GBDS Network

INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to Article 13 of the EU Regulation 2016/679

GBDS Network SA (hereinafter "GBDS") protects the confidentiality of personal data and guarantees its necessary protection against any event that may put it at risk of violation. As provided for by European Union Regulation No. 679/2016 (hereinafter "GDPR") Article 13 and by Swiss Federal Act on Data Protection (hereinafter “LPD”) Article 19, please find below the information required by law relating to the processing of your personal data.
 

SECTION I

WHO WE ARE AND WHAT DATA WE PROCESS


GBDS Network SA, having its registered office in:

  • Corso S. Gottardo 6, 6830 Chiasso
  • V.A.T. CHE-484.890.767
  • Email: info@gbdsnetwork.com

  • via Tommaso da Cazzaniga 9/6, 20121 Milano (Italy)
  • V.A.T. IT-9715940962
  • Email: info@gbdsnetwork.com

acts as the Data Controller and collects and/or receives information relating to you, such as:

  • Contact details First name, last name and nationality plus company information like: email address(es), landline telephone number and/or cell number, fax, tax ID number, physical address, province and city.
  • Banking information: IBAN and banking/postal account information (except for Credit Card number)
  • Internet traffic data Logs, originating IP address

GBDS does not require you to supply so-called "sensitive" data, that is, according to the provisions of the GDPR and LPD, personal data that identifies race or ethnicity, political opinions, religion or philosophy, or any union affiliation, nor any genetic or biometric information used to uniquely identify a physical person, data associated with health or one's sex life, or sexual orientation. In the event the services requested from GBDS require the processing of this data, you will first receive specific notification with a request for your consent.

SECTION II

WHY WE NEED YOUR DATA


The data is used by the Data Controller to fulfill the Client contact information and for the supply contract on the preselected Service and/or Product purchase, to manage and execute the contact requests forwarded by you, offer assistance, fulfill legal and regulatory obligations demanded of the Data Controller in accordance with the activities performed. In no case will GBDS resell any of your personal information to third parties nor use it for any purpose not stated.
In particular, your data will be processed for:

  1. Registration and contact information, and/or informational materials. Your personal data is processed to implement preliminary actions and those following a registration request, to manage information and contact requests, and/or to send informational materials, as well as to satisfy any and all other obligations arising herewith. The legal basis for this processing is to provide the services relating to a request for registration, information and contact, and/or the sending of informational materials, and to comply with legal requirements.

  2. Administering the contractual relationship. Your personal data is processed to implement preliminary actions and those following the purchase of a Service and/or a Product, to manage the applicable order, to perform the Service itself and/or for production and/or shipping of the purchased Product or Service, the associated invoicing and payment management, handling of any returns and/or notifications to the support service and performance of the support itself, fraud prevention, as well as fulfillment of any and all other requirements arising from the contract.
    The legal basis for this processing is to provide the services relating to the contractual relationship and to comply with legal requirements.

  3. Promotional activities on Services/Products that are similar to those you have purchased. The Data Controller, even without your explicit consent, may use the contact information you provided for direct sales of its own Services/Products, limited to those Services/Products that are similar to the ones included in the sale, unless you specifically refuse.

  4. Business promotional activities on Services/Products that are different from the ones you purchased. Your personal data may also be processed for business promotional purposes, for market research studies involving the Services/Products that the Data Controller offers, but only if you have authorized this processing and have not opposed it. This processing may occur by the following automated methods:
    • email;
    • sms, whatsapp;
    • telephone contact

  5. Digital security. The Data Controller, in line with the provisions of Recital 49 of the GDPR and through its providers (third parties and/or recipients), processes your personal data involving traffic only to the extent strictly necessary and proportional to guarantee security of the networks and the information. This means the capacity of a network or information system to block, at a given level of security, any unforeseen events or illegal or malicious acts that would compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. The Data Controller will immediately notify you if there is any risk of violation of your data, except for any obligations noted in the provisions of Art. 33 GDPR and of Art. 24 LPD associated with notifications of personal data violations.

  6. Profiling. Your personal data may also be processed for profiling purposes (such as analyzing the transmitted data and the pre-selected Services/Products, suggesting advertising messages and/or business offers in line with user selections) exclusively when you have given explicit and informed consent. The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time (see Section III).

COMMUNICATION TO THIRD PARTIES

Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the activities relating to the contract established, and to meet certain legal requirements, such as:

Categories of recipients Purposes Purposes
Companies belonging to the GBDS Group ("GBDS Group")   Fulfillment of administrative and accounting requirements as well as those connected with the contractual services.

Third party providers and companies belonging to the GBDS Group*   Performance of services (assistance, maintenance, delivery/shipping of products, performance of additional services, providers of networks and electronic communication services) associated with the requested service  
Credit and electronic payment institutions, banks/post offices   Managing payments and reimbursements associated with the contractual service  
External professionals/consultants and consulting firms Fulfillment of legal requirements, exercising rights, protecting contractual rights, credit recovery  
Financial Administration, Public Agencies, Legal Authorities, Supervisory and Oversight Authorities   Fulfillment of legal requirements, protection of rights; lists and registries held by Public Authorities or similar agencies based on specific regulations relating to the contractual service  
Formally mandated subjects or those with recognized legal rights   Legal representatives, administrators, guardians, etc.  

* The Controller requires its own third party providers and Data Processors to adhere to security measures that are equal to those adopted for you by restricting the Data Processor's scope of action to processing directly related to the requested service.

SECTION III

WHAT HAPPENS WHEN YOU DO NOT PROVIDE YOUR IDENTIFICATION INFORMATION AS NEEDED TO PERFORM THE REQUESTED SERVICES?


The collection and processing of your personal data is necessary to fulfill the service requests as well as to perform the Service and/or supply the requested Product. Should you fail to provide your personal data as expressly required within the order form or the registration form, the Data Controller will not be able to carry out the processing associated with managing the requested services and/or the contract and the Services/Products associated with them, nor fulfill the operations dependent on them.

HOW WE PROCESS YOUR DATA

The Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of your personal data, and requires the same security measures from third party providers and the Processors. Unless you explicitly express your own desire to remove it, your personal data will be stored until required for the due purposes for which it was collected. In particular, the data will be stored for the entire duration of your registration and in any case for no longer than a maximum period of 24 months.
Furthermore, personal data will in any case be stored to comply with obligations (e.g. tax and accounting purposes) which may continue even after termination of the contract; for these purposes, the Controller shall retain only the data necessary to complete these activities. For those cases where the rights arising from the contract and/or registration are used in the courts, your personal data, exclusively required for these purposes, shall be processed for the time necessary to complete them.

WHAT ARE YOUR RIGTHS?

  You have the right to obtain the following from the Data Controller:
  1. Confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data in question;
    • the recipients or categories of recipients that have received or will receive your personal data, in particular if these recipients are in third party countries or are international organizations;
    • whether you have the right to ask the Data Controller to correct or delete your personal data or the limits on processing your personal data or to oppose the processing of the data;
    • in the event the data is not collected from you, all of the information available regarding its origin;
    • Whether there is an automated decision process, including profiling, and, at least in these cases, significant information on the logic used, as well as the importance and consequences to you for this processing.
    • the suitable guarantees provided by the third party country (outside EU) or international organization to protect any transferred data

  2. The right to obtain a copy of the personal data processed, again given that this right does not affect the rights and freedoms of others; for extra copies requested by you, the Data Controller may assign a reasonable fee based on administrative
  3.  
  4. the right to have your personal data deleted by the Data Controller without unjustified delay, if there are the reasons outlined in the GDPR, Article 17, including, for example, if the data is no longer needed for processing or if the data is considered illegal, and again, if there are no conditions outlined by law; and in any case, if the processing is not justified by another equally legitimate reason;
  5.  
  6. The right to obtain limits on the processing from the Data Controller, in those cases outlined in Art. 18 of the GDPR, for example where you have disputed the correctness, for the period necessary for the Data Controller to verify the data's accuracy. You must be notified, within an appropriate time, even when the suspension period has passed or the cause of limiting the processing has been eliminated, and therefore the limitation itself has been withdrawn;
  7.  
  8. The right to obtain information from the Data Controller on the recipients who have received the requests for any corrections or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort

Pursuant to the LPD, You have the right to obtain the following from the Data Controller (non-exhaustive list):
  • access to her/his personal data;
  • obtain the rectification of inaccurate or obsolete personal data:
  • to be informed in writing and free of charge if personal data concerning you are being processed;
  • to revoke the consent to the processing of data that you have previously given;
  • prevent the communication to third parties of personal data worthy of particular protection;
  • express his/her opinion on an automated individual decision or request that it be reviewed by a natural person;
  • to obtain the delivery of personal data or to demand their transmission to a third party;
  • to request that data processing be stopped, that its disclosure to third parties be prevented, or that personal data be corrected or destroyed;
  • the right to demand that a certain processing of personal data be prohibited, that a certain communication of personal data to third parties be prohibited or that personal data be deleted or destroyed;
  • if neither the correctness nor the inaccuracy of the personal data can be proved, to request that a note be added to the data noting its disputed nature;
  • to request that the rectification, destruction, blocking, in particular the communication to third parties, as well as the mention of the disputed character or the judgment be communicated to third parties or published;
  • to have the illegality of the processing of personal data established.

Without prejudice to any other administrative or judicial recourse, if you believe that the processing of your data violates the provisions of the LPD, you have the right to lodge a complaint with the federal authority for data protection and transparency.

For further information and to send your request, contact the Data Controller at info@gbdsnetwork.com
To guarantee that the rights noted above are exercised by you and not by unauthorized third parties, the Data Controller may require you to provide other information necessary for this purpose.

HOW AND WHEN CAN YOU OPPOSE THE PROCESSING OF YOUR PERSONAL DATA? (ART. 21 GDPR)


For reasons associated with your particular situation, you may at any time oppose the processing of your own personal data if it is based on legitimate reasons or if it is done for business promotional activities, by sending a request to the Data Controller at info@gbdsnetwork.com You have the right to have your own personal data deleted if the Data Controller has no legitimate reason prevailing over such request, and in any case, where you have opposed the processing for business promotional activities.


SECTION IV

WEBSITE - GENERAL INFORMATION AND COOKIES MANAGEMENT


The information provided below describes, as required by the EU Regulation 2016/679 and by the LPD, the processing operations performed on the personal data of the users visiting the GBDS Network SA website.
< The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the GBDS's domain.

CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING

Browsing data

  The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment. These data are necessary to use web-based services and are also processed in order to
  • extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);
  • check functioning of the services.
Browsing data are kept for no longer than seven days and are erased immediately after being aggregated (except where judicial authorities need such data for establishing the commission of criminal offences).

Data provided voluntarily by the customer

The personal data provided by completing the contact form, exchanging e-mails, or by telephone (name, surname, e-mail address), are collected and processed for the establishment of commercial relations or for the execution of pre-contractual measures with the Customers. The provision of personal data by site visitors/users is optional. Retention Period: max 1 year Grounds of justification: implementation of pre-contractual measures (request of the data subject) – the interest of the Data Controller is carrying out the user/customer/prospect requests

Cookies and other tracking devices

Cookies are data sent from the website and stored by the internet browser in your computer or other device (for example, tablet or cellphone). Technical and third party cookies may be installed from our internet site or associated subdomains.
In any event, you can manage, that is, request general deactivation or deletion of the cookies by changing the settings on your web browser. However, this deactivation may delay or block access to some parts of the site.
Settings to manage or deactivate cookies can change depending on the internet browser used. Therefore, to get more information on the methods by which these operations are completed, we advise you to consult the manual for your specific device or the "Help" function for your specific web browser.   Below are links that explain how to manage or disable cookies for the most common web browsers:



Third party cookies

Third party cookies may be installed. These are analytic and profiling cookies like Google Analytics, Google Doubleclick, Criteo, Rocket Fuel and Facebook. These cookies are sent to our website by these external third party websites. Third party analytic cookies are used to identify information on the behavior of users on the website. Identification is done anonymously to monitor services and improve the site's usability. Third party profiling cookies are used to create profiles associated with the users, to propose publicity messages in line with the choices made by the users themselves. The use of these cookies is governed by the regulations established by the third parties themselves, and therefore Users are asked to review the privacy information and information on managing or disabling the cookies published on the third parties web pages.

Data Recpients

The following entities are recipients of the data collected in the course of visiting the websites listed above. They have been appointed as data processors by Article 28 GDPR and Article 9 LPD.
Endurance International Group, Inc., is a leading provider of online tools for small businesses to establish and build their web presence, get found in online search, and connect with customers through social media, email marketing, and more.

Our brands include Constant Contact, Bluehost, HostGator, Domain.com, iPage, and others found at https://www.endurance.com/our-brands/