Privacy Policy

The purpose of this document is to inform the natural person (hereinafter “Data Subject”) regarding the processing of their personal data (hereinafter “Personal Data”) collected by the data controller, CapitalHub Srl, with registered office at Via V. Veneto n.54/B 00187 Rome, CF/VAT number 17565901 000, email address privacy@capitalhub.it, (hereinafter “Controller”), through and www.capitaIhub.it (hereinafter “Application”). The changes and updates will be binding as soon as they are published on the Application. In the event of non-acceptance of the changes made to the Privacy Policy, the Data Subject is required to stop using this Application and may request the Controller to delete their Personal Data.

1.    Categories of Personal Data processed

The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

• Contact details: name, surname, address, email, phone, images, authentication credentials, any additional information provided by the Data Subject,
• Tax and payment data: tax code, VAT number, credit card details, bank account information,
• Employment-related data: data entered in the curriculum vitae, data relating to spouse or children, social security data,
• Special categories (sensitive data): Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying the natural person, data related to health or sexual life or sexual orientation, collected with the Data Subject’s consent.

The Data Subject may withdraw consent at any time.

• Judicial data: Personal Data relating to criminal convictions, offenses, or related security measures, collected with the Data Subject’s consent. The Data Subject may withdraw consent at any time.

The Controller processes the following types of Personal Data collected automatically:

• Technical data: Personal Data produced by devices, applications, tools, and protocols used, such as device information, IP addresses, browser type, Internet Service Provider (ISP) type. These Personal Data may leave traces that, particularly when combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons.
• Browsing and usage data on the Application: such as pages visited, number of clicks, actions performed, session duration, etc.
• Data relating to the exact location of the Data Subject: for example, geolocation data that precisely identifies the location of the Data Subject, which may be collected via satellite networks (e.g., GPS) and other means, collected with the Data Subject’s consent. The Data Subject may withdraw consent at any time.

Failure by the Data Subject to provide the Personal Data for which there is a legal, contractual obligation or which is necessary for the conclusion of the contract with the Controller will result in the Controller’s inability to establish or continue the relationship with the Data Subject. The Data Subject who communicates to the Controller Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.

2. Cookies and similar technologies

The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect Personal Data from the Data Subject regarding pages, links visited, and other actions performed while using the Application. These are stored and transmitted during the Data Subject’s subsequent visit. You can view the full Cookie Policy at the following address: www.capitaIhub.it

3. Legal basis and purposes of the processing

The processing of Personal Data is necessary: a) for the performance of the contract with the Data Subject, specifically:

1. fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject
2. support and contact with the Data Subject to respond to the Data Subject’s requests

b) for legal obligations, specifically:

1. fulfillment of any obligation provided by current regulations, laws, and regulations, particularly in tax and fiscal matters

c) based on the legitimate interest of the Controller, for:

1. marketing purposes via email of the Controller’s products and/or services to directly sell the Controller’s products or services using the email provided by the Data Subject in the context of selling a product or service similar to the one sold
2. security and fraud prevention: to ensure the security of the Controller’s assets, infrastructure, and networks
3. statistical purposes with anonymous data: to conduct statistical analysis on aggregated and anonymous data to analyze the behavior of the Data Subject to improve products and/or services provided by the Controller and better meet the Data Subject’s expectations

If the Data Subject withdraws their consent or objects to the processing of Personal Data for purposes based on the Controller’s legitimate interest, such as marketing, their Personal Data will no longer be processed for these purposes.

4. Processing methods

The processing of Personal Data is carried out using IT procedures, telematic means, and paper supports by internal and/or external parties who are properly trained and committed to confidentiality. The Personal Data collected will be stored in a form that allows the Data Subject to be identified for the period strictly necessary for the purposes for which the Personal Data is processed and, in any case, within the limits set by law. In any case, the Controller will ensure that all personal data is processed in such a way as to minimize the risks of destruction, loss, unauthorized access, or use of the data that does not comply with the purposes for which the data was collected.

5. Recipients and processors

Personal Data will not be disseminated but may be communicated to individuals contractually related to the Controller and to third parties belonging to the following categories:

• Third parties necessary for the operation of the services (e.g., email services, including email marketing services)
• Individuals authorized to perform technical maintenance (including maintenance of network equipment and electronic communications networks)
• Consultants and freelancers, also in associated form, legal, tax, labor, social security, and auditing consultants
• Financial institutions providing banking, financial, insurance, and credit recovery services
• Competent authorities for the fulfillment of legal obligations and/or provisions of public bodies, upon request

The parties belonging to the above categories operate, in some cases, as data processors specifically designated by the Controller, in other cases as autonomous data controllers. The list of processors is constantly updated and available by contacting the Controller at the addresses indicated above. The transfer of Personal Data to countries outside the EU will only be carried out if deemed necessary for the processing of the Personal Data in accordance with the applicable legal provisions and the presence of adequate safeguards for the protection of the Personal Data.

6. Security measures

The Controller uses technical and organizational measures to safeguard Personal Data. All data is stored securely and accessible only to authorized personnel or approved partners.

7. Data subject rights

The Data Subject has the right to request access to, rectification or erasure of, restriction of processing of, or to object to the processing of Personal Data concerning them, as well as the right to data portability. The Data Subject can lodge a complaint with a supervisory authority if they believe the processing of Personal Data relating to them infringes applicable law. Requests should be addressed to the Controller using the contact details provided above.

8. Amendments to this Privacy Policy

The Controller reserves the right to modify or update this Privacy Policy. The updated version will be available at the address: www.capitaIhub.it