Last revision: March 23, 2023
Dear User, the methods of collection and processing of your personal data by LiberoSocial s.r.l. (hereinafter “Asters” or “Provider” ) are regulated as follows.
The data controller is the company LiberoSocial s.r.l., in the person of its legal representative pro tempore, VAT 04676140231, REA VR – 439930, headquartered at 26 San Martino St., 37013 Caprino Veronese (VR). As the owner of the processing of personal data collected during the navigation of the various sections and subsections of the website https://asters.ai for the provision and performance of its services, Asters is committed to ensuring compliance with the regulations on privacy, as amended by the European Union Regulation No. 679/2016 (hereinafter, “GDPR”), providing its customers with all the relevant information both on how the aforementioned data are collected, stored and used and on the rights of each user. In this regard, it is possible to contact Asters, as the owner of the processing and protection of the aforementioned data, by writing to: [email protected]
Personal data processed, purpose and legal basis for processing
A – Personal data processed
In order to perform and provide its services, as described within its website, on time and according to market standards, Asters collects and stores the following data:
- The data and information provided by visitors/users of its website (https://asters.ai) and its subdomains and/or domains in any way connected, present and future, generated by access to the site. The computer systems and software procedures set up by Asters acquire the information sent to the user’s browser and, in particular: (i) the IP address, (ii) the type of operating system and browser used, (iii) the settings, date and time of use as well as (iv) the location (understood as geo-location of the user) and the language used;
- The geographical area in which the device from which the data covered by this policy is communicated is used and/or the various mobile devices, from time to time used by the user;
- Personal data (first name, last name, user name, e-mail address and contact information) provided by users of its website who subscribe to (i) Asters’ newsletter(s) and/or (ii) choose to register to (a) use the so-called “free” plan and/or free trial of the chosen subscription plan, (b) to receive updates on our activities, and (c) to receive promotional communications and invitations to events;
- Additional personal data (company name, company name, telephone numbers, billing address, VAT number as well as any other useful and/or necessary data required by the legislation applicable from time to time) provided by users of Asters and necessary to complete any fiscal and administrative compliance, as required by the applicable legislation;
- Content generated by users and uploaded to the system in connection with use of the service (such as, but not limited to, messages, posts, comments, pages, profiles, images, communications exchanged on supported platforms, etc.);
- Information voluntarily submitted by users such as, but not limited to, questions to Asters customer support, comments on services provided by Asters, survey responses, and/or other optional information such as links to social network profiles authenticated, from time to time, through the use of their Asters account.
B – Purpose and legal basis for processing
The personal information requested by Asters is collected and processed for the following purposes:
- For the performance of activities related and necessary to the performance of the contract. In the case of trial use of the services of Asters, the data collected, and in particular the data related to delivery, including e-mail addresses, upon completion of the trial service, may be used to receive feedback regarding the user’s individual experience of using Asters and directly verify each experience of using the platform;
- For accounting, tax, administrative purposes as well as for the fulfillment of legal obligations or in the event that the processing of the aforementioned data is necessary to carry out requests made by the judicial authorities and/or public authorities within the framework of judicial and/or administrative proceedings and for which there is an obligation to communicate the aforementioned data;
- In the presence of specific consent from the user to send periodic, via e-mail and/or their Asters account, newsletters/s and/or advertising material;
- In the case of sending curriculum vitae, exclusively as part of selection processes for which the user has been informed in advance or in which the user has voluntarily participated.
Nature of contribution
The provision of data by the user for the purposes referred to in Article 2, letter B., point 2) above is absolutely necessary for the use and enjoyment of Asters’ services, and any refusal by the user to provide his/her data will result in the impossibility for Asters to provide and perform its services, without giving rise to any type of contractual default on the part of Asters. The provision of data by the user for the purposes referred to in Article 2, letter B., points 1), second sentence, 3) and 4) above is optional and its use is conditional on the granting of explicit consent by the user. Any refusal by the user to grant consent does not preclude the user from using Asters’ services and has no effect other than to exclude the sending of newsletters/s and/or advertising material.
Data processing methods
The data collected will be processed through the use of automated electronic, computer and telematic tools and/or through manual processing with logic strictly related to the purposes for which the personal data were collected ensuring, in any case, the security of the same. The aforementioned data will be stored on computer media, in compliance with the security measures and in the protection of the security guarantees suggested by the GDPR. The processing of personal data is carried out by means of the operations indicated in Article 4 of Legislative Decree No. 196 of June 30, 2003 (Privacy Code) and Article 4, No. 2, of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. All data are stored using a server farm of Asters which is located in a data center (Google Server) of the latest generation, highly secure and in any case in line with legal requirements. In order to prevent misuse of such data, Asters takes some specific security measures such as, for example, storing confidential data in an encrypted format. The Master Data Processing Agreement or “MDPA,” describes the terms and conditions of the processing of personal data performed by Asters and the responsibilities related to the processing activities, including the commitment made as a Data Processor under Article 28 GDPR.
Data may be made accessible for the purposes indicated in Articles 1), 2), 3) and 4) above to:
- Asters internal staff, identified for this purpose and authorized to process according to specific instructions given in compliance with current regulations;
- To third parties (e.g. professional firms and/or external consultants) performing assistance and consulting activities on behalf of Asters, in their capacity as external data processors, only for the purposes strictly necessary for their use;
- To companies that perform services related and instrumental to the execution of the above purposes such as, but not limited to, credit card payment processing companies.
The processing will have a duration not exceeding that necessary for the purposes for which the data were collected and, in any case, may vary in relation to the user’s choices with reference to the contractual agreements from time to time signed with Asters. It is the user’s right, at any time, to request the interruption, limitation and/or deletion of the data by sending a request to: [email protected]. In such a case, what is already stated in Article 3 above will apply.
Transfer of data
The management and storage of personal data will take place on servers owned by Asters and/or by third party companies specifically appointed by Asters and duly appointed as data processors of the aforementioned data. Said servers will be located outside the territory of the European Union. Asters’ current cloud provider is Google inc. operating in the United States. The provider has already complied with the privacy criteria imposed by the GDPR, as best inferred from the following website address: https://policies.google.com/privacy. Personal data provided by the user for the performance of activities related and necessary to the performance of the contract and the improvement and implementation of the service are processed electronically, including through the use of software called “Customerly”, “Airtable”, “Chartmogul” e “Cohere”. The personal data provided by the user to enable the sending of (i) commercial communications by e-mail about products, initiatives and/or services offered by Asters and/or (ii) newsletters containing in-depth information are processed electronically through the use of software named “SendGrid”, “Encharge” e “Sendinblue”. The “Sendgrid” service is provided by http://sendgrid.com/, whose privacy information is available on the website https://sendgrid.com/policies/tos/. The “Encharge” service is provided by https://encharge.io/, whose privacy information is available on the website https://encharge.io/privacy-policy/. The “Sendinblue” service is provided by https://sendinblue.com/, whose privacy information is available on the website https://www.sendinblue.com/legal/privacypolicy/. The “Customerly” service is provided by https://www.customerly.io/, whose privacy information is available on the website https://www.customerly.io/privacy/. The “Airtable” service is provided by https://airtable.com/, whose privacy information is available on the website https://www.airtable.com/privacy/. The “Chartmogul” service is provided by https://chartmogul.com/, whose privacy information is available on the website https://chartmogul.com/privacy/. The “Cohere” service is provided by https://cohere.io/, whose privacy information is available on the website https://cohere.io/privacy/.
A – Third-party apps and social networks
B – Withdrawal of access to supported platforms
The Service relies on its connections to supported Platforms and their APIs (such as the Facebook API, Instagram API, Twitter API, LinkedIn API, and Youtube API, etc.). Links are provided below to prevent the Service from accessing data from social profiles previously linked to the Service:
- For Youtube and Google: https://security.google.com/settings/security/permissions
- For Twitter: https://help.twitter.com/en/managing-your-account/connect-or-revoke-access-to-third-party-apps
- For Facebook: https://www.facebook.com/help/204306713029340
- For Instagram: https://www.facebook.com/help/204306713029340
- For LinkedIn: https://www.linkedin.com/pulse/remove-third-party-apps-connected-your-linkedin-hector-rodriguez
Rights of the interested party
Every user, in his or her capacity as a “Data Subject,” has the rights under Article 7 of the Privacy Code and Article 15 of the GDPR, namely, the rights to:
- To obtain confirmation of the existence or non-existence of personal data concerning him/her in Asters’ archives, even if not yet recorded, and their communication in an intelligible form;
- Obtain the indication of: (a) the origin of the personal data; (b) of the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the data controller, the data processors and the designated representative pursuant to Article 5, paragraph 2, of the Privacy Code and Article 3, paragraph 1, of the GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of said data in their capacity as designated representatives in the territory of the Italian state, data processors or persons in charge of processing;
- Obtain: (a) the updating, modification, updating or, in case of specific interest, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected and/or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated and/or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning the user, even if pertinent to the purpose of collection; b) to the processing of personal data concerning the user for the purpose of sending advertising material and/or direct sales and/or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by electronic mail and/or by traditional marketing methods (i.e. by telephone and/or paper mail).
Methods of exercising rights
As mentioned above, the user has, at any time, the possibility to object to the processing of his or her data and/or request the deletion, modification or updating of all personal information held by Asters. These rights may be exercised by the user by sending a communication to the following e-mail address: [email protected]
The Asters website, as well as the services offered therein, is reserved for users who are 18 years of age or older. For this reason, Asters will not collect, use or disclose personal information referring to individuals under 18 years of age. In the event that information about minors is unintentionally recorded, including as a result of misrepresentation on the part of users, Asters will promptly delete it at the request of users and/or, in any case, as soon as it becomes aware of the cause legitimizing its deletion.