Information notice regarding the data processing pursuant to article 13 of Reg. (EU) 2016/679
Pursuant to and for the effects of art. 13 of Commission Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), we inform you that any personal information you have voluntarily made available to Every Software Solutions Srl (Hereinafter also the “Company” or “EVERY SWS“), with its registered office in Milano, via Riccardo Lombardi 19/6, PEC firstname.lastname@example.org which acts as Data Controller, will be processed in compliance with current legislation on personal data protection.
1. Purposes and legal basis of the processing
Personal data you made available to EVERY SWS will be processed within the limits necessary to pursue the following purposes:
- Contractual purposes
a) Fulfill your requests for information, also occurred by simply filling out a Form on the Site;
b) Provide the service and, in general, fulfill the obligations arising from the contract;
The legal base for the data processing is the execution of the contract involving you.
- Fulfilment of administrative obligations purposes
c) Execute activities strictly related and instrumental to the fulfillment of any contractual obligations, such as the internal administration, financial management, receivables collection, execution of payments, tax and accounting obligations.
The legal base for the data processing is the necessity to fulfill an obligation imposed by law.
- Marketing purposes
d) Send information or promotions, such as, for example, invitations to seminars and conferences, newsletters, advertising material and to advertise products and services, even customized and carry out studies, statistical and market analysis, both with traditional contact methods (email paper, calls through the operator) and automated (electronic mail) by EVERY SWS.
The legal base for the data processing is your consent, which is optional and can be withdrawn at any time.
2. Retention period.
The data collected to fulfill your requests for information, will be stored for a maximum period of 24 months. The data collected to provide the Service requested and to fulfill obligations imposed by law will be kept for the contractual duration and, after termination, for the ordinary limitation period of 10 years. For marketing purposes, data collected relating to purchases will be stored for a maximum period of 24 months.
Personal data, devoid of references to purchases, can be kept for no longer than 24 months and as long as the person concerned does not require the deletion. Once the aforementioned retention period has lapsed data will be destroyed or made anonymous compatibly with technical erasure and backup procedures.
3. Provision of data and impact of a refusal.
With reference to the purposes outlined in point 1, contractual purposes, letters a) and b), and fulfilment of administrative obligations purposes, letter c), the provision of your personal data is necessary. Your refusal and/or provision of incorrect and/or incomplete information may prevent us from delivering the activities therein.
With reference to the additional purposes outlined in paragraph 1, marketing Purposes, letter d), the provision of your personal data is optional. However, your refusal and/or provision of incorrect and/or incomplete information could prevent the operation of the so-called marketing activities, including the completion of studies, statistical analysis and market research, but not the reply to your request and the provision of the Service, which will be delivered in any case.
4. Data Communications.
Data may be processed by employees of EVERY SWS who are responsible for carrying out the activities outlined above and have been authorised to process the data and have received suitable operating instructions. Your personal data may be processed to third parties which provide the Company with assistance and services used for the purposes mentioned in point 1 above (such as, but not limited to suppliers, partners, EVERY SWS consultants or other persons and/or entities, including Dealers and Agents connected contractually to EVERY SWS) which have been appointed as data processor and, on behalf of EVERY SWS, shall ensure:
(i) the operation and/or maintenance of websites and the electronic and/or telematics tools used by EVERY SWS;
(ii) management of the Service;
(iii) processing of studies, statistical analysis and market research;
(iv) sending of information or promotions, such as, for example, invitations to seminars and conferences, newsletters, advertising material and/or offers of goods and services in the manner indicated in the previous paragraph 1 letter. d);
(v) support activities with regard to legal, tax, insurance, accountancy, organisational aspects;
Your personal data may also be communicated to third parties which act as data controller, such as e.g. supervisory and regulatory authorities and, more generally, public or private entities, legally authorised to requests data. Such data will not be transferred abroad to non-EU countries.
5. Rights of data subject and complaint to the Supervisory Authority
By contacting the Company via e-mail sent to email@example.com data subjects can ask the controller for access to personal data, or the correction or deletion of personal data, and also have the right to restrict processing1 of the data in the cases set out in article 18 GDPR, and object to processing in the case of legitimate interests of the controller.
Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.
Data subjects have the right to withdraw theirs consents at any time expressed for the marketing purposes, furthermore to object the processing for the marketing purpose. It is understood that data subjects who prefer to get contacted for the above mentioned purpose through traditional forms of communications, to express their objections to automated communications only.
Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
Last update: May 2018