EXTENDED PRIVACY POLICY
With this notice, YouBot di Mirco Ianese (VAT IT01216550259) (hereinafter also the "Controller" or "Company"), represented by its legal representative pro tempore, with registered office in San Pietro di Cadore (BL), Via Argentiera n. 7, defines the methods of collecting data from users who use the services provided by the Controller (websites https://dealsbot.io, https://dealsbot.eu, https://youbot.it, https://zbcdn.ovh, among others) (hereinafter the "Service"), pursuant to Arts. 13 and 14 of EU Regulation no. 2016/679 (hereinafter the "Regulation") and Legislative Decree 101/2018.
1. DATA CONTROLLER, SUBJECT AND PLACE OF PROCESSING
This notice is provided pursuant to applicable national and international law to all those who browse and use the Service, regardless of the method or device used.
Following authorisation to process data, the Controller will process transmitted Data in accordance with the Regulation and applicable national legislation, including any measures issued by the supervisory authority (i.e. the Italian Data Protection Authority — Garante per la protezione dei dati personali) where applicable.
Data subjects' data may be transferred to a country other than the one in which the data subject is located. For further information about the place of processing, data subjects may contact the Controller at the details provided in sections 10 and 12 of this notice.
The Controller is committed to protecting the privacy of all those who browse and use the Service and invites each user to read the Privacy Policy set out below.
2. METHODS AND PURPOSES OF PROCESSING AND USE
2.1. Data subjects' data is collected in order to:
a) allow the Controller to provide its services, such as access to and use of the DealsBOT® Telegram BOT, technical support and configuration assistance;
b) allow the Controller to process users' data anonymously for reporting, statistics and research on how users use the Service.
Data is collected and stored for the following stated purposes: correct and complete performance of services owed to customers.
Data is collected and stored exclusively for the purposes indicated above, through the DealsBOT® Telegram BOT, in paper form or via mobile or tablet applications.
Data collected for the purposes referred to in point b) above is anonymised by the Controller and used solely for the specified purposes.
2.1.1. Legal basis for processing (Art. 6 GDPR):
– Processing for the performance of the service contract (point a): Art. 6(1)(b) — processing is necessary for the performance of a contract to which the data subject is party;
– Processing for legal and fiscal obligations (billing, accounting): Art. 6(1)(c) — processing is necessary for compliance with a legal obligation;
– Processing for anonymous statistical analysis (point b): Art. 6(1)(f) — legitimate interest of the Controller in monitoring and improving the Service, with no impact on the data subject's rights;
– Any further processing based on consent will only be activated following a specific request to the data subject, pursuant to Art. 6(1)(a).
Data may be disclosed, where applicable, to trusted employees and collaborators of the Controller, and to third-party professionals appointed for the service chosen by the User.
Acceptance of this notice authorises the Controller to communicate or disclose to third parties the data collected, within the limits set out above.
In any case, beyond what is stated above, personal data is not communicated to third parties or disclosed without the prior consent of the data subject, except in cases expressly provided for by national law.
2.2. Any new and different data processing activities will only be initiated after notifying users and data subjects of a new notice and obtaining their specific consent, where required.
2.3. The Controller adopts all appropriate security measures, both practical and technical, to prevent unauthorised access to, modification, disclosure or destruction of data subjects' data.
Processing is carried out using organisational methods consistent with the stated purposes and agreed upon with the DPO, if appointed, or with the data processing officer. Detailed information about the purposes of processing and the data collected for each purpose can always be obtained by contacting the Controller at the details in sections 10 and 12 of this notice.
The privacy protocols and standards used by the Company for the protection of personal data are based on the following principles:
2.3.1. RESPONSIBILITY IN PROCESSING AND USE
The processing of data collected in paper and/or digital form (through the Telegram BOT ManageDealsBot and mobile or tablet applications) is managed by Mr Mirco Ianese, internal privacy officer.
In certain cases, in addition to the Controller, other parties involved in the organisation of the website may have access to data (e.g. administrative and commercial staff, system administrators, hosting providers). The data subject may always request from the Controller an updated list of data processors.
2.3.2. TRANSPARENCY IN PROCESSING AND USE
Data is collected and processed in accordance with the principles set out in this notice. Prior to the collection and/or submission of data, the data subject will have the opportunity to consult this privacy notice and decide whether or not to consent to its collection and storage.
2.3.3. DATA MINIMISATION
Data is collected and processed lawfully and fairly. It is recorded only for specified, explicit and legitimate purposes, as identified in section 2 of this document, and not processed in a manner incompatible with those purposes.
2.3.4. ACCURACY
Data collected is kept up to date, organised and stored in such a way that all data subjects can know what information has been collected and recorded, check its quality and request any necessary correction, integration or deletion for breach of law, or exercise all the rights referred to in Art. 9 of this notice, through the methods provided in Art. 10.
2.3.5. SECURITY AND MEASURES ADOPTED
2.3.5.1. Data collected and processed is protected to prevent unlawful disclosure or alteration through technical and/or IT security measures aimed at minimising the risks of destruction, loss (including accidental), or access by unauthorised parties.
2.3.5.2. These measures are periodically reviewed and updated based on technical progress, the nature of the data and the specific characteristics of the processing.
2.3.5.3. Third parties who carry out any type of support activity for the provision of services by the Company — in connection with which they perform personal data processing operations — are designated as data processors and are required to comply with the applicable security and confidentiality measures.
2.3.5.4. The information collected may be disclosed to the following third parties:
● A External professionals to fulfil services requested by users
● B Server maintenance staff
● C Staff responsible for billing and tax management
● D Technical collaborators with direct access to data stored on servers
2.4. AUTOMATED DECISION-MAKING AND PROFILING (Art. 13(2)(f) GDPR)
The Controller does not carry out any automated decision-making or profiling of data subjects based on their personal data. No algorithms or automated processes are used to evaluate, classify or make decisions about users that produce legal or similarly significant effects.
3. TYPES OF DATA AND PROCESSING METHODS
3.1. Among the data collected through the Service or through mobile or tablet applications may be: first name, surname, tax code, phone number, email address, connection IP address and any other information provided directly by users via the payment form.
In general, data may be:
a) Data voluntarily provided by users: Data collected and processed on the Portal, through the Telegram BOT ManageDealsBot, or via mobile/tablet applications is necessary for the provision of services. Consequently, if data is not provided or consent is not given, services requiring such data cannot be provided.
Data provided by users (e.g. tax code, addresses, email, landline or mobile phone) will not be used for advertising, direct selling or interactive commercial communication purposes.
Specific notices may be included in sections of the Portal set up for data submission.
If emails are voluntarily sent to the Controller's addresses, the Controller will acquire the sender's email details and any other information contained in the message. This data will be used solely to enable the performance of any services requested.
b) Browsing data: The automated procedures of the website collect certain data whose transmission is implicit in the use of internet communication protocols.
Although this information is not intended to be associated with identified users, by its nature, if combined with other data held by third parties (e.g. internet service providers), it could allow user identification (e.g. IP addresses, domain names of computers used to access the website, URLs of requested resources, time of request, numeric status code of the server response).
Such data is used solely for statistical purposes to monitor website traffic and ensure correct operation.
The Controller, or appointed processors, retains connection logs for a limited period in order to comply with any requests from judicial authorities entitled to require them in the course of investigating computer crimes.
4. COOKIE POLICY
4.1. The DealsBOT® website is a static site and does not directly set any cookies or collect personal data through the website itself. No analytics tools, tracking scripts or profiling cookies are installed by the Controller on the website.
Third-party cookies may be set exclusively by external services linked from the website (e.g. Stripe, PayPal, Telegram) when the user interacts with those services. The use of cookies by those services, unless otherwise specified, is solely for the purpose of providing the service requested by users.
Some purposes for which temporary markers are installed may require user consent.
For information purposes, the main categories of cookies are:
a) Technical and aggregate statistics cookies: Technical cookies enable activities strictly related to the operation of the website. They may be further divided into:
i. Navigation cookies, which save users' browsing preferences and optimise the browsing experience;
ii. Analytics cookies, which collect statistical information about browsing behaviour, processed in aggregate and anonymous form;
iii. Functionality cookies — including third-party ones — which enable specific website features and are necessary for the provision of services.
These cookies do not require prior user consent for their installation and use.
Other types of cookies or third-party tools
Some of the services listed below may not require user consent and may be managed directly by the Controller without third parties. Where third-party services are involved, they may carry out user tracking activities, even without the Controller's knowledge.
For full details on cookies used, please refer to the Cookie Policy.
Disabling all cookies may impair the functioning of the website. Information on managing cookies in your browser can be found in the privacy settings of Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge.
5. DATA RETENTION
Data, including browsing data, will be retained, in compliance with the Regulation, only for the time necessary to fulfil the purposes of this notice: 2 years where processing is carried out for marketing and/or promotional purposes, and 10 years for legal obligations.
6. ACCESS TO DATA
6.1. Data processed by the Controller may be accessible to employees and collaborators acting as independent controllers and/or internal processors of personal data and IT systems, as well as appointed third-party professionals. Access to data by these parties will only occur where processing is necessary for the performance of their duties, and only to the extent required for those duties.
6.2. The Controller protects users' information against unauthorised access, unlawful processing, accidental loss, destruction and damage, and retains it only for as long as strictly necessary to pursue the purposes for which the data was collected.
7. DISCLOSURE OF DATA
7.1. Without requiring express consent pursuant to Art. 6(b) and (c) of the Regulation, the Controller may disclose data upon notification by supervisory authorities, or judicial authorities, as well as to parties to whom disclosure is mandatory to comply with legal obligations, or to assert or defend a right in legal proceedings. Such parties will process the data as independent controllers. Data will not be disseminated, unless expressly required by the service requested by the data subject.
Where necessary, in relation to particular services or products requested, data may also be disclosed to third parties acting as independent controllers performing functions strictly connected to and instrumental in the provision of services, without which such services and/or products could not be usefully provided to data subjects.
7.2. Personal data will not be sold, rented or otherwise transferred to third parties for commercial, marketing or advertising purposes. Any disclosure to third parties is strictly limited to what is necessary for the performance of the Service or required by law, as described in section 7.1 above.
7.3. Beyond what is provided above, the Controller does not transfer personal data.
8. DATA TRANSFER
8.1. Personal data collected through the Service, including data voluntarily entered via the payment form on the website or via mobile/tablet applications, is stored on an external server not owned by the Company, located at the premises of PulseBox SAS – 16-18 avenue de L'Europe – 78140 Vélizy-Villacoublay, France.
Further information regarding data storage may be requested from the Controller via the contact details in section 12 of this notice.
8.2. It is understood that the Controller may, if necessary, move servers outside the EU. In such case, the Controller hereby ensures that any transfer of data outside the EU will be carried out in compliance with applicable legal provisions, following execution of the standard contractual clauses established by the European Commission.
9. DATA SUBJECTS' RIGHTS
9.1. The data subject has the rights provided for under Art. 15 GDPR and may specifically obtain:
i. confirmation of whether or not personal data concerning them exists, even if not yet recorded, and its communication in an intelligible form;
ii. information on:
a) the origin of the personal data;
b) the purposes and methods of processing;
c) the logic applied where processing is carried out with the aid of electronic tools;
d) the identification details of the controller, processors and the designated representative pursuant to Art. 3(1) GDPR;
e) the parties or categories of parties to whom the personal data may be communicated or who may become aware of it as designated representative, processors or appointed persons;
iii.
a) updating, rectification or, where of interest, integration of data;
b) erasure, anonymisation or blocking of data processed in breach of the law, including data whose retention is unnecessary in relation to the purposes for which it was collected or subsequently processed;
c) confirmation that the operations referred to in (a) and (b) have been brought to the attention of those to whom the data was communicated or disclosed, except where this proves impossible or involves a disproportionate effort relative to the protected right;
iv. in whole or in part:
a) for legitimate reasons, to object to the processing of personal data concerning them, even where it is relevant to the purpose of collection.
9.2. Data subjects have the right to lodge a complaint with the competent supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it), Piazza Venezia 11 — 00187 Roma.
9.3. Where permitted by law, the user may have the right to obtain a copy of the data held by us.
9.4. Before responding to any specific request, the User may be asked to provide optional information such as: (i) identity verification; (ii) further details necessary to best respond to the request.
9.5. The Controller will provide individual responses within an appropriate time period and, in any case, within the time period required by law. To exercise these rights, please contact us using the details provided in sections 11 and 12 of this notice.
10. HOW TO EXERCISE RIGHTS
Users and data subjects may exercise the rights provided for under the Regulation at any time and free of charge, by sending:
– a registered letter to the Company's registered office: Via Argentiera n. 7, San Pietro di Cadore (BL), Italy
– an email to: [email protected] or PEC: [email protected]
11. DATA CONTROLLER, PROCESSOR AND APPOINTED PERSONS
The Data Controller is YouBot di Mirco Ianese (VAT IT01216550259), represented by its legal representative pro tempore, with registered office at Via Argentiera 7, San Pietro di Cadore (BL), Italy.
The updated list of processors and appointed persons is held at the Company's registered office and may be obtained by submitting a request using the methods indicated above.
12. CONTACTS
Processing carried out through the Service takes place at the Controller's registered office, or in any other location where the parties involved in the processing are located.
For further information, comments, questions or requests regarding the Controller's use of data, please contact: [email protected]
13. FUTURE CHANGES TO THE PRIVACY POLICY
The entry into force of new sector regulations, as well as the ongoing review and updating of services to users, may require changes to these methods. It is therefore possible that the privacy policy may be updated over time, and data subjects are invited to periodically consult the relevant section of the website.
For this purpose, the notice shows the date of last update at the bottom.
Where changes affect processing whose legal basis is the data subject's consent, the Controller will collect fresh consent where required.
Last updated: 11/04/2026
With this notice, YouBot di Mirco Ianese (VAT IT01216550259) (hereinafter also the "Controller" or "Company"), represented by its legal representative pro tempore, with registered office in San Pietro di Cadore (BL), Via Argentiera n. 7, defines the methods of collecting data from users who use the services provided by the Controller (websites https://dealsbot.io, https://dealsbot.eu, https://youbot.it, https://zbcdn.ovh, among others) (hereinafter the "Service"), pursuant to Arts. 13 and 14 of EU Regulation no. 2016/679 (hereinafter the "Regulation") and Legislative Decree 101/2018.
1. DATA CONTROLLER, SUBJECT AND PLACE OF PROCESSING
This notice is provided pursuant to applicable national and international law to all those who browse and use the Service, regardless of the method or device used.
Following authorisation to process data, the Controller will process transmitted Data in accordance with the Regulation and applicable national legislation, including any measures issued by the supervisory authority (i.e. the Italian Data Protection Authority — Garante per la protezione dei dati personali) where applicable.
Data subjects' data may be transferred to a country other than the one in which the data subject is located. For further information about the place of processing, data subjects may contact the Controller at the details provided in sections 10 and 12 of this notice.
The Controller is committed to protecting the privacy of all those who browse and use the Service and invites each user to read the Privacy Policy set out below.
2. METHODS AND PURPOSES OF PROCESSING AND USE
2.1. Data subjects' data is collected in order to:
a) allow the Controller to provide its services, such as access to and use of the DealsBOT® Telegram BOT, technical support and configuration assistance;
b) allow the Controller to process users' data anonymously for reporting, statistics and research on how users use the Service.
Data is collected and stored for the following stated purposes: correct and complete performance of services owed to customers.
Data is collected and stored exclusively for the purposes indicated above, through the DealsBOT® Telegram BOT, in paper form or via mobile or tablet applications.
Data collected for the purposes referred to in point b) above is anonymised by the Controller and used solely for the specified purposes.
2.1.1. Legal basis for processing (Art. 6 GDPR):
– Processing for the performance of the service contract (point a): Art. 6(1)(b) — processing is necessary for the performance of a contract to which the data subject is party;
– Processing for legal and fiscal obligations (billing, accounting): Art. 6(1)(c) — processing is necessary for compliance with a legal obligation;
– Processing for anonymous statistical analysis (point b): Art. 6(1)(f) — legitimate interest of the Controller in monitoring and improving the Service, with no impact on the data subject's rights;
– Any further processing based on consent will only be activated following a specific request to the data subject, pursuant to Art. 6(1)(a).
Data may be disclosed, where applicable, to trusted employees and collaborators of the Controller, and to third-party professionals appointed for the service chosen by the User.
Acceptance of this notice authorises the Controller to communicate or disclose to third parties the data collected, within the limits set out above.
In any case, beyond what is stated above, personal data is not communicated to third parties or disclosed without the prior consent of the data subject, except in cases expressly provided for by national law.
2.2. Any new and different data processing activities will only be initiated after notifying users and data subjects of a new notice and obtaining their specific consent, where required.
2.3. The Controller adopts all appropriate security measures, both practical and technical, to prevent unauthorised access to, modification, disclosure or destruction of data subjects' data.
Processing is carried out using organisational methods consistent with the stated purposes and agreed upon with the DPO, if appointed, or with the data processing officer. Detailed information about the purposes of processing and the data collected for each purpose can always be obtained by contacting the Controller at the details in sections 10 and 12 of this notice.
The privacy protocols and standards used by the Company for the protection of personal data are based on the following principles:
2.3.1. RESPONSIBILITY IN PROCESSING AND USE
The processing of data collected in paper and/or digital form (through the Telegram BOT ManageDealsBot and mobile or tablet applications) is managed by Mr Mirco Ianese, internal privacy officer.
In certain cases, in addition to the Controller, other parties involved in the organisation of the website may have access to data (e.g. administrative and commercial staff, system administrators, hosting providers). The data subject may always request from the Controller an updated list of data processors.
2.3.2. TRANSPARENCY IN PROCESSING AND USE
Data is collected and processed in accordance with the principles set out in this notice. Prior to the collection and/or submission of data, the data subject will have the opportunity to consult this privacy notice and decide whether or not to consent to its collection and storage.
2.3.3. DATA MINIMISATION
Data is collected and processed lawfully and fairly. It is recorded only for specified, explicit and legitimate purposes, as identified in section 2 of this document, and not processed in a manner incompatible with those purposes.
2.3.4. ACCURACY
Data collected is kept up to date, organised and stored in such a way that all data subjects can know what information has been collected and recorded, check its quality and request any necessary correction, integration or deletion for breach of law, or exercise all the rights referred to in Art. 9 of this notice, through the methods provided in Art. 10.
2.3.5. SECURITY AND MEASURES ADOPTED
2.3.5.1. Data collected and processed is protected to prevent unlawful disclosure or alteration through technical and/or IT security measures aimed at minimising the risks of destruction, loss (including accidental), or access by unauthorised parties.
2.3.5.2. These measures are periodically reviewed and updated based on technical progress, the nature of the data and the specific characteristics of the processing.
2.3.5.3. Third parties who carry out any type of support activity for the provision of services by the Company — in connection with which they perform personal data processing operations — are designated as data processors and are required to comply with the applicable security and confidentiality measures.
2.3.5.4. The information collected may be disclosed to the following third parties:
● A External professionals to fulfil services requested by users
● B Server maintenance staff
● C Staff responsible for billing and tax management
● D Technical collaborators with direct access to data stored on servers
2.4. AUTOMATED DECISION-MAKING AND PROFILING (Art. 13(2)(f) GDPR)
The Controller does not carry out any automated decision-making or profiling of data subjects based on their personal data. No algorithms or automated processes are used to evaluate, classify or make decisions about users that produce legal or similarly significant effects.
3. TYPES OF DATA AND PROCESSING METHODS
3.1. Among the data collected through the Service or through mobile or tablet applications may be: first name, surname, tax code, phone number, email address, connection IP address and any other information provided directly by users via the payment form.
In general, data may be:
a) Data voluntarily provided by users: Data collected and processed on the Portal, through the Telegram BOT ManageDealsBot, or via mobile/tablet applications is necessary for the provision of services. Consequently, if data is not provided or consent is not given, services requiring such data cannot be provided.
Data provided by users (e.g. tax code, addresses, email, landline or mobile phone) will not be used for advertising, direct selling or interactive commercial communication purposes.
Specific notices may be included in sections of the Portal set up for data submission.
If emails are voluntarily sent to the Controller's addresses, the Controller will acquire the sender's email details and any other information contained in the message. This data will be used solely to enable the performance of any services requested.
b) Browsing data: The automated procedures of the website collect certain data whose transmission is implicit in the use of internet communication protocols.
Although this information is not intended to be associated with identified users, by its nature, if combined with other data held by third parties (e.g. internet service providers), it could allow user identification (e.g. IP addresses, domain names of computers used to access the website, URLs of requested resources, time of request, numeric status code of the server response).
Such data is used solely for statistical purposes to monitor website traffic and ensure correct operation.
The Controller, or appointed processors, retains connection logs for a limited period in order to comply with any requests from judicial authorities entitled to require them in the course of investigating computer crimes.
4. COOKIE POLICY
4.1. The DealsBOT® website is a static site and does not directly set any cookies or collect personal data through the website itself. No analytics tools, tracking scripts or profiling cookies are installed by the Controller on the website.
Third-party cookies may be set exclusively by external services linked from the website (e.g. Stripe, PayPal, Telegram) when the user interacts with those services. The use of cookies by those services, unless otherwise specified, is solely for the purpose of providing the service requested by users.
Some purposes for which temporary markers are installed may require user consent.
For information purposes, the main categories of cookies are:
a) Technical and aggregate statistics cookies: Technical cookies enable activities strictly related to the operation of the website. They may be further divided into:
i. Navigation cookies, which save users' browsing preferences and optimise the browsing experience;
ii. Analytics cookies, which collect statistical information about browsing behaviour, processed in aggregate and anonymous form;
iii. Functionality cookies — including third-party ones — which enable specific website features and are necessary for the provision of services.
These cookies do not require prior user consent for their installation and use.
Other types of cookies or third-party tools
Some of the services listed below may not require user consent and may be managed directly by the Controller without third parties. Where third-party services are involved, they may carry out user tracking activities, even without the Controller's knowledge.
For full details on cookies used, please refer to the Cookie Policy.
Disabling all cookies may impair the functioning of the website. Information on managing cookies in your browser can be found in the privacy settings of Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge.
5. DATA RETENTION
Data, including browsing data, will be retained, in compliance with the Regulation, only for the time necessary to fulfil the purposes of this notice: 2 years where processing is carried out for marketing and/or promotional purposes, and 10 years for legal obligations.
6. ACCESS TO DATA
6.1. Data processed by the Controller may be accessible to employees and collaborators acting as independent controllers and/or internal processors of personal data and IT systems, as well as appointed third-party professionals. Access to data by these parties will only occur where processing is necessary for the performance of their duties, and only to the extent required for those duties.
6.2. The Controller protects users' information against unauthorised access, unlawful processing, accidental loss, destruction and damage, and retains it only for as long as strictly necessary to pursue the purposes for which the data was collected.
7. DISCLOSURE OF DATA
7.1. Without requiring express consent pursuant to Art. 6(b) and (c) of the Regulation, the Controller may disclose data upon notification by supervisory authorities, or judicial authorities, as well as to parties to whom disclosure is mandatory to comply with legal obligations, or to assert or defend a right in legal proceedings. Such parties will process the data as independent controllers. Data will not be disseminated, unless expressly required by the service requested by the data subject.
Where necessary, in relation to particular services or products requested, data may also be disclosed to third parties acting as independent controllers performing functions strictly connected to and instrumental in the provision of services, without which such services and/or products could not be usefully provided to data subjects.
7.2. Personal data will not be sold, rented or otherwise transferred to third parties for commercial, marketing or advertising purposes. Any disclosure to third parties is strictly limited to what is necessary for the performance of the Service or required by law, as described in section 7.1 above.
7.3. Beyond what is provided above, the Controller does not transfer personal data.
8. DATA TRANSFER
8.1. Personal data collected through the Service, including data voluntarily entered via the payment form on the website or via mobile/tablet applications, is stored on an external server not owned by the Company, located at the premises of PulseBox SAS – 16-18 avenue de L'Europe – 78140 Vélizy-Villacoublay, France.
Further information regarding data storage may be requested from the Controller via the contact details in section 12 of this notice.
8.2. It is understood that the Controller may, if necessary, move servers outside the EU. In such case, the Controller hereby ensures that any transfer of data outside the EU will be carried out in compliance with applicable legal provisions, following execution of the standard contractual clauses established by the European Commission.
9. DATA SUBJECTS' RIGHTS
9.1. The data subject has the rights provided for under Art. 15 GDPR and may specifically obtain:
i. confirmation of whether or not personal data concerning them exists, even if not yet recorded, and its communication in an intelligible form;
ii. information on:
a) the origin of the personal data;
b) the purposes and methods of processing;
c) the logic applied where processing is carried out with the aid of electronic tools;
d) the identification details of the controller, processors and the designated representative pursuant to Art. 3(1) GDPR;
e) the parties or categories of parties to whom the personal data may be communicated or who may become aware of it as designated representative, processors or appointed persons;
iii.
a) updating, rectification or, where of interest, integration of data;
b) erasure, anonymisation or blocking of data processed in breach of the law, including data whose retention is unnecessary in relation to the purposes for which it was collected or subsequently processed;
c) confirmation that the operations referred to in (a) and (b) have been brought to the attention of those to whom the data was communicated or disclosed, except where this proves impossible or involves a disproportionate effort relative to the protected right;
iv. in whole or in part:
a) for legitimate reasons, to object to the processing of personal data concerning them, even where it is relevant to the purpose of collection.
9.2. Data subjects have the right to lodge a complaint with the competent supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it), Piazza Venezia 11 — 00187 Roma.
9.3. Where permitted by law, the user may have the right to obtain a copy of the data held by us.
9.4. Before responding to any specific request, the User may be asked to provide optional information such as: (i) identity verification; (ii) further details necessary to best respond to the request.
9.5. The Controller will provide individual responses within an appropriate time period and, in any case, within the time period required by law. To exercise these rights, please contact us using the details provided in sections 11 and 12 of this notice.
10. HOW TO EXERCISE RIGHTS
Users and data subjects may exercise the rights provided for under the Regulation at any time and free of charge, by sending:
– a registered letter to the Company's registered office: Via Argentiera n. 7, San Pietro di Cadore (BL), Italy
– an email to: [email protected] or PEC: [email protected]
11. DATA CONTROLLER, PROCESSOR AND APPOINTED PERSONS
The Data Controller is YouBot di Mirco Ianese (VAT IT01216550259), represented by its legal representative pro tempore, with registered office at Via Argentiera 7, San Pietro di Cadore (BL), Italy.
The updated list of processors and appointed persons is held at the Company's registered office and may be obtained by submitting a request using the methods indicated above.
12. CONTACTS
Processing carried out through the Service takes place at the Controller's registered office, or in any other location where the parties involved in the processing are located.
For further information, comments, questions or requests regarding the Controller's use of data, please contact: [email protected]
13. FUTURE CHANGES TO THE PRIVACY POLICY
The entry into force of new sector regulations, as well as the ongoing review and updating of services to users, may require changes to these methods. It is therefore possible that the privacy policy may be updated over time, and data subjects are invited to periodically consult the relevant section of the website.
For this purpose, the notice shows the date of last update at the bottom.
Where changes affect processing whose legal basis is the data subject's consent, the Controller will collect fresh consent where required.
Last updated: 11/04/2026