Privacy Policy


The Ciro Vigorito P.iva 16566831000, with registered office in "Via Casabona 70, Roma 00118 - Italia" (hereinafter only the "DATA CONTROLLER"), before communicating any personal data, the DATA CONTROLLER invites you to carefully read this privacy policy ("Privacy Policy"), rendered only for the service offered by the DATA CONTROLLER, for the sites www.drwhyquiz.com, www.drwhyquizlive.com, www.drwhybusiness.com, www.quiz38.com (as well as the related domain extensions) ("Site"), while it does not apply to other websites that may be consulted through external links.


1. Data Controller

The Data Controller of the site is Ciro Vigorito as defined above. For any information relating to the processing of personal data by the DATA CONTROLLER, including the list of data processors, write to: info@drwhyquiz.com.


2. Personal data being processed

"Personal Data" means any information concerning an identified or identifiable natural person with particular reference to an identifier such as the name, an identification number, location data, an online identification or one or more characteristic elements of his physical identity physiological, psychic, economic, cultural or social. The Personal Data collected by the data controller are indicated in point 3 of this privacy policy.

a) Navigation data. The computer systems of the Site and the Blog collect some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with you, but which by its very nature could, through processing and association with data held by third parties, allow you to be identified. These data are used in order to obtain anonymous statistical information on the use of the Site and to check its correct functioning; to allow - given the architecture of the systems used - the correct provision of the various functions requested by you, for security reasons and to ascertain responsibility in case of hypothetical computer crimes against the Site or third parties.

b) Data provided voluntarily. Through the Site you have the opportunity to voluntarily provide Personal Data such as name, surname, tax code, VAT number, telephone, address, paypal account and e-mail address. The data controller will process these data in compliance with the Applicable Regulations, assuming that they refer to you or to third parties who have expressly authorized you to provide them on the basis of an appropriate legal basis that legitimizes the processing of the data in question. With respect to these hypotheses, you place yourself as an independent Data Controller, assuming all legal obligations and responsibilities. In this sense, you give the fullest indemnity on this point with respect to any dispute, claim, request for compensation for damage from treatment, etc. that it should reach the data controller from third parties whose Personal Data have been processed through your use of the Site in violation of the Applicable Regulations. Furthermore, the Data Controller will process the aforementioned data according to the minimization principle; therefore not all data will be requested upon registration. Most will be optionally provided by the interested party to complete their private profile (not accessible to the public) or must be provided when paying for the purchase of products or services as well as for participation in some events.

c) Data processed in interaction with social networks. In addition to filling in the appropriate form for requesting services, you can submit this request, if you have a Facebook profile, also by simply clicking on the "Register with Facebook" button. In this case, Facebook will automatically send some of your data to the Data Controller, specified in the appropriate "pop-up" window that is displayed at the time of the request, and will eventually and if necessary take care of the Data Controller to request further data directly from the data subject.


2.1 Cookie Policy:

The data controller collects Personal Data through cookies. More information on the use of cookies and related technologies are available at this link.


3. Purpose, legal basis, mandatory or optional nature of the processing.

The personal data provided through the site will be processed by the data controller for the following purposes:

a) purposes relating to the execution of a contract of which you are a part or to the execution of pre-contractual measures taken at your request (e.g. request for information, registration for the newsletter service, etc.);
b) purposes related to the fulfillment of a legal obligation to which the controller is subject;
c) purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions;
d) allow navigation of the Site and the provision of the Owner services; among these services, some necessarily involve the processing of data for profiling purposes;
e) carry out marketing activities, with the exception of your explicit refusal to receive such communications, which you can express during registration or on subsequent occasions;
f) send information updates on the activities of the Data Controller (so-called newsletter).

The provision of your Personal Data for the purposes listed above is optional, but their failure to provide it could make it impossible to meet your request or fulfill a legal obligation to which the data controller is subject. For marketing purposes, sending newsletters and profiling, specific consent is required, without which the reference service cannot be provided.

If the customer gives explicit consent, the contact details provided may be used by the Data Controller for the promotion of products or services, for sending advertising materials or for carrying out commercial communications.

By granting consent to the Processing for Marketing Purposes, pursuant to art. 6, paragraph 1, letter a) of the Regulation, the interested party specifically acknowledges the promotional, commercial and marketing purposes in a broad sense of the treatment and expressly authorizes said treatment both if the means used for the Treatment for Marketing Purposes are the telephone with operator or other non-electronic, non-telematic or not supported by automatic, electronic or telematic mechanisms and / or procedures that where the means used for the Processing for Marketing Purposes are electronic mail, fax, sms, mms, automatic systems without operator intervention and the like, including electronic platforms and other telematic means.

Pursuant to the General Provision of the Privacy Guarantor of 15 May 2013 entitled "Consent to the processing of personal data for" direct marketing "purposes through traditional and automated contact tools", the attention of the interested parties is specifically drawn to the fact that:

1. Any consent given for sending commercial and promotional communications through IT or telematic methods will imply the receipt of such communications, not only through said automated contact methods, but also through traditional methods, such as paper mail or calls via operator;
2. The collection of consent from time to time will be unitary and overall and will refer to all possible means of marketing treatment. To proceed with the Treatment for Marketing Purposes it is mandatory to acquire a specific, separate, expressed, documented, preventive and completely optional consent;
3. The possibility to withdraw consent to the processing of personal data for "direct marketing" purposes, even if only partially with respect to certain means or treatments, remains unaffected;
4. The aforementioned revocation can be exercised by writing to info@drwhyquiz.com and that the opposition to this treatment will not have any consequence on the provision of the services.

Furthermore, the Data Controller informs the interested party that the data could also be communicated to third party commercial partners. The consent to the Processing for Marketing Purposes - where provided by the interested party - does not also cover the different and further marketing treatment represented by the communication to third parties of the data for the same purposes. To proceed with this external communication it is mandatory to acquire from the data subject a further, separate, additional, documented, expressed and entirely optional consent, in compliance with the General Provision of the Guarantor of 4 July 2013 containing the Guidelines to combat spam.

Pursuant to the General Provision of the Guarantor of 4 July 2013, containing the Guidelines to combat spam, the third party recipients of the communication of the personal data of the interested parties for the subsequent Treatment for Marketing Purposes can be identified with reference to the following subjects and the following categories product or economic:

Third parties belonging to the commodity sectors of publishing, sports companies, suppliers of electronic communications goods and services, Internet service providers, communication agencies, companies that provide insurance and financial services, companies in the food and catering sector, clothing, ICT hardware and software, banks and credit institutions, travel agencies, companies offering services in the tourism sector, companies offering services and goods for the person, companies supplying goods and services in the energy and gas sector.

The provision of personal data to the Data Controller and the provision of both consent to the Processing for Marketing Purposes and the distinct consent to communication to third parties for the Processing for Marketing Purposes for the purposes and with the methods described above are absolutely optional and always revocable.

Since the purposes of the treatment pursued are not exclusively of a specific commercial, advertising, promotional and marketing nature in a broad sense and that the modules on the Site do not by default pursue these purposes, if the interested party does not intend to give consent to the Treatment for Marketing Purposes the consequence will be the impossibility of using some services of the Data Controller. Failure to provide the Treatment for Marketing Purposes will not cause any interference and / or consequence on any other and further contractual, contractual or other relationships existing with the user.

The user is then free to give consent to the Treatment for Marketing Purposes but also not the further consent to the communication to third parties who in turn wish to proceed with the Treatment for Marketing Purposes. Where the user does not intend to give consent to the communication of his data to third parties for the processing for marketing purposes, the consequence will be that there will be no communication from the company and the data will be processed only and exclusively by the company, where the user has given consent to the Treatment for Marketing Purposes and has therefore registered on the Site.


4. Recipients

Your Personal Data may be shared, for the purposes specified in point 3, with:
  • subjects appointed inside or outside the structure of the Data Controller, necessary for the provision of the services offered;
  • subjects who typically act as data processors;
  • subjects, entities or authorities to whom it is mandatory to communicate your personal data pursuant to legal provisions or orders from the authorities;
  • jurisdictional authorities in the exercise of their functions when required by the Applicable Regulations;
  • third parties, with specific consent, for marketing and / or profiling purposes;



5. Transfer of data abroad

In consideration of the fact that the servers used by the owner are located in France and that the owner's premises are in Italy and Malta, personal data are and can be transferred to a third country belonging to the European Union. Therefore, the Data Controller informs that it is not necessary to acquire the relative consent to proceed with the processing of data for primary purposes of the contract and represented by the transfer of your personal data to countries located within the European Union, on the basis of the conditions of lawfulness of the treatment indicated by law.


6. Data retention times

The data controller will process your Personal Data for the time strictly necessary to achieve the purposes indicated in point 3 or, where necessary for the protection of the Data Controller's rights and / or the fulfillment of legal obligations, for 10 years from the last legally relevant treatment of the single data.


7. Rights of the interested party

As a person interested in the processing of personal data, the interested party may at any time take advantage of the faculties and rights provided for in art. 13, paragraph 2, letters a) b) c) d) e), 15, 16, 17, 18, 20 and 21 of EU Reg. 679/2016. In particular it is up to:
- the right to obtain confirmation of the existence or not of personal data concerning you;
- the right of access, that is, to have communication of the data concerning you upon simple request;
- the right to object which provides for the possibility of opposing the processing of your personal data for legitimate reasons;
- the right to rectification, i.e. modification and updating of data;
- the right to be forgotten, that is, to have your data deleted. In order to implement the right to be forgotten, the following distinction should be made:
  • if the data processing presupposes an express consent, the revocation of the latter will be sufficient to obtain the automatic cancellation of the data;
  • if the data processing presupposes consent for conclusive facts, the cancellation can be carried out, on request, only if the personal data are no longer necessary with respect to the purposes for which they were collected or processed;
- The right to limit the processing that minimizes the use of data processing to what is necessary for its purposes. However, this right is provided only in the following mandatory cases:
  • Where the interested party disputes the accuracy of personal data and for the time strictly necessary to verify its accuracy;
  • Where, in the presence of illegal treatment, the interested party opposes the cancellation of the data;
  • Where, if the Data Controller no longer needs to keep the data, there is an interest by the interested party in their conservation for the purpose of exercising or defending a right in court;
- in case of opposition to the treatment, but only for the time necessary to establish the pre-eminence between the interest of the Data Controller and the right of the interested party. The limitation can be revoked at any time and before the revocation is effective, the Data Controller will inform the interested party;
- the right to portability of the data provided by the interested party which allows the interested party to receive personal data concerning him in a commonly used format;
- the right to withdraw consent to the processing of data for the primary purposes of the processing at any time. The revocation of consent could however make it impossible to provide the service and in any case does not affect the lawfulness of the treatment based on the consent given before the revocation;
- The right to withdraw consent to the processing of data for secondary marketing and newsletter purposes of the processing at any time. The withdrawal of consent does not imply the impossibility of not using the services of the Owner. In any case, this revocation does not affect the lawfulness of the treatment based on the consent given before the revocation;
- The right to lodge a complaint for violation of the law with the Privacy Authority, without prejudice to any other legal action.

The exercise of rights is not subject to any form constraint and is free of charge.
Requests should be sent via email to: info@drwhyquiz.com


8. Security Measures
The processing of personal data is guaranteed by the application of appropriate and preventive security measures that allow to minimize the risks of destruction or loss, even accidental, of the data themselves, of unauthorized access or of unauthorized or non-compliant treatment purpose of the collection.

The organizational choices and the operating procedures regarding security in the processing of personal data are also defined by the processing of sensitive personal data by electronic means.

The security system for personal data identifies the organizational choices and the operating procedures regarding security in the processing of personal data, in particular with regard to:
  • The list of personal data treatments;
  • Access to authorized personnel based on the purpose of the processing;
  • The analysis of the risks hanging over the data;
  • The measures to be taken to guarantee the integrity and availability of the data;
  • The description of the criteria and methods for restoring the availability of data following destruction or damage;
  • The provision of training interventions for data processors, to make them aware of the risks that affect the data, the measures available to prevent harmful events, the profiles of the discipline on the protection of personal data most relevant in relation to the related activities, the responsibilities that derive and ways to update on the minimum measures adopted by the Data Controller;
  • The description of the criteria to be adopted to guarantee the adoption of the minimum security measures in case of processing of personal data entrusted outside the structure of the Data Controller or transferred abroad;


Where registered, the user undertakes to keep his personal access credentials confidential and not to share them with third parties. The user also undertakes, once logged in on the website of the Data Controller with his credentials, not to leave the relevant terminal unattended. The Data Controller does not assume responsibility for the illicit use of the said access credentials, except of course in the case in which the abuse is attributable to his responsibility.


9. Place of data processing

The personal data are processed on the premises of the Data Controller, as well as on computer support by means of the software made available by the various Partners and the devices made available to the subjects authorized to process or protect the data.

The treatments connected to the web services of this site are carried out with the help of servers based in "Gravelines" and "Frankfurt" at the OVH data centers (GRA7 and DE1) and are only handled by technical personnel in charge of processing and by any persons in charge of maintenance.

For any further clarification, the interested party can connect to: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1812198
Section updated to 25/05/2018
This website allows sending third party cookies, to send messages in line with your interests. For further information or to deny permission to install all or some cookies, see Cookie Information. Continuing with navigation, the user will confirm aceptance to use cookies.
Ok, I agree