1. DATA CONTROLLER
The HorseTap Website and the HorseTap Mobile Software (also “HorseTap”, “we”, “us”, “our”) are managed by Marilin s.r.l., with its registered office in Via Vittorio Veneto 38, 24055 Cologno al Serio (BG), Fiscal Code 04313580161, Bergamo Companies’ Register registration number BG - 453199.
For any assistance or claim please contact: email firstname.lastname@example.org.
Marilin s.r.l., as the Controller of the data processing (herein after referred to as the “Controller”) intends to inform the Users of the Website https://www.horsetap.com and the Mobile Software HorseTap (herein after referred to as the “Website” and “the Mobile Software”), (herein after “Users” or also “Data Subjects”), about the modalities though which personal data are stored, collected and processed by the Controller, according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (herein after referred to as the “GDPR”), and the Italian Legislative Decree 196/2003, as last amended to implement the European Regulation (herein after referred to as the “Privacy Code”).
2. DATA CONTROLLER AND DATA PROCESSOR
3. DATA PROTECTION OFFICER
The appointed Data Protection Officer (DPO) can be contacted at any time for any question and/or request about data protection and privacy at the following address: email@example.com.
4. CATEGORIES OF PERSONAL DATA
The information systems and software procedures relied upon to operate this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.
These data are necessary to use web-based services and are also processed in order to:
- extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);
- check functioning of the services.
Data communicated by Users
Remember, our Service allows you to connect with others and share information about yourself with other individuals. Your profile information, including your name, photo and other personal information you include in your bio, will be available publicly to other members of the Service by default. By using the Service, you consent to have your profile information displayed to other members of the Service. Consider your own privacy and personal safety when logging in to our Service and sharing your information with anyone. HorseTap never shares your phone number and email address with other Users on the Service without your consent.
a) personal and contact data provided to the Controller at any time, including the moment of the subscription and creation of the personal account;
b) data provided when information and/or assistance are requested;
5. PURPOSES OF THE PROCESSING
The purposes of processing personal data of the Data Subjects are:
a) to enable the Data Subject to subscribe and register as a User of the Website and the Mobile Software, in order to create a personal account and use the Service, as described in the Agreement, including uploading and displaying multimedia content, interacting with other Users and also using the website assistance and customer care (“Contractual Purposes”);
b) to comply with a legal obligation to which the Controller is subject (“Legal Purposes”);
c) after the consent of the Data Subject, to send newsletter and communication, through traditional and distance media, including email, SMS, MMS, social network, instant message, mobile application, banner, fax, mail, telephone, even for customer satisfaction surveys (“Marketing Purposes of the Controller”);
d) to send newsletter and communication, in case the Data Subject has given the consent to the data processing for Marketing Purposes of the Controller, through email/SMS not exceeding 3 communications per month, to Users identified only on the basis of non-invasive categories, such as age-group, previous subscription of other newsletters, or modalities through which the Data Subject makes purchases (“Purposes of Marketing Legitimate Interests”);
e) to carry out activities necessary to transfer/sale a company or a company’s branch, acquisitions, mergers, demergers or other transformations and for the execution of such operations (“Purposes of Business Legitimate Interests”).
6. LEGAL BASIS FOR THE PROCESSING
According to Article 6 of the GDPR, processing personal data shall be lawful only if and to the extent that the Data Subject has given consent to the processing of his or her personal data for one or more specific purposes; and processing is necessary for the performance of a contract to which the data subject is party.
The personal data mentioned on this page are processed by the Controller in discharging its tasks, necessary to perform the contract we are about to enter into or have entered into with you for the Service (as it is described in details in our “Term of Use Agreement”, referred to also as the “Agreement”).
Personal data processing for Contractual Purposes is mandatory, as it is necessary for us to conclude the Agreement with you and enable you to make the subscription, perform the activities provided by the Website and the Mobile Software, interact with other Users and use all the Services provided.
The provision of personal data for Legal Purposes is also mandatory as it is requested by applicable laws and regulations. In case the Data Subject is not willing to provide personal data, it shall not be possible for him/her to conclude the Agreement, make the subscription and use the Service.
Processing shall be lawful also to the extent that it is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data (Article 6 of GDPR).
Processing personal data for Marketing Purposes of the Controller and third parties is facultative and subject to the consent of the Data Subject. The failure to give such a consent determines the impossibility for the Controller, companies of the same group as the Controller and/or commercial partners, to keep the Data Subject up to date on new products and services, promotions, personalized offers and to perform market researches and to send communications or other information that may be aligned with his/her interests.
Processing personal data for Purposes of Business Legitimate Interests is aimed at pursuing the legitimate interests of the Controller in performing the economic operation enlisted in Article 6, letter f) of the GDPR, to be adequately balanced with the interests of the Users, as the processing is carried out to the extent strictly necessary to perform such operations.
7. HOW WE STORE AND PROCESS YOUR PERSONAL DATA
Personal data are collected, stored and processed with the support of electronic and/or paper devices and they are protected through security measures appropriate to ensure the security and confidentiality of personal data. In particular, the Controller has taken technical and organizational measures necessary to protect the personal data he controls against unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
The Controller proceeds to the make personal data anonymous and remove identifying data, in case there is no longer the necessity to process identifying personal data as to the purposes of the process and, in any case, when the term for the storage period expires.
How We Protect Your Information
Keeping your information safe: HorseTap cares about the security of your information, and uses commercially reasonable safeguards to preserve the integrity and security of all information collected through the Service. To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from HorseTap at all times. However, HorseTap cannot ensure or warrant the security of any information you transmit to HorseTap or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed. Your privacy settings may also be affected by changes to the functionality of third party sites and services that you add to the HorseTap Service, such as other social networks. HorseTap is not responsible for the functionality or security measures of any third parties.
Compromise of information
In the event that any information under our control is compromised as a result of a breach of security, HorseTap will take reasonable steps to investigate the situation, notify the Data Subjects whose information may have been compromised and the competent supervisory Authorities, and take other steps, in accordance with any applicable laws and regulations.
How Long Does HorseTap Keep Information About Me?
We store personal data for as long as necessary to fulfill the purposes for which we collect the data, except if required otherwise by law.
We retain your data for as long as you have an account. When you close an account, we will delete its content, including its videos. We may retain logs of automatically collected information (Browsing Data) for internal statistics analysis. We may retain your email address, your tax information, communications with you, and your transactional information (for auditing, tax, and financial purposes). When we no longer have a business reason for retaining data, we will delete or anonymise it.
In particular, for marketing and profiling purposes, according to the consent you gave, we will store/process your data for a maximum period as long as the period set forth by the applicable laws: respectively 24 and 12 months.
In order to improve and develop our Service and its functionality, Users’ personal data may be analyzed and stored in aggregated and pseudo-anonymised form for a period of up to 36 months. These data are used exclusively for internal purposes.
Invoices, tax documents and data regarding transactions will be stored/processed for a period of 11 years, according to applicable laws (including tax laws).
In case you exercise your ‘right to be erasure’ through express request of cancellation of your personal data processed by the Controller, we inform you that your data will be stored, in a protected form and with limited access, exclusively with the purpose to assess and delete such data, for a period no longer than 12 months starting from the date of your request, and then they will be safely deleted or irreversibly anonymised.
We also inform you that, for the same purposes, data relating the internet browsing, excluding the communications’ content, will be stored/processed for a period no longer than 6 years starting from the date of your communication, according to applicable laws.
We retain deleted videos on our servers for a short period in case you wish to reverse deletion. Once we delete a video, we may not be able to recover it. If you have previously made a video public, the video or its thumbnail may be discoverable in a search engine's cache for a time. We have no control over search engines; however, upon request, we will be available, as soon as reasonably possible, to send a request for deletion to major search engines.
If we receive legal process pertaining to your account, we will retain your data for as long as we in good faith believe is necessary to comply with the legal process. Similarly, if we believe that your account has been involved in wrongdoing, we may preserve your data to defend or assert our rights.
8. DATA RECIPIENTS
The following entities may be recipients of the data collected while visiting the website. They have been appointed by the Controller, pursuant to applicable laws, as provider of services necessary to implement the Service’s functionality:
- the provider of the web platform development and maintenance services;
- Amazon AWS (Elastic Transcoder, Storage S3, CloudFront e SNS, and Digital Ocean, being the providers of the online storage of personal data platforms relied upon;
The personal data collected as above may be also processed by staff of the Controller and the DPO, collaborators, employees, suppliers of the Controller, within their tasks and/or contractual obligations, acting on specific instructions concerning purposes and arrangements of such processing.
We may also share your personal information with third parties who we require to operate, maintain and provide the features and functionalities of the Service. Examples of these necessary third parties include:
• other companies owned by or under common ownership as HorseTap, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns, placed in Italy or in other States member of the European Union;
• third party vendors, consultants and other service providers that perform services on our behalf, in order to carry out their work for us which may include providing payment, mailing or email services, tax and accounting services, data enhancement services, fraud prevention services, web hosting, and/or analytic services, email server services (to send messages to users), product development services and identity verification services;
• banking institutions, in order to manage incomes and payments necessary to perform the contracts concluded with the Data Subject. In particular, in order to subscribe, you need to provide a valid payment method (e.g., credit card or PayPal account). Your payment information will be collected and processed by our authorized payment vendors. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions. If we allow purchase through a third-party platform (i.e. in-app purchase), the payment method stored with the third-party platform will be charged. In particular, our payments are securely managed by third party partners Paypal and Braintree. When you are about to complete the subscription to the HorseTap Service you will be redirected to Paypal and Braintree websites for the payment;
• legal, administrative and tax advisers or other counsellors, to the only extent necessary to perform the Controller’s activities;
• the public and other members of the Service. Any information or content that you voluntarily disclose for posting to the Service, such as User Content, becomes available to any other User. Any User Content that you make public is searchable by other Users. If you remove information that you posted to the Service, copies may remain viewable in cached and archived pages of the Service, or if other Users have copied or saved that information. Also, other members of the Service can actively search and ‘follow’ your account and send personal messages to you.
We may also share your information with other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings.
9. PERSONAL DATA TRANSFERRED ABROAD
Personal data could be freely transferred outside the Italian territory into States member of the European Union. The potential transfer of Data Subject’s personal data into States of the European Union shall be in any case performed in accordance with appropriate warranties and in compliance with the applicable laws and regulations.
10. DATA SUBJECTS' RIGHTS
Data Subjects have the right to obtain from the Controller, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 of the GDPR). Please contact the DPO (email: firstname.lastname@example.org) to lodge all requests to exercise these rights.
If you are located in the EU or Switzerland, you have the following rights in respect of your personal data that we hold:
a) right of access. The right to obtain access to your personal data;
b) right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete;
c) right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed;
d) right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data;
e) right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another;
f) right to object. You have a right to object to processing based on legitimate interests and direct marketing;
g) right to withdraw consent. You should be aware that you are entitled to withdraw your consent where that has been given, at any time. If you do this and we have no alternative lawful reason to process your personal data, this may affect our ability to provide you with rights to use the Service;
If you wish to exercise one of these rights, please contact us at email@example.com.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
11. RIGHT TO LODGE A COMPLAINT
If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint to the supervisory Authority, pursuant to Article 77 of the GDPR, or else to bring a judicial proceeding against the Controller or Processor pursuant to Article 79 of the GDPR.
We, and our third party partners, automatically collect certain types of usage information when you visit our website or use our Service, read our emails, or otherwise engage with us. When you visit the Service, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click, how frequently you access the Service, and other actions you take on the Service), and allow us to track your usage of the Service over time. We may collect log file information from your browser or mobile device each time you access the Service. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our Users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit, your use of third party applications, and other information that assists us in analyzing and improving the Service. When you access our Service by or through a mobile device, we may receive or collect and store a unique identification number associated with your device (“Device ID”), mobile carrier, device type and manufacturer, phone number, and location data (e.g., city and state) of your mobile device. We use or may use the data collected through cookies, log file, device identifiers, location data and clear gifs information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information; (c) provide and monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website and our Service; (e) diagnose or fix technology problems; (f) otherwise to plan for and enhance our Service; and (g) automatically update the HorseTap application on your mobile devices.
Your Choices About Your Information
Commercial and marketing communications: We use the information we collect or receive to communicate directly with you. We may send you emails containing newsletters, promotions and special offers. If you do not want to receive such email messages, you will be given the option to opt out or change your preferences. We also use your information to send you Service-related emails (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices). You may not opt out of Service-related emails. You will also be able to be “found” on HorseTap based on information that you provide (e.g. other members of the Service can actively search and ‘follow’ your account and send personal messages to you). You control your account information: you may update your account information at any time by logging into your account. You can also stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. We make every effort to promptly process all unsubscribe requests. As noted above, you may not opt out of Service-related communications (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices). If you have any questions about reviewing or modifying your account information, you can contact us directly at firstname.lastname@example.org. Opting out: The only way to completely opt out of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or mobile device. Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. Depending on your type of device, it may not be possible to delete or disable tracking mechanisms on your mobile device. Note that disabling cookies and/or other tracking tools prevents HorseTap or its business partners from tracking your browser’s activities in relation to the Service. However, doing so may disable many of the features available through the Service. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at email@example.com.
“Do Not Track Signals”
13. CHILDREN’S PRIVACY
HorseTap does not knowingly collect or solicit any information of persons who are under the minimum required ages specified herein. Residents of the European Union must be at least 16. Persons outside of the EU must be at least 14. Persons who are under 18 must obtain parental consent to use our Service. In the event that we learn that we have collected personal information from a child under aged without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under aged, please contact us at firstname.lastname@example.org.
14. LINKS TO OTHER WEB SITES AND SERVICES
|CATEGORY OF PERSONAL INFORMATION||HOW WE USE IT||LEGAL BASIS FOR THE PROCESSING|
|Contact information and basic personal details such as your first name, last name, phone number, and email address.||
We use this information to operate, maintain and provide to you the features of the Service.
We use this information to communicate with you, including sending Service-related communications (such as invoices and information about updates to the Service, and any news, alerts and marketing communications (in line with your settings and options)).
We use this information to deal with enquiries and complaints made by or about you relating to the Service.
The processing is necessary for:
Profile and account information such as your unique name, username, password, any additional information that you share with us such as your user biography, content such as photos, contacts' user IDS and your connection to those IDs, connection to those contacts.
To add photos, you may allow us to access your camera or photo album. Some of the information you choose to provide us may be considered "special" or "sensitive", for example your racial or ethnic origins. By choosing to provide this information, you explicitly consent to our processing of that information.
|We use this information to operate, maintain and provide to you the features of the Service (such as to create your profile/account)||
The processing is necessary for:
|We use this information to allow you to communicate with other users of HorseTap.
||The processing is necessary for:
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.|| The processing is necessary for:
|To administer and protect our business, the Service, our website and your personal data (including security, fraud, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||The processing is necessary for:
|When you use the Service, we will collect and process information such as IP addresses. We use various technologies to determine IP address, that may provide HorseTap with information necessary to perform to the Service.||We use this information to operate, maintain and provide to you the features of the Service.||The processing is necessary for:
|We use this information to operate, maintain and provide to you the features of the Service. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.||The processing is necessary for:
The processing is necessary for the performance of a contract.
|Payment information will be collected and processed by our authorized payment vendors. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions. If we allow purchase through a third-party platform (i.e. in-app purchase), the payment method stored with the third-party platform will be charged.||We do not use/collect/store directly this information. This information will be processed by our payment vendors.||The processing is necessary for:
We will use the personal information provided to allow you to log-in to the Service, to help create a public profile for you, and where we provide the functionality, we will also use the information provided to assist you in sharing the content you create, or your experiences on the Service with your contacts on the connected social network.
|The processing is necessary for:
|Communications. If you contact our customer care team, we will collect the information you give us during the interaction. Sometimes, we monitor or record these interactions for training purposes and to ensure a high quality of service. Of course, we also process your messages with other users as well as the content you publish (e.g., information about horses, riders, categories), as part of the operation of the Service.||We use this information to maintain your profile and so that you can provide information about yourself.|| The processing is necessary for:
|We use this information to allow you to communicate with other users of HorseTap.|| The processing is necessary for:
|To administer and protect our business, the Service, our website and your personal data (including security, fraud, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)|| The processing is necessary for:
|To respond to requests from law enforcement|| The processing is necessary for:
|Information provided by third parties. From time to time, we may receive information about you from users and third parties, that may pass certain information about your use of its service to HorseTap. This information could include, but is not limited to, the user ID associated with your account, an access token necessary to access that service, any information that you have permitted the third party to share with us, and any information you have made public in connection with that service. We may obtain information from third parties to enhance or supplement our existing user information. We may also collect information about you that is publicly available.||We may combine this information with the information we collect from you directly. We use this information to contact you, to send you advertising or promotional materials or to personalize our Service, to pre-populate online forms, and to better understand the demographics of our users.||The processing is necessary for our legitimate interests, namely to tailor our Service to the user and to improve our Service generally.|
|All personal information set out above.||We will use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Service, to communicate with you, to monitor and improve our Service and business, and to help us develop new products and services.||The processing is necessary for our legitimate interests, namely to administer and improve the Service.|
ANNEX 2 – PERSONAL INFORMATION COLLECTED AUTOMATICALLY
|CATEGORY OF PERSONAL INFORMATION||HOW WE USE IT||LEGAL BASIS FOR THE PROCESSING|
|Information about how you access and use the Service including, for example, how frequently you access the Service, the time you access the Service and how long you use the Service for, whether you access the Service from multiple devices, the website from which you came and the website to which you go when you leave the Service, and other actions you take on the Service.||
We use this information to present the Service to you on your device.
We use this information to administer the Service for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to help us develop new products and services.
We use this information to detect and prevent fraud.
The processing is necessary for our legitimate interests, namely to tailor the Service to the user and improve the Service generally.
The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints, and concerns, and for developing and improving the Service.
The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.
|Information about your device including information about the computer, tablet, smartphone or other electronic device you use to connect to the Website. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Website through the device, your Internet service provider or mobile network, your IP address and your device's telephone number (if it has one).||We use this information to present the Service to you on your device.||The processing is necessary for our legitimate interests, namely to tailor the Service to the user and improve the Service generally.|
|We use this information to administer the Service for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to help us develop new products and services.||The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints, and concerns, and for developing and improving the Service.|
|We use this information to detect and prevent fraud.||The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.|