Privacy Policy for Users

The Big Now S.p.A. is a company of the group of companies called Dentsu Italia S.p.A. (”Dentsu”), specialized worldwide in digital media and advertising. Dentsu helps its clients to improve how they advertise and market, whether by print, post, email or on websites. Dentsu believes that the responsible use of data supports business growth and builds strong relationships between brand and consumer. As a business, Dentsu is committed to respecting and protecting the privacy of all individuals with whom it interacts, it is committed to being transparent in the handling of personal information and processing of personal data, at all times in accordance with applicable privacy and data protection laws. 

 

This Privacy Policy explains how The Big Now S.p.A. may collect and use personal information from Users when they surf its website www.thestorylab.it 

The Big Now S.p.A.  having its registered office in Milan  (Italy) – Via Benigno Crespi n. 23 - 20159, VAT No. and Tax Code No 05599220968, registered with the Company Register of Milan under No. 05599220968 (hereinafter, the “Controller”), owner of the www.thestorylab.it (hereinafter, the “Website”) as the Controller of personal data of the users who browse the Website (hereinafter, the “Users”) provides the following privacy policy (hereinafter, “Privacy Policy”) according to Article 13 of the EU Regulation 2016/679 dated 27 April (hereinafter, the “Regulation” and/or “Applicable Law”).

This Website and any services offered through the Website are reserved for individuals who are 16 years and over. Therefore, the Controller does not collect personal data relating to individuals under 16 years of age. Upon request of the Users, the Controller will promptly delete all personal data that has been involuntarily collected and related to subjects under the age of 16. 

The Controller takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this Privacy Policy, Users may contact the Controller at any time, using the following methods:

  • Sending a registered letter with return receipt to the registered office of the Controller: Via Benigno Crespi n. 23 – 20159 Milan (Italy);
  • Sending an electronic mail message to the hello-italy@storylab.com

Users may also contact the Data Protection Officer (RPD or DPO) of the Controller, the contact data of which is reported below: Mr. Garreth Cameron - DPO EMEA, Garreth.Cameron@dentsuaegis.com - Mr. Lapo Curini Galletti – DPM Italia (Data Protection Manager), lapo.curinigalletti@dentsuaegis.com.

1. Processing purposes 

The personal data of the Users will be processed lawfully by the Controller pursuant to Article 6 of the Regulation for the following processing purposes:

  1. provision of the service, i.e. to allow surfing of the Website by the User. User’s data collected by Controller to this end include all personal data whose transmission is implicit in the use of Internet communication protocols, that computer systems and software procedures used to operate this Website acquire during their normal functioning: IP addresses or domain names of the computers used by Users, addresses in URI notation (Uniform Resource Identifier) of the requested resources, time of the request, method used in submitting the request to the server, file size obtained in response, numerical code indicating the status of the response given by the server (e.g., good order, error, etc.) and other parameters relating to the operating system and Users’ IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of this Website and to allow its correct operation. Notwithstanding the provisions elsewhere in this Website Privacy Policy, under no circumstances shall the Controller make Users’ personal data accessible to other Users and/or third parties;
  2. administrative and accounting purposes, i.e. to perform organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
  3. legal obligations, i.e. to fulfil obligations provided by the law, an authority, a regulation or European legislation and to ascertain responsibility in case of alleged computer crimes to the detriment of the Website.

The provision of personal data for the purposes of processing indicated above is optional but necessary; failure to provide the data will make it impossible for the User to browse the website, register with the Website and take advantage of the services offered by the Controller on the Website.

The Controller does not provide the Users’ data collected through the Website to any third party.

2. Processing methods and data retention times 

The Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

The Controller has implemented appropriate technical and organizational security measures in order to avoid the use, unlawful unauthorized access or accidental loss of Users’ data. 

The personal data of Website Users will be retained for the time strictly necessary to carry out the main purposes explained in paragraph 1 above or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Controller.

3. Transmission and dissemination of data

The employees and/or collaborators of the Controller who are in charge of managing the Website may become aware of the personal data of the Users. These subjects, who are formally appointed by the Controller as "persons in charge of processing", will process the User's data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law. 

The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Controller as “Data Processors”, such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data processor appointed by the Controller, making a request to the Controller in the manner indicated in paragraph 4 below.

The Controller may transfer Users’ personal data to a third-party service provider and/or also overseas, only insofar as the Controller is satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and in compliance with applicable privacy and data protection laws. These measures may include the use of Standard Contractual Clauses, the EU-US Privacy Shield, Swiss-US Privacy Shield or User’s consent. The User may request further information on the legal security measures used for such transfers via the contact details given in this Privacy Policy.

As stated above in this Privacy Policy, the Controller is part of Dentsu, a global media group consisting of multiple group companies around the world. Therefore, from time to time, Users’ personal data may be communicated to other companies belonging to Dentsu group. Some of the companies of the Dentsu are located outside the EEA. Where Users’ personal data are transferred to group companies outside the EEA, the Controller will only do so insofar as Users’ data protection rights are adequately protected and the transfer is made in compliance with the Applicable Law in the field of privacy and data protection.

Users may request further information on the measures used for data transfers adopted by the Controller by means of the contact details contained in this Privacy Policy. 

4. Rights of the Data subjects

Users may exercise their rights granted by the Applicable Law by contacting the Controller as follows:

  • Sending a registered letter with return receipt to the registered office of the Controller: Via Benigno Crespi n. 23 – 20159 Milan (Italy);
  • Sending an electronic mail message to the address hello-italy@storylab.com

Whether the User makes a request to the Controller concerning the Controller’s data handling and his/her personal data, as provided for by this paragraph, the Controller reserves the right to preemptively ask the User for further information with the sole aim to ascertain his/her identity before providing a response. 

Pursuant to the Applicable Law, the Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.

Furthermore, Users have the right to obtain: a) access, updating, rectification, or, when interested, integration of data; b) the cancellation, transformation into anonymous form or the blockage of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed; c) certification to the effect that notification has been supplied of operations as per letters a) and b), as regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

Moreover, Users have:

  1. the right to revoke consent at any time, if the processing is based on their consent;
  2. the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit processing of personal data and right of deletion (“the right to be forgotten”);
  3. the right to oppose to:
  1. in whole or part, the processing of personal data relating to them for legitimate reasons even pertinent to the purpose of collection;
  2. in whole or part, the handling of their personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;
  3. if personal data is processed for direct marketing purposes, at any time, to the processing of Users’ data for this purpose, including profiling in so far as it is related to such direct marketing.
  1. if it is deemed that the processing concerning their personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, with registered offices in Piazza Venezia n. 11, 00187 – Rome (Italy) (https://www.garanteprivacy.it/home_en). 

The Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link. 

This Privacy Policy is limited to the personal data collected and handled through the Website. The Website may provide links to other websites, including social media sites such as Facebook, Twitter and LinkedIn. Whether Users follow these links, they should use these sites in conjunction with their applicable user and privacy notices as their data practices fall outside the scope of this Privacy Notice. The Controller holds no responsibility for or control over the information collected by any third-party website and the Controller cannot be responsible for the protection and privacy of any information which the User may provide on such websites.

This Privacy Policy shall be updated by the Controller from time to time in order to reflect changes in law and/or a change in the Controller’s practices regarding the handling of personal data. If the User does not agree to such changes, he/she is kindly asked not to continue to use the Website. The User may check this page for possible updates. This Privacy Policy was last updated on 7th of April 2021.