Welcome to Marcella di Martino and my website at www.marcelladimartino.com. This Privacy Policy describes our practices for collecting, using, protecting and disclosing the Personal Data we (that is me, Marcella di Martino and the third parties involved in the operation of my website) collect from you when you visit our website and use our services.
The Basics
What law applies?
Our use of your personal data is subject to both Italy`s Data Protection Code (“DPC”) and the EU General Data Protection Regulation (“GDPR”), and of course we process your personal data accordingly.
What is personal data?
Personal data is any information about personal or factual circumstances that relate to a person. This may include name, date of birth, email address, postal address or telephone number, but also online identifiers such as IP addresses or device IDs.
What is Special Category Data?
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
What is processing?
“Processing” is any operation or set of operations that is performed on personal data, whether or not it is done automatically. The term is broad and covers virtually any handling of data.
Who is responsible for data processing?
The responsible party within the meaning of the DPC and the GDPR is Marcella di Martino of Viale delle Milizie 3, Roma, 00192 (“Marcella di Martino“, “we”, “us”, or “our”). If you have any questions, please feel free to contact us using info@marcelladimartino.com, use one of my other contact options, or write to us at the above address.
What are the legal bases for processing?
According to the DPC and the GDPR, we should have at least one of the following legal bases to process your personal data:
● To fulfill contractual obligations
(The purposes of the data processing are primarily based on the service we provide).
● In connection with our legitimate interests.
(Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples include:
○ Ensuring IT security and IT operations,
○ Corporate governance measures and further development of our services,
○ defense against claims by third parties and
○ Enforcement of our own claims).
● Based on your consent
(If you have given us your consent to process personal data for specific purposes).
● To comply with legal obligations.
(Processing to comply with our legal obligations.)
Am I obliged to provide data?
In the context of our business relationship, you are only obliged to provide personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we usually have to refuse to conclude a contract or can no longer fulfill an existing contract and may have to terminate it.
Data that we collect automatically
Log data
Each time you visit our website, our system automatically collects the following data from the visiting device and stores it in a so-called log file: (i) name of the file accessed, (ii) date and time of the visit, (iii) amount of data transferred, (iv) notification of successful retrieval, type of browser and version used, (v) IP address (identification of the user’s device), (vi) operating system of the visiting device, (vii) Internet service provider of the visiting device, (viii) website from which you access our website, and (ix) which pages of our website you access. The legal basis for this processing is our legitimate interest.
Hosting
The hosting services used by us for the purpose of operating our website is OVH Groupe SAS. In doing so OVH, processes inventory data, contact data, content data, usage data, meta data and communication data of customers, interested parties and visitors of our website and services, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for our services.
Content Management System
We use the Content Management System (CMS) of WordPress by Automattic Inc, to publish and maintain the created and edited content and texts on my website. This means that all content and texts submitted to my website is transferred to WordPress. The legal basis for this processing is our legitimate interest.
Content Delivery Network
We also use the Content Delivery Network (CDN) to distribute our online content. Our CDN is a network of regionally distributed servers operated by our technical service providers that are interconnected via the Internet. When you visit our website, your device’s browser transmits information to these service providers, which is collected in corresponding server log files. The server log files are usually anonymized and then transmitted without personal reference. The server log files include in particular i) information on the browser and operating system used, ii) the previously visited pages (so-called referral URL), iii) the IP address of the device used, iv) the name of the Internet provider, and v) the date, time of all page views including the amount of data transferred. The legal basis for the processing is our legitimate interest.
Cookies
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies: i) Essential Cookies. Essential cookies are cookies to provide a correct and user-friendly website; and ii) Non-essential Cookies. Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).
As set out in Italy`s Data Protection Code (“DPC”) and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.
Cookie consent
Our website uses a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; d) Information about your device; iv) Time of your visit to our website. The basis for processing is our legitimate interest and your consent.
Links to other websites
Please note that if you use a link from our website to a third-party website, that third-party may also set new cookies that are not covered by this policy. In such cases, we recommend that you read the cookie policy on the third-party website itself.
YouTube Videos
We have integrated components from YouTube. The integration requires that YouTube can perceive the IP address of the user. The IP address is required in order to send the video content to the user’s browser. If you click on a YouTube component (video) on our website, your internet browser will be prompted by the component to download a corresponding representation of the component. In this way, YouTube knows which specific sub-pages you have visited. The legal basis is your consent as well as our legitimate interest.
Spotify
On our pages, functions of the music service Spotify are integrated. This allows a direct connection between your browser and the Spotify server to be established via the plug-in when you visit our pages. Spotify thereby receives the information that you have visited our site with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of our pages on your Spotify profile. This allows Spotify to associate the visit to our pages with your user account. If you do not want Spotify to be able to associate the visit to our pages with your Spotify user account, please log out of your Spotify user account.The legal basis is your consent as well as our legitimate interest.
Google Fonts
We integrate the fonts of the provider Google LLC, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on my legitimate interest in a technically secure, maintenance-free and efficient use of fonts, their uniform display and taking into account possible licensing restrictions for their integration. The legal basis for this processing is our legitimate interest.
We integrate Font Awesome of Fonticons Inc, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interest.
Data we collect directly
Contact
The processing of personal data depends on the nature of your contact. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also contain certain personal data. The personal data collected when you contact us is used to process your request, and the legal basis is your consent.
Social Media
We are present on social media and if you contact or connect with us via social media platforms, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contract.
Online appointment booking
We use the service of Calendly, Inc. for the simplified booking of appointments. By using this service, the data you submit including your Name, Email address and IP Address is transferred to Calendly. The processing of the data entered via Calendly is thus exclusively based on a legitimate interest of simplified appointment arrangement and the initiation of a contract. The data entered by you remains with us until you request us to delete it or the purpose for storing the data no longer applies.
Purchase my books or publications
If you purchase my books or publications through Amazon, Amazon and I will process various data in the course of the purchase and to initiate and manage the existing contractual relationship between you and me. Please note that the purchase is subject to Amazon’s privacy policy and that I have no influence on Amazon’s privacy policy.
Courses, Classes and Masterclass
My courses are hosted by Social Academy S.r.l.. Social Academy provides the learning environment and offers the corresponding sales interface. In accordance with Social Academy`s Privacy Policy your data is stored at Social Academy, in their databases and applications on a secure server with up-to-date security standards. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contract.
When you make a payment, the transaction is processed by Social Academy and its third-party providers. The payment transactions are encrypted by the “Payment Card Industry Data Security Standard (PCI-DSS)” and your payment data will be stored only as long as it takes to complete your order. In accordance with Social Academy`s Privacy Policy, all direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
Testimonial
Within the Testimonial section, we may display certain Personal Data, share certain details, knowledge and insights. When you approve and submit your Testimonial to us your consent is obtained, and you have choices about the information in your Testimonial.
The storage of Testimonials is based on your consent. You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
Leave A Reply
When you leave comments in my blog, your IP address is stored on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts.
Within the blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. It’s your choice whether to include sensitive information in your comment and to make that sensitive information public. Please do not post or add Personal Data to your comment that you would not want to be available. The processing bases are your consent as well as our legitimate interest.
When you use our services
We process your personal data in the context of the provision of our services, and for the initiation and execution of the contractual relationship existing between you and us. This includes among others, coaching services and support and as such, we process your name, contact details and all information required in the context of the performance of the services including health data in accordance with the DPC and GDPR, exclusively for the purpose of processing and handling the contractual relationship.
Some of the Personal Data you provide may be considered “special” or “sensitive”. This includes Personal Data concerning for example your health, and fitness. By choosing to provide this data, you consent to our processing of that data.
You have choices about the Personal Data you provide and how you share it. You don’t have to provide Personal Data or Special Category Data; however, information about you helps you to get more from our Services. It’s your choice whether to include Personal Data or Special Category Data and to make that information available to us. Please do not share information that you would not want to be available.
The legal basis for the processing of your Special Category Data is the establishment and implementation of the user contract for the use of the service as well as your consent. You may withdraw your consent and request us to stop using and/or disclosing your personal and Special Category Data by submitting your request to us.
Administration, financial accounting, office organization, contact management.
We process data in the context of administrative tasks and the organization of our business and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the provision of our contractual services. The processing bases are our legal obligations and our legitimate interest.
Downloading my publications and resources
When you go ahead and download our publications and resources, your IP address is requested and logged for documentation purposes only. This is a mere technical process and required to make our publications and resources available for download to your device or depending on your browser available for viewing. The legal basis for this storage is the provision of a contract and our legitimate interest.
Marketing
If you have given us your separate consent to process your data for marketing and promotional purposes, we are entitled to contact you for these purposes through the communication channels for which you have given your consent.
You may give us your consent in a variety of ways, such as by checking a box on a form asking for permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. In cases where your consent is implied, it is based on the assumption that you could reasonably expect to receive a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail via my newsletter and may also include other less traditional or emerging channels. These forms of contact will be managed by me, or on my behalf by Mailchimp by Intuit Inc to whom we pass on your email address for this purpose. Every directly addressed marketing sent or made by me or on my behalf will include a means by which you may unsubscribe or opt out.
Economic analyses and market research
For business reasons, we analyze the data we have on business transactions, contracts, enquiries, browsing behavior etc., whereby the group of persons concerned may include contractual partners, interested parties, and users of our services.
The analyses are carried out for the purpose of business evaluations and market research. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).
General Principles
Who receives my information?
Within Marcella di Martino, those who have access to your information are those who need it to fulfill our contractual and legal obligations.
Processors used by us may also receive data for these purposes. These are companies in the areas of IT services, telecommunications, and sales and marketing. If we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
Data is only passed on to third parties within the framework of the legal provisions. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or due to legitimate interests in the economic and effective operation of our company, or if you have consented to the transfer of data.
How long will my data be stored?
To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations, which result, among other things, from the statutory minimum retention periods and other retention periods prescribed in this sense, e.g. retention periods under tax or commercial law. Depending on the document and the legal regulation, the periods specified there for storage and documentation are up to 8 years.
How do we secure your data?
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of content or contact requests that you send to us. In addition, we have taken numerous security measures (“technical and organizational measures”), such as encryption or access only when necessary, to ensure the most complete protection of personal data processed through this website.
Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. And databases or records containing personal data may be breached inadvertently or by unlawful intrusion. If we learn of a data breach, we will notify all affected individuals whose personal data may have been compromised as soon as possible after the breach is discovered.
Is data transferred to a third country?
We process data in the course of operating our website. We do not normally transfer personal data to countries outside Italy and the EEA. However, if we do, we ensure that the processing of your personal data is governed by processing contracts that include standard contractual clauses to ensure a high level of data protection.
Minors
We do not request personal data from minors and children and do not knowingly collect such data or share it with third parties.
Automated Decision Making
Automated decision making is the process of making a decision by automated means without human involvement. Automated decision making does not occur.
DO NOT SELL
We do not sell your Personal Data.
Your rights and privileges
Rights to protect your data
Under the DPC and the GDPR, you may exercise the following rights:
● Right to information
● Right to rectification
● Right to deletion
● Right to data portability
● Right to object
● Right to withdraw consent
● Right to lodge a complaint with a supervisory authority
● Right not to be subject to a decision based solely on automated processing.
If you have any questions about the type of personal data we hold about you, or if you wish to exercise any of your rights, please contact us.
Updating your data
If you believe that the data we hold about you is inaccurate or that we are no longer entitled to use it and you wish to request that it be rectified or erased, or object to its processing, please contact us.
Withdrawal of your consent
You may withdraw any consent you have given at any time by contacting us. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
Request for information
If you would like to make a request for information about your data, you can inform us in writing. We will respond to requests for information and correction as quickly as possible. If we are unable to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with the Personal Data you have requested or to make a correction, we will tell you why.
Complaint to a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. The competent supervisory authority in relation to our services is Garante per la Protezione dei Dati Personali (the “Garante”) Piazza Venezia n. 11 – 00187 Rome (Italy), www.garanteprivacy.it. However, we would appreciate the opportunity to address your concerns before you contact the Garante.
Validity and questions
This Privacy Policy was last updated on Thursday, 20 July 2023 and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this policy may be necessary. If you have any questions or if you wish to exercise your rights, please feel free to email info@marcelladimartino.com, use one of my other contact options, or write to us at the above address.