Our Privacy Policy

CX live now considers your privacy and the protection of the confidentiality and security of your personal data to be a priority and is committed to processing your data fairly, lawfully, and transparently, always protecting your confidentiality and rights in accordance with the Privacy Code Legislative Decree No. 196/2003 coordinated and updated with the amendments made by Legislative Decree No. 24/2023 and the EU Regulation 2016/679

This is our Policy on the processing of personal data that we collect, regardless of the channel or medium (online or in person), when we have a business contact, when you ask us for information, when we enter into a sales contract, when you visit our websites and it has been drawn up to provide you with clear information about who we are, for what purposes we may use your personal data, how long they remain in our files, how they are processed, to whom we may disclose them and where they may be transferred and we provide you with details of all your rights

CX live now, in all its processes, adopts a policy based on the principles of personal data protection established by the GDPR 2016/679 Regulation and the national legislation in force, not only with a view to mere compliance with the rules but with a heartfelt awareness of the importance of protecting the confidentiality and security of the personal data of individuals

CX live now is the controller of your data even when you navigate on our websites, which are means of communication but also tools for collecting and recording your data.

Please read this Policy carefully: it contains important information on the processing of your Personal Data.

What is meant by the processing of personal data?

Where do we collect your data from?

Which data are subject to protection under EU Regulation No. 679/2016 and the applicable national provisions?

What is the role of CX live now in the processing processes?

How does CX live now process personal data?

Category, purpose and legal basis of data processing and data retention periods

Data communication

How do we ensure that data recipients, process data in accordance with the data protection principles set out in the GDPR Regulation 2016/679 and applicable national legislation?

Transfer of personal data to third countries

What are your rights?

The role of CX live now as external data controller

Personal Data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Processing means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The processing must be based on the principles of fairness, lawfulness, transparency, protecting your confidentiality and your rights.

The collection of your personal data is carried out by CX live now by recording data collected directly from you, through its website, electronically or verbally at the time of initial contact or subsequent communication, data collected at events or trade fairs, or intermediaries

Which data are subject to protection under EU Regulation No. 679/2016 and the applicable national provisions?

All data defined as personal, i.e. when it relates to a natural person who is identified or identifiable even indirectly, or information (e.g. tax code, fingerprint, telephone traffic, image, voice) concerning a person whose identity can nevertheless be ascertained by means of additional information.

The activity of CX live now. involves the assumption of two distinct roles in relation to how it interfaces in the treatment process:

• CX live now processes personal data as a data controller when it determines the purposes and means of the processing of personal data', i.e. when it processes data without receiving instructions (e.g. when it processes the data of its own employees or collaborators, when it processes customer data for the conclusion of contracts, suppliers, fulfils accounting and tax obligations).
• CX live now processes personal data as a data controller when it is entrusted with a service by a data controller who is the subject of an express contractual agreement and who independently determines the purposes and means and entrusts CX live now with part or all of the processing, giving precise instructions

The data are collected by CX live now directly from the person concerned, at the moment of the initial contact or through the navigation on this site by detecting the identification such as name, an identification number, an online identifier or one or more characteristic elements of his/her physical identity, freely provided also by filling in the forms on this site.

The data are processed with the support of computerised means following the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality. CX live now hereafter informs you about the category (type) the purpose (why) the legal bases (which define lawfulness) adopting technical and organisational measures in order to guarantee the maximum security of your data, avoiding losses, errors, unlawful or illegitimate use. Please remember to notify us of any changes to the data you have provided us with in order to ensure their correctness. While we are aware that the processing of data via the Internet often represents situations of potential objective vulnerability related to web browsing, we strive to minimise the risks.

For the management of cookies we have prepared a dedicated information notice on our site

Contract art 6 letter a): the processing is necessary to fulfil the requests sent. Failure to provide it would make it impossible to activate the services provided

Consent art 6 lett b) informed and given voluntarily by the interested party, who has the right to revoke it at any time

Law art 6 letter c) the processing is necessary to comply with civil, administrative and fiscal law obligations. Failure to provide it would make it impossible to activate the services provided.

Data Category	Purpose	Legal basis	Storage time
Personal and/or contact data such as name, surname, e-mail, addresses and telephone numbers	1 In the data collection phase to execute requests received through the contact forms on the site	Contract	For the time necessary to fulfil the requests and for the duration of the business relationship
Personal and/or contact data such as name, surname, e-mail and telephone number, addresses and payment processing data	2 In the data collection phase for pre-contractual and contractual management collected directly by CX live now verbally or in writing	Contract	For the duration of the business relationship
Personal and/or contact data such as name, surname, e-mail and telephone number	3 Marketing and promotional activities that CX live now carries out in its own interest	Consent	For the period of five years from the collection of the data taking reasonable account of the type of product offered by the data controller. The data is deleted upon receipt of revocation by the data subject
Personal and/or contact data such as first name, last name, e-mail and telephone, addresses data for the execution of payments	5 Administrative/fiscal/legal requirements	Law	For ten years in accordance with tax and civil law provisions. for the period necessary in the event of litigation
Data of a technical/informational nature collected and used in an aggregate and anonymous manner by visiting the site (IP Internet protocol addresses)	6. Verify the proper functioning and monitor the security of the Site; improve the quality of the service and provide statistics concerning the use of the Site; proceed to ascertain responsibility in the event of damage to the Site or any unlawful activities (including criminal offences).	Technical cookies that do not require consent functional to the site, to provide the service and optimise your navigation Express consent for non-essential cookies if present	Explicit in the banner on the site's landing page containing detailed information on the cookies used

CX live now may communicate your data to the following recipients:

- Third parties, entities or authorities, autonomous data controllers, to whom it is compulsory to communicate your Personal Data by virtue of legal provisions or orders from the authorities

- Persons in charge, authorised, such as employees of CX live now, for the processing necessary to carry out activities strictly related to the provision of services

- Persons who act as external data processors (art. 28 of the Regulation): persons, companies or professional firms that provide assistance and consultancy in accounting, administrative, legal, tax, financial and debt collection, personnel management in relation to the provision of services; persons with whom it is necessary to interact for the provision of services, persons delegated to perform technical IT maintenance activities (maintenance of network equipment and electronic communication networks) and cloud storage services

How do we ensure that the recipients of the data, process the data in accordance with the data protection principles set out in the GDPR Regulation 2016/679 and applicable national legislation?

All recipients of personal data that identify you, when they are authorised persons and/or external data controllers, are identified in writing and they have been provided with specific written instructions regarding the correct processing of the data. The list is available for consultation upon request at admin@cxlivenow.com.

CX live now does not share personal data with third parties located in a country outside the European Union. However, it may be the case when, in order to carry out a service, your data is transferred to a third country and in this case we will provide you with appropriate information about this.

Some of the platforms that we use (Google, Microsoft, etc.) may transfer your data to their clouds in the United States and therefore, in keeping with the principle of transparency, we inform you that your data may no longer be a suitable and secure location, at least until there are substantial changes or updates to US or European legislation and the service providers take steps to provide the appropriate additional guarantees required.

As a data subject you have rights to your data as provided for in the European Regulation 679/2016 (GDPR) and the applicable national legislation, we provide you with detailed information on what these are:

- request confirmation of the existence of personal data concerning you (data subject's right of access - Art. 15 of Regulation 679/2016)

- to know its origin

- to receive intelligible communication of it

- obtain information about the logic, methods and purposes of the processing

- request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including data no longer necessary for the purposes for which they were collected (right of rectification and cancellation - Articles 16 and 17 of Regulation 679/2016)

- right to restrict and/or object to the processing of data concerning him/her (Art. 18 of Regulation 679/2016)

- right of revocation

- the right to data portability (Art. 20 of Regulation 679/2016)

- in cases of consent-based processing, to receive their data provided to the data controller, in a structured, machine-readable form and in a format commonly used by an electronic device

- the right to lodge a complaint with the Supervisory Authority (data subject's right of access - Art. 15 of Regulation 679/2016)

The role of CX live now as external data controller

In the activities carried out and conferred by the principals, CX live now is identified as the external data processor as it is delegated by the principal to process the data on its behalf in the activities conferred . The European Regulation provides that the external processor must be a data protection compliant, reliable and qualified person and that the appointment must be made by means of a legal act or (Data Processing Agreement) that provides instructions on the processing, defines the responsibilities, allows for the guarantees that the processor must provide on the processing of data in terms of protection and security that CX live now proposes when entering into contracts with its clients.

We summarise below some useful points to identify the division of tasks between the data controller and CX live now in its capacity as data processor, referring you to a complete and in-depth view of the Data Processing Agreement that accompanies our contracts.

The Data Controller:

• Decides how and which data to collect and process personal data in complete autonomy
• Determines the purpose of the processing by deriving economic or other benefit from collecting the data
• Is obliged to provide information under Art. 13 and, where applicable, to collect consent
• Provides for the integration, modification of incorrect data
• Instructs the controller on the purpose, method and terms of data retention
• The controller must be informed of the requirements of the European regulation and the current national GDPR provisions for all activities entrusted to CX live now, which will be set out in its own Policy to be updated periodically, which it will provide to CX live now for inclusion on the site

External data processor CX live now:

• provides 'sufficient guarantees' to put in place appropriate technical and organisational measures and to ensure the protection of the data subject.
• Processes personal data only on the documented instructions of the Data Controller,
• follows the instructions given to him for the processing by the controller
• ensures that persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate legal obligation
• takes all the security measures for the processing, provided for in Article 32 of the GDPR
• assists the controller with appropriate technical and organisational measures, in so far as this is feasible, to comply with the obligation of the controller to comply with requests for the exercise of the data subject's rights
• at the controller's choice erases or returns all personal data to the controller after the provision of services relating to the processing has ended and erases existing copies, unless Union or Member State law provides for the retention of the data
• shall make available to the controller all the information necessary to demonstrate compliance with the obligations incumbent on the controller, and shall allow and contribute to auditing activities, including inspections, carried out by the controller or another person mandated by the controller
• may designate another controller, the so-called 'sub-processor', subject to the prior authorisation, specific or general, in writing of the controller.
• establish a register of processing operations on behalf of each controller (Art. 30(2) GDPR);

DATA CONTROLLER: MARKETING VIBES S.R.L. Via Zanica 85, 24126 Bergamo - BG PIVA /CF 04708800166 admin@cxlivenow.com PEC: marketingvibes@pec.it

This privacy policy was drawn up in February 2024 and may be subject to change over time, also in connection with the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations, which will be promptly made available and published on our website www.cxlivenow.com in the sections dedicated to Privacy