Newsletter and direct marketing privacy policy

in compliance with article 13 of EU Reg, 679/2016 – GDPR – Processing of personal data collected from the person concerned policy

In compliance with the provisions of EU Reg. 2016/679 (European Regulation on the protection of personal data) please find here all relevant information on the processing of the provided personal data.  This policy is drafted in compliance with art. 13 of EU Reg. UE 2016/679 (European Regulation on the protection of personal data)

1 The DATA CONTROLLER pursuant to articles 4 and 24 of EU Reg. 679/2016 is Wyscout spa with registered office in Corso Garibaldi, 32/8 16043 Chiavari (GE) ITALY, represented by the Chairman of the Board of Directors and CEO, who can be contacted by email at

2 The DATA PROTECTION OFFICER (DPO) pursuant to articles 37 – 39 of EU Reg. 679/2016, appointed, can be contacted by email at


Personal data shall be processed for the following purposes:

– filling in the data collection form for direct marketing, for the delivery of communications, newsletters and promotional and business information, market research or other product research and direct sales, information material, for the assessment of customer satisfaction, for commercial and advertising material or material concerning events and initiatives, by the Data Controller: by automated means such as e-mail, SMS (Short Message Service) or other, as well as by telephone calls via operator and paper mail.

LAWFULNESS: Data processing shall be performed in compliance with the lawfulness conditions of art. 6 of EU Reg. 2016/679:

– by consent and until objection.

The Controller shall send news and promotions through systems that generate reports, to compare and improve the outcome of the various communications.  Thanks to such reports, the Data Controller shall be able to know, for instance: the number or readers, the number of opened messages, the number of single clicks and of clicks; the devices and operating systems used to read the communication; details on the activities of individual users; details of sent, delivered and undelivered and of forwarded emails. All these data are used to compare and improve, if necessary, the outcome of the various communications.


Personal data will be communicated to recipients, who will process the data as processors (art. 28 of EU Reg. 2016/679) and / or as natural persons acting under the authority of the Data Controller and Data Processor (art. 29 of EU Reg. 2016/679), for the purposes listed above in paragraph 3, and to third parties. More specifically, data will be communicated to:

– companies controlled by, controlling or under the joint control of Wyscout or its associated companies; – service providers specifically identified and authorised by Wyscout or other subjects with whom Wyscout executed co-operation agreements with regard to the Platform or the services covered by the platform; – subjects providing management services for the computer system and communication networks (including email); –  firms or Companies within the context of assistance and consultancy relationships; – competent authorities to fulfil legal obligations and/or provisions of public bodies, on request; – in case the processing is done for administrative or accounting purposes, data can be transferred to business information companies for the assessment of the solvency and payment patterns and/or to debt collection agencies. Subjects belonging to the abovementioned categories shall become the Data Processors, or shall operate in a completely autonomous way, as Data Controllers in their own right. The list of designated Data Processors is constantly updated and is available upon request to


A transfer of personal data to European Union and non-European Union Countries can occur in order to fulfil any of the connected purposes mentioned above. Data shall be transferred in compliance with article 44 and following of EU Regulation 679/2016, only on the basis of an adequacy assessment or subject to appropriate safeguards. Information on the data transfer safeguards can be obtained by writing an email message to


Data shall be processed automatically and manually, in a manner and with tools that ensure maximum security and confidentiality, by specifically appointed subjects. In compliance with the provisions of art. 5 par. 1 lett. e) of EU Reg. 2016/679, the collected personal data  shall be kept  in  a  form which permits  identification of  data  subjects for  no  longer  than  is  necessary  for  the  purposes  for which the personal data are processed.  In particular, Personal Data shall be processed for no  longer  than  is  necessary , as detailed in Recital 39 of the Regulation, that is to say, until the end of any existing contractual relationships, without prejudice for an additional retention period that can be that can be required by law, as also provided for in recital 65 of the Regulation.  With regard to Processing activities carried out with the data subject’s consent, please remember that said consent can be withdrawn at any time. The retention period is determined on the basis of criteria the data subject can be informed of by writing to


Data subjects have the right to obtain access to their personal data and their rectification or erasure, as well as the restriction of their processing, or to object to their processing (articles 15 and following of EU Regulation 679/2016).  They can exercise this right by contacting the DPO by email at the address or by writing to the Data Controller’s main office mentioned above.  Data subjects can revoke their consent at any time, with regard to direct marketing communications, by writing an email to for automatic direct marketing (e-mail. SMS), with the “cancellation from automated communications” subject line, or using our automatic cancellation systems for emails. In order to stop any traditional direct marketing communication (operator phone calls, paper mail), please write an email to  with the “cancellation from traditional communications” subject line.

The data subject has the right to complain to the Data Protection Authority. There is no automated decision-making.


The data subject is free to decide whether to provide any personal data. Provision or personal data is discretionary. However, failure to provide such data shall prevent the sending of direct marketing communications as described above.


The data controller reserves the right to amend, update, add or remove parts of this privacy policy at its sole discretion and at any time. The data subject is required to review any changes on a regular basis. In order to facilitate this review, the policy will contain an indication of the date on which the policy was updated.

Wyscout spa will still send you a message each time there is a substantial change in the Privacy Policy

Updated on: 25.05.18