Privacy Notice on the Processing of Personal Data pursuant to Article 13 of EU Regulation 2016/679 for the Request of a DEMO

This privacy notice is provided pursuant to Articles 13 and 14 of EU Regulation 2016/679 (General Data Protection Regulation, “GDPR”) in order to inform visitors to the website regarding the processing of personal data carried out when completing the contact form for the purpose of requesting a demo of the product offered by the Controller of the website.

1. Data Controller

The Controller of the personal data collected through the form is Assist Digital S.p.A. (hereinafter, the “Controller”), with its registered office in Milan, Via Angelo Inganni, 93.
For any information regarding the processing of data or to exercise your rights, you may contact the Controller using the contact details indicated in paragraph 7. 

2. Purpose of Processing and Legal Basis

The personal data provided by users through the contact form will be processed by the Controller for the following purposes:

Management of the demo request: to take charge of and respond to the user’s request, to organise a demo of the product and to provide information relating to the functionalities and characteristics of the product.
The legal basis is the performance of pre-contractual measures adopted at the request of the data subject (Article 6, paragraph 1, letter b) GDPR).

Commercial communications: subject to the user’s express and optional consent, to send, via e-mail or telephone, commercial updates and promotions relating to the product or to similar services offered by the Controller.
The legal basis is the data subject’s consent (Article 6, paragraph 1, letter a) GDPR), which may be withdrawn at any time. The absence of consent for commercial communications (or its withdrawal) does not affect the processing relating to the demo request.

Legal compliance: to fulfil obligations established by laws, regulations or EU provisions, as well as by orders of authorities.
The legal basis is compliance with a legal obligation to which the Controller is subject (Article 6, paragraph 1, letter c) GDPR). 
 

3. Categories of Data Collected

The Controller processes the following data provided by users through the contact form:

Personal and identification data (name, surname);
Contact details (e-mail address);
Any other information voluntarily entered by the user in the request message.
The provision of data marked as mandatory is necessary to manage the demo request. Failure to provide such data will make it impossible to be contacted by the Controller. 
 

4. Methods of Processing and Retention Period

The data will be processed using paper and/or electronic tools in compliance with the principles of lawfulness, fairness and transparency, protecting confidentiality and the rights of the data subject.

Your data will not be subject to automated decision-making with regard to the purpose indicated above.

Pursuant to Article 5 of European Regulation No. 16/679, your data will be processed:
(i) lawfully, fairly and transparently;
(ii) accurately and, where necessary, kept up to date;
(iii) in compliance with the principle of data minimisation, adequacy and relevance with respect to the purposes pursued.

Your data will be processed exclusively by persons authorised to such processing within the Company. Adequate security measures have been adopted pursuant to Article 32 of EU Regulation No. 16/679, in order to prevent the destruction, loss, alteration, unauthorised disclosure or access, whether accidental or unlawful, to personal data transmitted, stored or otherwise processed.

The data collected will be retained for a period proportionate to the purposes for which they were collected:

The data necessary for managing the demo request will be retained for the time required to respond to the request and, subsequently, for a maximum of 12 months in order to handle any follow-ups or contacts related to the demo.
Where consent is given for receiving commercial communications, the data will be processed for a maximum of 24 months.
The data necessary to comply with legal obligations will be retained for the duration required by the applicable legislation.
 

5. Data Recipients and Transfers Abroad

The collected data will not be disseminated. They may be communicated to:

personnel and collaborators of the Controller, authorised for processing and properly instructed;
third parties providing services functional to the management of the website or communication with users (e.g. IT service providers, e-mail providers), appointed as data processors pursuant to Article 28 GDPR;
authorities or public bodies where disclosure is required for legal obligations or by order of an authority.
Should it be necessary to transfer personal data outside the European Economic Area (EEA), the Controller guarantees that such transfer will take place in compliance with Articles 44 and subsequent of the GDPR, adopting appropriate safeguards (e.g. adequacy decisions or standard contractual clauses).

6. Data Subjects’ Rights

Users, as data subjects, may exercise at any time the rights recognised by the GDPR, including:

a) Right of access to personal data (Article 15): to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed and, where that is the case, to obtain access to the personal data and the following information: purposes of the processing; categories of personal data concerned; recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; the existence of the right of the data subject to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; the existence of appropriate safeguards pursuant to Article 46 relating to the transfer of data abroad.

b) Right to rectification (Article 16) and to the completion of inaccurate or incomplete personal data concerning them.

c) Right to erasure (Article 17) of personal data concerning them where: the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or have been unlawfully processed, or must be erased for compliance with a legal obligation under Union or Member State law to which the Controller is subject; the data have been collected in relation to the offer of information society services referred to in Article 8(1); consent has been withdrawn and there is no other legal ground for the processing; the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or objects to the processing pursuant to Article 21(2).

d) Right to restriction of processing (Article 18) where one of the following applies: you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the personal data are required by you for the establishment, exercise or defence of legal claims even though the Controller no longer needs them for the purposes of the processing; you have objected to processing pursuant to Article 21(1), pending verification whether the legitimate grounds of the Controller override yours.

e) Right to data portability (Article 20): the right to transmit such data to another controller where the processing is based on consent or on a contract.

f) Right to object (Article 21): the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. 

7. Contact Details of the Controller and Data Protection Officer

Controller’s contact address: dpo.assist@assistdigital.com

The Controller has appointed a Data Protection Officer (DPO), who can be contacted at the above address.

Data subjects who believe that the processing of their personal data is in breach of the GDPR have the right to lodge a complaint with the competent Supervisory Authority (in Italy: Garante per la Protezione dei Dati Personali) or to seek judicial remedy.