Business Users Privacy Policy

This document describes the purposes and methods by which our Company, XLbit srl, manages the data of natural persons and/or sole proprietorships acquired or to be acquired during the professional collaboration with other companies.

This Privacy Policy applies to any type of information collected by our Company by telephone, electronically, in writing, or through emails sent to us, or through online platforms such as our website or our social media.

We may occasionally need to modify this Privacy Policy; in the event of significant changes, we will highlight them on our online platform and/or notify you by other means, such as email, so that you can review them.

What kind of data do we collect?

In order to provide the services of our Company and thus establish a business relationship with your company, we may need to receive certain data from natural persons such as first and last name, phone number, email address, company role, and data from sole proprietorships such as the owner's name, date of birth, tax code, VAT number, contact numbers, email addresses, name, type, and address of the business, and other distinguishing data.

This information may be collected when sending/receiving commercial offers, or if you contact our offices, either directly or through means/tools such as telephone, email, social media, or our website.

In relation to the purposes indicated in this Policy, your data may be processed electronically and on paper.

Why do we collect and process your data?

The processing of the data mentioned in the previous paragraph will be for one of the following purposes:

  • to meet pre-contractual needs (e.g., to follow up on requests for information/quotes, etc.) and/or to fulfill contractual obligations;
  • to allow users of our Sites (the YesAlps.com portal and other YesAlps-branded sites) to get in touch with your business and publish reviews, where applicable;
  • to comply with legal and tax obligations;
  • to protect our rights, if necessary;
  • to carry out customer care activities: we may contact you by email, post, or telephone to provide you with information and clarifications regarding the Service (the set of services offered through the YesAlps portal) and to respond to your assistance requests;
  • to carry out marketing activities: once we have obtained your consent, we may use your data to send you promotional information related to the Service.

You can decide at any time not to receive these communications simply by contacting us at the references indicated in this Policy or by following the procedure indicated in your user area.

Updating your preferences may take a few days, so in the meantime, you may continue to receive our communications.

On the other hand, we specify that our Company does not process its customers' data for profiling purposes.

The data thus described, pursuant to Art. 6 of EU Regulation 2016/679, may be collected, processed, and stored by us on the basis of the following principles:

  1. in order to respond to your requests for information, to comply with a legal and/or contractual or pre-contractual obligation to which we are subject; or
  2. where you have given your consent, in relation to marketing purposes, unless you decide to withdraw your consent at any time; or
  3. in order to pursue our legitimate interests.

With reference to customer care purposes, for communications and obligations related to the contractual relationship with your company, the processing of your data does not require your explicit consent as it is carried out based on principle i) above.

Although providing your data is not mandatory, we would like to point out that failure to provide them may make it impossible to provide the Service.

Communication of your data to third parties

The data you provide may be processed by individuals or categories of individuals who act as Data Processors pursuant to Art. 28 of the Regulation or who are authorized to process data pursuant to Art. 29 of the Regulation.

In any case, your data will be used to provide the requested Service.

We do not and will not sell or transfer our customers' data to third parties.

Notwithstanding the above, we may need to communicate some of your data to certain categories of third parties.

Thus, your data may be disclosed to:

  • banking institutions involved in the payment of the agreed fee for the Service, if applicable;
  • insurance companies;
  • debt collection agencies and/or legal advisors;
  • external consultants and professionals who assist our Company with accounting, auditing, and legal advice;
  • any purchasers, lessees of the business branch concerned by the commercial relationship with your company.

Furthermore, we may have to share personal data where required by law or if it is absolutely necessary for the detection, prevention, or conduct of legal proceedings related to fraud or crimes.

We may also have to share personal data with the competent authorities to protect and defend our rights or property.

Finally, we point out that your company's data may be accessible to external professional service providers, such as our IT consultants in case of maintenance/updating of our computer systems; in such cases, we will ensure that these consultants commit to keeping the data confidential and processing it appropriately.

Information collected and non-European countries

Our Company is based in Italy.

Nevertheless, for the processing of the collected data and for the purposes provided herein, we may use IT systems (e.g., email providers, data storage systems) whose servers may be located outside the European Union. In such case, our Company undertakes to ensure compliance with the regulations provided by EU Regulation 2016/679 on the protection of personal data. In particular, in case of data transfer to a non-European country, we will ensure that the transfer is carried out in accordance with this Policy and is governed by standard contractual clauses that guarantee adequate protection for your data.

How we manage data security

It is in our interest to ensure the security of the data collected in accordance with current data protection regulations. To this end, we have implemented a series of internal procedures and use specific technical-IT security systems.

In addition, we have established and implemented security procedures and technical-physical limitations to prevent unauthorized access and use of the personal data contained on our servers.

Furthermore, we have implemented a system that allows only authorized personnel to access the data necessary for their duties, and we ensure that any third party to whom we may communicate your data commits to maintaining the utmost confidentiality and using it exclusively for the purposes indicated in this Policy.

How long will we keep the data?

The data collected by our Company for the purposes set out in this Policy will be retained for the entire duration of the business relationship with your company, as well as for the period necessary to comply with the related legal and/or tax obligations.

The rights of the data subject in relation to the data

The data subject has many rights in relation to the personal data provided.

First of all, you always have the right to request confirmation of whether or not our Company has collected personal data about you, with details of the purposes and methods of processing.

You can request its rectification or erasure, restrict processing, and, where applicable, withdraw your consent.

Notwithstanding the above, we must, however, specify that where the communication of data and its processing is required by a legal obligation, or is necessary for the conclusion of a contract (e.g., negotiations, payment, quote acceptance), the request for their erasure, opposition to their processing, and/or withdrawal of consent may prevent us from concluding or properly executing the contract or other services such as, for example, sending promotional communications.

Finally, you can lodge a complaint with the supervisory authority pursuant to Art. 13 of EU Regulation 679/2016.

If you wish to exercise any of the rights described, or if you have any complaints or questions, you can contact us at info@yesalps.com

Who is the data controller

The Data Controller is XLbit srl, a company under Italian law with its registered office in Trieste.

For any information or request regarding this Policy, you can contact us at the following address: info@yesalps.com