Pursuant to art. 13 of EU Regulation
2016/679 (also "GDPR") laying down provisions on personal data protection, we inform
you that your personal data, will be processed by Data Controller "Isaia&Isaia S.p.A.", Agilae Srl and Data Processor "XY Retail,
Inc.", as set out below. This Privacy Policy describes how we collect, store,
use and distribute information through our software, website, documentation,
and related services (together, the "Services").
Capitalized terms not defined in this
Privacy Policy have the meaning as set forth in the Terms of Use for the
Services, which can be found here.
1. Consent
By using the Services, you consent to
the use of your Personal Information as described in this Privacy Policy.
If you are not of legal age to form a binding contract (in many
jurisdictions, this age is 18), you may only use the Services and disclose
information to us with your parent's or legal guardian's express consent.
Furthermore, children under the age of 14 cannot use or register for the
Services in any way. Except as set forth in this Privacy Policy, your Personal
Information will not be used for any other purpose without your consent.
We do not actively collect Personal Information for the purpose of sale
of such information in a way that specifically identifies the individual (i.e. we don't sell customer lists). You may withdraw
your consent to our processing of your Personal Information at any time.
However, withdrawing consent may result in your inability to continue
using some or all of the Services.
2.
Collection of Information
-
Personal Information
When you register to use the Services,
we may require you to provide certain personally identifiable information, such
as your name, address, phone number, and email address. In the course of using the Services, you may voluntarily
communicate with certain of our representatives for the purposes of obtaining
customer care and/or technical assistance. These representatives may also
ask you for certain personally identifiable information in
order to better help you. Such information is referred to below as
your ("Personally Identifiable Information"). When purchasing the Services, we
will require you to provide financial and billing information, such as billing
name and address, and credit card number ("Billing Information"). Your
Personally Identifiable Information and your Billing Information are
collectively referred to as your "Personal Information."
-
Data, Diagnostic & Login Information
You may be able to create, upload,
publish, transmit, distribute, display, store or share information, data, text,
graphics, video, messages or other materials using our
Services (this is collectively referred to below as "Data"). Some of this
Data may be stored and maintained on our servers. If you run into
technical errors in the course of using the Services,
we may request your permission to obtain a crash report along with certain
logging information from your system documenting the error ("Diagnostic
Information"). Such information may contain information regarding your
Operating System version, hardware, browser version (and .NET version
information in case of Windows systems), and your email address, if provided.
Additionally, certain login information may be maintained in a cookie
stored locally on your personal computing device (i.e.
not on a server) in order to streamline the login process ("Login
Information").
-
Usage and Analytics
Information
As you use our Services, we may also
collect information through the use of commonly-used
information-gathering tools, such as cookies, log files, and Web beacons. Such
Information may include standard information regarding your mobile device,
browser type, browser language, Operating System, Internet Protocol ("IP") address,
and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services.
Collectively, this information is referred to as "Usage and Analytics
Information."
-
Geo-Location
Information
We do not use GPS technology to collect
any information regarding your precise real-time geo-location while using the
Services. However, we may use elements of your Usage and Analytics
Information (such as your IP address) to determine your generalized location. This
information is referred to as "Generalized Geo-Location Information."
3. Use of Information
We use the information we collect in the
following ways:
-
Personally
Identifiable Information
We use this information to manage your
account, to provide the Services, to maintain our customer/visitor lists,
to respond to your inquiries or request feedback, for identification and
authentication purposes, for service improvement, and to address issues like
malicious use of the Services. We may also use Personally Identifiable
Information for limited marketing purposes, namely, to contact you to further
discuss your interest in the Services, and to send you information about us or
our partners.
We may also use your Personally
Identifiable Information in an aggregated, de-identified, and anonymous way to
monitor and analyze overall use of the Services, for
the Services' technical administration, and to increase the Services'
functionality and user-friendliness.
-
Billing Information
We use credit card information to manage
your account, to provide the Services, and to check the financial
qualifications of prospective customers and to collect payment for the
Services. We may use a third-party service provider to manage credit card
processing. If we do so, such a service provider will not be permitted to
store, retain, or use Billing Information except for the sole purpose of credit
card processing on our behalf.
-
Data, Diagnostic Information and Login Information
We use this information solely for the
purpose of administering and improving our Services to you.
-
Usage and Analytics
Information
We may use your Usage and Analytics
Information in a de-identified, anonymous way in conjunction with an analytics
service such as Google Analytics to monitor and analyze
overall use of the Services, for the Services' technical administration, to
increase the Services' functionality and user-friendliness, and to verify users
have the authorization needed for the Services to process their requests.
-
Geo-Location
Information
We may use this information for the
purpose of administering and improving our Services to you, such as by
providing you with relevant promotions. We may also use your Geo-Location
Information in an anonymized manner to monitor and analyze
use of the Services, for the Services' technical administration, and to
increase the Services' functionality and user-friendliness.
If we plan to use your Personal
Information in the future for any other purposes not identified above, we will
only do so after informing you by updating this Privacy Policy. See
further the section of this Privacy Policy entitled "Amendment of this Privacy
Policy".
4. Legal basis of the processing and
nature of data provision
Personal data processing is necessary in
order to execute pre-contractual measures adopted at the request of the
interested party (Article 6 paragraph 1, letter .b) of
EU Reg. 2016/679), sometimes, for some types of processing resides in the
explicit consent of the user ((art.6, par.1, lett. a of the EU Reg. 2016/679),) (for example the processing of
personal data for further purposes of promotional communications, profiling,
etc. or geolocation). The provision of the data listed above is mandatory as it
is necessary to carry out the purposes indicated; therefore, the refusal to
issue it will only determine the impossibility of processing your data for the aforementioned purposes. Failure to provide the optional
data, however, will not hinder the pursuit of the main purposes for which they
are collected. In the case of processing based on the explicit and declared
consent of the User, the same may revoke the consent previously given at any
time.
5. Disclosures & Transfers
We have put in place contractual and
other organizational safeguards with our agents (see further below) to ensure a
proper level of protection of your Personal Information (see further "Security"
below). In addition to those measures, we will not disclose or transfer
your Personal Information to third parties without your permission, except as
specified in this Privacy Policy (see further "Important Exceptions" below).
From time to time we may employ third parties to help
us improve the Services. These third parties may have limited access to
databases of user information or registered member information solely for the
purpose of helping us to improve the Services and they will be subject to
contractual restrictions prohibiting them from using the information about our
members for any other purpose. Such agents or third parties do not have any
rights to use Personal Information beyond what is necessary to assist us.
6. Important Exceptions
We may disclose your Personal
Information to third parties without your consent if we have reason to believe
that disclosing this information is necessary to identify, contact or bring
legal action against someone who may be causing injury to or interference with
(either intentionally or unintentionally) our rights or property, other users
of the Services, or anyone else (including the rights or property of anyone
else) that could be harmed by such activities. We may disclose Personal
Information when we believe in good faith that such disclosure is required by
and in accordance with the law.
We may also disclose your Personal Information in connection with a corporate
re-organization, a merger or amalgamation with another entity, a sale of all or
a substantial portion of our assets or stock, including any due diligence
exercise carried out in relation to the same, provided that the information
disclosed continues to be used for the purposes permitted by this Privacy
Policy by the entity acquiring the information.
7. Security
The security of your Personal
Information is important to us. We use commercially reasonable efforts to
store and maintain your Personal Information in a secure environment. We
take technical, contractual, administrative, and physical security steps
designed to protect Personal Information that you provide to us. We have
implemented procedures designed to limit the dissemination of your Personal
Information to only such designated staff as are reasonably necessary to carry
out the stated purposes we have communicated to you.
You are also responsible for helping to protect the security of your Personal
Information. For instance, never give out your password, and safeguard
your user name, password and personal credentials when
you are using the Services, so that other people will not have access to your
Personal Information. Furthermore, you are responsible for maintaining
the security of any personal computing device on which you utilize the
Services.
8. Sharing Information with Third
Parties
You may be able to share Personal
Information with third parties through use of the Services. The privacy
policies of these third parties are not under our control and may differ from
ours. The use of any information that you may provide to any third
parties will be governed by the privacy policy of such third party or by your
independent agreement with such third party, as the case may
be. If you have any doubts about the privacy of the information
you are providing to a third party, we recommend that you contact that third
party directly for more information or to review its privacy policy.
9. Retention
We will keep your Personal Information
for as long as it remains necessary for the identified purpose or as required
by law, which may extend beyond the termination of our relationship with you.
We may retain certain data as necessary to prevent fraud or future abuse,
or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if
required by law. All retained Personal Information will remain subject to
the terms of this Privacy Policy. Please note that if you request that
your Personal Information be removed from our databases, it may not be possible
to completely delete all of your Personal Information
due to technological and legal constraints.
10. Amendment of this Privacy Policy.
We reserve the right to change this
Privacy Policy at any time. If we decide to change this Privacy Policy in
the future, we will post or provide appropriate notice. Any non-material
change (such as clarifications) to this Privacy Policy will become effective on
the date the change is posted, and any material changes will become effective
30 days from their posting or via email to your listed email address.
Unless stated otherwise, our current Privacy Policy applies to all
Personal Information that we have about you and your account. The date on
which the latest update was made is indicated at the bottom of this document.
We recommend that you print a copy of this Privacy Policy for your
reference and revisit this policy from time to time to ensure you are aware of
any changes. Your continued use of the Services signifies your acceptance
of any changes.
11. Rights of Interested party
Rights of the interested party in
relation to the purposes of the processing described above, the user is
entitled to exercise the rights pursuant to art. 15 of Reg.UE
2016/679, to obtain from the Data Controller the confirmation that a personal
data concerning him is being processed or not and, in this case, to obtain
access to personal data and information regarding the processing. In addition,
the user may exercise the rights set out in art. 16 to 22 of Reg.UE 2016/679: Right of rectification (art.16), Right to
be forgotten (art.17), Right to restrict processing (art.18), obligation to
notify in case of rectification or cancellation of personal data or restriction
of processing (art.19), Right to data portability (art.20), Right to object
(art.21), including any automated decision-making process relating to natural
persons, including profiling (art.22).
The user may also exercise their rights
by writing an e-mail to the Data Protection Officer at the e-mail address: privacy@agilae.it. If the user believe that the
processing that concerns them violates the provisions of EU Reg. 2016/679, them
always lodge a complaint with the Guarantor Authority for the protection of
personal data through the form and procedure indicated on the site and
available at the link https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.