Information processing of personal data
Pursuant to art. 13 of EU Regulation 2016/679
This page describes how to manage the site with reference to the processing of personal data of users who consult it. This information is pursuant to art. 13 of EU Regulation 2016/679, European Regulation on the Protection of Personal Data (hereinafter, “Regulation” or “GDPR”) to those who interact with the web services of the site https://www.mytdox.com. This information does not concern other sites, pages or online services that can be reached via hypertext links published on the sites but referring to resources external to www.mytdox.com domain.
1. HOLDER OF THE TREATMENT The Data Controller, pursuant to art. 4 and 24 of EU Reg. 2016/679 is WHILE TRUE SRL, with registered office in via Mazzini, 55 / C, 46043 Castiglione delle Stiviere (MN) (CF and VAT number 02630000202), e-mail: info @ mytdox. com, Tel: 0376944146.
2. PERSONAL DATA TREATMENT “Personal data”: any information relating to an identified or identifiable person (“data subject”); is considered identifiable he who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity.
a) Navigation data The computer systems and software procedures used for the correct functioning of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the navigation of the websites. This information is not collected to be associated with identified interested parties; however, by their very nature they could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers and terminals used by users, URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
b) Data provided voluntarily by the interested party The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message (request for contact or information) . Specific summary information will be published on the pages of the site prepared for the provision of certain services. c) Cookies For more information on the cookies used by this website, see the cookies policy at the following link.
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING. DATA RETENTION PERIOD
The collected data will be processed for the following purposes:
Data collection via contact form: allow you to obtain information about our services, provide you with advice on using the system or send you promotional communications, by requesting so on the “Contacts” page. The legal basis of the processing is art. 6 par. 1 letter b) of the GDPR: execution of pre-contractual measures also adopted at the request of the interested party. Data retention period: 1 year for contacts
Livechat service: to answer questions and to provide assistance services or requested information relating to the products and services of WHILE TRUE SRL. The legal basis of the processing is Article 6, paragraph 1, letter f) of the GDPR, Legitimate interest. Data retention period: data is anonymized and used to evaluate the quality of the technical service. In the event that you provide us with additional personal data via live chat, this will be done on a voluntary basis. This data will be stored on our behalf on the server of an external service provider. The applicable legal basis for this data processing is Article 6, paragraph 1, letter b) of the GDPR.
Account creation: creation of the account, using the relevant registration form to provide access services to restricted areas and to use the related services. The mandatory information required for registration is marked with a “*” on the respective input field and generally consists of the following data: name and surname, postal address and e-mail address. If you do not provide the mandatory information, you will not be able to proceed with the creation of the account. During the registration process, you have the possibility to provide further information on a voluntary basis, such as: sector of work, number of users, name of the management system, etc. Please note that this information is not required for registration, therefore it will not suffer any adverse consequences.
The personal data you provide during registration will be used by us to create your profile and identify you after each login. The legal basis of the processing is art. 6 par. 1 letter b): execution of pre-contractual measures also adopted at the request of the interested party. Data retention period; the account will be disabled after 30 days of non-use. Otherwise, personal data are stored according to the following criteria:
– After 30 days of inactivity from registration, or for the time strictly necessary to achieve the “purposes related to the realization of the object of the contract” for which they are processed;
– for the time strictly necessary for the fulfillment of legal and regulatory obligations or provisions issued by Supervisory and Control Bodies. At the end of the retention period, your data will be deleted, or made anonymous.
Direct marketing: subject to consent and up to its opposition for direct marketing activities of the Owner, such as direct sales, sending of newsletters and promotional content, commercial or events and initiatives material, through automated e-mails, fax, messages such as SMS, MMS or other types, as well as by telephone calls through an operator, including automated ones, and by paper mail and other informative material. The legal basis of the processing is art. 6 par. 1 letter a): consent. Data retention period: up to your opposition (opt-out).
4. METHOD OF TREATMENT The data processing will be carried out in an automated and manual form, with logic strictly related to the purposes indicated and in any case in order to guarantee the security and confidentiality of the data, by persons specifically authorized for this. These data will be kept, as specified in the point above, for the time strictly necessary to provide you with the requested services and will in any case be deleted following your request, without prejudice to further conservation obligations established by law.
5. POSSIBLE RECIPIENTS AND POSSIBLE CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
Personal data may be disclosed to third parties who carry out activities necessary for the provision of the services offered by the Site who will process the data as data processors (Article 28 of EU Reg. 2016/679) and / or as natural persons who act under the authority of the Data Controller and the Manager (Article 29 of the EU Reg. 2016/679), who act under the authority of the Data Controller and the Manager. Specifically, the data will be processed by:
• Companies and consultants, our partners, in the field of assistance and consultancy, on the use of the system;
• subjects that provide services for the management of the information system and telecommunications networks; including e-mail, newsletters and website management;
• Competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request. The list of data processors is available at the company headquarters.
6. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION No User’s personal data will be transferred to a third country outside the European Union or to international organizations. If personal data are transferred to countries outside the European Union, the transfers will take place in compliance with the provisions established by the EU Regulation in order to ensure an adequate level of protection. In particular, the transfers will take place through the conclusion of Standard Contractual Clauses approved by the European Commission, a copy of which can be obtained by means of a specific request to be sent to the contact details contained in this information.
7. RIGHTS OF THE INTERESTED PARTY Pursuant to art. 15 and ss. of the GDPR, the interested party has the right to ask the Data Controller:
– access to your personal data;
– the rectification or cancellation of the same or the limitation of the treatment that concerns him;
– opposition to processing;
– the portability of data in the terms set out in art. 20;
– if the processing is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the withdrawal of consent can be given at any time without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal. Without prejudice to any other administrative or judicial appeal, the interested party who believes that the processing concerning him or her violates the GDPR, has the right to lodge a complaint with the Guarantor for the protection of personal data in the manner described on the site www.garanteprivacy.it (art . 77 cit.). To exercise the above rights, the interested party may contact the Data Controller at the addresses indicated in point 1 of this information.