Privacy Policy

The purpose of this document (hereinafter “Privacy Policy”) is to inform Users about the personal data, understood as any information that allows the identification of a natural person (hereinafter “Personal Data”), collected by the website https://www.brainbespokeai.com (hereinafter “website”) and the chatbot on the website.

This Policy also applies to brAIn – bespoke AI pages on Facebook, Instagram, and LinkedIn.

The Data Controller, as subsequently identified, may modify or simply update, in whole or in part, this Privacy Policy by informing Users. Changes and updates will be binding as soon as they are published on the website. Users are therefore invited to read the Privacy Policy each time they access the website.

In case of non-acceptance of the changes made to the Privacy Policy, the User must cease using this website and can request the Data Controller to remove their Personal Data.

1. Personal Data collected by the website

The Data Controller collects the following types of Personal Data:

• Contents and information voluntarily provided by the User
  • Contact data and contents: are those Personal Data that the User voluntarily provides to the website during its use, such as personal details, contacts, interests, and personal preferences, and other personal contents, etc.
  • Failure to provide Personal Data by the User, for which there is a legal, contractual obligation, or if they constitute a necessary requirement for the use of the service or for the conclusion of the contract, will result in the Data Controller being unable to provide its services in whole or in part.
  • The User who communicates to the Data Controller Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.
• Data and contents acquired automatically during the use of the website:
  • Technical data: the computer systems and software procedures used to operate this website may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified Users, but by its very nature, through processing and association with data held by third parties, could allow Users to be identified. This category includes IP addresses or domain names used by Users who connect to the website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained, etc.
  • Usage data: Personal Data regarding the User’s use of the website, such as pages visited, actions performed, features, and services used, may also be collected.
• Personal data collected via cookies or similar technologies: The website uses cookies, web beacons, unique identifiers, and other similar technologies to collect Personal Data on the pages, links visited, and other actions taken when using our services.

2. Purposes of processing

The Personal Data collected may be used for the execution of contractual and pre-contractual obligations and legal obligations as well as for the following purposes:

• To respond to contact requests (contact form): to contact the User and respond to requests sent by the User using the contact form, using the information transmitted during the compilation.
• Storage, hosting, and backend infrastructure management: to manage the technical infrastructure for storing User data. Personal Data is communicated to Google LLC, https://policies.google.com/privacy?gl=IT&hl=it
• Statistics only with anonymous data: to perform statistical analyses based on aggregated data or data that does not allow the identification of the User. Personal Data is communicated to Google LLC, https://policies.google.com/privacy?gl=IT&hl=it
• Monitoring, analysis, and tracking of User behavior: to monitor and analyze how the User behaves on the website. Personal Data is communicated to Google LLC https://policies.google.com/privacy?gl=IT&hl=it LinkedIn Corporation https://www.linkedin.com/legal/privacy-policy Facebook INC https://www.facebook.com/privacy/explanation
• Provision of IT consulting services, etc., to provide the consultations requested by Users.

3. Further processing purposes: marketing and newsletter

• With the User’s free and optional consent, some Personal Data of the User (i.e., name, surname, email address, etc.) may also be processed by the data controller for marketing purposes (sending of advertising material, direct sales, commercial communication, statistical analysis, and customer satisfaction), i.e., so that the data controller can contact the User by mail, email, telephone (fixed and/or mobile, with automated calling systems or call communication with and/or without the intervention of an operator) and/or SMS to propose to the User the purchase of products and/or services offered by the data controller and/or by third-party companies, present offers, promotions, and commercial opportunities. In case of lack of consent, the possibility of subscribing to the sites will not be in any way affected.
• In case of consent, the User can revoke it at any time, making a request to the data controllers, in the manner indicated in the following paragraph 10.

4. Methods of processing

The processing of Personal Data is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In some cases, subjects external to the organization (such as IT companies, service providers, postal couriers, hosting providers, etc.) may also have access to Personal Data. These subjects may occasionally be appointed as Data Processors by the Owner, as well as access the Personal Data of Users whenever necessary and will be contractually obligated to keep Personal Data confidential. The updated list of Data Processors can be requested via email at [email protected].

5. Legal basis of processing

The processing of Personal Data related to the User is based on the following legal bases:

• the consent given by the User for one or more specific purposes
• processing is necessary for the performance of a contract with the User and/or for the execution of pre-contractual measures
• processing is necessary to comply with a legal obligation to which the Owner is subject
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Owner
• processing is necessary for the pursuit of the legitimate interest of the Owner or third parties
• processing is necessary for the pursuit of a vital interest of the Owner or third parties.

It is always possible to request the Owner to clarify the legal basis of each processing at go[at]bespokeai.com

6. Location

Personal Data is processed at the operational headquarters of the Owner and in any other place where the parties involved in the processing are located. For more information, contact the Owner at the following email address go[at]bespokeai.com or at the following postal address Via del Paese 12, 39050 Fiè allo Sciliar (BZ), Italy. Personal Data may be transferred to countries outside the EU: USA. For these countries, there is a decision of adequacy by the European Commission or, in the absence of such a decision, it is possible to request more information from the Owner regarding the appropriate safeguards adopted, as well as the means to obtain a copy of such Data or the exact place where they have been made available.

7. Security measures

The Processing is carried out according to methods and with tools suitable to guarantee the security and confidentiality of Personal Data, having the Owner adopted adequate technical and organizational measures that guarantee, and allow to demonstrate, that the Processing is carried out in accordance with the reference legislation.

8. Retention period of Data

Personal Data will be stored for the period of time necessary to fulfill the purposes for which they were collected. In particular, Personal Data will be stored for the entire duration of the contractual relationship, for the execution of the obligations related and consequent to it, for the compliance with applicable legal and regulatory obligations, as well as for own or third party defensive purposes. If the processing of Personal Data is based on the User’s consent, the Owner may retain Personal Data until consent is revoked. Personal Data may be stored for a longer period if necessary to fulfill a legal obligation or by order of an authority. All Personal Data will be deleted or stored in a form that does not allow the identification of the User within 30 days from the end of the retention period. At the end of this term, the right of access, deletion, correction, and the right to data portability cannot be exercised.

9. Automated decision-making processes

All collected Personal Data will not be subject to any automated decision-making process, including profiling, which may produce legal effects concerning the person or similarly significantly affect the person.

10. User rights

Users can exercise certain rights regarding the Personal Data processed by the Owner. In particular, the User has the right to:

• revoke consent at any time
• oppose the processing of their Personal Data
• access their Personal Data
• verify and request rectification
• obtain restriction of processing
• obtain the deletion of their Personal Data
• receive their Personal Data or have it transferred to another owner
• file a complaint with the personal data protection authority and/or take legal action.
• To exercise their rights, Users can send a request to the contact details of the Owner indicated in this document. Requests are made free of charge and processed by the Owner as soon as possible, in any case within 30 days.

11. Data Controller

The Data Controller is Susanne Waldthaler, with legal headquarters in Weintraubengasse, 39100 Bolzano, Italy, VAT Number: 000000000000000, email address: [email protected].