Privacy Policy

Introduction.

This Policy, that we invite you to read carefully, describes how our company will process the personal data that we will collect from you when using our services, the type of personal data we gather, how they are used, which third parties can access them, and how you can access, update or delete your personal data.

This Policy has been drafted in accordance with EU Regulation 2016/679 and United Kingdom Laws (the Data Protection Act 1998).

The information and data supplied by you or otherwise acquired when using our services will be processed in observance of the provisions of the GDPR and the obligations for confidentiality that form the basis of the work of our company.

In accordance with the provisions of the GDPR, the processing operations carried out by our company will comply with the principles of lawfulness, fairness, transparency, purpose and retention limitation, data minimization, accuracy, integrity and confidentiality.

Data Controller.

For the purpose of the above-mentioned Laws, the data controller is BARBERO & Associates Limited, headquartered at 89 Chiswick High Road, London, W4 2EF, United Kingdom.

Categories of processed data.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal data means any information enabling a natural person to be, directly or indirectly, identified or identifiable, alone or together with other data. (hereinafter "Personal Data").

In particular, the Personal Data we process are the following:

- Navigation data.
The web servers automatically record certain personal information implied by the use of Internet communication protocols. Said information is not collected to identify a specific person, but by its nature could identify users through elaborations and associations with third parties’ data. This information includes IP addresses or domain names of the computers used by the users through which they connect to our site, the URI addresses (Uniform Resource Identifier) of the resources requested, the time of the request, the method used for requesting the server, the dimension of the answer file, the numeric code which indicates the response of the server (good result, mistake etc) and other parameters of the operating system and of the user’s settings. These data are retrieved with the sole purpose to obtain anonymous statistical information on the use of our site and control its correct functioning. They are automatically deleted after the elaboration. They could also be used to ascertain the responsibility of the user in case of alleged criminal actions against our site. But for the exceptions mentioned above, the data retrieved will not be kept for more than seven days.

- Data voluntarily made available
We may collect and process the following Personal Data through our site and our activities:
names and surnames, addresses, email addresses, phone and fax numbers and possible additional information (such as tax codes) that you, as a client or prospect client, supplier or job applicant, will voluntarily disclose to our company.

- Information on our use of cookies and web server logs
A cookie is a piece of data stored by a user's web browser on the user's hard drive - such as a computer or a smartphone - and allows web servers to recognize the device used to access a web site.

Our site uses cookies to collect information, only in aggregate form, about how our site is used. The cookies used only pick up anonymous information and thus will not result in your Personal Data being processed. Nevertheless, cookies may be used for recording login data for automatic recognition, avoiding you to re-insert username and password each time you access the reserved area of our site.

We use analytical cookies, precisely Google Analytics, to collect information on the use of our site by visitors, including number of visitors, page views, time spent, geographic areas of origin, tools used.

You can find additional information about the third-party cookies used by our company and the related policies at the following URL addresses:
https://www.google.com/intl/en/policies/privacy/

http://www.google.com/intl/en-GB/policies/technologies/cookies/
http://www.google.com/intl/eng/analytics/learn/privacy.html

Our company will not be liable for subsequent amendments to the above information or changes in the third-party cookies operation, being an entity independent and autonomous from the third party processing the data.

Many current browsers automatically allow cookies, but you have the option to set your browser in such a way to exclude, display before accepting or eliminate cookies. Moreover, you could disable cookies at any time by modifying your browser’s settings, but this choice may slow down or impede access to certain areas of our site.

Domain name registration data.

With regard to the processing operations of Personal Data carried out as part of the domain name management service, it should be noted that BARBERO & Associates will only implement the processing operations deemed strictly necessary for providing the service, with the exception of further processing operations grounded on an appropriate legal basis, pursuant to art. 6 of the GDPR (for instance, your consent).

The Personal Data collected by BARBERO & Associates as part of an application for domain name registration are solely those strictly necessary for the provision of the services. The provision of such Personal Data is in itself optional, however, failure to provide such Personal Data entails that BARBERO & Associates will not be able to provide the requested service.

It should be noted that the Personal Data of the domain name holder, for purposes strictly related to the provision of the service, may be disclosed to third parties. Specifically, in order to manage domain names, the Internet Corporation for Assigned Names and Numbers (hereinafter "ICANN") requires BARBERO & Associates, as a registrar, to place in escrow to a licensed Escrow Agent a copy of the data needed to register a domain name under the authority of ICANN itself. Such service is provided to BARBERO & Associates by Iron Mountain Intellectual Property Management, Inc., designated by ICANN. 

Additionally, the Personal Data may be disclosed to the national and international Registration Authorities to which BARBERO & Associates is required to send the technical and administrative documentation under the relevant regulation, and to any other entities accredited for the registration of domain names with regard to extensions for which BARBERO & Associates is not directly accredited. Such Data sharing is required in order to perform the service; therefore, in accordance with the privacy legislation in force, data sharing is justified under art. 6 (1) (b) of the GDPR. It follows that when you sign up for the service, you agree to the disclosure of some of your Personal Data to the above entities. Please note that, if, by applying for domain name registration, you provide BARBERO & Associates with Personal Data of other third parties involved in the processing, you are considered an independent data controller, assuming all the obligations and responsibilities of law. To this effect, you undertake to fully indemnify BARBERO & Associates against any complaints, claims and demands for compensation for damages arising from processing that may be received by BARBERO & Associates from third parties whose Personal Data have been processed, through the use of the Services, in violation of the applicable rules on personal data protection. In any case, if you provide or in other way process Personal Data of third parties in using the Service, you henceforth guarantee - assuming all related responsibilities - that this specific processing is grounded on an appropriate legal basis in accordance with art. 6 of the GDPR, which legitimizes the processing of the information in question.

The Personal Data that you provide us with to finalize a domain name registration, namely your name, personal address, email address and phone number, could be published, and therefore disclosed, on the public WhoIs databases, which provide the contact details of the persons or entities that apply for domain name registrations. According to the privacy policies adopted by ICANN, the concerned registrars or Registries, access to your Personal Data through the public WhoIs databases may, or may not, be restricted. BARBERO & Associates has no control whatsoever on the personal data processing activities performed by ICANN, the concerned registrars or Registries.

Communication of the Data.

The Navigation Data are automatically collected; in other cases, the submission of Personal Data is optional, but failure to submit data could result in the impossibility to fulfil agreements or supply the requested services.

Purpose of data collection.

We will use the above information for the following purposes:

  • To ensure that content on our site is presented in the most effective manner for you;
  • To perform our services, providing the information you requested or supplying the service ordered, including the collection, retention and processing of data for the establishment and subsequent operational, technical and administrative management of the relationship arising from the provision of the services, and the exchange of messages during the course of the relationship;/li>
  • To send you information via e-mail for services similar to those you have subscribed to, unless you objected to such processing initially or in subsequent communications, to pursue BARBERO & Associated’s legitimate interests to promote services which you may be reasonably interested in;
  • To fulfill contractual obligations or requirements of law.

Legal basis of processing.

The Data Controller may process personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes;
  • provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

In any case, the Data Controller will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Processing Arrangements.

Once we have received your information, we will process your Personal Data in a proper manner and take appropriate security measures to prevent loss of data, unauthorized access, disclosure, modification, illegal or incorrect use of the data.

We will process your data using computers and/or IT enabled tools, following organizational procedures strictly related to the purposes indicated.

Data communication.

Your Personal Data may be accessible to persons involved with the operation of our website and our services (administration, marketing, legal, system administration) or external parties (such as persons, companies or professional firms providing BARBERO & Associates with advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the services; persons that we may engage with in order to provide the services, i.e. domain name registration authorities, registrars and technical service providers, mail carriers, hosting providers, IT companies, communications agencies, Intellectual Property advisors; post couriers; people authorized to perform technical maintenance), appointed, if necessary, as data processors by our company; or persons, bodies or authorities to which we may disclose your Personal Data in accordance with the provisions of law or pursuant to the order of an authority; or people authorized by the Data Controller to process the Personal Data as required for carrying out activities strictly related to the provision of the services, such as BARBERO & Associates’ employees. The complete list of these parties may be requested to our company at any time.

Our employees, agents and contractors who have access to Personal Data are required to protect them in a manner that is consistent with this Privacy Policy.

Transfer of personal data overseas.

To fulfil its service obligations, it is necessary for BARBERO & Associates to transfer and process Personal Data also outside the country in which the Personal Data are collected. Prior to making any such transfer BARBERO & Associates will put in place security procedures and firewalls designed to prevent unauthorised use of or access to Personal Data.

Retention time.

We retain Personal Data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:

  • Mandated by law, contract or similar obligations applicable to our business operations;
  • For preserving, resolving, defending or enforcing our legal/contractual rights; or
  • Needed to maintain adequate and accurate business and financial records.

If you have any questions about the security or retention of your Personal Data, you can contact us at gdpr@barbero.co.uk.

Place where data is processed.

The Personal Data that we collect from you may be processed at our company operating offices and in any other places where the people involved with the processing, including our employees, technical staff and collaborators of our company who have been entrusted with the processing, are located.

The Personal Data may be also transferred to, or stored at, a destination located outside the European Economic Area (“EEA”) and be processed by people operating outside the EEA who cooperate with our company for the fulfillment of your order, the processing of your payment details and the provision of support services. By submitting your Personal Data to our company, you agree to this transfer, storing or processing. We will take all reasonable steps to ensure that your Personal Data are treated securely and in accordance with this Privacy Policy.

The Personal Data you provide to us are stored on our secure servers. If we provide you with a password which enables you to access certain parts of our site, such as the reserved area, you are responsible for keeping this password confidential.

Rights of interested parties.

Users may exercise certain rights regarding their Data processed by the Data Controller. In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
  • Access their Data. Users have the right to learn if Data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Data Controller will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Data Controller.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

You can exercise the above-mentioned rights at any time by contacting our company in writing at the email address gdpr@barbero.co.uk

If you provide Personal Data about other individuals, you represent that they have been informed of the purpose for which said information will be used, the recipients of the Personal Data and the way they could access and update their information.  You also represent that you have obtained their consent to our data processing.

Updates to this privacy policy.

We shall update this Privacy Policy from time to time. Therefore, we invite you to regularly check this page for updates. You will be notified of amendments to this Privacy Policy by email and your continued use of our services for a period longer than three weeks may constitute acceptance of the amended provisions.

Contact.

If you have any questions, comments or requests concerning this Privacy Policy, please do not hesitate to contact us by email at gdpr@barbero.co.uk.