Careers
Menu
Book a demo Contact us
Book a demo Contact us
Careers

Live&Learn

Resources

About

Privacy Policy – YMPACT.XYZ

PRIVACY POLICY – Information document pursuant to Article 13 of EU Regulation 2016/679 – GDPR – Information on the processing of personal data collected from the data subject

In compliance with the provisions of EU Regulation 2016/679 (European Regulation for the protection of personal data – GDPR), we provide you with the necessary information regarding the processing of personal data. The information is provided pursuant to Article 13 of the GDPR and Article 130 of the Privacy Code. The information notice is not to be considered valid for other websites that may be consulted via links on the websites of the data controller, who is in no way responsible for third-party websites. This information notice is also based on the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on cookies, the Guidelines on cookies and other tracking tools of the Italian Data Protection Authority and the EDPB Guidelines 05/2020 on consent under the GDPR, adopted on 04.05.2020.

Personal data that can be processed:

Personal data: any information relating to an identified or identifiable natural person (“data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).

Browsing data: During normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. etc.) and other parameters relating to the user’s operating system and IT environment

Data provided by the data subject: The optional, explicit and voluntary sending of messages to the contact addresses indicated on this website and/or the completion of data collection forms entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data entered

Specific information: Specific information may be presented on the pages of the website in relation to particular services or processing of the data provided.

Cookies

For more information on the cookies used by this website, please see the cookies policy in the footer of the website.

1. DATA CONTROLLER AND HOW TO CONTACT THEM

Pursuant to Articles 4 and 24 of EU Regulation 2016/679, the data controller is Y Hub S.r.l., Largo Danilo Danieli 9, 36071, Arzignano (VI), VAT number/tax code 04411660246 in the person of its pro-tempore legal representative. It can be contacted at the email address privacy@ympact.xyz.

2. PURPOSE OF THE PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD AND NATURE OF THE PROVISION

PURPOSE GROUP A

Website navigation

  • LEGAL BASIS: legitimate interest Art. 6(f) and recital 47: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Activities strictly necessary for the functioning of the website and the provision of the navigation service on the platform.
  • DATA RETENTION PERIOD: until the end of the browsing session. For browsing, see the cookie policy
  • NATURE OF THE PROVISION: with the exception of what is specified for navigation data (which is necessary to allow navigation of the website), the user is free to provide personal data.

Filling in the data collection form for contacts (REQUEST INFORMATION – CONTACTS AREA)

  • LEGAL BASIS: based on the implementation of pre-contractual measures adopted also at the request of the data subject (C44) Art. 6 para. 1 letter b) of the GDPR.
  • DATA RETENTION PERIOD: 1 year
  • NATURE OF PROVISION: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide data marked with the symbol * or the word (required) will make it impossible to obtain what has been requested or to use the services of the data controller.

Possible completion of data collection form (WHITE PAPER DOWNLOAD AREA)

  • LEGAL BASIS: based on the implementation of pre-contractual measures adopted also at the request of the data subject (C44) Art. 6 para. 1 letter b) of the GDPR.
  • DATA RETENTION PERIOD: 1 year
  • NATURE OF THE PROVISION: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide data marked with the symbol* or wording (required) will make it impossible to obtain what has been requested or to use the services of the data controller.

Filling in the data collection form for contacts (REQUEST DEMO)

  • LEGAL BASIS: based on the implementation of pre-contractual measures adopted also at the request of the data subject (C44) Art. 6 para. 1 letter b) of the GDPR.
  • DATA RETENTION PERIOD: 1 year
  • NATURE OF THE PROVISION: the provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide data marked with the symbol * or the word (required) will make it impossible to obtain what has been requested or to use the services of the data controller.

SPONTANEOUS SENDING OF E-MAILS to the addresses on the website: to respond to specific requests for information sent spontaneously to the e-mail addresses on the website, address connect@ympact.xyz in the footer of the website

MANAGEMENT OF REQUESTS TO EXERCISE THE RIGHTS OF DATA SUBJECTS, pursuant to Art. 15 et seq. of the GDPR (rights of the data subject)

  • LEGAL BASIS: Processing is necessary to fulfil a legal obligation to which the data controller is subject (C45) Art. 6(1)(c) of the GDPR.
  • DATA RETENTION PERIOD: The retention period is 5 years from the closure of the request, except in the case of disputes.
  • NATURE OF THE PROVISION: The provision of personal data is mandatory, as it is essential for the fulfilment of legal obligations.

WORK WITH US

  • unsolicited applications with CVs and data collected on forms for: personnel selection, conducting personnel search and selection activities with a view to establishing an
    employment relationship, including for positions other than those for which the data subject has spontaneously applied; management of applications in response to job offers published on our website, interviews and any video interviews (processing of image/audio data); storage of personal data for future selection processes.

GROUP B PURPOSES

DIRECT MARKETING

If the data subject fills in dedicated forms for data collection, in specific areas for the purposes of direct marketing: subject to consent and until such consent is withdrawn, for direct marketing activities by the Data Controller, on its own behalf or on behalf of companies subject to the management and coordination of the Data Controller, without data transfer, market research, direct sales, satisfaction surveys, sending newsletters and promotional material, via email or social networks and sponsorships, commercial and advertising or related to events and initiatives, by the Data Controller via automated means of email, SMS or other types of messages, as well as through telephone calls via an operator. In order to compare and, if necessary, improve the results of communications, the Data Controller uses systems for sending newsletters and promotional communications with reports. Thanks to the reports, the Data Controller will be able to know, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; details of the activity of individual users; details of emails sent, emails delivered and not delivered, and those forwarded. All this data is used for the purpose of comparing and, where necessary, improving the results of communications.

  • LEGAL BASIS: Consent pursuant to Article 6(1)(a): the data subject has given consent to the processing of their personal data.
  • DATA RETENTION PERIOD: Until you object (opt-out/withdraw consent).
  • NATURE OF THE PROVISION: The provision of data for the purposes of GROUP B) is optional, will not affect the other purposes and, in the absence of such data, your data will not be processed for the pursuit of that purpose; refusal to provide such data will not affect the usability of the purposes referred to in GROUP A). Marketing activities are only possible and will only be carried out with the specific consent of the data subject.

3. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA

The personal data provided will be communicated to recipients who will process the data as data processors (Article 28 of EU Regulation 2016/679) and/or as natural persons acting under the authority of the Data Controller and Data Processor (Article 29 of EU Regulation 2016/679) for the purposes listed above.

Specifically, the data will be communicated to

  • Entities that provide services for the website and communication networks, including e- mail, hosting and website management, platforms (including Group companies, affiliates and subsidiaries);
  • firms or companies providing assistance and consultancy services;
  • entities with which the Data Controller has entered into economic agreements;
  • social network platforms;
  • entities that assist the Data Controller in the development of CRM and, with the consent of the data subject, for marketing campaigns and activities;
  • companies subject to management and coordination by Yhub srl;
  • competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request;
  • for the “work with us” section, in addition to internal staff assigned to this task, also entities for the management of selection activities and dedicated platforms.

The entities belonging to the above categories perform the function of Data Processors, or operate in complete autonomy as separate Data Controllers. The list of Data Processors is constantly updated and available by writing to privacy@ympact.xyz

4. DATA TRANSFER OUTSIDE THE EUROPEAN UNION

Personal data will not be transferred to countries outside the EEA.

In the event that Personal Data is transferred to third parties located outside the EU (e.g. the USA), the transfer will take place in accordance with the provisions of the GDPR, Chapter V, Articles 44 et seq. In particular, the transfer will take place to a third country deemed adequate pursuant to Article 45 of the GDPR or, pursuant to Article 46 of the GDPR (e.g. SCC), to a third country that guarantees an adequate level of protection of Personal Data, subject to verification by the Data Controller.

5. AUTOMATED PROCESSING

Personal data will be processed manually, electronically and automatically. Please note that no fully automated decision-making processes are carried out.

No profiling is carried out.

6. RIGHTS OF DATA SUBJECTS

You may exercise your rights as set out in Articles 15, 16, 17, 18, 19, 20 and 21 of EU Regulation 2016/679 by contacting privacy@ympact.xyz

Lei ha il diritto, in qualunque momento, di chiedere al Titolare del trattamento l’accesso ai Suoi dati personali, la rettifica, la cancellazione degli stessi, la limitazione del trattamento e la portabilità dei suoi dati, nel caso. Inoltre, ha il diritto di opporsi, in qualsiasi momento, al trattamento dei suoi dati basato sul consenso e/o sul legittimo interesse.   

Specifically, you have the right to

  • obtain confirmation from the Data Controller as to whether or not Personal Data concerning you is being processed and, if so, to request access to such data and to the information referred to in Article 15 of the GDPR;
  • obtain the rectification of inaccurate Personal Data or the integration of incomplete Personal Data pursuant to Article 16 of the GDPR;
  • request the erasure of Personal Data in the cases provided for in Article 17 of the GDPR;
  • obtain the restriction of processing (i.e. the temporary subjection of Personal Data to storage only), in the cases provided for in Article 18 of the GDPR;
  • object at any time, on grounds relating to his or her particular situation, to the processing of Personal Data concerning him or her carried out on the basis of the legitimate interest of the Data Controller, pursuant to Article 21 of the GDPR;
  • if the processing is based on consent, on a contract or for the implementation of pre-contractual measures taken at the request of the data subject and is carried out using
    automated tools, request to receive the Personal Data in a structured, commonly used and machine-readable format and, if technically feasible, to transmit them to another controller without hindrance, pursuant to Article 20 of the GDPR (‘right to portability’);
  • withdraw consent.

Furthermore, you have the right to lodge a complaint with the supervisory authority in the Member State where you habitually reside or work or in the State where the alleged infringement occurred.

Without prejudice to any other administrative or judicial remedy, if you believe that the processing of your data violates the provisions of EU Reg. 2016/679, pursuant to Art. 15(f) of the aforementioned EU Reg. 2016/679, you have the right to lodge a complaint with the Data Protection Authority (Supervisory Authority www.garanteprivacy.it).

7. CHANGES

The data controller reserves the right to modify, update, add or remove parts of this privacy policy. The data subject is required to periodically check for any changes. In order to facilitate this verification, the policy will contain an indication of the date of its update. Use of the website after the publication of the changes will constitute acceptance of the same.

Date of update 04.11.2025