Dear User, Dear Customer,
information on the processing of personal data carried out via our website web techmass.io (hereinafter the “Site“), or otherwise carried out in connection with our products and services, pursuant to (EU) Regulation no. 2016/679 (hereinafter the “Regulation” or “GDPR“), is set out below. The data controller is Techmass S.r.l. (di seguito “Techmass”, “noi”, “nostro” o la “Società”) con sede legale in via Lavarone 4/6, 36061 Bassano del Grappa (hereinafter only the “Controller“, “Techmass” or the “Company“). The contact details of the relevant controller on each occasion are set out in the “Data Controller” section.
We provide this policy not just to comply with the legal obligations relating to the protection of personal data specified in the GDPR, but also because we believe that protecting personal data is a fundamental value of our business and therefore want to give you all possible information that can help you protect your privacy and control the use made of your data.
Categories of personal data processed
To enable the conclusion and institution of the contractual relationship with Techmass, or whenever you visit, consult, request or use Techmass services and/or products (including those available on this Site), we collect and use your personal data (i.e. any information that is able to identify you directly or indirectly). Here below we list the categories of processed personal data relating to you:
- Identification, contact and access data such as first name, surname, user name, email address, postal address, telephone number, and password, any profile image if set by you;
- Product data such as those relating to products licensed to you and/or services subscribed to by you;
- Invoicing information and payment data, such as VAT number, tax code, address, and possibly company name;
- Browsing data, e.g. connection data, IP addresses, domain names and other parameters relating to the browser and operating system that you use, log data, data relating to installation and configuration licenses, data relating to recordings carried out, interaction and transaction processes, performance indicators, data relating to browsing flows and page views, usage of features and counts;
- Usage Data both in “on premises” mode – i.e. information generated locally when using products or services purchased by you, or in “cloud” mode, i.e. during your online use of Techmass services. Usage Data relating to different products and/or services purchased by you (also from different Controllers of the TeamSystem’s Group) may be linked for lawful and transparent purposes, as listed in the following paragraph.
We remind you that the use of Techmass products and services accessed via the credentials linked to your Techmass ID is subject to the relevant contractual conditions and limitations.
Purpose of processing
The processing of the personal data categories listed above is carried out by the Company, in the performance of its financial and commercial activities, for the specific purposes described below.
- Contractual and Legal Purposes
- To enable you to browse the Site;
- Account registration and management (including any account verification and recovery of the credentials linked to it, where envisaged) and usage of the features related to the account itself;
- The performance of activities required for the conclusion and execution of the contract in order to provide the service/product you requested or purchased, also through the Site. These include processing related to the supply of added-value services expressly requested by you, which could also entail the linking of data between different Data Controllers and their comparison and/or enrichment with data held in public databases, in compliance with the contractual conditions signed by you;
- The handling of registration requests for webinars and events, requests for newsletters, the provision of quotations, the processing of orders and the provision of customer assistance and support;
- The handling of any complaints and requests and the sending of service communications and updates, using both traditional communication tools such as physical mail, and also distance communication tools such as email, chat, telephone, SMS, chatbots, banners, notification systems and others;
- Customer assistance and support activities for the use of services by individual Customers, tutorship activities and the handling of open tickets for support purposes, also through Usage Data.
- The fulfillment of obligations ensuing from laws, regulations or community legislation currently in force (e.g. tax and accounting obligations), or handling and responding to requests from the competent administrative, tax or judicial authorities.
The purposes listed above are jointly defined as “Contractual and Legal Purposes” and do not require the express consent of the interested party. Providing your personal data for the aforementioned purposes is necessary and mandatory, so that any refusal to provide them would prevent us from pursuing our contractual relationship with you and providing the requested services.
- Purposes of Legitimate Interest
- For statistical and research analyses of the products and services purchased and used by you with the aim of improving and developing the products and services themselves, also by linking data between different TeamSystem’s Group companies and comparing and/or enriching it with data held in public databases. While respecting the principle of minimization, where possible, this activity will take place after the anonymization and aggregation of the data collected;
- To gage your satisfaction with the products you have purchased and the services provided by Techmass or to resolve any difficulties and problems relating to their use: e.g. “caring” initiatives to help you make the best use of the product or service, also for churn prevention and the improvement of the customer experience;
- To assert and defend the rights of the Company, also in the context of credit recovery procedures and the assignment of credits to authorized companies, including through third parties, and to prevent and counter fraud;
- To complete a potential merger, asset sale, company sale, company branch sale or financial operation by disclosing and transferring the data to the third party(s) involved;
- To send via email, pursuant to article 130, paragraph 4 of Legislative Decree 196/2003 (“Privacy Code“), marketing communications on services or products related to those covered by the contract with Techmass, it being understood that, at any moment, you will have the option to object to the sending of such communications;
- To carry out customer segmentation activities, with the possibility of sending messages to customers for Marketing Purposes, as indicated in this policy, based on non-invasive information categories such as, among others, professional category, city/province/region in which based, the type of product or service purchased. This customer segmentation activity may also be performed on the platforms of third-party suppliers through linked activities with data belonging to the third-party platform to which, however, Techmass will have no access and about which it will receive no communications. In this case, communications for Marketing Purposes will be sent in compliance with the consent expressed by you and in accordance with the provisions of this policy. In this context, the data could also be used to detect similar customer profiles.
The “Purposes of Legitimate Interest “ described do not require your specific consent since they are covered by the exception provided for by art. 6, paragraph 1, lett. f) of the GDPR. Nonetheless, in compliance with the GDPR, the Company has implemented a careful balancing of interests in order to protect and guarantee the privacy and fundamental rights of the interested parties.
- Marketing Purposes
- To send you news updates and business offers regarding Techmass products and services, also by linking Usage Data and analyses of your Site browsing behavior and, more generally, your usage of Techmass services and products, or to invite you to take part in events, or to conduct market research or other commercial and customer satisfaction initiatives through traditional communication channels like physical mail or one-to-one telephone calls or through automated communication tools such as email, chat, messages (SMS and other instant messaging), chatbots and other distance communication tools
- To disclose your personal data to other companies in the TeamSystem group and/or business partners belonging to its sales network, to send marketing communications and to undertake other business initiatives such as those set out at letter n).
The processing of your data for “Marketing Purposes” is not mandatory. Your prior consent is therefore needed, which the Company will request on each occasion in the most appropriate manner for each of the activities described above. You can withdraw your express consent at any time without affecting your contractual relationships with the Company.
Disclosure, dissemination and transfer of data
In respect of the principle of purpose and minimization, your personal data may be disclosed to the following third parties who perform activities serving those relating to the Techmass product or service purchased, such as: (a) third-party suppliers of support and consultancy services on behalf of the Company regarding activities in the (purely by way of example) technology, accounting, administrative, legal, insurance sectors, (b) TeamSystem group companies, (c) in cases in which the contractual relationship involves activities by business partners, the Company may share some of your personal data with its distributors, resellers and partners that are part of the distribution chain for TeamSystem products and services; (d) banks and credit institutions; (e) credit recovery companies; (f) public entities and authorities with a right to access your personal data expressly recognized by the law and by regulations or provisions issued by the competent authorities; (g) potential buyers of the Company and entities resulting from the merger or any other form of transformation regarding the Company.; (h) public databases and credit information IT systems.
For Marketing Purposes, and by your specific consent, your personal data may also be disclosed to third parties and business partners appointed to conduct marketing campaigns on behalf of the Company or other TeamSystem group companies.
These recipients, depending on the specific case, process your data as independent data controllers, officers or processors. The complete and updated list of entities processing data in the role of data processing officers is available on request from the Data Protection Officer, using the contact channels set out in this policy.
Transferral of your personal data outside EU territory
Without prejudice to the above, your personal data may be freely transferred within EU territory. If, however, for the purposes indicated, the Company has a need to transfer your personal data outside the European Union to countries not deemed to be aligned by the European Commission (e.g. the United States), the Company will take the necessary steps to protect your personal data in compliance with legal guarantees such as, for example, the contractual clauses regarding data protection, pursuant to the applicable legislation including, in particular, articles 45 and 46 of the GDPR.
Data processing methods
The Company processes your personal data using electronic and manual systems in compliance with the principles of lawfulness, fairness and transparency set out in the applicable personal data protection legislation, and also protects your confidentiality by means of technical and organizational security measures to ensure an adequate level of security.
This processing is performed at the Company’s head offices and/or at the offices of external data processing officers who perform it on behalf of Techmass group companies. As regards Usage Data, in compliance with the purposes described and, where necessary, with your express consent, analysis activities may be carried out – also by linking your data regarding the different products and services you purchase – both in relation to “on premises” products, by acquiring Usage Data generated locally when using Techmass products and/or services, and to “cloud” products, i.e. during the use of services online. To compile usage statistics the Company uses tools that enable the collection of Usage Data. These tools may involve storing information in the application used through your terminal or accessing this information. As specifically regards the collection of Usage Data in the “cloud”, the Company uses analytical tools such as, among others:
- a) Web and customer analytics;
- b) Analytics and document search;
- c) Querying and Dashboarding.
Data will be retained for the period of time needed to pursue the purposes for which it was collected, as stated in this policy. Whatever the case, the following data retention terms will apply to the processing of data for the following purposes:
- for Contractual and Legitimate Interest Purposes data is kept for the duration of the supply of services requested by you and for the subsequent 10 years (the period in which the customer’s right to claim any possible contractual liability against Techmass expires), without prejudice to cases in which its retention for a further period is required for disputes, requests from the competent authorities or pursuant to the applicable legislation;
- data for Marketing Purposes is retained for a period of 24 months from the date on which consent is given or renewed when purchasing a new Techmass brand product or service, or from the date of the last contact with you in the sense of, among other things, participation in a Company event, the use of a product or service provided by the Company or the opening of a newsletter (jointly referred to as the “Last Contact“).
Changing your mind and withdrawing your consent
If you change your mind, you can at any time modify your consent to data processing for marketing purposes in the ways indicated below or, if you no longer wish to receive our business communications, you can use the cancellation link available at the bottom of those communications. Not granting or withdrawing your consent will in no way impair your use of our services.
Rights of interested parties
As regards the processing of data described in this policy, you can at any time exercise the rights set out in the GDPR (articles 15-21), including those:
- to receive confirmation of the existence of your personal data and to access its content (right of access);
- to update, modify and/or correct your personal data (right to rectification);
- to request the erasure or restriction of the processing of your personal data that has been processed in violation of the law, including where its retention is unnecessary for the purposes for which it was collected or otherwise processed (right to erasure and right to restrict processing), without prejudice to a prevailing public interest or a legal obligation on the Company to retain it;
- to object to processing, including profiling (right to object), without prejudice to the existence of a prevalent legitimate reason of the Company to continue processing;
- to withdraw consent, where given, to profiled marketing activities;
- without prejudice to any other administrative or judicial action, any interested party who deems the processing relating to him or her to be in violation of this regulation has the right to file a complaint to a supervisory authority, in particular in the Member State in which he/she habitually lives or works or in the place where the alleged violation took place. In Italy this supervisory authority is the Guarantor for the protection of personal data (www.garanteprivacy.it);
- to receive an electronic copy of personal data concerning you, for yourself or to transfer it to a different service provider, provided that the Company processes this data based on your consent or on the fact that it is needed to supply the services requested by you, and provided that the data is processed by automated means (right to data portability).
Pursuant to article 2-terdecies of the Privacy Code, in the event of death the aforementioned rights in relation to your personal data may be exercised by those who have a personal interest, or who act on your behalf as a proxy, or for family reasons worthy of protection. You may expressly prohibit the exercising of some of the aforementioned rights by the assignees by sending a written statement to the Company at the email address indicated below. This statement can be subsequently withdrawn or modified in the same way.
To exercise your personal data protection rights free of charge at any time you may contact the Data Protection Officer by email at firstname.lastname@example.org
Changes and updates
This policy may be subject to modification also as a consequence of any regulatory changes and/or additions. Any changes will be announced in advance and the continually updated text of the policy will be available at www.techmass.io