Valid from 25 May 2018 - Version 3.0
1. Personal data: which we collect and the purposes of use
1.1 Personal data
When you create a profile or write your first ESA review, we automatically create a personal account for you on ESA ("Account") and we will collect the following personal data about you (the "Personal Data"):
• Your username (this will be public)
• Your encrypted password securely
• Your email address This data is mandatory, which means that it will not be possible to write a review on the Website if it has not been released.
You can choose to add additional personal data to your profile. The additional data that can be added are photos, sex, city, country and date of birth. This additional information will be part of your public profile. In addition, it is possible to add to their personal data non-mandatory name and surname: these will not be made public but will be part of the Personal Data.
ESA is an open review platform and when we show your reviews we will link them to your profile, so that people can see who wrote the review. Therefore, you should be aware that depending on the information you add to your profile and the username you choose, you may or may not be anonymous.
1.2 Information contained in reviews and evaluations
When you write a review about a company and publish it on ESA, we collect the information you enter in your review. This includes:
1.3 Information on views, "Like" button and usefulness of your review for others
When you write a review of a company on ESA, people may indicate that they consider your review useful, for example by marking it with a "Like", and we collect this information. We also collect information on the amount of people reading your review. We do not track the identities of people who have not logged in and read reviews, but we collect data on the number of consumers who read your review. If you mark another person's review with a "Like", we also collect this information.
1.4 Information from other services, including social networks like Facebook
You can link your ESA profile to your profile on social networks, e.g. Facebook and Google+ ("Social Network"). When you use this option we automatically collect selected information about you from Social Networks. The information we collect depends on the information you have made available on Social Networks and on your privacy settings for sharing such information on Social Networks. Depending on your settings and selection, we will collect the following information:
• Name and / or username
• Email address
• Profile photo When you make a request to link your ESA profile with the profile of a social network, we will inform you about what information we will collect from the social network in question. You will receive this information before your request is executed.
1.6 Your IP address, your browser settings and your location
When you visit the Website we register the IP address and browser settings of your computer. The IP address is the numerical address of the computer used to visit the Website. Your browser settings may include the type of browser you use, the browser language and the time zone. We collect this information so that we can trace the computer used in case of misuse or illegal actions in connection with visits to or use of the Website. In addition, we use the IP address to approximate your location (city level) and to know which of our Terms and Conditions apply to your use of ESA
1.7 Summary newsletters and emails
We collect the information you provide when you sign up to receive our newsletters (if you have chosen to receive it), summarized e-mails or similar (we collect your name, your e-mail address). If you no longer wish to receive our newsletters, summarized e-mails or similar, you can unsubscribe via the appropriate link contained in each of our emails.
1.8 Uses and purposes
We will use the information provided to us for:
1.9 On what legal bases do we process your personal data?
We must process your personal information in order to:
• Comply with our legal obligations (see Article 6.1.c of the GDPR) and manage an online review platform in accordance, for example, with the Unfair Commercial Practices Directive, the ICPEN guidelines on reviews and online approvals, etc.
• Pursuing our legitimate business interests in relation to the management of the Website and the provision of our services to you, or pursuing the legitimate interests of third parties provided that your fundamental interests and rights do not prevail over such interests (see Article 6.1.f of the GDPR).
• To claim, exercise or defend a legal action, if necessary (see Article 9.2.f of the GDPR) Some of these reasons for the processing of your personal data overlap, so there may be several reasons that justify our processing of your personal information. In the limited circumstances in which you have expressly consented to process your personal data (see Article 6.1.a of the GDPR), for example when you sign up for our newsletters, you are free to withdraw your consent at any time. However, you must be aware that we may have the right to continue processing your information if justified by one of the other legal bases mentioned above. You have the right to object to the way we treat your personal information, or to ask us to limit its processing. See below, section 13, for more details. If you would like more information on our legal basis for processing your personal information, please contact our Data Protection Officer (DPO) - see 14 below.
2 Disclosure of personal information
2.1 Disclosure of personal information on ESA
We are an open review platform and share your review on ESA so others can read your experience with a specific company. When you write a review, we will disclose your review, your username and other information you have chosen to connect to your public profile. Remember that if you have chosen to use your name as the username, this may reveal your identity in whole or in part, unless you use a pseudonym. It is advisable to be careful in deciding what information to make available for disclosure on the Website and to be aware of the fact that, depending on the level of information provided, you may remain anonymous or not.
Personal Data and other information
When you write an ESA review and create an account, your username, review, photo, location and the number of reviews you have written will be visible on the Website. Even companies that you review can receive information about your review.
When writing a review on the Website, we use the IP address of your computer (see section 1.7 of this Privacy Notice) to identify your position in an approximate manner relative to the nearest city. This information is made available in aggregate form to other business users of the Website.
Reviews that you have found useful
When you find other useful reviews (by marking them with a "Like"), other users of our Website can see the reviews for which you have used the "Like" button.
If you connect to a Social Network, information such as your profile photo, your name, birth year and approximate location will be collected from your Social Network profile and will be used to identify you on ESA. Subject to the privacy settings and level of information available from the Social Network, ESA users can use this information to identify the reviews you have written. If you have chosen to remain anonymous using a pseudonym for your username, you must be aware that information from Social Networks may reveal your identity in part or in full and make it possible to identify the reviews you have written.
2.2 Disclosure on services to which you link your profile
If you choose to link your profile on ESA with your profile on a Social Network, the information and reviews you provide on ESA or data compiled by us about your use of the ESA service (eg the number of reviews you have written) will be shared and shown in connection with your profile on the Social Network and will be subject to the privacy statement of the Social Network.
2.3 Disclosure to other services, websites and companies
One of ESA's main goals is to increase exposure and availability of reviews on ESA. We therefore allow other services to show reviews created on the Website. This increases the potential audience for your reviews. The categories of third-party services and companies that can show your reviews together with your public user profile are: • Search engines, including Google and Bing • Companies reviewed on ESA • Consumer portals and portals for companies, including price comparison websites, buying guides, etc. • Partner applications and platforms, such as, for example, Prestashop, Magento, WooCommerce • Other similar websites in which, in the evaluation of ESA, it is relevant for users to search for reviews. Once you submit your review, it will be published on ESA. This means that the following information will be disclosed: • Your review (s) (see section 1.2 above) • Your username and additional data you choose to add to the profile, such as name, profile description, photo, gender, city, country and language.
If you write an ESA review in response to an invitation sent by a company through our review invitation services, that company will be able to link your review with the invitation.
If we need to verify your review, we will contact you by asking you to submit the documentation that proves that you have actually had a shopping experience with the company you have reviewed. We therefore recommend that you keep this documentation for 12 months after the date of publication of your review.
We do not share the documentation you submitted with the reviewed company. However, we may disclose your reference number or order ID to the company in question, unless you ask us not to do so.
2.4 Other disclosures
In addition to the foregoing, we disclose your personal information to the following individuals and in the following circumstances:
• To allow suppliers, consultants and other third-party service providers to perform services on our behalf
• To comply with laws or to respond to claims, legal proceedings (including, but not limited to, court quotes and orders) and requests from public and governmental authorities
• To cooperate with supervisory bodies and governmental authorities, including, but not limited to, the offices of the Antitrust Authority and the Postal Police, in relation to investigations or referral of cases
• To third parties in order to protect our activities
• To third parties in order to limit damage that we could suffer
• To third parties to enable us to investigate, prevent or take actions regarding alleged or actual prohibited activities, including, but not limited to, fraud and misuse of ESA
• A third party in the event of any reorganization, merger, acquisition, sale, joint venture, assignment, transfer or other sale of all or part of our business or assets (including in connection with any bankruptcy or similar procedure).
3 Holder of data processing
3.1 Information for which we are the data controller
We are the holder of the processing of Personal Data you provide to create and maintain your profile, which includes, but is not limited to, your name, your password and your email address.
We are also the data controller of information that is disclosed to other services (see 2.3). Italian data protection laws regulate our data collection.
3.2 Information for which you are the data controller
You are the data controller for the content you choose to disclose on ESA and for the personal data disclosed when you link your Social Network profile with your ESA profile.
4 Links to websites
Our Website contains links to other websites. The inclusion of such links on our part does not imply our approval of such websites. We do not control the content of such third-party websites and assume no responsibility for third parties or their policies or practices.
We invite you to read carefully the privacy policies of these third-party websites as their procedures for collecting, managing and processing personal data will differ from ours.
5 Responsible for data processing and transfer of personal information outside the EU
We use external companies to maintain the technical functioning of ESA and our services. These companies are responsible for the processing of personal data for which we are the data controller. By accepting this Statement, you agree that we may also allow the processing of data for which you are the data controller of these data controllers.
We have agreements on the processing of data with data controllers and on the basis of these agreements they must act exclusively in accordance with our instructions. By accepting this Statement, you authorize us to provide instructions to data controllers for the processing of data in accordance with the Notice and for the purpose of using the Website.
Data controllers have taken reasonable technical and organizational measures to protect information against accidental or unlawful destruction, loss or deterioration and to protect information against disclosure to unauthorized persons, misuse or otherwise processing in violation of data protection laws.
6 Storage of data
We retain your Personal Data and other personal information that you provide to us, including your reviews, for as long as you have an Account or for what is necessary to provide our services. If you choose to delete your account, keep in mind that all your reviews will also be deleted. We will delete this information on your request and we will only save a record with the following information: your name, email address and the date of deletion of your account. We will keep the register for 3 years. All other information will be deleted.
If you use our Website exclusively for the search of reviewed companies, we will retain your information and keep the Account open until you decide to close your Account. In some cases, even if you close your Account, we decide to retain certain information (eg visits to our Website) in an anonymous or aggregate form.
7 Security measures
We use reasonable organizational, technical and administrative measures to protect your personal information within our organization and regularly check our system to detect any vulnerabilities. However, by virtue of the fact that the Internet is not a 100% secure environment, we can not guarantee or guarantee the security of the information you transmit to us. Emails sent via ESA may not be encrypted and we therefore advise you not to include any confidential information in your emails you send us.
We are constantly working to improve our safety practices and we will update this information as these practices evolve over time.
8.1 What types of cookies do we use?
Cookies are small pieces of information that the Website places on your computer's hard drive, on your tablet or on your smartphone. Please note that HTML5 has introduced a Web Storage mode that is similar in nature to cookies and that we therefore refer to here as a Cookie.
Cookies contain information that the Website uses to make communication between you and your web browser more efficient. Cookies identify your computer or device rather than you as a single user.
We use session cookies, persistent cookies, session cookies HTML5 sessionStorage and HTML5 localStorage and sessionStorage HTML5 objects of a temporary nature, deleted when you exit the web browser. Persistent cookies are permanent in nature and are stored and remain on your computer until they are deleted. Persistent cookies expire or cancel themselves after a certain period of time, established for each cookie, but are renewed each time you visit the Website. The HTML5 localStorage objects are permanent in nature and remain on your computer until they are deleted.
Measure traffic on the Website including, for example, the number of visits to the Website, the domains from which visitors come, the pages they visit on the Website and in which global geographical areas visitors are located.
Monitor the performance of the Website and your use of our Website
Monitor the performance of the Website, our applications and how you use ESA
Authenticate and improve the functionality of our Website
Optimize your experience with ESA, which includes remembering your username and password when you return to the Website and remembering information about your browser and your preferences (eg the language of your choice).
Connect to Social Network
We offer you the option to connect to Social Network, including, for example, Facebook.
Guarantee the quality of the reviews and avoid abuse or irregularity in relation to the writing of reviews and the use of the Website.
8.3 Third-party cookies
Third-party cookies are set by third-party websites, not ESA. When you visit our Website, the following third-party cookies can be set:
• Facebook cookies, set when you access our Website with Facebook
• Google cookies, set when you access our Website with Google
• Google AdSense cookies, set when displaying advertisements
8.4 Deleting cookies
You can delete cookies already downloaded on your device. You can usually delete cookies from the Privacy or History area, available from the Settings or Options menu in the browser. In most browsers, the same menu can be reached by using the keyboard shortcut Ctrl + Shift + Delete or Com + Shift + Delete if using a Mac.
If you do not accept cookies from our Website, you may experience inconveniences while using the Website and you may not have access to all the features of the Website.
9 Access and insights on the personal data we have about you
If you have an ESA Account, you can log in to your account and see what information we have about you, including your reviews.
10 Correction and deletion of your personal data
If any of your Personal Data or other personal information we hold about you as data controller is incorrect or misleading, you can personally rectify most of the information through your Account. We advise you to make the adjustments yourself. If not, you can ask us to help you rectify your information.
You may correct or delete any personal content and information on ESA at any time for which you are the data controller (see 3.2). In the event of changes to your personal information or if you no longer wish to appear on ESA, you may update or delete the information by accessing your Account.
If your account is deleted, all data associated with your Account will be deleted, including your Personal Data and reviews on ESA.
11 Other rights
In addition to the rights relating to your personal data referred to above, you also have the following rights:
• You also have the right to object to the processing of your personal data and to limit the processing of your personal data.
• In particular, you have the unconditional right to object to the processing of your personal data for direct marketing purposes.
• If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. This revocation does not affect the legitimacy of the processing of data made before you have revoked your consent. You can withdraw your consent by sending an email to firstname.lastname@example.org
In some circumstances, these rights may be limited or conditioned. For example, whether or not you have the right to data portability in a particular case depends on the specific circumstances of the processing activity.
12 Information on minors
Our Website is not intended for minors. If you become aware of the fact that a minor has provided us with your personal information, please contact us.
13 Our Data Protection Manager
We have a Data Protection Officer (DPO). If you have any questions about the processing of data we perform, you are invited to contact our DPO via email at email@example.com.
14 Changes to this Statement
We reserve the right to modify this Information. The date indicated at the beginning of this Statement indicates the date of the last update. If we make substantial changes to it, we will provide an alert through our Website, or by other means, to give you the opportunity to verify the changes before they become effective. If you oppose our changes, you can close your account. The continued use of ESA after the publication or sending of a notice relating to changes to the Notice will result in your acceptance and consent to the updated Notice.
15 Contact information and where to send questions or complaints
If you have any questions or concerns regarding our Disclosure or the way we process your personal information or if you want us to make corrections to your personal information, please contact us at firstname.lastname@example.org.
Our contact information is:
World Advisor Srls
Via Val di Sangro 52
00141 Roma (IT)
Ph 06 21117480
Fax 06 56563469