Privacy Notice

Version 1.0 - February 29, 2020

The React Bricks CMS service (from now on referred also as "we") may collect some personal data from its users (from now on referred as "you").

We are committed to protecting your personal data and to be very transparent about personal data collecting and processing.

This Privacy Notice, in compliance with the General Data Protection Regulation EU 2016/679 (GDPR), explains clearly what data we process, why we need them and how we collect and process them.

We may change this Privacy Notice from time to time. If we make changes, we will notify you by updating the date at the top of the policy and, in some cases, we may provide you with additional notifications, such as adding a statement to our homepage or sending you a notification. We encourage you to review the Privacy Policy whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.

1. Data Controller and Contact information

F2 .net engineering s.r.l.
Via Tasso, 50 - 24121 Bergamo (BG) - Italy
VAT-ID: IT03099890166

If you have any questions or concerns about our privacy policy, or our practices with regards to your personal data, please contact us at legal@reactbricks.com

2. What personal information we collect and process

2.1 Personal information you provide to us

Upon registration we collect your first name, last name, company name and e-mail address.

In React Bricks Dashboard you can provide further information, such as an image for you profile (avatar) and an account name.

When you contact us for support or other customer service requests, we collect any information provided by you related to such support or service requests.

We don't collect financial information from you (such as your payment card number, expiration date or security code). All payments to us are handled via a third party, Paddle Ltd (https://paddle.com). You may find their Privacy notice at https://paddle.com/gdpr.

2.2 Personal information we collect automatically when you use our services

When you access or use our Services we automatically collect information about your use of the Services, including the type and version of your browser, machine and device you use, access time, usage time, pages viewed, debug information, your IP address, the page you visited before navigating to our Services and other statistics.

3. Purposes and legal basis of data processing

3.1 Purposes

We collect your Personal Information to:

• Perform our agreement with you
• Operate, maintain, improve, customize and develop our Services (including by monitoring and analyzing access to and use of the Services)
• Provide you with documentation, communications or other services you may request
• Advertise products or services which may be useful to you
• Correspond with you to resolve queries or complaints
• Manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or international laws or regulations
• Protect and ensure safety of our intellectual property rights
• Adhere to legal obligations.

3.2 Legal basis

For individuals in the European Economic Area, our processing of your Personal Information is justified on the following legal basis:

• You have given your consent to the processing of your personal data
• Processing is necessary for the performance of the contract for the use of React Bricks service or to take steps to enter into the contract at your request
• To comply with relevant legal obligations
• For the purposes of the legitimate interests pursued by the controller or by a third party

4. Methods of processing

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your personal data. The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

5. Place of processing

Your personal data is processed at our operating offices in Italy and in any other place where the parties involved in the processing are located. For a full list of third parties involved, see point 6 ("Data processed by third parties").

6. Data processed by third parties

In addition to all of our company's personnel, your data may be disclosed to third parties in order to correctly fulfil the mentioned processing purposes (such as hosting services, administration, sales, marketing, legal). These third parties are appointed, if necessary, as third party data processors.

7. Children

Our Services are not for use by children under the age of 16 years and we do not knowingly collect, store, share or use Personal data of children under 16 years. If you are under the age of 16 years, please do not provide any Personal data, even if prompted by the Services to do so. If you are under the age of 16 years and you have provided Personal data, please ask your parent(s) or guardian(s) to notify us and we will delete all such Personal data.

8. Data retention duration

Personal data shall be processed and stored for as long as required by the purpose they have been collected for. We may be obliged to retain Personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Sometimes it could be an unbearable effort to delete only your data from a compressed backup, so they will be permanently deleted as soon as a new backup replaces the preceding one. Your personal data will not be restored to production systems except in certain rare instances, for example the need to recover from a natural disaster, serious technical or security problem. In such cases, your personal data may be restored from backups, but we will take the necessary steps to erase your data again as soon as possible.

9. Your Rights

We want to make sure that you are fully aware of all of your data protection rights in accordance to GDPR, which are the following:

• Right to be informed: we must tell you what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
• Right of access: you have the right to request a copy of the information that we hold about you.
• Right of rectification: you have the right to correct data that is inaccurate or incomplete.
• Right to erasure: in certain circumstances, you can ask that your data are be erased from our records.
• Right to restrict processing: you can request that we limit the way we use your personal data.
• Right of portability: you can request a copy of your personal data provided to us in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance, when we justify our processing on the basis of your consent or the performance of an agreement with you.
• Right to object: you have the right to challenge certain types of processing, such as direct marketing.
• Right to lodge a complaint: you have the right to bring a claim before your competent data protection authority.