Latest update: February 14th, 2023

Summary This information is provided by Public Pressure in its capacity as Data Controller (hereinafter also simply the “Company” or “Data Controller”), as this entity determines the purposes and means of the processing.
The natural persons to whom the Personal Data refer are referred to as “Data Subjects”. If the Client is a natural person or sole proprietor, this subject is himself the Data Subject; if it is a private organisation (e.g. a partnership, corporation, association, etc.), the Data Subjects are the natural persons who administer the organisation itself or who operate under its authority (e.g. its Workers); information strictly related to the organisation (e.g. tax code or VAT number) is not considered Personal Data. The “Processing of Personal Data”, in simple terms, is any operation concerning any “information relating to an identified or identifiable natural person”. For example, your first and last name, or an email address with a “user name” that identifies you (e.g. johndoe@….), is considered “Personal Data” and the act of collecting it and registering it with us is considered ‘Processing’. Our company is referred to as a “Data Controller” because we determine how and for what purposes we process information about natural persons; persons under our direct authority (e.g. our employees) must comply with the Privacy Policy. You, as the “natural person to whom the Personal Data relates”, are defined as a “Data Subject”, and are entitled to receive the following information about who we are, what Personal Data we process, why, how and for how long we process it, and what obligations and rights you have in this respect. Definitions of the terms and expressions used can be found at the end (the Glossary).
Who are we (“Data Controller”)?
Public Pressure Ltd., a company duly existing and incorporated under the laws of Ireland, with registered office in 3rd Floor, Ulysses House, Foley Street, Dublin 1, Ireland, D01 W2T2 registered at the Registrar of Companies of Dublin with Number 701750, VAT no. IE-3929949FH (hereinafter also just “Public Pressure”, or “Company”, or ” Data Controller”).
What categories of Personal Data do we process?
We process common personal data (e.g. first name and surname, fiscal codes, telephone numbers, address, email, etc.) of Clients that have entered into a Contract with Public Pressure to the minimum extent necessary to achieve each of the Purposes set out below.
Contracts and related Data Processing activities which do not expressly refer to this Privacy Policy do not fall within the scope of application of the following provisions.

Why do we process Personal Data (Purpose) and what is the basis for the Processing (Legal Basis) of each category of Data?
Personal Data is processed with the following purposes, and on the basis of the conditions of legitimacy indicated for each:
  1. enter into and perform the Contract and any consequent and/or related activities (e.g., sending technical, contractual and organizational communications and information) on the basis of the requirement for its fulfillment;
  2. Marketing (sending of advertising material, commercial communications, direct sale and performance of marketing research, also through surveys), on the basis of Client’s consent, freely given and withdrawable at any time;
  3. Marketing (with regard to products and/or services similar to those purchased by the Client, by sending communications to the e-mail address provided in the Contract), on the basis of Data Controller’s legitimate interest, consisting in the strengthening of the commercial relationship with the Client;
  4. comply with obligations under applicable legislation and/or orders issued by authorities, on the basis of the need to fulfil legal obligations;
  5. to establish, exercise and/or defend a right in the competent courts, on the basis of our legitimate interest in defending one of our rights against the Data Subject and/or the need to pursue this purpose in court.
To whom do we disclose the Data (Categories of Recipients)?
The following categories of persons, to the minimum extent necessary to achieve each Purpose, on the basis of Applicable Law and/or a contractual agreement with the Data Controller:
  1. subjects required to perform the Contract or related to some other contract, acting as Data Processor or as autonomous Data Controllers (e.g. IT services suppliers, bankers, insurers, delivery services, commercial agency, accountants, tax and fiscal experts, lawyers, etc.);
  2. person authorised by the Data Controller, bound to confidentiality obligations or under legal duty of confidentiality;
  3. public Administrations or organisations, if and to the extent required by the Applicable Law or their orders, or in order to exercise, defend or assess a right in court, or l Data, defence of the State, its security or the prevention and investigations of offences.
Do we transfer Personal Data outside the European Economic Area?
Personal Data is not transferred outside European Economic Area, but in such case personal data transfers shall take place toward entities for which there is an adequacy decision from the European Commission (e.g. Third Countries and/or international organisations), or on the basis of one of the other safeguards or exemptions set out in Chapter V of the GDPR.
How long do we retain the Data?
We will hold your data for the time necessary to fulfill our purposes as follows:
  1. for the performance of the contract, we will hold the data for the duration of the contract and for a further period of 6 years from the termination of the Contract or the last activity in favour of the Client unless applicable law requires us to retain it for a longer period;
  2. for compliance with legal obligations, we will retain the data as required by these legal and regulatory obligations (such as tax and accounting obligations);
  3. in order to establish, exercise and defend against legal claims, we will hold the data for the time necessary to protect our rights;
  4. for marketing purposes we will hold your data until you withdraw your consent or until you object to the processing.
Are You obliged to provide us with Personal Data?
The disclosure of Data by the Data Subject is obligatory, to the minimum extent necessary to respond to requests, for the management of the contractual relationship and for the fulfilment of obligations arising from Applicable Legislation
You may refuse (initially or subsequently) to the processing of your data for marketing activities under purpose n. 2 either by not giving it initially or by withdrawing it subsequently.
The provision of your data and the consent for marketing activities under purpose n. 3 is always optional.
What happens if I refuse to communicate your Data?
If you do not provide us with data for contractual purposes we will not be able to provide the services, or we will not be able to guarantee the safe provision of the services.
If You refuse (initially or subsequently) the processing for Marketing purposes You will not (or can no longer) be informed about news related to our activities, nor benefit from any promotions, discounts or bonuses.
What rights do You have as a “Data Subject”?
You have the right to:
  1. access the data held by the Controller, and to ask for a copy, unless the exercise of the right violates the rights and freedoms of other natural persons;
  2. request the rectification of incomplete or inaccurate data;
  3. request the erasure of the data, subject to the exclusions or limitations established by the Applicable Law;
  4. request a list of the data processors, with further data useful for their identification;
  5. request the restriction of processing, if the conditions are met and subject to the exclusions established by the Applicable Law;
  6. request data portability (i.e. commonly used and machine-readable format, so that they can be transmitted to another Data Controller without hindrance),
  7. to the extent that the processing is based on consent or on the need to perform a contract, where technically possible and except where the exercise of the right infringes the rights and freedoms of other natural persons;
  8. lodge a complaint with the Data Protection Authority of your country, or of the place where the alleged violation occurred.
Right to withdraw the consent
Remember that You can withdraw the consent given at any time, but the withdrawal will not affect the lawfulness of the data processing carried out in the period prior to such withdrawal.
Right to object: You may object to the processing of data based on: the legitimate interest of the Data Controller, at any time for reasons related to your particular situation (e.g. harm to your honour, reputation, decorum), unless they could supply evidences of compelling legitimate grounds prevailing under Article 21 of GDPR, or exercise or defend a right in court.
Who can You contact for questions or to exercise your rights?
You may contact the Data Controller for questions concerning the processing of your Personal Data by sending an email to legal@publicpressure.io.
PLEASE NOTE
  1. This privacy policy has been published in the date indicated above; we can modify the content (in whole or in part) also because of changes in the privacy law; we will publish the updated version of the information note (from that moment it will be binding): Data Subject is invited to visit periodically the page which contains this document and/or the relevant section of the website.
  2. We do not intentionally collect personal information from individuals under the age of sixteen. In the event that information about children is recorded, we will delete it in a timely manner, at the request of the person concerned or of those exercising authority over them.
GLOSSARY
“Applicable Law”: any provision of laws and regulations, applicable to the processing of personal data through the Site.
“Client”: the individual or entity who enters into the Contract, as well as its Managers, Employees or other agents.
“Contact Form”: means any online form provided by us through the Site, composed of one or more pages, through which the Visitor can send information or make requests.
“Contract”: any agreement entered into by a Client with our company which expressly refers to this Privacy Policy.
“Data Processor”: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”, as defined in Article 4, sub-paragraph 1, no. 8, of the GDPR and the UK GDPR.
“GDPR”: Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”.
“Personal Data”: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
“Restriction of processing”: “the marking of personal data stored with the aim of limiting their processing in the future.
“Supervisory Authority”: the independent public authority in charge of monitoring the application of the privacy law.
THE ICONS
Some icons are extracted from the “DaPIS (Data Protection Icon Set)”, created by the CIRSFID, Università di Bologna e Accademia di Belle Arti di Bologna (http://gdprbydesign.cirsfid.unibo.it/dapis-the-data-protection-icon-set/), released under Creative Commons Attribution-ShareAlike 4.0 International license (CC BY-SA 4.0) (https://creativecommons.org/licenses/by-sa/4.0/).