This notice is addressed to those who interact with the Services provided by bSmart Labs, accessing them through bsmart.it Website or through applications.
This policy provides an outline of the way bSmart Labs manages the Data related to the Users registered to our Services. It also allows Users to know the purpose and method of personal Data processing in case they provide them.
This notice can be modified. Last updated: 15/05/2018.
What Data do we collect?
We collect Users’ personal Data such as, for instance, User ID and password, name, surname and email address, information transferred during the navigation, other personal Data voluntarily provided by Users during the registration or the request for the Services of our Company.
Users might access some Services without having to provide their personal Data, nonetheless most of the features are available exclusively to registered Users.
Personal Data provided by Users
We store name and surname, email address, username, password, personal Data and other kinds of information that Users voluntarily provide by using our Services.
Personal Data of Subjects under age 18
Our Services are aimed at Users of all ages. Subjects under age 18 can register to one or more Services provided by bSmart Labs, but their registration must be authorised by a Parent – or other Subjects holding parental responsibility.
The Parent – or another Subject exercising parental responsibility – authorises bSmart Labs to process the personal Data of the Subject under age 18 by giving explicit consent, as required during the registration, and thus accepting the procedures described in this Policy (see How do we use the Data we collect?), in the Terms and Conditions page and in compliance with the General Data Protection Regulation (UE/2016/679), art. 8.
The Parent – or other Subject exercising parental responsibility – is entitled to view and ask to modify, integrate or delete the personal Data of the minor by addressing a communication to the Data Controller. Moreover, if she/he learns that the Subject under age 18 whom she/he exercises parental responsibility for has registered to one or more Services provided by bSmart Labs without her/his explicit consent, she/he can contact the Data Controller, who will delete the minor’s account within a reasonable period of time.
IT systems and software procedures adopted for the functioning of our Services collect, as part of their normal functioning, several Data that are then used implicitly by Internet communication protocols.
This class of information includes, for instance, IP addresses, the domain names of the computers of the Users visiting bSmart Labs’ Websites and applications, the time of the request to the web server, the method used to forward the request and other parameters related to the Users’ operating system and IT environment.
Generally, this information is not collected in order to be linked to the specific people it refers to and can be used by bSmart Labs for anonymous statistical information related to use of our Services and for controlling their correct functioning.
Furthermore, this Data may be used for investigations directed at identifying any people responsible for actions classed as computer crime, which are detrimental to our Websites, applications or software.
Cookies are text files or parcels of information stored on a User’s device so that they are automatically returned to the server every time the User visits the Website. The Data collected through cookies is exclusively used for internal purposes and no Data is transferred to third parties.
It is also possible to visit the Website and to use the applications without cookies. Most browsers accept cookies automatically. Users can avoid the automatic registration of cookies by selecting the option provided in the browser settings. Users can also use the browser to delete any cookie already stored on the hard disk.
Please note that disabling cookies could prevent the Users from browsing the Website correctly or limit the use of related applications and Services.
How do we use the Data we collect?
Users’ personal Data will be processed exclusively according to the methods described in this notice and in compliance with the terms of the General Data Protection Regulation (UE/2016/679), Chapter 2.
In order to use the Services provided by bSmart Labs, Users have to give explicit consent to the use of their personal Data. We use your Data in order to:
- Operate, maintain and improve our Websites, Products and Services.
- Send information, including confirmations, invoices, technical notes, updates, security notices and administrative messages.
- As for some bSmart Labs’ Services, interact with other registered Users included in groups with limited and controlled access (e.g. bSmart Classroom’s virtual classrooms or the pages connecting Students and Tutors/Parents and Tutors in bSmart Tutors or the pages enabling Parents to access they children’s personal Data).
- Create and promote contests and awards.
- Answer to comments and requests providing customers with a Service.
- Send information about promotions, events and other news on the Products and Services offered by our Company.
- Link or combine the Users’ information with other personal information.
- Protect against, investigate and discourage frauds and unauthorised or illegal activities.
- Provide Products and Services requested by customers.
- Send possible invitations to test bSmart Labs’ Services as a result of explicit actions performed by Users already registered to the Service (e.g. sharing a content with other people by entering their email address).
In some cases we use some Data (email or other) explicitly provided by Users registered to one or more Services by bSmart Labs in order to send invitations or other communications to third parties not registered to bSmart Labs’ Services.
We store this information for the sole purpose of sending communications related to bSmart Labs’ Services. The recipient of these messages can contact us at firstname.lastname@example.org to ask for the removal of her/his address from our database.
Data sharing and security
We do not share our Users’ personal Data with third parties, except for the following specific cases:
- We may share the name, surname and email address of the Users who access a specific content, exclusively with the holders of the property rights of the said content.
- Some categories of Subjects performing activities linked and instrumental to the activities performed by bSmart Labs, such as the Subjects dealing with Users for technical support or computer operators, may learn of some Data.
- Some personal Data may be visible to other Users within specific Services by bSmart Labs. For instance, Teachers in bSmart Classroom, Tutors while working with Students in bSmart Tutors and Parents in the pages dedicated to the management of their children’s profiles.
- We may provide surveillance authorities with some Data due to the laws in force, to rules deriving from EU regulations or from the instructions of public authorities.
bSmart Labs undertakes to use the necessary security measures in order to protect the personal Data of Users in the best way possible.
How long do we store your Data?
Personal Data is stored for no longer than is required to fulfill the tasks for which the said Data was collected or processed. In some specific cases (e.g. Data about traffic collected through external Services) storage has a limited duration in time.
Where do we store your Data?
Personal Data will be managed and stored on servers located within the European Union. bSmart Labs’ Services are now hosted by Amazon Web Services in Ireland.
Data won’t be transferred outside the European Union, except for some anonymous Data that are stored on servers located in the United States for statistical purpose. Nevertheless, if necessary, the Data Controller might move the location of the servers to Italy and/or the European Union and/or countries outside the EU.
In this case, the Data Controller assures that the transfer will be performed in compliance with the laws in force, signing agreements that ensure a suitable level of protection, if necessary, and/or adopting the standard contractual clauses of the European Commission.
Right to rectification, erasure and complaint with reference to personal Data
With reference to the processing of personal Data, Users can exercise, at any time, the rights specified in the General Data Protection Regulation (UE/2016/679), Chapter 3, Section 3 by writing to email@example.com.
Furthermore, Users have the right to lodge a complaint with a supervisory authority.
When possible, bSmart Labs undertakes to provide Users with an autonomous method to access their personal Data used in our Services. In case of incorrect information, bSmart Labs undertakes to rectify mistakes or inaccuracies within a reasonable period of time or, if required, to delete all the information related to the Users, unless having to store it for legal purposes.