Privacy Policy

PRIVACY NOTICE IN ACCORDANCE WITH THE EUROPEAN DATA PROTECTION REGULATION 2016/679 (GDPR: GENERAL DATA PROTECTION REGULATION) This information applies to data processing carried out through the ExtraUsers Website managed by Tix Production, LLC - sede per l'Italia.

IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

Tix Production, LLC - sede per l'Italia - Via Angelo Brofferio, 6 – Roma. Email: [email protected]

PURPOSE OF TREATMENT: WHY DO WE COLLECT SOME DATA?

The User’s personal data is processed to provide services available on this Website (therefore: user action triggers and geolocation). The purposes therefore intend to allow registration and access to the Website, access to the site via social login, statistics (anonymous), spam protection, limited geolocation for current session, messages and push notifications, content publishing on other websites.

Enclosed to this document you will find a detailed description of each individual service, internal and external, involved in the treatment.

The purpose of the treatment is to allow you to use our widget to show users' actions (anonymously) on your website (ie: some users visited a certain page or bought an item). The geolocation data are deleted at the end of each user's session.

Regarding the other data

The data we collect directly is limited to your email address and the name you indicate, which could also be a fantasy name; if you are using our service, we will also ask you for your fiscal information in order to issue a regular invoice, as required by law; if you access our site through one of the enabled social networks, such social network will pass us your email address and the registered name. To better clarify: if your name on Facebook is Zaphod Beeblebrox, that will be the name that Facebook will communicate to us and we are fine with it. Obviously, in case of purchase, when requested to input data for the invoice/receipt, you will need to provide real data;

All data above described will never be disclosed to third parties.

All other data that we may collect directly (such as logs of sessions collected from the site) or external services that we use (push notifications, surveys, sharing on social networks, traffic analysis, etc.) can not identify the user univocally, so there is no possibility of recognizing the individual.

With regards to statistics, we use Google Analytics in “anonymous mode” (meaning that the last three digits of the IP address are obscured, making any identification impossible).

We use Stripe for credit card payments. Data is never communicated to us, but sent directly to the payment gateway: we neither keep nor record any credit / debit / prepaid or cardholder data.

LEGAL BASIS

Data is processed exclusively on the basis of the optional consent expressed by the User. The treatment may be necessary for the provision of a specific service requested by the User, to fulfill a legal or tax obligation or for the legitimate interest of the Data Controller (eg spam protection or verification of correct functioning of the website).

The User can deny consent or can withdraw it at any time: however, in this case some services may not work.

PROCESSING METHODS, RECIPIENTS

Other data collected through the external services used by our Website are, where possible, treated at the source in order to be anonymous and therefore do not allow users identification; such data may not necessarily be anonymous (such as email, for the services offered by Mailjet, Email List Verify and Tawk.to) are processed through services within the European Union (see below details of the individual services) or outside but in any case consistent with the Privacy Shield.

Therefore for the treatment process – which is carried out through appropriate and structured IT tools to ensure maximum security – other subjects connected to the management of this Website may be involved (collaborators, administrative, commercial, marketing, legal, system operators, employees to security, developers) or external subjects such as technical service providers, hosting providers, couriers, communication agencies, customers who, if necessary, may in turn be Data Processor appointed by the Data Controller: the updated list of the latter can always be requested by the Owner.

RETENTION PERIOD

Data is kept for the time strictly required for the purposes for which they were collected.

If collected for the provision of a service, then with the User’s consent, data is retained until revocation of consent. Obviously, the retention period could be further extended by legal obligations (ie: 5 years for billing data).

For all other data, most of which is collected anonymously, retention is set for minimum period for each service.

The data will be deleted at the end of the retention period: as a consequence, after this deadline it will no longer be possible for the User to exercise the right of access, deletion, rectification and portability of data.

USER RIGHTS

We confirm your rights as per articles 15 and following of the Rules:

MINOR

Since we have no way of ascertaining whether consent to treatment is authorized by a parent, please do not register with this site if you are under 16.

SERVICES DETAIL

WEBSITE/MOBILE APP ACCESS SERVICES

name: Amazon Login
application: website
description: registration and authentication service through the Amazon account, provided by Amazon.com, Inc.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://www.amazon.com/gp/help/customer/display.html/ref=hp_rel_topic?ie=UTF8&nodeId=468496

name: Facebook Authentication
application: website
description: registration and authentication service through the Facebook account, provided by Facebook, Inc.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://www.facebook.com/help/405977429438260

name: Google OAuth
application: website
description: registration and authentication service through the Google account, provided by Google Ireland Limited.
collected data: email, username, profile photo
place of treatment: EU
privacy policy: https://policies.google.com/

name: Linkedin OAuth
application: website
description: egistration and authentication service through the Linkedin account, provided by Linkedin Corporation.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://privacy.linkedin.com/

name: Direct Registration
application: website
description: function to allow the User to register directly on this Website / Mobile App, providing their own e-mail and a name (even fancy).
collected data: email, name
place of treatment: EU
privacy policy: this document

name: Twitter OAuth
application: website
description: registration and authentication service via the Twitter account, provided by Twitter, Inc.
collected data: email, username, profile photo
place of treatment: USA
privacy policy: https://twitter.com/en/privacy

ANTI-SPAM

name: Google reCAPTCHA
application: website
description: spam protection service, provided by Google Ireland Limited.
collected data: cookies, usage data
place of treatment: EU
privacy policy: https://policies.google.com

CONTACTS AND MESSAGES

name: Email List Verify
application: website
description: service for checking the existence and correctness of email addresses
collected data: email
place of treatment: EU
privacy policy: https://www.emaillistverify.com/privacy.html

name: Gmail
application: website
description: e-mail management service (e-mail), used by our service to receive and send e-mails. Provided by Google Ireland Limited.
collected data: email
place of treatment: EU via web or mobile access; USA
privacy policy: this document and Google Ireland Limited as the service provider https://policies.google.com

name: Tawk.to
application: website
description: help desk and customer care service through chat, provided by Tawk.to, Inc.
collected data: email, cookie
place of treatment: USA
privacy policy: https://www.tawk.to/privacy-policy/

name: Mailjet
application: website
description: emails management and delivery service, provided by Mailjet, Inc.
collected data: email
place of treatment: EU
privacy policy: https://www.mailjet.com/Privacy-policy.htm

name: Contact Form
application: website
description: form that allows the User to contact the Organizer/Promoter for any need related to the services offered by the latter.
collected data: email, nome
place of treatment: EU
privacy policy: this document

name: SendPulse
application: website
description: WEB push notification sending service, provided by SendPulse, Inc. collected data: browser, operating system, IP address, IP location, cookies. To activate the push notifications, further explicit confirmation by the User is required, provided directly to the service provider, while to disable them, it is possible to use the browser functions.
place of treatment: USA
privacy policy: https://sendpulse.com/legal/pp

CONTENTS FROM EXTERNAL PROVIDERS

name: Google Fonts
application: website
description: typo fonts, provided by Google Ireland Limited.
collected data: usage data, preferences, cookie
place of treatment: EU
privacy policy: https://policies.google.com/

name: Google Maps
application: website
description: service that displays a map, provided by Google Ireland Limited.
collected data: cookie, usage data
place of treatment: EU
privacy policy: https://policies.google.com/

SCRIPT MANAGEMENT

name: Google Tag Manager
application: website
description: script management service, which allows to publish on the site a single invocation code for all external scripts, which will be recalled by the Tag Manager, provided by Google Ireland Limited.
collected data: cookie, usage data
place of treatment: EU
privacy policy: https://policies.google.com/

SOCIAL NETWORK INTERACTION

name: AddThis
application: website
description: service that allows User interaction with social networks and the sharing of content on the Website, provided by Oracle Corporation
collected data: cookie, usage data
place of treatment: USA
privacy policy: https://www.addthis.com/privacy/privacy-policy

name: Facebook Account Access
application: website
description: integration service with the Facebook user’s account, to perform operations such as “share on Facebook”
collected data: basic user information such as name, profile picture, language, location
place of treatment: USA
privacy policy: https://www.facebook.com/about/privacy/

name: Twitter Account Access
application: website
description: integration service with the Twitter profile of the User, to perform operations such as “share on Twitter”
collected data: basic user information such as name, profile picture, language, location
place of treatment: USA
privacy policy: https://twitter.com/en/privacy#update

GEOLOCATION

name: Geolocation limited to the session
application: website
description: User’s localization service based on data provided by the Internet, for the purpose of presenting film programming based on the geographical location of the User. The User grants or denies authorization through the specific functions of each browser; alternatively, you can indicate your position by writing the address or the location in which it is located. Location data is used only for the duration of the session.
collected data: geographical position
place of treatment: EU
privacy policy: this document

STATISTICS

name: Google AdWords conversions tracking
application: website
description: service that links the ads published on the Google AdWords network by the Owner with the operations performed by Users on the Website, in order to evaluate the effectiveness of the promotions of this Website. Provided by Google Ireland Limited.
collected data: cookies, usage data
place of treatment: EU
privacy policy: https://policies.google.com/

name: Google Analytics with anonymized IP
application: website
description: service of analysis of the traffic and use of this Website / Mobile App by the Users, configured in “anonymised IP” mode so as not to be able to identify the User in a precise manner and collect anonymous browsing data. Provided by Google Ireland Limited.
collected data: cookie, usage data
place of treatment: EU
privacy policy: https://policies.google.com/

PAYMENT GATEWAY

name: Stripe
application: website
description: payment gateway: a service to process payment through credit/debit/prepaid cards. Provided by Stripe, Inc.
collected data: cardholder and card data
place of treatment: USA
privacy policy: https://stripe.com/it/privacy