Privacy policy

Protecting your privacy is one of our main objectives. Shine Software di Turillo M. P. IVA: IT04504220874 - TRLMHL77D11C351R - CCIAA 16085356JJ, with registered office at piazza Borsa, 6 Trieste, postcode 34131 (hereinafter “Shine Software”) is constantly committed to protecting the online privacy of its users. This document will allow you to learn about our privacy policy, to understand how your personal information is handled when you use our services and, where appropriate, to give your express and informed consent to the processing of your personal data in those sections of the website where you are asked to provide personal data.

We remind you that in the various sections of the Shine Software websites (hereinafter the "Site") where we collect your personal data, specific privacy notices are published pursuant to art. 13 of EU Regulation 2016/679 (hereinafter: the "Regulation") for you to read before providing the requested data. The information and data provided by you or otherwise acquired in the context of registration for the various Shine Software services (such as, for example: domain name registration, provision of email accounts, provision of Certified Electronic Mail (PEC) accounts, provision of web space, provision of hosting services, provision of other ancillary services, hereinafter collectively the "Services"), will be processed in compliance with the provisions of the Regulation and the obligations of confidentiality that guide the activity of Shine Software.

In accordance with the rules of the Regulation, the processing carried out by Shine Software will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality.

INDEX

Data Controller and Data Protection Officer
The personal data processed

Browsing data
Data processed in connection with social media interaction
Data voluntarily provided by the data subject
Data for domain name registration
Traffic data
Cookies

Purposes of the processing
Legal basis and mandatory or optional nature of the processing
Recipients of the personal data
Transfers of personal data
Storage of personal data
Rights of the data subject
Amendments

1. Data Controller and Data Protection Officer

The Controller of the processing carried out through the Site is Shine Software as defined above. The Controller's organisation has a data protection officer (Data Protection Officer or "DPO"). The DPO is available for any information concerning the processing of personal data by Shine Software, including the list of processors that process data. You may contact the DPO by writing to: info@shinesoftware.it.

2. The personal data processed

By the processing of personal data we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

We inform you that the personal data subject to processing will consist - also depending on your decisions on how to use the Services - of an identifier such as a name, an email address, an identification number, location data, an online identifier, the purchases made, and other data capable of making you identified or identifiable, depending on the type of Services requested (hereinafter simply "Personal Data"). In particular, the Personal Data processed through the Site are as follows:

a. Browsing data

The IT systems and software procedures responsible for the operation of the Site acquire, in the course of their normal operation, certain Personal Data the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and of our customers' sites, and to monitor its correct functioning, to identify anomalies and/or abuses, and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the site or third parties: except for this eventuality, at present data on web contacts does not persist for more than fourteen days, unless otherwise requested by the user (e.g.: access to the user's personal pages within Shine Software that summarise the services used, the information published, etc.).

b. Data processed in connection with social media interaction

In addition to filling in the relevant registration form, you can register for the Services, if you have a Facebook profile, also by simply clicking on the "Login with Facebook" button. In this case, Facebook will automatically send Shine Software some of your Personal Data, specified in the relevant "pop-up" window that is displayed at the time of the request, and you will not need to fill in any other forms. If, on the other hand, you are already a registered Shine Software user, and also have a Facebook profile, you can choose to associate your Shine Software account with your Facebook account by clicking on "Login with Facebook" and then on "Associate account": in this way, your Shine Software identification code will be associated with your Facebook user code, and subsequently you will be able to authenticate yourself directly to your Shine Software control panel with a simple click on "Login with Facebook" without entering your credentials.

In the same way, Shine Software gives you the possibility to associate your Shine Software account also with any Google, Twitter and Linkedin accounts you may have. In these cases too, the websites of the social networks concerned will send some of your Personal Data to Shine Software, specified in the relevant "pop-up" window that is displayed at the time of the request.

c. Data voluntarily provided by the data subject

In the use of particular Services (for example the Shine Software promotions that allow you to request the assignment of domain names in favour of third parties) processing of the Personal Data of third parties sent by you to the Service operator may occur. In relation to such cases, you act as an independent data controller, assuming all the obligations and responsibilities provided by law. In this regard, you grant on this point the broadest indemnity in respect of any dispute, claim, request for compensation for damage arising from processing, etc. that may reach Shine Software from third parties whose Personal Data has been processed through your use of the Services in violation of the applicable personal data protection rules. In any case, should you provide or otherwise process Personal Data of third parties in the use of the Service, you guarantee as of now - assuming any related responsibility - that this particular case of processing is based on an appropriate legal basis (for example, the consent of the data subject) pursuant to art. 6 of the Regulation that legitimises the processing of the information in question.

d. Domain name registration data

As regards the processing of Personal Data carried out in connection with the domain name management service, it is specified that Shine Software will carry out only the processing strictly necessary to provide the service, save for further processing on the basis of an appropriate legal basis pursuant to art. 6 of the Regulation (for example your consent). The data collected by Shine Software in connection with the domain name registration request are only those strictly necessary for the provision of the service and are listed in the Service Order under section

4.3. The provision of such data is in itself optional; however, in the absence of such provision Shine Software will not be able to provide the requested service. It should be noted that the Personal Data of the domain name holder, for purposes strictly connected with the provision of the service, may be disclosed to third parties. In particular, in order to manage domain names, the Internet Corporation for Assigned Names and Numbers (hereinafter: "Icann") requires Shine Software, as registrar, to deposit in escrow with an accredited Escrow Agent a copy of the data necessary for the management of a domain name under the authority of Icann itself. For this service Shine Software relies on the company Iron Mountain Intellectual Property Management Inc., designated by ICANN.

Furthermore, the data may be disclosed to the national and foreign registration Authorities to which Shine Software is required to transmit the technical and administrative documentation provided for by the sector regulations, as well as to any further entities accredited for the registration of domain names with reference to extensions for which Shine Software does not have accreditation. Such sharing of data is necessary for your use of the service and is therefore, under the privacy legislation in force, justified pursuant to art. 6(1)(b)(c) of the Regulation.

It follows that, when subscribing to the service, you accept that some of your Personal Data may be disclosed to the entities listed above. If, on the other hand, when requesting the registration of domain names, you provide Shine Software with Personal Data of other third parties who are data subjects, you act as an independent data controller, assuming all the obligations and responsibilities provided by law. In this regard, you grant on this point the broadest indemnity in respect of any dispute, claim, request for compensation for damage arising from processing, etc. that may reach Shine Software from third parties whose Personal Data has been processed through your use of the Services in violation of the applicable Personal Data protection rules.

In any case, should you provide or otherwise process Personal Data of third parties in the use of the Service, you guarantee as of now - assuming any related responsibility - that this particular case of processing is based on an appropriate legal basis pursuant to art. 6 of the Regulation that legitimises the processing of the information in question. Furthermore, for the completion of the service, the data will as a rule be published, and therefore disseminated, on the public WHOIS database that contains the Personal Data of domain name assignees.

With reference to such processing, we specify that ICANN acts as an independent controller and Shine Software has no control over the processing carried out by such entity. Under ICANN's policies, when requesting the assignment of domain names, you may alternatively choose the option, if available, "Private WHOIS"; however, you cannot in any case prevent the domain name from being published on the WHOIS databases of the relevant Authorities. ICANN's policies are under review and any developments in this regard will be duly notified. Furthermore, the domain name may be published on the WHOIS databases of the relevant Authorities, which in turn are modifying their own data publication policies. It is specified that such entities act as independent data controllers and that Shine Software, which in order to provide the domain name management service must necessarily disclose the data of the registrants to such entities (failing which it would be impossible to provide the service), has no control over the use that such entities make of the aforementioned data. Shine Software, as far as it is concerned, in the context of the provision of domain names will not publish your personal data.

e. Traffic data

In the context of the email service, Shine Software processes certain data for the purposes of transmitting communications over the electronic communications network. Such data are those listed in Legislative Decree No. 109 of 30 May 2008, and specifically are:

- IP address used and email address and any further identifier of the sender;

- IP address and fully qualified domain name of the mail exchanger host, in the case of SMTP technology or of any type of host relating to a different technology used for transmitting the communication;

- email address, and any further identifier, of the recipient of the communication;

- IP address and fully qualified domain name of the mail exchanger host (in the case of SMTP technology), or of any type of host (in relation to a different technology used), that delivered the message;

- IP address used for receiving or consulting email messages by the recipient regardless of the technology or protocol used;

- date and time (GMT) of the connection and disconnection of the user of the email service on the internet and IP address used, regardless of the technology and protocol employed;

- the internet service used.

Such data are processed and stored by Shine Software to provide the service and as a legal obligation - specifically, for the purpose of detecting and prosecuting crimes - and with stringent security measures that make them accessible only to specifically authorised personnel appointed in writing, who access them only following a request from the judicial authority accompanied by a reasoned decree of a public prosecutor and in any case using particularly sophisticated authentication techniques provided for by law. As a legal obligation, the data are stored by Shine Software for the purpose of detecting and prosecuting crimes for six years from their generation. The data are also processed by Shine Software for ordinary business operations connected with the provision of the service (e.g.: for documentation purposes in the event of a dispute over an invoice or a payment claim, for fraud detection, to carry out analyses on behalf of customers), pursuant to the provisions of the law. In this case, the data are stored, with stringent security measures applied in accordance with the law, for six months from their generation, and subsequently deleted.

f. Cookies

Definitions, characteristics and application of the regulations.

Cookies are small text files that the sites visited by the user send and store on the user's computer or mobile device, to be then retransmitted to the same sites on the next visit. It is precisely thanks to cookies that a site remembers the user's actions and preferences (such as, for example, login data, the chosen language, font sizes, other display settings, etc.) so that they do not have to be indicated again when the user returns to that site or navigates from one page to another within it. Cookies, therefore, are used to perform IT authentications, monitor sessions and store information regarding the activities of users who access a site, and may also contain a unique identification code that makes it possible to track the user's browsing within the site itself for statistical or advertising purposes. While browsing a site, the user may also receive on their computer or mobile device cookies from sites or web servers other than the one they are visiting (so-called "third-party" cookies). Some operations could not be carried out without the use of cookies, which in certain cases are therefore technically necessary for the very operation of the site.

There are various types of cookies, depending on their characteristics and functions, and these may remain on the user's computer or mobile device for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user's device until a pre-established expiry.

Under the legislation in force in Italy, the use of cookies does not always require the user's express consent. In particular, "technical cookies" do not require such consent, that is, those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user. These are, in other words, cookies that are essential for the operation of the site or necessary to carry out activities requested by the user.

Among the technical cookies, which do not require express consent for their use, the Italian Data Protection Authority (see Measure on the Identification of simplified arrangements for the privacy notice and the obtaining of consent for the use of cookies of 8 May 2014, hereinafter simply the "Measure") also includes:

"analytics cookies" where used directly by the site operator to collect information, in aggregate form, on the number of users and on how they visit the site,
browsing or session cookies (for authentication),
functionality cookies, which allow the user to browse according to a set of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided to them.

For "profiling cookies", on the other hand, that is, those aimed at creating profiles relating to the user and used for the purpose of sending advertising messages in line with the preferences expressed by the user while browsing the web, the user's prior consent is required.

Types of cookies used by the Site and the possibility of (de-)selection (Cookies - or the links to the privacy notices of the third parties that send cookies - followed by an asterisk relate to the website www.simply.com).

The Site uses the following cookies that can be de-selected, except for third-party cookies for which you must refer directly to the relevant methods of selecting and de-selecting the respective cookies, indicated by means of links:

Technical cookies - browsing or session cookies and strictly necessary for the operation of the Site or to allow the user to make use of the contents and services requested by them.
Analytics cookies, which make it possible to understand how the Site is used by users. With these cookies no information on the identity of the user is collected, nor any personal data. The information is processed in aggregate and anonymous form.
Functionality cookies, that is, those used to activate specific functions of the Site and a set of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided.
Profiling cookies used for the purpose of sending advertising messages in line with the preferences expressed by the user while browsing the web.

WARNING: by disabling technical and/or functionality cookies the Site may not be navigable, or some services or certain functions of the Site may be unavailable or may not work correctly and you may be forced to modify or manually enter certain information or preferences each time you visit the Site.

Third-party cookies, that is, cookies from sites or web servers other than that of Shine Software, used for the purposes of such third parties, including profiling cookies. It is specified that such third parties, listed below with the relevant links to their privacy policies, are independent controllers of the data collected through the cookies they serve; therefore, you must refer to their personal data processing policies, privacy notices and consent forms (selection and de-selection of the respective cookies), as specified in the aforementioned Measure.

For the sake of completeness, it is further specified that Shine Software does its utmost to track the cookies on its own Site. These are updated regularly in the table below, where we provide transparency on the cookies sent directly by Shine Software and on their purposes. As regards the third parties that send cookies through our Site, we provide below the links to their respective privacy notices: to such third parties we delegate, as already specified, the responsibility of providing the privacy notice and collecting the users' consent, as provided for by the Measure. Said responsibility is to be referred not only to the cookies that the third parties send directly, but also to any further cookies that are sent through our Site by virtue of the use of services that the third parties themselves make use of. With respect to such cookies, in fact, sent by service providers of the aforementioned third parties, Shine Software has no possibility of exercising any control and is not aware of either their characteristics or their purposes.

3. Purposes of the processing

The processing that we intend to carry out, subject to your specific consent where necessary, has the following purposes:

to enable the provision of the Services requested by you and the subsequent and independent management of your control panel, which you will access by registering and creating your user profile at the time of provision of the Services, including the collection, storage and processing of data for the purposes of the establishment and subsequent operational, technical and administrative management of the relationship connected with the provision of the Services, and the making of communications relating to the conduct of the established relationship;
to enable the browsing and consultation of the Shine Software websites;
to respond to requests for assistance or information, which we receive via email, telephone or chat through the "Contact us" page of our Site, or through the dedicated "Privacy Reports" form accessible from the "Contact us" page of the Site. With particular reference to responses to requests for assistance that reach Shine Software via telephone, we inform you that calls may be recorded so that Shine Software can demonstrate that it has correctly handled the requests.
to fulfil legal, accounting and tax obligations;
to carry out direct marketing via email for services similar to those you have subscribed to, unless you have objected to such processing initially or on the occasion of subsequent communications, in pursuit of the legitimate interest of Shine Software in promoting products or services in which you may reasonably be interested;
to carry out studies, research, market statistics; to send you advertising material, informative material, commercial information or surveys to improve the service ("customer satisfaction") via email or via SMS, and/or through the use of the telephone with an operator and/or through the official Shine Software pages on social networks;
only with reference to certain services, the data may be processed for the purpose of disclosure to third parties for their third-party marketing purposes, that is, to provide you with information and/or formulate offers on products, services or initiatives offered or promoted by other companies that are part of the Dada Group and/or by its affiliated and/or subsidiary companies, and/or by other commercial partners and outsourcers that act as independent data controllers;
to make personalised commercial proposals on the basis of the products or services you have purchased, or in which you have shown an interest by browsing our Site, or on the basis of the group of customers to which you belong (profiling). This means, for example, that if you are a reseller you will receive commercial offers intended for resellers; if you have browsed our Site to look for information on certain services, you will receive offers relating to such services; finally, if you are making use of a service, on the basis of your use of the service you will receive targeted communications from Shine Software (for example, if the capacity of the service is reaching its limit, you will be warned and invited to increase the capacity of the service itself; or, you will be offered services complementary to and/or compatible with the one you have purchased). This type of analysis is typically carried out on purchase data relating both to natural persons and to legal persons, and the related decisions are not based on solely automated processing. Such processing is necessary for the pursuit of the legitimate interest of the data controller in personalising its commercial proposals. You can always object to this processing through the "Privacy Reports" form;
for the exclusive purposes of security and prevention of fraudulent conduct, the Controller implements an automatic control system that involves the detection and analysis of users' behaviour on the site, associated with the processing of Personal Data including the IP address. The consequences of such processing are that should a party attempt to engage in fraudulent conduct on the Shine Software Site, for example to benefit more than once from the same promotion without being entitled to do so, Shine Software reserves the right to exclude such party from the promotion or to adopt any other appropriate measure for its own protection.

4. Legal basis and mandatory or optional nature of the processing

The legal basis for the processing of Personal Data for the purposes referred to in section 3 (a-b-c) is art. 6(1)(b) of the Regulation, as the processing is necessary for the provision of the contracted services. The provision of Personal Data for these purposes is optional but any failure to provide it would make it impossible to activate the requested Services.

The purpose referred to in section 3(d) represents a legitimate processing of Personal Data pursuant to art. 6(1)(c) of the Regulation. Once the Personal Data has been provided, the processing may indeed be necessary to comply with legal obligations to which Shine Software is subject.

The processing carried out for marketing purposes described in section 3(f) and for disclosure to third parties described in section 3(g) is based on the granting of your consent pursuant to art. 6(1)(a) of the Regulation. The provision of your Personal Data for these purposes is entirely optional and does not affect the use of the Services. The processing referred to in section 3 (e), carried out for email marketing purposes on products or services similar to those purchased by you, finds its legal basis instead, pursuant to art. 6.1.f of the Regulation, in the legitimate interest of Shine Software in promoting its own products or services in a context in which the data subject can reasonably expect such type of processing, to which they may moreover object at any time. Should you in fact wish to object to the processing of your data for the marketing purposes referred to in sections 3(e) and 3(f), you may do so at any time through your control panel, or by sending a request from here

or alternatively through the mechanism proposed in the footer of the commercial emails. The profiling processing referred to in section 3(h), to which you may object at any time, is based on the legitimate interest of the Controller, pursuant to article 6.1.f of the Regulation, in personalising its commercial communications. The processing referred to in section 3(i) is also based on the legitimate interest of the Controller in detecting fraud and scams carried out to its detriment, in accordance with art. 6.1.f of the Regulation.

5. Recipients of the personal data

Your Personal Data may be shared, for the purposes referred to in section 3 above, with:

entities that typically act as data processors, namely: i) persons, companies or professional firms that provide assistance and consultancy activities to Shine Software in accounting, administrative, legal, tax, financial and debt recovery matters in relation to the provision of the Services; ii) entities with which it is necessary to interact for the provision of the Services (for example the national and foreign registration Authorities to which the technical and administrative documentation and the Maintainer forms are transmitted, the authorities that manage the WHOIS database containing the personal data of domain name assignees, the entities that provide the credit card payment service, (Mercury Payments and Banca Sella) etc. iii) or entities delegated to carry out technical maintenance activities (including the maintenance of network equipment and electronic communications networks); iv) Dada Group companies, Italian or foreign, for administrative or statistical purposes (collectively the "Recipients");
entities, bodies or authorities to which it is mandatory to disclose your personal data by virtue of legal provisions or orders of the authorities (for example, in the course of criminal investigations Shine Software may receive requests from the judicial authority to provide logs of electronic traffic);
persons authorised by Shine Software to process Personal Data necessary to carry out activities strictly related to the provision of the Services, who have undertaken to maintain confidentiality or who have an appropriate legal obligation of confidentiality, such as the employees of Shine Software;
commercial partners for their own, independent and distinct purposes, only in the event that you have given specific consent.

The complete list of data processors is available by sending a written request from here.

6. Transfers of personal data

Some of your Personal Data is shared with Recipients that may be located outside the European Economic Area. Shine Software ensures that the processing of your Personal Data by these Recipients takes place in compliance with the Regulation. Indeed, the transfers may be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available from the Controller. In the context of the domain name registration services, the data is disclosed to the entities listed in section 2(e) of this policy: such processing in some cases involves the transfer of the data in question outside the European Economic Area. Given that said transfer is necessary for your use of the service, under the privacy legislation in force, it is justified pursuant to art. 49(1)(b) of the Regulation.

7. Storage of data

The Personal Data processed for the purposes referred to in section 3(a-b-c) will be stored for the time strictly necessary to achieve those same purposes. In any case, as these are processing operations carried out for the provision of Services, Shine Software will process the Personal Data for as long as permitted by Italian law for the protection of its own interests (Art. 2946 of the Italian Civil Code and subsequent articles).

The Personal Data processed for the purposes referred to in section 3(d) will be stored for the time provided for by the specific applicable legal obligation or rule. By way of example, as already specified, traffic data will be stored for purposes of justice for six years from their generation; otherwise, they will be stored for six months.

For the purposes referred to in section 3 (e)(f), your Personal Data will instead be processed until the withdrawal of your consent or for up to three years after you have ceased to be a Shine Software customer, or have simply registered on the Site and have made no purchase of products or services. The possibility for Shine Software to store your Personal Data for as long as permitted by Italian law for the protection of its own interests is in any case reserved (Art. 2947(1)(3) of the Italian Civil Code). Further information regarding the data storage period and the criteria used to determine such period may be requested by writing to the Controller or to the DPO.

8. Rights of the data subjects

You have the right to request from Shine Software, at any time, access to your Personal Data, the rectification or erasure of the same, or to object to their processing in the cases provided for by article 20 of the Regulation; you have the right to request the restriction of the processing in the cases provided for by art. 18 of the Regulation, as well as to obtain in a structured, commonly used and machine-readable format the data concerning you (portability), in the cases provided for by art. 20 of the Regulation.

Requests must be made in writing from here.

To exercise the right to portability and obtain further information on the content, access this link.

It is specified that, in the presence of requests from data subjects relating to the reporting of abuses in the use of the services or spamming activities - activities already prohibited by contract as specified in para. 8 of the General Terms of Service - carried out by a Shine Software Customer (it is specified that such customer typically acts as a data controller pursuant to the Regulation), as well as in the presence of any further request to exercise the rights under art. 15 et seq. of the Regulation, Shine Software, without entering into the merits of the request, will on the one hand promptly inform the customer/controller, and on the other hand provide the data subjects with the details of the customer/controller.

In any case you always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali - the Italian Data Protection Authority), pursuant to art. 77 of the Regulation, should you consider that the processing of your data is contrary to the legislation in force.

9. Amendments

This privacy policy is in force as of 9 May 2018. Shine Software reserves the right to modify or simply update its content, in part or completely, also as a result of changes in the applicable legislation. Should the amendments to this Policy concern substantial changes in the processing or in any case have a significant impact on data subjects, Shine Software will take care to notify them appropriately to the data subjects.