The provision of your Data for the purposes indicated in letters a) and b) is necessary and mandatory; therefore, if you do not provide it, it will not be possible to establish or continue the contractual relationship with you, nor to provide the requested services.

The processing activities referred to in letters d), f), g), and j) do not require your explicit consent, as they are based on the legitimate interest of the Data Controller, pursuant to Article 6, paragraph 1, letter f) of the GDPR. In any case, the Data Controller has carried out a thorough balancing of interests to ensure that such processing does not prejudice the fundamental rights and freedoms of the data subjects.

The provision of your Data for the purposes indicated in letters c), e), h), and i) is not mandatory. For such processing, your prior consent is required, which will be requested by the Company in a manner appropriate for each activity. In any case, consent may be revoked at any time, without this having any negative consequences on the contractual relationship with the Company.

The use of certain services on the website and in the App may require the processing of personal data of third parties that you have sent to the Data Controller. In such cases, you act as an independent data controller, assuming all legal obligations and responsibilities. In this regard, you grant the broadest indemnity with respect to any dispute, claim, request for compensation for damage from processing, etc. that may be received by the Data Controller from third parties whose personal data has been processed in violation of the applicable personal data protection regulations. In any case, if you provide or otherwise process personal data of third parties when using the website or the App, you hereby guarantee – assuming all related responsibility – that this particular case of processing is based on an appropriate legal basis pursuant to Article 6 of the GDPR, which legitimizes the processing of the information in question.

3. Methods of Processing

The processing is carried out using automated and/or manual IT and telematic tools designed to guarantee security measures that prevent access, disclosure, loss, misuse, illegal or unauthorized use of the data.

4. Access to data

Personal Data may be shared with the following external parties: i) Internet service providers and platforms used by the Data Controller as organizational tools, communication channels, and/or promotion channels; ii) consultants and other service providers who perform services for us or on our behalf and require access to such information to perform such work; iii) shippers, carriers, and couriers.

These parties act as independent data controllers or data processors. In the latter case, the Data Controller has entered into a specific agreement pursuant to Article 28 of the GDPR (Appointment of Data Processors). The list of Data Processors can be requested by contacting the Data Controller and/or the DPO at the addresses indicated in paragraph 2 above.

Personal data will also be processed by the Data Controller's internal staff specifically authorized pursuant to Article 29 of the GDPR.  

5. Place of Data Processing

Personal data is processed at the Data Controller's headquarters, as well as on the servers hosting the website //www.aureahub.com/. Personal data is stored on servers located within the EU and will not be transferred outside of the EU under any circumstances. However, since some important service providers to our infrastructure are based outside the European Union (e.g., cloud service providers), when using the Data Controller's services, personal data may be stored on servers located outside the European territory. The Data Controller guarantees that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers are carried out using appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards provided for by the GDPR.

6. Rights of the data subject

The User may exercise all the rights provided for in Articles 15-21 of the GDPR at any time and without unjustified limitations by contacting the Data Controller at the email address help @aureahub.com. Requests are submitted free of charge and processed by the Data Controller within 30 days.

●      In particular, the User may:

●      Obtain confirmation that processing is underway (Article 15);

●      Obtain the rectification of inaccurate or incomplete data (Article 16);

●      Obtain the erasure of data without undue delay (Article 17);

●      Restrict the processing to only part of the personal data (Article 18);

●      Receive a copy of the personal data held by the data controller, in a commonly used and machine-readable format; obtain transfer without hindrance to another data controller (Art. 20);

●      Object at any time to the processing of personal data. (Art. 21);

●      With regard to the purposes of processing based on consent, withdraw consent at any time.

7. Complaints

The User may always lodge a complaint with the competent Authority (Personal Data Protection Authority), pursuant to Art. 77 of the GDPR, if they believe that the Data Controller is processing their Personal Data in violation of applicable law.

8. Changes to the Privacy Policy

The Data Controller reserves the right to modify and update this Privacy Policy following any new national or European legislation on the protection of personal data.