INFORMATION ON THE PROCESSING OF PERSONAL DATA TO BE DELIVERED TO THE DATA SUBJECT
Articles 12 and following of Regulation (EU) 2016/679 (GDPR)
information relating to the processing of personal data carried out on the Tab4 Checker Platform, or will be carried out in relation to the use of our products and services, pursuant to Regulation (EU) n. 2016/679 and subsequent amendments national laws approved by the Italian legislator (hereinafter the "Regulation" or "GDPR"). The Data Processor is the company Mitric S.r.l., with registered office in: via Leone XIII, 14, 20145 Milan, (MI), which can be contacted at the address email@example.com (hereinafter, the "Data Processor", "MITRIC ", the "Company", "we").
We provide this information not only to fulfill the legal obligations regarding the protection of personal data provided for by the GDPR, but also because we believe that the protection of personal data is a fundamental value of our business and we want to provide you with any information that can help you protect your privacy and control how your data is used.
The Data Processor
The Data Processor can be contacted at the e-mail address: firstname.lastname@example.org.
Categories of Personal Data processed
To allow the contractual relationship with MITRIC or when you visit, consult, request or use the Checker SaaS Service via the MITRIC Tab4 Checker platform we collect and use your personal data (i.e. any information that is able to identify you directly or indirectly). We list below the categories of personal data that concern you:
Identification, contact and access data, such as first name, last name, username, email address, postal address, telephone number, MITRIC ID (if applicable) or username and password;
Product data such as data relating to the services you use;
Information for billing and payment data, such as any VAT number, tax code, address, and possibly the company name;
Navigation data, such as connection data; IP addresses, domain names and other parameters relating to the browser and operating system you use; log data; configuration data; data relating to registrations made, interaction and transaction processes, performance indicators; data relating to navigation flows and page views; usage and feature counts;
Usage data of the Checker SaaS service provided by MITRIC. The usage data relating to the different services you use may be interconnected for lawful and transparent purposes, listed in the following paragraph.
Purpose of the processing
The processing of the categories of personal data referred to above is carried out by the Company, in the performance of its economic and commercial activities, for specific purposes, as better described below.
1. Contractual and Legal Purposes
Allow you to browse the site and the Platform.
Registration and account management (including any account checks and recovery of the credentials of the same, where applicable) and use of the functions connected to the account itself.
Execution of the activities necessary for the conclusion and execution of the contract for the purpose of providing the service requested, purchased or used by you, also through the site and on the Platform.
Handling requests related to registration for webinars and events, preparation of quotes, order processing, provision of service and support.
Management of any complaints and requests, sending of service communications and updates, both through traditional communication tools such as paper mail and through remote communication tools, such as e-mail, chat, telephone, SMS, chatbots, banners, notification and other remote communication tools.
Customer assistance activities, help desk and support for the use of the Checker SaaS, Consulting Services, tutorship activities and management of open tickets for assistance purposes, also through usage data.
Fulfillment of the obligations under the law in force, regulations or community legislation (e.g. tax and accounting obligations) or management and response to requests by the competent administrative and tax authorities as well as from the judicial authority.
The purposes listed above are jointly defined as the "Contractual and Legal Purposes" and the express consent of the data subject is not required. The provision of your personal data for the aforementioned purposes is necessary and mandatory so that in case of refusal we will not be able to continue the contractual relationship with you and the relative supply of the requested services.
2. Legitimate Interest Purposes
For statistical and research analyzes regarding the products purchased and the services provided to you and the use of the same also for the purpose of improving and developing the services themselves, also through the interconnection of data between the various Data Processors and the Data Controller. In compliance with the principle of minimization, where possible, this activity will take place after anonymization and aggregation of the data collected.
For the evaluation of your satisfaction with the services provided by MITRIC, or the resolution of any difficulties and problems relating to their use: e.g. "caring" initiatives to help you make the most of the service and improve the customer experience.
To enforce and defend the Company's rights, also in the context of credit recovery procedures and assignment of credits to authorized companies, also through third parties and to prevent and counter any fraud.
To complete a potential merger, sale of assets, sale of a company, business unit or financial transaction by communicating and transferring data to the third party(ies) involved.
Pursuant to article 130, paragraph 4 of Legislative Decree 196/2003, as amended by the GDPR ("Privacy Code"), To send via e-mail marketing communications on services or products similar to those covered by the contract signed with MITRIC , it being understood that, at any time, you will be in charge to oppose the sending of such communications;
To carry out customer segmentation activities, to whom it is possible to send communications for Marketing Purposes on the basis of what is indicated in this information, based on non-invasive belonging categories, such as, among others, the professional category to which they belong, the city/province /region in which it is based, the type of service purchased. This customer segmentation activity could also be carried out on platforms of third-party suppliers, through interconnection activities with data owned by the third-party platform. In this case, communications for Marketing Purposes will be sent in compliance with the consents expressed by you and in compliance with what is indicated in this information. In this context, the data could also be used to detect profiles of similar customers.
The described "Purposes of Legitimate Interest" do not require your specific consent as they fall within the exception under art. 6, paragraph 1, lett. f) of the GDPR. In any case, in compliance with the GDPR and the Privacy Code, the Company has carried out an in-depth balancing of interests aimed at protecting and guaranteeing the privacy and fundamental rights of the data subjects.
3. Marketing Purposes
To send you updates on news and commercial offers of MITRIC services, even after interconnection of usage data and analysis of your behavior both with respect to browsing the Platform and, more generally, to the use of services or to invite you to participate in events, conduct market research or other commercial and customer satisfaction initiatives both through traditional communication channels such as paper mail or a telephone call from an operator and through automated communication tools such as email, chat, messages (SMS), chatbots and other tools remote communication;
To communicate your personal data to MITRIC, MITRIC SA and its Affiliates and/or commercial partners belonging to its sales network, for sending marketing communications and for other commercial initiatives.
The processing of your data for "Marketing Purposes" is not mandatory. Your prior consent is therefore necessary, which the Customer will request from time to time in the most appropriate forms for each of the activities described above. The consent expressed can always be revoked by you without any consequence with respect to the contractual relationships existing with the Company. The Customer undertakes to identify the data subjects, from time to time involved, to ask them for their prior consent and consequently undertakes to keep this consent, in full compliance with the GDPR and the Privacy Code.
Communication, dissemination and data transfer
In compliance with the principle of finality and minimization, your personal data may be communicated to the following third parties who carry out activities functional to those relating to the product or service purchased, such as: (a) third party suppliers of assistance and consultancy services for the Company with reference to the activities of the sectors (by way of example only) technological, accounting, administrative, legal, insurance, (b) MITRIC, MITRIC SA and its Affiliates, (c) in cases where the contractual relationship provides for the intervention of commercial partners , the Company may share some of your personal data with its distributors, resellers and partners that are part of the MITRIC service distribution chain; (d) banks and credit institutions; (e) debt collection companies; (f) subjects and public authorities whose right of access to your personal data is expressly recognized by law, by regulations or by provisions issued by the competent authorities; (g) prospective purchasers of the Company and entities resulting from the merger or any other form of transformation concerning the Company; (h) public databases and credit information systems.
For Marketing Purposes, and subject to your specific consent, your personal data may also be disclosed to third parties and commercial partners in charge of marketing campaigns carried out on behalf of MITRIC, MITRIC SA and its Affiliates.
Depending on the case, these recipients process your data as independent data controllers, processors or persons in charge of processing. The complete and updated list of subjects who process data as data processors is available upon request to MITRIC, according to the contact methods indicated in this information.
Transfer of your personal data outside the EU territory
Without prejudice to the above, your personal data may be freely transferred within the Community territory. However, where, for the purposes indicated, the Company needs to transfer your personal data outside the European Union to countries not considered adequate by the European Commission (e.g. the United States), the Company will adopt the necessary measures to protect your data personal data, in compliance with the legal guarantees in accordance with the applicable legislation and in particular with articles 45 and 46 of the GDPR.
In the event that you wish to receive further information regarding the existing guarantees and request a copy of them, you can contact the Data Protection Officer according to the methods indicated in this statement.
Methods of data processing
Your personal data is processed by the Company with electronic and manual systems according to the principles of correctness, loyalty and transparency under the applicable legislation on the protection of personal data and protecting your privacy through technical and organizational security measures to guarantee a level of adequate safety, as also described in the MITRIC ISO IEC 27001 manual.
These processing takes place at the Company's headquarters and/or at the external Data Processors who carry out the processing on behalf of the company. With reference to the usage data, in compliance with the purposes described and, where necessary, with your express consent, the analysis activities can be carried out, also by interconnecting your data relating to the different services you purchased from MITRIC, during the use online of the services. For usage statistics, the Company uses tools that allow the collection of usage data. The Company uses analytical tools such as:
Web and customer analytics;
Analytics and document search;
Querying and Dashboarding.
The data will be kept for the period of time necessary to achieve the purposes for which such data were collected, as stated in this information. In any case, the following retention terms will apply with reference to data processing for the purposes set out below:
for the Contractual and Legitimate Interest Purposes, the data are kept for a period equal to the duration of the supply of the services you use and for the following 10 years (period in which the prescription period matures for any contractual liability that could be asserted by the Customer against MITRIC), except in cases where retention for a subsequent period is required for any disputes, requests from the competent authorities or pursuant to applicable legislation;
for Marketing Purposes, the data is kept for a period of 24 months from the date on which the consent is given or renewed upon purchase of a new MITRIC service, or renewal of the same, or the date of the last contact with you to be understood, among others, as the termination of the contractual relationship, participation in a Company event, use of a service provided by the Company or the opening of a newsletter (jointly referred to as the "Last Contact").
Change of choices and withdrawal of consent
If you change your mind, you can change the consent given for marketing purposes at any time by contacting us according to the methods set out in this information. Failure to issue or withdraw consent does not affect the use of our services in any way.
Rights of the data subjects
In relation to the data processing described in this statement, you can exercise the rights under the GDPR (articles 15-21) at any time, including:
receive confirmation of the existence of your personal data and access their content (right of access);
update, modify and/or correct your personal data (right to rectification);
request the cancellation or limitation of the processing of your personal data processed in violation of the law including when the retention is not necessary in relation to the purposes for which the data were collected or otherwise processed (right to be forgotten and right to limitation), without prejudice to a prevailing public interest or a legal obligation of the Company to preserve them;
object to the processing, including profiling (right to object), without prejudice to the existence of an overriding legitimate reason for the Company to continue processing;
revoke consent, where given, to marketing activities;
propose a complaint to the Supervisory Authority (Guarantor for the protection of personal data www.garanteprivacy.it) in the event of a violation of the regulations on the protection of personal data;
receive an electronic copy of the personal data concerning you, to transfer them to yourself or to a different service provider, in the event that the Company carries out the processing of such data on the basis of your consent or on the basis of the circumstance that the processing is necessary for the provision of the services requested by you and the data is processed using automated tools (right to data portability).
To exercise your rights regarding the protection of personal data at any time and free of charge, you can contact the Data Processor, who can be contacted by sending a request to the address email@example.com, or by sending the communication by post to:
Registered office: via Leone XIII, 14
c.a.: Data Processor
When contacting the Company, please be sure to include your name, email/postal address and/or telephone number(s) to be sure that your request can be handled properly.
Changes and Updates
This information may be subject to changes also as a result of any regulatory changes and/or additions. The changes will be notified to the data subjects and the constantly updated information text will be available on the Platform.