top of page
360 degree ninja logo beige

PRIVACY POLICY

1. DATA PROTECTION OVERVIEW

1.1 General Information

 

The following information provides a clear overview of how we process your personal data when you browse this website. “Personal data” means any information that can be used to identify you directly or indirectly. For more details regarding the protection of your data, please see our full privacy policy.

2. DATA COLLECTION OVERVIEW

2.1 Who is Responsible for the Collection of Data on This Website?

The collection and processing of data on this Website is carried out by the operator/owner of the site (“Operator”). The Operator's contact details are available in the “About the Operator” section of this privacy policy.

2.2 How Do We Collect Your Data?

We collect your data primarily in two ways:

  • Directly from you: when you provide information, as in the case of a contact form.

  • Automatically or with your Consent: our system automatically collects technical data (such as browser type, operating system, page view time) when you visit the website. This data is collected as soon as you access the site.

2.3 For What Purposes Do We Use Your Data?

Some data is collected to ensure the proper functioning of the website, while other data may be used to analyze user behavior to improve the browsing experience.

2.4 What Rights Do You Have to Your Data?

You have the right to obtain, at any time and free of charge, information about your personal data processed, including its origin, recipients and the purposes of processing. You can request correction or deletion of your data, revoke previously given consent, and request restriction of processing under certain circumstances. You also have the right to file a complaint with the responsible data protection authority in your country of residence. Please do not hesitate to contact us if you have any questions regarding data protection.

2.5 Analytics and Third-Party Tools

When you visit this website, your browsing behavior may be evaluated using analytics tools. Details about these tools are available in this privacy policy.

3. HOSTING

We host the content of our website with the company WIX. The provider is Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter “WIX”).

WIX is a tool for creating and hosting websites. When you visit our website, WIX is used to analyze user behavior, traffic sources, region of origin of visitors, and number of visitors. WIX stores cookies on your browser that are necessary to view the website and to ensure security (required cookies).

The data collected by WIX may be stored on various servers around the world. WIX's servers are located in the United States, among other places. Details can be consulted in WIX’s privacy policy for European countries, in accordance with EU GDPR regulations (or you can consult WIX's privacy policy in English).

 

According to WIX, the transfer of data to the U.S. and other third countries is based on the EU Commission's standard contractual clauses or comparable guarantees under Article 46 of the GDPR. More details can be found at the following link.

The use of WIX is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) of the GDPR and § 25(1) of the TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device footprint) within the meaning of the TTDSG. Consent may be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards. More information is available at this link.

3.1 Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of the above service with WIX. This is a contract required by the DPA, which ensures that the personal data of visitors to our website are processed only according to our instructions and in compliance with the GDPR.

4. GENERAL NOTES AND MANDATORY INFORMATION

4.1 Data Protection

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this site, various personal data points are collected. Personal data is information that can be used to identify you directly. This privacy policy explains what data we collect and for what purposes it is used.

 

We would like to point out that the transmission of data over the Internet (e.g., via email) may present security vulnerabilities. Complete protection against third-party access cannot be guaranteed.

 

4.2 About the Website Operator

The website operator, responsible for data processing on this site, is:

 

360° Ninja Webdesign 

c/o Esther von Törne 

Via Michael Pacher 10 

39100 Bolzano, Italy

 

The operator is the natural or legal person who, individually or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

4.3 Retention Period

 

Unless otherwise stated in this privacy policy, your personal data will be retained until the purpose for which it was collected ceases to be valid. If you make a justified request for deletion or revoke your consent to processing, your data will be deleted, unless there are other legally permissible reasons for retention (such as, for example, retention periods required by tax or business regulations). In that case, deletion will occur once those reasons no longer apply.

 

4.4 Legal Basis for Data Processing.

 

If you have provided your consent for data processing, we process your personal data on the basis of Art. 6(1)(a) of the GDPR, or Art. 9(2)(a) of the GDPR if special categories of data are processed in accordance with Art. 9(1) of the GDPR. In cases where you have provided explicit consent to the transfer of personal data to third countries, processing will also take place on the basis of Art. 49(1)(a) of the GDPR. In addition, if you have consented to the storage of cookies or access to information in your end device (e.g. by fingerprinting the device), processing will also take place on the basis of Art. 25 (1) TTDSG. Your consent can be revoked at any time. If your data is necessary for the execution of the contract or for taking pre-contractual measures, we process your data based on Art. 6 (1) (b) GDPR. We also process your data if necessary to fulfill a legal obligation under Art. 6(1)(c) of the GDPR. Data may also be processed on the basis of our legitimate interest under Art. 6(1)(f) of the GDPR. Information regarding the applicable legal bases is provided in the following sections of this privacy policy.

 

4.5 Transfer of Data to Non-Secure Third Countries and to Non-Certified U.S. Companies under the DPF

 

We use, among other things, tools provided by companies located in third countries that are not considered secure under data protection law, as well as tools from U.S. companies whose providers are not certified under the EU-U.S. Data Privacy Framework (DPF). If such tools are activated, your personal data may be transferred to and processed in these countries. It is important to note that a level of data protection comparable to that of the European Union cannot be guaranteed in such countries.

 

We would also like to point out that although the U.S. is considered a safe third country, the transfer of data to the U.S. is only permitted if the recipient is certified under the “EU-U.S. Data Privacy Framework” (DPF) or if adequate safeguards are in place. Further details on transfers to third countries, including recipients, can be found in this privacy policy.

 

4.6 Recipients of Personal Data

In the context of our business activities, we cooperate with various external parties. In some cases, it is necessary to transfer your personal data to such parties. Data will only be transferred to third parties if this is indispensable for the performance of a contract, if there is a legal obligation (e.g., transmission to tax authorities), if there is a legitimate interest of ours in the transfer within the meaning of Art. 6(1)(f) of the GDPR, or if another legal basis allows such a transfer.

 

If we use data processors, your personal data are transferred exclusively under a contract governing the processing of orders. In the case of joint processing, a specific agreement is made.

 

4.7 Revocation of Consent to Data Processing

 

Many data processing operations are only possible with your explicit consent. You have the right to revoke your consent at any time. Revocation does not affect the lawfulness of the processing carried out prior to the revocation.

 

4.8 Right to Object to Data Collection in Special Cases and Direct Advertising (Art. 21 GDPR)

If data processing takes place on the basis of Art. 6(1)(e) or (f) of the GDPR, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, including profiling based on these provisions. If you object, we will no longer process your personal data, unless we can demonstrate the existence of compelling legitimate grounds that override your rights and freedoms, or if the processing is necessary for the establishment, exercise or defense of legal rights.

 

If your data is processed for direct marketing purposes, you have the right to object at any time to processing for such purposes, including marketing-related profiling. If you object, your data will no longer be used for direct marketing purposes.

 

4.9 Right to File a Complaint with the Supervisory Authority

 

In the event of a breach of the GDPR, you have the right to file a complaint with the relevant supervisory authority, particularly in the member state where you reside, work, or where the alleged breach occurred. The right to file a complaint is independent of any ongoing administrative or judicial proceedings.

You have the right to receive the personal data you have provided to us, processed automatically on the basis of your consent or in performance of a contract, in a structured, commonly used, machine-readable format. If you request, such data may be transferred directly to another data controller, insofar as this is technically feasible.

 

4.10 Right to Data Transfer

 

You have the right to receive the personal data you have provided to us, processed automatically on the basis of your consent or in performance of a contract, in a structured, commonly used and machine-readable format. If you request, such data may be transferred directly to another data controller, insofar as this is technically feasible.

 

4.11 Information, Corrections and Deletions

Under applicable laws, you have the right to obtain free information about the personal data we store, its origin, recipients, and the purposes of processing. If necessary, you also have the right to request the correction or deletion of such data at any time. If you have further questions regarding your personal data, you may contact us at any time.

 

4.12 Right to Restriction of Processing

 

You have the right to request the restriction of the processing of your personal data. You may contact us at any time to make such a request. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we generally need time to verify this issue. During the review, you have the right to request that the processing of your personal data be restricted.

  • If we have processed your personal data unlawfully, you may request that we restrict the processing rather than delete it.

  • If we no longer need your personal data, but you need to retain it for the exercise, defense, or assertion of legal rights, you have the right to request restriction of the processing of your personal data instead of its deletion.

  • If you have filed an objection under Article 21(1) of the GDPR, a balancing of your interests against ours is necessary. Until it is determined which interest prevails, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, your personal data - apart from its storage - may be processed only with your consent, or for the establishment, exercise or defense of legal rights, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

 

4.13 SSL or TLS Encryption

 

This site uses SSL or TLS encryption for security reasons to protect the transmission of confidential data, such as orders or inquiries. You can recognize a secure connection by the prefix “https://” in the URL and the padlock symbol in the browser. With SSL or TLS encryption enabled, the data you transmit cannot be read by third parties.

5. COLLECTION OF DATA ON THIS WEBSITE

5.1 Cookies

 

Our website uses so-called “cookies”. Cookies are small packets of data that do not cause any harm to your end device. They are stored on your device temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your browser.

 

Cookies may come from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies allow the integration of certain services of outside companies within the websites (e.g., cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary because some website functions would not work without them (e.g., shopping cart function or video display). Other cookies may be used to assess user behavior or for advertising purposes.

Cookies that are necessary to perform the electronic communication process, to provide certain functions you have requested (e.g., the shopping cart function) or to optimize the website (e.g., cookies to measure web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lett. f of the GDPR, unless another legal basis is specified. The site owner has a legitimate interest in storing cookies necessary for the provision of its services in a technically correct and optimized manner. If your consent to the storage of cookies and similar technologies for recognition has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lett. a GDPR and § 25 para. 1 TTDSG); consent can be revoked at any time.

 

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. If cookies are turned off, the functionality of this website may be limited. You can find out what cookies and services are used on this website in this privacy policy.

 

5.2 “Get in Touch” Contact Form

 

If you send us requests via the contact form, your data in the request form, including the contact details you provide, will be stored by us to process the request and in case of follow-up questions. We will not provide this data to third parties without your consent.

 

This data is processed on the basis of Art. 6 para. 1 lett. b GDPR, if your request concerns the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing requests addressed to us (Art. 6 par. 1 lett. f GDPR) or your consent (Art. 6 par. 1 lett. a GDPR), if required; consent can be withdrawn at any time.

 

We will retain the data you provide in the contact form until you request their deletion, by revoking your consent to their retention, or when the reason for their retention is no longer relevant (e.g., after fulfilling your request). Mandatory legal provisions, particularly retention periods, remain unchanged.

 

5.3 Request via Email or Telephone

 

If you contact us by email or telephone, we will store and process your request, including all personal data (name, request), in order to process your request. We will not provide this data to third parties without your consent.

 

This data is processed on the basis of Art. 6 para. 1 lett. b GDPR, if your request concerns the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing requests addressed to us (Art. 6 par. 1 lett. f GDPR) or your consent (Art. 6 par. 1 lett. a GDPR), if required; consent can be withdrawn at any time.

 

The data you send us through contact requests will remain with us until you request their deletion, revoke your consent to their retention, or when the reason for retaining the data is no longer applicable (e.g., after your request has been processed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected.

6. FINAL NOTE

This privacy policy was created with the help of a data protection generator. The GDPR (Regulation (EU) 216 / 679, applicable as of May 25, 2018) applies within the EU member states.

bottom of page