Privacy Policy

This Privacy Policy describes how Qwirklabs srl, hereinafter referred to as "we," "us," or "our," collects, uses, shares, and protects the personal data of users ("you") who visit and interact with our website, www.qwirklabs.gg.

We are committed to processing your personal data lawfully, fairly, and transparently. This commitment is central to our operations and is reflected in how we handle your information. This policy is drafted in accordance with applicable data protection laws, primarily the EU General Data Protection Regulation (Regulation (EU) 2016/679 – "GDPR") and the Italian "Codice in materia di protezione dei dati personali" (Legislative Decree no. 196/2003, as subsequently amended and integrated, particularly by Legislative Decree no. 101/2018, hereinafter "Italian Data Protection Code"). The processing of personal data under this policy respects human dignity and the fundamental rights and freedoms of individuals.

The entity responsible for the processing of your personal data (the "Data Controller") is:

• Full Legal Name of Data Controller: Qwirklabs srl
• Registered Office / Legal Address: Via Fratelli Lumière 2, Milano 20127, Italy
• Contact Email for Privacy Matters: [email protected]
• Telephone Number: +39 331 7908157
• VAT Number: 13848550961

Data Protection Officer (DPO)

We have not appointed a Data Protection Officer as we are not required to do so under Article 37 of the GDPR. However, we remain fully committed to data protection compliance.

We adhere to the core principles relating to the processing of personal data as set out in Article 5 of the GDPR. These principles guide all our data processing activities and ensure that your personal data is:

• Lawfulness, Fairness, and Transparency: Processed lawfully, fairly, and in a transparent manner in relation to you. We ensure that we have a valid legal basis for processing your data and that you are informed about how your data is used.
• Purpose Limitation: Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those initial purposes. We define the reasons for collecting data upfront and stick to them.
• Data Minimization: Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We only collect the personal data we actually need for the stated purpose.
• Accuracy: Accurate and, where necessary, kept up to date. We take reasonable steps to ensure the data we hold is correct and to rectify or erase inaccurate data.
• Storage Limitation: Kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data is processed. We do not keep your data indefinitely and have defined retention periods.
• Integrity and Confidentiality: Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

We collect different types of personal data depending on how you interact with our website. This data can be categorized as follows:

A. Data Provided Directly by You

This is information that you voluntarily provide to us when you use certain features of our website. The specific data collected will depend on the interaction:

Contact Form/Inquiry Data: When you contact us via a contact form or send an inquiry, we collect: Your name, email address, the subject of your request, your message, and confirmation that you agree to this privacy policy.

(As Qwirklabs currently does not offer account registration, newsletters, surveys, or e-commerce, sections detailing data collection for these features have been omitted. Should these features be introduced, this policy will be updated accordingly.)

B. Data Collected Automatically (Usage Data)

As you navigate and interact with our website, we may automatically collect certain information about your device and your browsing actions. This typically includes:

Log Data: Information that your browser automatically sends whenever you visit our website. This may include your Internet Protocol (IP) address, browser type and version, the operating system your device is using, the address of the web page you were visiting before you came to our site (referring URL), the pages of our site that you visit, the time and date of your visit, and the time spent on those pages.

Device Information: Information about the computer or mobile device you use to access our website, such as the hardware model, operating system and version, and screen resolution.

Location Data: We do not collect precise location data. General location data may be derived from your IP address.

C. Data from Cookies and Other Tracking Technologies

We use cookies and similar tracking technologies (e.g., web beacons, pixels) to collect certain information automatically when you visit our website. This data helps us to operate the website and understand how you use it.

For detailed information on the types of cookies we use, why we use them, how we obtain your consent (particularly in line with Italian DPA guidelines), and how you can manage your cookie preferences, please refer to Section VI of this Privacy Policy. As we do not currently have a separate Cookie Policy, this section provides the necessary details. We recommend creating a dedicated Cookie Policy in the future for enhanced clarity and detail.

We process your personal data only for specified, explicit, and legitimate purposes. We will not process your personal data in a way that is incompatible with these purposes. For each purpose, we ensure that we have a valid legal basis under Article 6(1) of the GDPR.

Below is a summary of the main purposes for which we process your personal data, the types of data involved, and the legal bases we rely on.

Further details on Legal Bases:

• Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. When we rely on legitimate interests, we conduct an internal assessment (Legitimate Interests Assessment - LIA) to balance our interests against yours. You have the right to object to processing based on legitimate interests (see Section X).
• Consent (Art. 6(1)(a) GDPR): Where we rely on your consent, you provide it freely for one or more specific purposes. You have the right to withdraw your consent at any time, and we will explain how in Section X. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Performance of a Contract (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which we are subject.

Our website uses cookies and similar tracking technologies (such as web beacons or pixels) to enhance your browsing experience, analyze website traffic, and, with your consent, to deliver personalized content or advertising. Cookies are small text files that are stored on your computer or mobile device when you visit a website.

Our use of cookies and other tracking tools is designed to comply with the GDPR and the specific guidelines issued by the Italian Data Protection Authority (Garante per la protezione dei dati personali), notably the "Guidelines on cookies and other tracking tools" of 10 June 2021.

Types of Cookies We May Use:

• Profiling/Marketing Cookies (Non-technical):These cookies may be used to track your browsing activity, create a profile of your interests, and show you advertisements that are more relevant to you. This may include cookies set by us or by third-party advertising partners. These cookies are only installed and used with your explicit prior consent.
• Technical Cookies (Strictly Necessary):These cookies are essential for the proper functioning of our website and to provide services explicitly requested by you. They enable core functionalities such as page navigation and access to secure areas of the website. These cookies do not require your prior consent but are always active and disclosed here.
• Analytics Cookies:These cookies help us understand how visitors interact with our website by collecting and reporting information, typically on an aggregated and anonymous basis.
  Conditions for Exemption from Consent (as per Garante guidelines): Analytics cookies (including those from third parties like Google Analytics) can be treated similarly to technical cookies (i.e., used without prior consent) only if specific conditions are met. These conditions aim to prevent the direct identification of users and include:
  • Their use is limited to producing aggregated statistics concerning a single website or mobile application.
  • For third-party analytics cookies, at least the fourth component of the IP address is masked (IP anonymization).
  • The third party providing the analytics service contractually commits not to combine the analytics data with other information and not to transmit it to other third parties.
  
  If these conditions are not fully met, analytics cookies are considered non-technical and require your prior explicit consent.

Managing Your Consent for Cookies:

In line with the Garante's guidelines, we manage your consent for non-technical cookies as follows:

• Cookie Banner:Upon your first visit to our website, a cookie banner will be displayed. This banner will:
  • Include a clearly visible command (e.g., an "X" button, typically in the top-right corner) that allows you to close the banner without consenting to the use of non-technical cookies or other profiling techniques. If you close the banner this way, you will continue browsing with only technical cookies active (default settings).
  • Contain a button or command (e.g., "Accept All") to consent to the use of all cookies and other tracking tools.
  • Provide a link to a dedicated cookie settings area where you can make granular choices, selecting individually which functionalities, third parties, and specific cookies you consent to.
  • Include a brief information notice about the use of cookies and a direct link to this Privacy Policy.
  • Include a warning that closing the banner (e.g., by clicking the 'X') will result in the continuation of browsing with default settings.
• No Consent by Scrolling:Merely scrolling down the page does not constitute valid consent for the installation of non-technical cookies, unless it is part of a clearly documented and explicit user action.
• Cookie Walls:We do not use "cookie walls" that make access to website content conditional on consenting to all cookies, unless an equivalent service is accessible without such consent.
• Re-soliciting Consent:We will not repeatedly solicit your consent via the banner if you have withheld it, unless at least six months have passed, processing circumstances significantly change, or we cannot determine if a cookie was already stored.

Detailed Cookie Information:

While we recommend creating a separate, detailed Cookie Policy in the future, this section aims to provide essential information. You can manage or withdraw your cookie preferences at any time through the cookie settings area accessible from the cookie banner or a persistent link on our website (e.g., in the footer).

We do not sell your personal data. We may share your personal data with trusted third parties only in the following circumstances and for the purposes described below, or as otherwise permitted or required by law. We ensure that any third party with whom we share your personal data is contractually bound to protect it and use it only for the purposes for which it was shared.

The categories of recipients with whom we may share your personal data include:

• Service Providers (Data Processors): We engage third-party companies and individuals to perform services on our behalf, such as website hosting, data analysis, email delivery, and technical support. These service providers act as data processors and only process your personal data based on our instructions and in compliance with a Data Processing Agreement (DPA) as required by Article 28 of the GDPR.
• Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court, law enforcement agency, tax authorities, or the Garante per la protezione dei dati personali).
• Professional Advisors: We may share your personal data with our professional advisors, such as lawyers, accountants, and auditors, on a need-to-know basis, where necessary in the course of the professional services that they render to us.
• In Case of Business Transfer: If Qwirklabs srl is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transition, your personal data may be transferred as part of that transaction. We will notify you via email (if we have your address) and/or a prominent notice on our website of any such change in ownership or control of your personal data, as well as any choices you may have regarding your personal data.

Your personal data may be processed in, and transferred to, countries outside of the European Economic Area (EEA). Some of our third-party service providers may be based in such countries, or may use servers located in such countries (e.g., the USA).

When we transfer your personal data outside the EEA, we will ensure that appropriate safeguards are in place to protect your data to a standard equivalent to that provided within the EEA. These safeguards include one or more of the following mechanisms:

You have the right to request more information about the safeguards we have in place for international transfers by contacting us.

• Adequacy Decisions: Transferring personal data to countries that the European Commission has deemed to provide an adequate level of data protection (e.g., under the EU-U.S. Data Privacy Framework for certified US companies). ¹³
• Standard Contractual Clauses (SCCs): Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe. When relying on SCCs, we assess the circumstances of the transfer and, where necessary, implement supplementary measures.
• Derogations for Specific Situations (Art. 49 GDPR): In limited circumstances, such as with your explicit consent after being informed of the risks.

We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, as outlined in Section V, including for satisfying any legal, accounting, or reporting requirements.

In some circumstances, we may anonymize your personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

• Cookie Data: The retention period for data collected by cookies varies. Session cookies expire when you close your browser. Persistent cookies have a defined lifespan, which will be detailed in our cookie settings area or, if developed, in a separate Cookie Policy.
• Data from Contact Inquiries: Personal data submitted through contact forms will generally be retained until the inquiry has been fully resolved and any follow-up actions are completed, plus an additional period of [e.g., 6 to 12 months] for quality assurance or if further related queries arise, unless a longer period is required for legal claims.
• Website Log Files: Server log files containing data such as IP addresses are typically retained for a short period (e.g., [e.g., 7 days to 6 months - specify your period]) for security monitoring, troubleshooting, and website performance analysis, after which they are deleted or anonymized.

Under the GDPR and the Italian Data Protection Code, you have several rights concerning your personal data:

• The Right to Withdraw Consent (Art. 7(3) GDPR): If we process data based on your consent (e.g., for certain cookies), you can withdraw it at any time. This is typically done via our cookie settings panel. Withdrawal does not affect prior lawful processing.
• Rights in Relation to Automated Decision-Making and Profiling (Art. 22 GDPR): We currently do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.
• The Right of Access (Art. 15 GDPR)
• The Right to Rectification (Art. 16 GDPR)
• The Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR)
• The Right to Restriction of Processing (Art. 18 GDPR)
• The Right to Data Portability (Art. 20 GDPR)
• The Right to Object (Art. 21 GDPR) (especially to processing based on legitimate interests or for direct marketing).

How to Exercise Your Rights:

To exercise any of these rights, please contact us:

Email: [email protected]

Postal Mail: Qwirklabs srl, Via Fratelli Lumière 2, Milano 20127, Italy (Attn: Privacy Compliance)

We may need to verify your identity. We aim to respond within one month, though complex requests may take longer, in which case we will inform you. Requests are generally free unless manifestly unfounded or excessive.

We are committed to protecting your personal data and have implemented appropriate technical and organizational measures to safeguard it against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include SSL/TLS encryption for data in transit, access controls, firewalls, and regular security reviews.

While we strive to protect your data, no internet transmission or electronic storage is 100% secure.

Our website and services are not directed at children under the age of 14 years. We do not knowingly collect personal data from children under 14 without verifiable parental consent, in line with Article 8 of the GDPR and Article 2-quinquies of the Italian Data Protection Code regarding the offer of information society services directly to a child. If a child is 14 years or older, they may provide consent themselves in Italy for such services. If we become aware that we have inadvertently collected personal data from a child under 14 without the necessary consent, we will take steps to delete that information. If you believe we might have such information, please contact us.

Our website may contain links to other websites not operated by us. This Privacy Policy applies only to our website. We have no control over and assume no responsibility for the content or privacy practices of third-party sites. We advise you to review their privacy policies.

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on this page and revise the "Effective Date." For material changes, we will endeavor to provide more prominent notice (e.g., on our website or via email if we have your address) before the changes take effect. We encourage you to review this policy periodically.

If you have concerns about our data processing, please contact us first at [email protected].

If you are not satisfied with our response, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):

• Name: Garante per la protezione dei dati personali
• Address: Piazza Venezia n. 11 - 00187 Roma, Italia
• Phone: (+39) 06.696771
• Email: [email protected] (It is advisable to verify the most current contact email on the Garante's official website: www.garanteprivacy.it)
• Website: www.garanteprivacy.it