Privacy statement pursuant to Italian Legislative Decree 196/2003 and UE Regulation 2016/679
Last modified: May 18th, 2018
Dear Client (hereinafter “Data Subject”),
A. Data Controller
The Company is the Data Controller in relation to the processing of the personal data you notified upon your registration or sign-up to its website http://sellfapp.com (“Website”) or to its Application, or during the provision of the service provided by the same.
Your Data will be processed by the Company as well as by subjects specifically appointed as “Data Processors”. To obtain the full list of Data Processors please send an email to the addresses specified under point “I” hereinbelow.
B. Personal data collected
The only personal data that the Company collects through the Website or through the Application, during your registration, is your email address, your name, the phone number, the size and the name of your company. In addition, it is up to you to decide which personal data you wish to load in the Application (hereinafter collectively referred to as “Data”), in order to be able to take advantage of the functions provided by the same Application in the best way possible.
During the payment process of the Application, the Company collects the billing information (name, surname, VAT number, address, social security number, company name). If you choose to pay by credit card, the payment is processed securely by the Company, and the card details are transmitted via a third-party payment gateway.
C. Categories of personal data concerned
In relation to the purposes described in the previous paragraph “B”, the Company processes personal data other than judicial data and considered sensitive (eg data to directly identify racial and ethnic characteristics, religious beliefs and health status and sexual life).
D. Purposes of personal data processing
- The Data are processed, first of all, for registration to the Website and/or the Application and for the proper fulfilment of contractual and legislative obligations for the purpose of carrying out the requested Activity, as well as for the correct maintenance and optimization of the Application and for the internal administrative and accounting management of the Company. They may also be processed to fulfill the obligations set forth in a regulation, by European Community legislation or by an order of the Authority.
Data are mandatorily required for the fulfilment of the aforementioned purposes. If such data are not provided, or are partially or inaccurately provided, the Activity you requested may not be provided.
- Only on your specific and explicit consent, the Data may be processed for marketing purposes such as sending e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Company and for surveying the level of satisfaction of services quality.
- Work with us: the Data collected through the filled in “work with us” form (name, surname, city, telephone number, email address, curriculum vitae and any reference message/letter) will be processed only for the purpose of analysing the candidate’s profile and for any subsequent interview. In order to reply to the candidate’s application it is necessary that such Data are provided: consequently, failing to notify any Data will not allow the Company to examine the candidate’s professional qualifications and to consider any collaboration relation.
E. Personal data processing methods
Data will be processed by means of manual and IT methods by Company employees and collaborators and/or by external subjects duly designated as Data Processors and Persons Tasked with Data Processing, to whom the Company gave detailed operating instructions with special reference to the adoption of the minimum security measures envisaged by the Privacy Code. The complete list of Data Processors is available on request by sending an email to the addresses indicated at the bottom hereof.
F. Data transfer
Personal data is stored on servers located within the European Union. In any case, it is understood that the Company, if necessary, will have the right to move the servers even outside the EU. In this case, the Company ensures from now on that the transfer of data in a non-EU country will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
G. Data retention
The Data Controller will process the Data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 5 years from the termination of the Contract for the purposes of Company services and no later than 5 years from the collection of data for marketing purposes. The Data necessary for the legal protection in case of dispute or controversy, for the fulfillment of obligations deriving from the law, regulations or community legislation, for which the provision is mandatory and the treatment does not require your consent, will be kept for 10 years from the termination of the Contract.
D. Data processing confidentiality and security
The notified Data shall not be disseminated, but may be notified to third parties belonging the following categories – for the same purposes for which they are collected:
- Subjects providing Company IT and telecom networks management services;
- Subjects carrying out control, review and certification of the activities implemented by the Company, even in your interest;
- Advisors or other subjects providing services related to the delivery of the service in question (for example sharing information with systems that process payment data, with email services, with advertising companies, with tools for detecting bugs, with systems that allow access via single sign-on).
Your Data will be processed by subjects (even outsourcers) who have been designated as Data Processors or Persons Tasked with Data Processing and have received in this respect adequate operating instructions, with special reference to the adoption of minimum security measures, for the purposes of ensuring Data confidentiality and security.
I. Which are your rights?
You may ask the Company about how to enforce the rights of the persons concerned as envisaged by Article 7 of Legislative Decree no. 196/03 and art. 15 of the GDPR, or by sending an email to firstname.lastname@example.org.
In particular, you will be entitled:
- to obtain confirmation of the existence or non-existence of your personal data and their communication in an intelligible form (right of access);
- to know the Data origin, the purposes and methods of data processing as well as the rationale of data processing made by electronic tools;
- obtain the identification details of the Data Controller and the Data Processor, as well as the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it;
- to request the update, amendment or – if you are interested – the integration of your personal data (right of rectification);
- to request the erasure, conversion into anonymous form or blocking of data when processed unlawfully, as well as to object to their processing for legitimate reasons (right to erasure, right to restriction, right to object);
- to object to any processing finalized to the circulation of advertising material, direct sales, market surveys and marketing communications.
- make a complaint to the Supervisory Authority (Guarantor for the protection of personal data www.garanteprivacy.it) in case of violation of the regulations regarding the protection of personal data;
- receive an electronic copy of your Data and request to transmit such Data to another data controller (right to data portability);
L. Links and other websites
This privacy statement solely refers to the Website and to the Application.
In particular, the Website and the Application contain links to websites of third parties, for which the Company does not exercise any control. Therefore, the Company shall not be liable in any way whatsoever for any personal data processing made by such third parties.
M. Obligations regarding personal data and third parties
You are responsible for all the data of third parties you have entered and processed in the use of the Application, and this also, and above all, on the protection of the confidentiality of personal data of those same third parties.
Therefore, without prejudice to the activities and obligations of the Company aimed at providing a correct IT security of the IT infrastructure where the data will be entered, you acknowledge and accept the following:
- You are the sole Data Controller and Data Processor in charge of the processing of personal and other data you have entered in the Application, especially if related to your customers, suppliers, collaborators or other subjects, and you assume, in relation to such insertions and treatments, any obligation applicable in accordance with the Community and Italian legislation on the protection and security of personal data, including to inform your data subjects and acquire prior consent, where applicable;
- the Company does not carry out any type of control and / or censorship on the data and information entered by you or even on those exchanged between you and other interested parties or third parties; with respect to these data the only responsible person is and will always remain you.
N. Changes to this Contract