Pursuant to Articles 12 and 13 of EU Regulation no. 679/2016
The Data Controller for the data related to the Site is Mediainfo S.r.l., as indicated above. The personal data collected through the Site are processed at the office of the Data Controller, located in Via Castello 13, 36050, Monteviale (Vi), Italy.
With the term “Personal Data,” reference is made to any information relating to an identified or identifiable natural person. The Personal Data processed by 123Web (hereinafter, also the “Controller”) may be: (i) provided directly by the Data Subject; (ii) collected automatically during Site use; and/or (iii) received from third parties exclusively in cases where the Data Subject chooses to use features that involve interaction with such subjects (e.g., social login/account linking).
In particular, the Data Controller may collect, use, store, and record the following types of data, as regulated by this Privacy Policy:
Generally, Personal Data is processed mainly through computer and online tools, following methods strictly functional to the pursuit of the purposes indicated in this Privacy Policy and in compliance with adequate security measures aimed at ensuring confidentiality, integrity, and availability.
The Controller adheres to the data minimization principle, limiting processing to only relevant and necessary personal data regarding the specific purposes pursued and adopting, where possible, processing methods that result in being less invasive for the Data Subject.
The Personal Data provided through the Site are processed by the Controller for the following purposes and according to the relative legal bases:
a) Performance of the contract and provision of services (art. 6, par. 1, lett. b) GDPR), such as, by way of example: registration and creation of the account, management of access and functionality of the Site, purchase and use of paid services, assistance to users, and management of requests;
b) Compliance with legal obligations and protection of the Controller’s rights (art. 6, par. 1, lett. c) and f) GDPR), including the management of complaints or disputes, defense in court, as well as the response to requests from competent judicial or administrative authorities or subjects authorized by them;
c) Pursuit of the legitimate interest of the Controller (art. 6, par. 1, lett. f) GDPR), such as the management, maintenance, and security of the Site, the provision of administrative and IT services, the prevention of fraud and other illegal activities, as well as tests, collection of aggregate and anonymous statistics, updates, and maintenance of the systems, management of hosting and technical infrastructure;
d) Direct marketing activities, upon consent of the Data Subject (art. 6, par. 1, lett. a) GDPR), such as sending promotional communications, newsletters, commercial offers, informative initiatives, or advertising material related to the services of the Site, through automated tools and/or traditional methods of contact. Consent can be revoked at any time without affecting the lawfulness of the processing carried out before the revocation.
123Web presumes that the data communicated by the Data Subject are true and that they refer to the latter. Should the Data Subject communicate personal data referring to third parties, the Data Subject declares to have the right to do so and that such communication occurs in compliance with the Applicable Regulations. Should the Data Subject use 123Web services to create and manage websites for their customers or final users, the Data Subject acts in the capacity of an independent data controller. In such cases, 123Web processes personal data exclusively to provide the technical services requested by the Data Subject and operates as a data processor, according to the instructions received. The Data Subject is therefore responsible for providing final users with adequate privacy and cookie policies, identifying the legal basis for processing, and collecting any necessary consents. In this sense, the Data Subject undertakes to indemnify and hold 123Web harmless from any dispute, claim, penalty, or request for compensation resulting from processing carried out by the Data Subject in violation of the Applicable Regulations or from unlawful instructions given to 123Web, without prejudice to 123Web’s liability for any violations directly attributable to it.
For further information regarding the nature of the processing or the specific legal basis applicable to their personal data, the Data Subject can contact 123Web according to the methods indicated in point 10.
Your Personal Data may be shared, for the purposes specified in point 4, with:
a) subjects appointed by the Data Controller for the provision of services offered by the Site;
b) subjects who typically act as data processors, namely: (i) people, companies, or professional firms that provide supply, assistance, and consultancy activities to the Data Controller in accounting, administrative, legal, or technical matters; (ii) professionals who are collaborators of the Data Controller whose activity is essential for the provision of the Site’s services;
c) subjects, entities, or authorities to whom communicating your personal data is mandatory by law or orders of the authorities;
d) judicial authorities in the exercise of their functions when required by the Applicable Regulations.
The Data Controller may use collaborators, subjects in charge, and/or data processors (bound to comply with this Privacy Policy, adequate security and confidentiality standards, and the obligations provided by the Applicable Regulations) for the performance of activities and services such as: (i) graphic, structural, and code development of websites using artificial intelligence tools and functionalities; (ii) registration of domain names; (iii) hosting and management of servers; (iv) management of the e-mail box; (v) management and supervision of customer databases; (vi) sending promotional or advertising communications; (vii) management and collection of payments; (viii) archiving and data analysis; (ix) prevention and contrast of fraud or illegal activities, IT security, and data protection; (x) analysis, management, development, and improvement of systems, services, and features of the Site.
With reference to the aforementioned third-party providers, the Data Subject is invited to consult their respective privacy policies in order to obtain detailed information regarding any processing of personal data carried out by them, as well as the related purposes and legal bases.
The personal data collected by the Controller may be processed within the European Union and, where necessary, also in third countries (extra-EU/EEA), for example in the United States, also through service providers (e.g., Google LLC). In such cases, the transfer occurs: (i) on the basis of an adequacy decision by the European Commission pursuant to art. 45(1) GDPR, where the recipient in the United States adheres and is certified (with active certification) under the EU-U.S. Data Privacy Framework; or (ii) in the absence of such certification, on the basis of the Standard Contractual Clauses (SCC) approved by the European Commission pursuant to art. 46(2) GDPR, possibly integrated by adequate supplementary measures.
Personal Data will be kept by the Data Controller for the time strictly necessary to fulfill the purposes indicated in point 4, as well as for the fulfillment of any legal, fiscal, or accounting obligations. In any case, retention will not exceed 10 years from the last processing carried out. With reference to marketing activities, personal data will be kept for a maximum period of 24 months from the last processing carried out for these purposes. Technical logs related to the functioning of the Site are kept for a period not exceeding 30 days, while security and access logs are kept for a maximum period of 6 months, except for further retention, limited only to the strictly necessary data, in cases where this is required for incident management, fraud prevention, or the protection of the Controller’s or third parties’ rights.
For the purpose of determining the appropriate retention period for personal data, the Data Controller takes into consideration various criteria, including the quantity, nature, and degree of sensitivity of the data processed, the potential risk arising from unauthorized use or disclosure, the purposes pursued with the processing, and the possibility of achieving those purposes through alternative methods, as well as the applicable legal requirements.
Once the identified retention period has elapsed, the personal data will be deleted or anonymized, unless their further retention is necessary for the pursuit of further legitimate purposes (e.g., to comply with legal obligations) or until the eventual revocation of consent, should the processing be based on such legal basis.
In exceptional cases, the Controller may keep some personal data related to users included in blocklists connected to fraudulent behavior or security threats for an even indefinite period, exclusively to guarantee the protection of the Services, the Site, and the personal data of users. Such lists may be shared, within the strictly necessary limits, with collaborators, providers appointed as data processors, and authorized subjects, bound by confidentiality and security obligations, for the purposes of prevention and contrast of fraud and strengthening the security of the Services.
In accordance with EU Regulation 679/2016, the Data Subject can exercise, at any time, the following rights:
1. Right of access, understood as the right to obtain confirmation of the fact that their personal data are being collected, processed, and stored by the Data Controller. In particular, the Data Subject can access the following information: (i) purposes of processing; (ii) types or categories of personal data; (iii) legal bases for processing depending on the type of data; (iv) people to whom the personal data have been or will be disclosed; (v) criteria and retention period planned for each type of data.
The Data Subject will also have the right to obtain a written copy, in digital format, with the detail of the processed personal data pertaining to them following the demonstration of their identity through an official identity document and provided that this is not harmful to the rights and freedoms of other people.
2. Right to erasure and rectification, understood as the right to request the suppression and removal of personal data present on the Data Controller's database as well as the right to request modifications or integrations regarding the accuracy and currency of the personal data in the Controller's possession.
The Data Subject can request the deletion of their personal data, which will be deleted without unjustified delay in any of the following cases: (i) the personal data are no longer necessary in relation to the purposes for which they were collected and processed; (ii) withdrawal of consent, should the processing be based on consent and no other legal basis exists that allows it; (iii) opposition to processing without legitimate reasons that prevail for proceeding with it; (iv) unlawful processing of personal data; (v) legal obligation by virtue of which personal data must be deleted.
Erasure affects data present in the Controller's systems and their use for future activities and communications; however, it is not possible to guarantee the removal of information already shared or transmitted to third parties (e.g., other users or payment providers), who could keep it for legitimate purposes or legal obligations. Furthermore, the possibility of keeping certain data within the limits allowed or required by the regulations and/or for the pursuit of the Controller’s legitimate interests remains valid. In case of total erasure, the e-mail address may be kept exclusively to prevent duplicate registrations and for identification purposes, without use for marketing or sharing with third parties. Finally, even after erasure, some content could remain temporarily available through cached copies or on Internet pages not under the Controller’s control.
The Data Subject may also request the rectification of their personal data, following which the Controller will carry out the appropriate checks and proceed with the integration or update of the incomplete personal data concerning them.
3. Right to limitation of processing, understood as the right of the Data Subject to obtain from the Controller the suspension of processing of their personal data when: (i) the Data Subject contests the accuracy of the personal data, for the time necessary for the Controller to verify its correctness; (ii) the processing is unlawful and the Data Subject, instead of requesting erasure, asks that the use of data be only limited; (iii) the personal data, although no longer necessary for the Controller for the purposes of processing, are necessary for the Data Subject for the ascertainment, exercise, or defense of a right in court; (iv) the Data Subject has opposed the processing, pending verification of the prevalence of the Controller’s legitimate reasons over those of the Data Subject.
4. Right to data portability, understood as the right of the Data Subject to receive calculations relating to themselves in a structured, commonly used, and machine-readable format (e.g., computer, smartphone) as well as to obtain their transmission to another company when: (i) processing is based on consent or a contract; (ii) processing is carried out by automated means.
5. Right to lodge a complaint before a supervisory authority in the Data Subject’s Member State, if they believe that the processing carried out by the Controller is contrary to or violates the Applicable Regulations.
The Data Subject can revoke consent to the processing of their personal data at any time; revocation does not affect the lawfulness of the processing carried out before it. To exercise the rights described above, the Data Subject is invited to contact the 123Web support team according to the methods indicated in point 10 of this Privacy Policy.
This Privacy Policy is in effect from 02/20/2026. The Data Controller reserves the right to modify or simply update its content, in part or completely, also due to variations in the Applicable Regulations. The Data Controller will inform of such variations as soon as they are introduced and they will be binding as soon as they are published on the Site. The Data Controller therefore invites you to regularly visit this section to learn about the most recent and updated version.
The Data Controller is Mediainfo S.r.l., a company under Italian law with registered office in Via Castello 13, 36050, Monteviale (Vi), Italy and VAT no. 04323530248.
To exercise the above rights or for any other request, the Data Subject can write to the 123Web privacy support team at the following e-mail address: admin@123web.ai.
The processing of personal data occurs through the adoption of adequate technical and organizational, preventive and proportionate to the risk, measures aimed at protecting data from destruction or loss, including accidental, from unauthorized access, as well as from unlawful or non-compliant processing for the purposes for which they were collected. The security system adopted by the Controller defines the organizational choices and operational procedures regarding the protection of personal data and includes, in particular: the list of personal data processing; the regulation of reserved access to authorized personnel based on specific purposes; the assessment of risks associated with the processing; the identification of measures suitable for guaranteeing confidentiality, integrity, and availability of data; as well as the definition of procedures for the recovery of data in case of destruction or damage.
The Data Controller uses cookies to collect some Personal Data. Further details on the use of cookies and similar technologies are available in the specific section of the Site.
Last update 02/20/2026.