Privacy Notice

Version 1.0 - February 29, 2020

The React Bricks CMS service may collect personal data from its users (from now on referred as "you").

We are committed to protecting your personal data and to be very transparent about personal data collecting and processing.

This Privacy Notice, in compliance with the General Data Protection Regulation EU 2016/679 (GDPR), explains clearly what data we process, why we need them and how we collect and process them.

We may change this Privacy Notice from time to time. If we make changes, we will notify you by updating the date at the top of the policy and, in some cases, we may provide you with additional notifications, such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.

Data Controller and Contact information

F2 .net engineering s.r.l.
Via Tasso, 50 - 24121 Bergamo (BG) - Italy
VAT-ID 03099890166.

If you have any questions or concerns about our privacy policy, or our practices with regards to your personal data, please contact us at privacy@reactbricks.com

What personal information we collect and process

Personal information you provide to us

Upon registration we collect your first name, last name, company name and e-mail address. The same data is collected for the invited Content editor users.

When you contact us for support or other customer service requests, we collect any information provided by you related to such support or service requests.

We don't collect financial information from you (such as your payment card number, expiration date or security code). All payments to us are handled via a third party, Paddle Ltd (https://paddle.com). You may find their Privacy notice at https://paddle.com/gdpr.

Personal information we collect automatically when you use our services

When you access or use our Services we automatically collect information about your use of the Services, including the type and version of browser, machine and device you use, access times, usage times, launches, pages viewed, debug, your IP address, the page you visited before navigating to our Services and other statistics.

Purposes and legal basis of data processing

We collect your Personal Information to:

  • Perform our agreement with you
  • Operate, maintain, improve, customize and develop our Services (including by monitoring and analyzing access to and use of the Services for enhancing customer experience, security, advertising and marketing)
  • Provide you with documentation, communications or any other service you request
  • Correspond with you to resolve queries or complaints
  • Manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or international laws or regulations
  • Protect and ensure safety of our intellectual property rights
  • Adhere to legal obligations.

For individuals in the European Economic Area, our processing of your Personal Information is justified on the following legal basis:

  • To perform an agreement with you or take steps to enter into an agreement at your request
  • To comply with relevant legal obligations
  • For justified interest, where this justified interest prevails over your privacy and/or you have consented to the processing.

Place of processing

Your personal data is processed at our offices in Italy and on the database servers where we store data. The database servers are currently located in Italy, but in the future, for performance and redundancy reasons, we could have database servers in other countries of Europe or United States of America.

Data shared with third parties

In addition to all of our company's personnel, your data may be disclosed to third parties in order to correctly fulfil the mentioned processing purposes, to offer you support, to improve our services, to comply with local laws and regulations. Third parties include Paddle Inc. (see Paddle privacy notice) for payment/invoicing processing and Mailchimp to send newsletters (see Mailchimp GDPR compliance notice).

Children

Our Services are not for use by children under the age of 16 years and we do not knowingly collect, store, share or use Personal data of children under 16 years. If you are under the age of 16 years, please do not provide any Personal data, even if prompted by the Services to do so. If you are under the age of 16 years and you have provided Personal data, please ask your parent(s) or guardian(s) to notify us and we will delete all such Personal data.

Data retention duration

Personal data shall be processed and stored for as long as required by the purpose they have been collected for. We may be obliged to retain Personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period. Sometimes it could be an unbearable effort to delete only your data from a compressed backup, so they will be permanently deleted as soon as a new backup replaces the preceding one. Your personal data will not be restored to production systems except in certain rare instances, for example the need to recover from a natural disaster, serious technical or security problem. In such cases, your personal data may be restored from backups, but we will take the necessary steps to erase your data again as soon as possible.

Your Rights

We like to make sure that you are fully aware of all of your data protection rights in accordance to GDPR, which are the following:

  • Right to be informed: we must tell you what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
  • Right of access: you have the right to request a copy of the information that we hold about you.
  • Right of rectification: you have the right to correct data that is inaccurate or incomplete.
  • Right to erasure: in certain circumstances, you can ask that your data are be erased from our records.
  • Right to restrict processing: you can request that we limit the way we use your personal data.
  • Right of portability: you can request a copy of your personal data provided to us in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance, when we justify our processing on the basis of your consent or the performance of an agreement with you.
  • Right to object: you have the right to challenge certain types of processing, such as direct marketing.
  • Right to lodge a complaint: you have the right to bring a claim before your competent data protection authority.