Information notice in compliance with article 13 of the Regulation (EU) 2016/679 (“GDPR”) Processing of personal data collected from the data subject
In compliance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation) please find here information on the processing of your personal data. This policy is not applicable to other websites linked to the Data Controller’s domain and the Data Controller waives all and any responsibility for third-party websites. This policy is provided in compliance with art. 13 of Regulation (EU) 2016/679 and is also inspired by the provisions of Directive 2002/58/EC, as amended by Directive 2009/136/CE, on Cookies as well as on the Provision of the Italian Data Protection Authority on cookies dated 08.05.2014.
Processed personal data: “Personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (C26, C27, C30)
Browsing data
IT systems and software procedures that manage this site, while working, acquire some personal data that are transmitted as a matter of course in the use of Internet communication protocols. Such data include IP addresses or user computer and terminal domain names, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the answering file, the numerical code showing the status of the server answer (successful, error, etc.) and other parameters concerning the user’s operating system and IT environment.
Data collected from the data subject
The discretionary, explicit and voluntary sending of messages to the contact addresses, as well as the filling in and sending of the forms posted in the Data Controller’s website entails the acquisition of the sender’s contact data for the purpose of addressing the relevant requests and of all the personal data included in the communication.
Login data
When accessing the Platform for the first time, users are requested to create an account, entering their personal data including, without limitation: name, surname, email address, phone number and their profession
Third party personal data
Information shared in the user’s Appfactory account may also contain data referring to third parties. Appfactory does not collect and process personal information other than those data supplied directly from the users at the time of registration and account creation; however, everything shared through an account is accessible to other Appfactory users who can access the reserved area of the platform and collect and use other users’ contents, which might include personal information on third party data subjects or third parties. It is therefore necessary for the user to inform such third parties and, if necessary, collect their consent to the processing of their data in compliance with the provisions of this policy.
Appfactory shall not be held liable for any unlawful processing of third party data or for the processing of such data by other users.
Personal information concerning payments
Appfactory makes service packages available for purchase through the Platform. Appfactory Srl shall collect and process data for invoicing and payment processing purposes in connection with the purchase of service packages made available by Appfactory through the platform.
The account is password-protected. The user is responsible for the security of its password and shall be careful to keep it secret and strictly private.
Specific privacy notices
Specific privacy notices may appear in the site pages in connection with special services or processing of the data provided.
Cookies and other technologies
For additional information on cookies and other technologies used, please refer to the cookies policy shown in the footer of this website.
1 The DATA CONTROLLER pursuant to articles 4 and 24 of EU Reg. 679/2016 is Appfactory srl with registered office in Via Roma 1/9, 1 16122 Genova (GE) | ITALY, represented by the Chairman of the Board of Directors and CEO, who can be contacted by email at privacy@Appfactory.io
2 The DATA PROTECTION OFFICER (DPO) pursuant to articles 37 – 39 of EU Reg. 679/2016, appointed, can be contacted by email at e-mail dpo@Appfactory.io
3 PURPOSE AND LAWFULNESS OF PROCESSING
Personal data shall be processed for the following purposes:
A) website browsing: data necessary for the provision of the web services shall be processed, also with the purpose of obtaining statistical information on the use of said services (most popular pages, number of visitors per time slot or day, geographical areas of origin, etc.) and to monitor the correct operation of the services offered;
– filling in the data collection forms for Appfactory Srl services (e.g., registration on the base of profession, free trials, etc.);
– filling in the data collection forms for contacts, applications in the “work with us” area, etc.;
LAWFULNESS: personal data shall be processed in compliance with the lawfulness conditions pursuant to art. 6 of EU Reg. 2016/679:
– for the performance of a contract to which the data subject is party or in order to take steps at the request
of the data subject prior to entering into a contract
– for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place (recital 47).
B) for direct marketing based on the user’s account, for the delivery of communications, newsletters and promotional and business information, market research or other product research and direct sales, information material, for the assessment of customer satisfaction, for commercial and advertising material or material concerning events and initiatives, by the Data Controller: by automated means such as e-mail, SMS (Short Message Service) or other, as well as by telephone calls via operator and paper mail.
LAWFULNESS: personal data shall be processed in compliance with the lawfulness conditions pursuant to art. 6 of EU Reg. 2016/679:
– upon prior consent and until data subject’s objection to the processing for marketing purposes; – with reference to the user’s account, for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place (recital 47).
The Controller sends newsletters and promotional materials through systems that generate reports, in order to compare and improve the outcomes of such communications. Thanks to such reports, the Data Controller shall be able to know, for instance: the number or readers, the number of opened messages, the number of single clicks and of clicks; the devices and operating systems used to read the communication; details on the activities of individual users; details of sent, delivered and undelivered and of forwarded emails. All these data are used to compare and improve, if necessary, the outcome of the such communications.
4. DATA RECIPIENTS OR RECIPIENT CATEGORIES
Personal data will be communicated to recipients, who will process the data as processors (art. 28 of EU Reg. 2016/679) and / or as natural persons acting under the authority of the Data Controller and Data Processor (art. 29 of EU Reg. 2016/679), for the purposes listed above in paragraph 3, and to third parties. More specifically, data will be communicated to:
– companies controlled by, controlling or under the joint control of Appfactory or its associated companies; – service providers specifically identified and authorised by Appfactory or other subjects with whom Appfactory executed co-operation agreements with regard to the Platform or the services covered by the platform; – subjects providing management services for the computer system and communication networks (including email); – firms or Companies within the context of assistance and consultancy relationships; – competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request; – in case the processing is done for administrative or accounting purposes, data can be transferred to business information companies for the assessment of the solvency and payment patterns and/or to debt collection agencies. Subjects belonging to the abovementioned categories shall be appointed Data Processors or shall operate as independent Data Controllers. The list of designated Data Processors is constantly updated and is available upon request to e-mail dpo@Appfactory.io
5. DATA TRANSFER TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS AND SAFEGUARDS
A transfer of personal data to European Union and non-European Union Countries can occur in order to fulfil any of the connected purposes mentioned above. Data shall be transferred in compliance with article 44 and following of EU Regulation 679/2016, only on the basis of an adequacy decision or subject to appropriate safeguards. Information on the data transfer safeguards can be obtained by writing an email message to to e-mail dpo@Appfactory.io
6. DATA RETENTION PERIOD OR RELEVANT CRITERIA TO DETERMINE SUCH PERIOD
Data shall be processed automatically and manually, in a manner and with tools that ensure maximum security and confidentiality, by specifically appointed subjects. In compliance with the provisions of art. 5 par. 1 lett. e) of EU Reg. 2016/679, the collected personal data shall be be kept in a form which permits identification of data subjects for a period not exceeding the purposes for which the personal data were collected and subsequently processed. In particular, Personal Data shall be processed for the minimum necessary period, as detailed in Recital 39 of the Regulation, equal to the duration of any existing contractual relationships, without prejudice to an additional retention period that can be required by law, as also provided for in Recital 65 of the Reg. UE 2016/679. With regard to processing activities carried out with the data subject’s consent, please remember that said consent can be withdrawn at any time. The retention period is determined on the basis of criteria available for the data subject by writing to to e-mail dpo@Appfactory.io
7. DATA SUBJECTS’ RIGHTS
Data subjects have the right to obtain, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (articles 15 and following of Regulation EU 679/2016). You can exercise your rights by contacting the DPO by email at the e-mail dpo@Appfactory.io address or by writing to the Data Controller’s main offices mentioned above. You can withdraw your consent at any time, with regard to direct marketing communications, by writing an email to e-mail dpo@Appfactory.io for automatic direct marketing (e-mail, SMS), with the “cancellation from automated communications” subject line, or using our automatic cancellation systems for emails. In order to stop any traditional direct marketing communication (operator phone calls, paper mail), please write an email to e-mail dpo@Appfactory.io with the “cancellation from traditional communications” subject line.
You have the right to lodge a complaint with the Data Protection Authority. There is no automated decision-making.
8. PROVISION OF PERSONAL DATA
You are free to provide personal data in dedicated areas through registration forms. Provision of personal data is optional. Failure to provide personal data for the purposes of paragraph A) of this privacy policy shall entail the impossibility to be provided with the services by the data controller.
Provision of personal data for the purposes of paragraph B) of this privacy policy is optional. Failure to provide such data shall prevent the sending of direct marketing communications as described in paragraph B), but shall not impede the provision of the services described in paragraph A).
The data subject can give consent to the processing of personal data for the purposes of paragraph B) also at the moment of the creation of the account, by ticking the desired option.
9. AMENDMENTS TO THE PRIVACY POLICY
The data controller reserves the right to amend, update, add or remove parts of this privacy policy at its sole discretion and at any time. The data subject is required to review any changes on a regular basis. In order to facilitate this review, the policy will contain an indication of the date on which the policy was updated.
In any case, Appfactory Srl will send you a message anytime there is a substantial change in the Privacy Policy.
Updated on: 25.05.18