Privacy Policy

Welcome to our website snapp.co.
Contentking Srl wishes to provide information on the processing of personal data of users who, as data
subjects, consult and interact with Contentking Srl through the website.
The information is provided pursuant to the relevant legislation on the processing of personal data, in
particular, Article 13 of the General Data Protection Regulation 679/2016 ("GDPR") and the relevant
national legislation (with particular reference to Legislative Decree 196/2003, as amended by
Legislative Decree 101/2018).
Main definitions:
- personal data: any information relating to an identified or identifiable natural person;
- data subject: the identified or identifiable natural person to whom the personal data refer; an
identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person;
- processing: any operation or set of operations which is performed on personal data or on sets of
personal data, whether or not by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction;
- Controller: the natural or legal person, public authority, agency or other body which, alone or
jointly with others, determines the purposes and means of the processing of personal data;
where the purposes and means of such processing are determined by Union or Member State
law, the controller or the specific criteria for its nomination may be provided for by Union or
Member State law;
- Processor: means a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the controller.

1. Data Controller and contact details
The Data Controller is Contentking Srl, in the person of its legal representative pro tempore, with
registered office in Via della Moscova 46/1 Milano, phone +39 02 49710985, email info@snappo.co

2. Browsing data, purpose of processing and legal basis
The data are acquired by the computer systems and software procedures used to operate this website,
the transmission of such data being implicit in the use of Internet communication protocols. This
information tends not to be collected in order to be associated with identified data subjects, but by its
very nature could, even though processing and association with data held by third parties, allow the
identification of the users. This category of data includes the IP addresses or domain names of the
computers used by users connecting to the website, the URI (Uniform Resource Identifier) notation
addresses of the resources requested, the time of the request, the method used to submit the request to

the server, the size of the file obtained in response, the numerical code indicating the status of the
response given by the server (successful, error, etc.) and other parameters relating to the user's
operating system and IT environment. This data is used for the sole purpose of obtaining anonymous
statistical information on the use of the site and to check its correct operation.
The data could be used to ascertain liability in the event of hypothetical computer crimes to the
detriment of the site.
Personal data freely provided by the user for the use of services from the website, such as identification
data (name, surname, date of birth), contact data (such as email and/or mobile phone) may also be
processed. Depending on the reasons for providing the data, the data may be processed for:
- in order to take steps at request of the user prior to entering into a contract with the Data
Controller or for the execution of a contract that binds the user and the Data Controller; in these
cases, the legal basis is Article 6(b) of the GDPR;
- for marketing and profiling purposes, the legal basis of which is the consent given by the user
pursuant to Articles 6(a) and 7 of the GDPR or, if applicable, Article 130(4) of Legislative
Decree No. 196/2003; in all these cases, consent may be revoked at any time without prejudice
to processing legitimately carried out prior to revocation;
- for the legitimate interest of the Data Controller (Art. 6(f) of the GDPR) consisting in providing
an adequate response to requests received from the user via the website.

3. Data retention
Data are retained for a period not exceeding that necessary to pursue the above-mentioned purposes.
Personal data processed for marketing and profiling purposes are kept for 24 and 12 months
respectively from the last contact with the data subject.
Periodic checks are also carried out to ensure that the data are strictly pertinent, not excessive, and
necessary in relation to the purposes of processing.

4. Categories of recipients. Eventual data transfers outside EU (EEA)
The data is processed by staff and/or collaborators of the Data Controller, instructed and authorised to
carry out such processing activities pursuant to Article 29 of the GDPR. The data may also be disclosed
to recipients who would process the data as designated Data Processors pursuant to Article 28 of the
GDPR.
Any transfers of personal data outside the European Union (EEA) will be carried out by the Controller
in compliance with the safeguards provided for in Articles 44 et seq. of the GDPR.

5. Complaint with the Supervisory authority and legal action
For their rights, users/data subjects have the right to lodge a complaint with the Italian Supervisory
Authority, i.e., Garante per la Protezione dei Dati Personali, Piazza Venezia n. 11 - 00187 Roma, as
provided for in Article 77 of the GDPR, or to take legal action (Article 79 of the GDPR) according to
national laws.

6. Data subject’s rights pursuant to Artt. 15-22 of the GDPR
The GDPR grants data subjects the right to access, rectify or erase your personal data, to obtain
restriction of or opposition to the processing and portability.
The right to access to the personal data can be exercised at reasonable intervals in order to have correct
and constant information about the processing and to verify its lawfulness.
The right to erasure concerns personal data processed in violation of the law or in the other cases
provided for in Article 17 of the GDPR.
Data subjects may obtain from the Controller the restriction of the processing for the period necessary
to verify the personal data whose accuracy they contest, or when the processing is unlawful, preferring
the restriction to the deletion of the data, or if they need such data for the establishment, exercise or
defence of a legal claim, even if the Controller no longer needs it for the purposes of the processing, or
for the period necessary to verify whether the Controller's legitimate reasons prevail over data subjects
and for which data subjects objected to the processing.
In the event of a restriction, personal data will only be processed with data subjects’ consent or for the
establishment, exercise or defence of legal claims or to protect the rights of another natural or legal
person or for reasons of substantial public interest of the European Union or a Member State. In any
event, data subjects will be informed by the Controller before the latter lifts this restriction.
On grounds relating to data subjects’ situation, you have the right to object to the processing of data
which is necessary for the performance of a task carried out in the public interest or in the exercise of
official authority vested in the Controller, or in the pursuit of the legitimate interests of the Controller.
The Controller shall refrain from further processing such data, unless he can demonstrate the existence
of compelling legitimate reasons which override his own. You may object to the processing when
personal data are processed for direct marketing purposes, including profiling. This right may be
exercised at any time.
Data subjects have the right to data portability (the possibility to receive the data provided and, if
necessary, to pass it on to another data controller) in cases permitted by the GDPR (Art. 20).
Data subjects have also the right not to be subjected to a decision based solely on automated
processing, including profiling. Exceptionally, such processing is possible if authorised by the law of
the Union or the Member State to which the Controller is subject, or if permitted by the data subjects or
if necessary for contractual purposes. In the last two cases, data subjects still have the right to obtain
human intervention by the Controller, to express their opinion and to contest the decision. With data
subjects’ consent and appropriate measures to protect their rights, freedoms and legitimate interests,
this type of processing may also involve particular categories of personal data.
In order to exercise these rights, you may contact the Controller through the aforementioned contacts.

7. Provision of data

The provision of personal data is not a statutory requirement nor contractual one nor another kind of
requirement. If the data subjects do not provide the personal data, the only possible consequence of
failure to provide such data is the impossibility to carry out the relevant personal data processing
activity and, in some cases, to provide a service within the website.
8. Cookies
You can consult the Cookie Policy here .