ensuring adequate protection of personal data transferred from the EU to the US. The draft decision is subject to approval by EU member states and the European Data Protection Board before it can enter into force. Privacy Shield 2.0 aims to address the concerns raised by the CJEU in its Schrems II ruling, such as providing stronger safeguards against US government access to personal data, enhancing the role and independence of the Privacy Shield Ombudsperson and strengthening the enforcement and oversight mechanisms. Desquared remains observant of all relevant progress and reserves its right to update this Policy as required.

It is helpful to note that there are some initiatives on Privacy Shield 2 after the annulment of the first one by the European Court of Justice. The European Commission and the US Department of Commerce have been negotiating a new framework for EU-US data transfers since 2020. On 15 December 2021, the European Commission published a draft adequacy decision that endorses Privacy Shield 2.0 as a valid mechanism for ensuring adequate protection of personal data transferred from the EU to the US. The draft decision is subject to approval by EU member states and the European Data Protection Board before it can enter into force. Privacy Shield 2.0 aims to address the concerns raised by the CJEU in its Schrems II ruling, such as providing stronger safeguards against US government access to personal data, enhancing the role and independence of the Privacy Shield Ombudsperson, and strengthening the enforcement and oversight mechanisms. Desquared remains observant of all relevant progress and reserves its right to update this Policy as required.

In accordance with Desquared's Privacy Policy, the company's approach to external links is explicitly outlined, with an emphasis on the fact that Desquared bears no responsibility for the privacy practices employed by third-party websites. This is in line with the provisions outlined under Recital 26 of the General Data Protection Regulation (GDPR) and the guidelines provided by the European Data Protection Board (EDPB). For instance, Desquared may facilitate links, either directly or via its applications, to a news article hosted on a third-party website; however, the privacy practices governing said website do not fall under Desquared's Privacy Policy. In a manner akin to visiting an adjacent store within a shopping complex, users are subject to the rules and policies imposed by the respective establishment upon following an external link.

Desquared reserves the right to revise its Privacy Policy periodically in order to reflect changes in its operational practices, the provision of services, or to address legal requirements. Such revisions may entail updating the Privacy Policy to incorporate details regarding a new service that necessitates the collection of additional personal data. In accordance with Article 12 of the GDPR and EDPB guidelines, any changes to the Privacy Policy are comparable to software updates, wherein enhancements and novel features are introduced to optimize user experience and rectify existing issues.

Desquared is committed to resolving any complaints or disputes that may arise in relation to its data processing activities and compliance with the GDPR. If a user believes that their data protection rights have been violated, they can lodge a complaint with Desquared or a supervisory authority. Desquared is steadfast in its commitment to address and resolve any grievances or disputes arising in connection with its data processing activities and compliance with the GDPR. In the event that a user deems their data protection rights to have been infringed upon, they have the option to file a complaint with Desquared or a supervisory authority, as stipulated in Articles 77 and 79 of the GDPR. The process of addressing complaints and disputes is analogous to mediation, in which an impartial party facilitates conflict resolution and the attainment of a mutually agreeable settlement.