Privacy Policy

Privacy Policy Regarding the Processing of Users’ Personal Data Pursuant to Articles 13 and 14 of EU Regulation 679/2016.

 

Table of Contents

1. Nature and purpose of the Privacy Policy
2. Data Controller and Privacy Coordinator
3. Collection and acquisition of personal data and its nature
4. Management of personal data
5. Purpose of data processing
6. Legal basis
7. Methods for protecting the interested parties who have provided their personal data
8. Sharing of personal data with third parties
9. Data retention period
10. Transfers of data outside the EU
11. Exercising of the rights of the interested parties
12. Notification of contacts by email and telephone
13. Security measures
14. Changes to the Privacy Policy
15. Contact addresses

 

1. Nature and purpose of the Privacy Policy

EU Regulation 2016/679 on the “protection of individuals with regard to the processing of personal data, as well as the free circulation of such data” (hereinafter “EU Regulation 2016/679” or “GDPR”) contains rules ensuring the fundamental rights and freedoms of individuals in the processing of personal data, which is the subject matter of this Privacy Policy.
This document provides information on the processing of personal data by our websites www.alleantia.com with associated third-level domains (e.g., lp.alleantia.com, kb.alleantia.com) and cloud.alleantia.com (jointly referred to as the “Sites”), or activities such as, for example: (i) how the data is collected, (ii) how it is used, (iii) for what purpose and (iv) on what legal basis, (v) to whom the acquired information containing personal data is sent and (vi) with whom it may be shared, (vii) what the rights of the interested party are and how they can be exercised, (viii) how the data is stored and where it may be sent.
This Privacy Policy is provided pursuant to the relevant legislation (EU Regulation 679/2016 and Italian Privacy Code Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).

 

2. Data Controller and Data Protection Officer

Data Controller
The Data Controller is Alleantia S.r.l., with registered office in Via Tosco Romagnola 136, 56025 Pontedera (PI) (hereinafter “Alleantia” or the “Controller”).
Contact details: [email protected]
Privacy Coordinator: [email protected]

Alleantia is a company that has been operating since 2011 in the industry 4.0 sector, specialized in the IT sector and, in particular, in the implementation of digital transformation processes thanks to the use of the Internet of Things (IoT) and in the creation of innovative industrial projects based on the development of software solutions for the interconnection of industrial machines.
Specifically, the software developed by Alleantia is able to generate an exchange of data between various interconnected devices (“IoT Gateways”), allowing all phases of production processes to be monitored in real time and to predict errors and correct them promptly. In addition, the supplied software allows for the integrated management of IoT Gateways and provides support tools to software programmers/integrators.

Privacy Coordinator
Alleantia has appointed a Privacy Coordinator, who can be contacted at the following email address: [email protected]

The updated list and the names of the Privacy Coordinator and the Data Processors are kept at the Data Controller’s registered office and can be consulted upon request by the interested party.

 

3. Collection and acquisition of personal data and its nature

In relation to the Sites, the collection of personal data takes place mainly on a voluntary basis by the user, who, by entering his identification and contact data (name, surname, email address, company to which he belongs) in the appropriate available forms, can ask Alleantia to be contacted to receive information regarding the services it offers, including consultancy and/or training services, as well as to download Alleantia software and/or register on the Cloud Portal. Furthermore, by entering their identification and contact data in the appropriate forms, users can also send a spontaneous application by attaching their curriculum vitae. The data collected for the above-mentioned purposes may be uploaded to Alleantia’s management systems (CRM).
Furthermore, Alleantia processes personal data for sending information communications (“Newsletters”) to those who explicitly request it by entering their email address in the specific data collection form. Registration allows the Data Controller to manage information and respond to any requests, including deletion.
Each type of processed data is acquired in accordance with current legislation or in relation to a lawful purpose and on a related legal basis that establishes its processing in accordance with the law.
Each user can at any time oppose the carrying out of processing, revoking his/her consent, where possible. In some cases (eg., downloading the software and subscription to the Cloud Portal), the lack of consent to the processing of personal data or the revocation of the same, may cause termination of the service or inability to use Alleantia’s services (see the “Exercising of the rights of the interested parties” section).

 

4. Management of personal data

Alleantia uses the information acquired from users via the Sites (i) to manage requests and queries from users received through the Sites regarding Alleantia’s services, including consultancy and/training activities, (ii) to carry out its business activities and provide its services, such as the supply and downloading of software, (iii) for registration on the Cloud Portal, (iv) to manage applications for job positions, as well as (v) to send newsletters, direct marketing communications, subject to the specific express consent of the interested party.
In general, the information relating to the IP address, the type of device or the browser used by the user may be used in order to ensure the improvement of Alleantia’s services.
Navigation information is obviously managed in compliance with the rules on the analysis of the traffic generated by users who can choose not to be tracked thanks to the autonomy that is given to them in relation to consenting or refusing the use of cookies (on this point, please refer to the specific section dedicated to the cookie policy).
Any information deriving from other social accounts already owned by the user and generated and used by the same are managed by Alleantia secondarily or as personal data deriving from the provision previously made by the user to said social networks on the basis of their information and of the consents issued to them, on the basis of the authorizations and privacy management policies adopted by said social networks, for which Alleantia assumes no responsibility.
Alleantia shall not release any personal data directly acquired from the user to third parties who make commercial use of it unless its release has been expressly authorized by the user.
The decision not to provide personal data is legitimate even if this may be an obstacle to the use of the services and the browsing experience; the user is warned that the browsing experience alone already implies the release of minimum personal data constituted in this actual case by the IP address.

 

5. Purpose of data processing

The above-mentioned personal data is processed using manual and IT tools that ensure its security, protection and confidentiality, for the following purposes:

A. manage the requests and questions of users received through the Sites in relation to the activities and services offered by Alleantia, including consultancy and/or training activities;

B. carry out its activities and provide its services, such as the supply and downloading of software;
C. manage the user’s subscription to the Cloud Portal;
D. manage spontaneous applications sent by users who send Curricula;
E. fulfill tax, administrative and accounting obligations based on current legislation;

F. ascertain, exercise or defend a right in relation to the competent bodies, also on behalf of third parties, to protect the rights of Alleantia, its integrity and ensure the preservation of its professional image;

G. subject to the specific and distinct consent of the interested party, to send communications of an informative, promotional and/or direct marketing nature by any means of communication (traditional or automated, i.e., without operator intervention) (“Direct Marketing and Newsletter”);

H. sending of commercial communications aimed at the promotion and/or direct sale of products or services similar to those already purchased or used by the interested party, using the email coordinates indicated on such occasions (“soft spam”), without consent, unless there is express dissent, without prejudice to the right of the interested party to object at any time to the methods indicated at the bottom of the communication or at the addresses indicated;

I. verify the functionality of the Sites in relation to the types of interested parties who use them, keep the systems secure, processing the personal information provided by the user to avoid access or illegal activities, verify how users navigate the Sites to modify, enrich, innovate and improve the services rendered according to the needs of the market.

 

6. Legal basis

The following are legal bases in relation to which personal data is collected:
– As for purposes A), B), C), D) the legal basis is the execution of the pre-contractual and/or contractual relationship between the parties for which it is necessary to process personal data in order to fulfill the requests of users relating to the provision of services expected from Alleantia;
– As regards purpose E), the legal basis is the legal obligation imposed on the Data Controller regarding the processing of certain personal data for a certain time (accounting, administrative data, tax records, etc.);
– As regards purpose F), the legal basis is the legitimate interest of the Data Controller to ascertain, exercise or defend a right in relation to the competent bodies, also on behalf of third parties, to protect the rights of Alleantia, its integrity and the preservation of its professional image;
– As regards purpose G), the legal basis is the express consent of the Data Controller;
– As regards purpose H), the legal basis is the legitimate interest of the Data Controller;
– As regards purpose I), the legal basis is the legitimate interest of the Data Controller;

 

7. Methods for protecting the interested parties who have provided their personal data

Regulatory compliance provided for the protection of users who access the Sites is ensured by the criteria inherent in the legal bases provided for by the GDPR, so that the highest level of certainty of professionalism in the processing of data is also offered to users from non-EU areas or countries, since the relevant legislation applied to the legal bases of the processing is the strictest in the world.
8. Sharing of personal data with third parties
Alleantia processes personal data collected mainly via its platforms managed by its employees and/or collaborators as persons authorized to process data and/or system administrators. However, in some cases, the execution of all the activities connected and/or instrumental to the management of the requests may involve the Data Controller communicating the personal data of the interested parties to parties whose right to access them is recognized by law;
– to companies or third parties that carry out activities for the Data Controller strictly connected or instrumental to the operation of the Sites, such as, for example, the company that deals with the management of users’ personal data and the management of the computer systems on which they are stored, companies that offer email sending services.
Personal data provided by users who submit requests is only used for the purpose of carrying out the service requested and is communicated to third parties only in case of necessity.
Outside of these cases, personal data shall not be disclosed, except for contractual or legal provisions or unless specific consent is requested from the interested party.
In this sense, personal data could be transmitted to third parties but only and exclusively in the event that: a) there is the explicit consent of the interested party to share the data with third parties; b) there is a need to share information with third parties in order to provide the requested service c) this is necessary to fulfill requests from the judicial or public security authorities.
The subjects belonging to the categories to which the data may be communicated shall carry out the processing of the data and use it appropriately as data processors expressly appointed by the Data Controller pursuant to the law or, rather, as independent data controllers.
The Data Controller designates persons authorized to process all employees, even temporary personnel, and collaborators, even occasional ones, who carry out tasks that involve the processing of personal data.
An updated list of Data Processors is held at the Data Controller’s registered office.
Links to other websites and services
Our Sites may include links to other services or websites that apply a privacy policy other than Alleantia’s. When you use a link to an external site or service, the privacy and personal data processing policy of that service or site applies.

 

8. Sharing of personal data with third parties

Alleantia processes personal data collected mainly via its platforms managed by its employees and/or collaborators as persons authorized to process data and/or system administrators. However, in some cases, the execution of all the activities connected and/or instrumental to the management of the requests may involve the Data Controller communicating the personal data of the interested parties to parties whose right to access them is recognized by law;

– to companies or third parties that carry out activities for the Data Controller strictly connected or instrumental to the operation of the Sites, such as, for example, the company that deals with the management of users’ personal data and the management of the computer systems on which they are stored, companies that offer email sending services.

Personal data provided by users who submit requests is only used for the purpose of carrying out the service requested and is communicated to third parties only in case of necessity.

Outside of these cases, personal data shall not be disclosed, except for contractual or legal provisions or unless specific consent is requested from the interested party.

In this sense, personal data could be transmitted to third parties but only and exclusively in the event that: a) there is the explicit consent of the interested party to share the data with third parties; b) there is a need to share information with third parties in order to provide the requested service c) this is necessary to fulfill requests from the judicial or public security authorities.

The subjects belonging to the categories to which the data may be communicated shall carry out the processing of the data and use it appropriately as data processors expressly appointed by the Data Controller pursuant to the law or, rather, as independent data controllers.

The Data Controller designates persons authorized to process all employees, even temporary personnel, and collaborators, even occasional ones, who carry out tasks that involve the processing of personal data.

An updated list of Data Processors is held at the Data Controller’s registered office.

Links to other websites and services

Our Sites may include links to other services or websites that apply a privacy policy other than Alleantia’s. When you use a link to an external site or service, the privacy and personal data processing policy of that service or site applies.

 

9. Data retention period

Personal data is stored (also for the purpose of its portability) in hard-copy and/or electronic format on servers located at the headquarters of Alleantia and/or at the offices of service companies, in any case, located within the European Union. Personal data is processed and stored only for the time necessary to achieve the purposes for which it was collected or until interested parties communicate, in the manner provided for in this Privacy Policy, their will to revoke consent to one or to all the purposes for which it was requested or to delete the data.
Data retention period for processing purposes:
Purposes A), B), C), E), F) (manage the requests and queries of users received through the Sites, as well as carry out their activities and provide their services; manage the user’s registration to the Cloud Portal; fulfill tax, administrative and accounting obligations; defense of Alleantia’s rights in relation to the competent bodies) The data shall be kept for a period of 10 years, which is the same as the ordinary limitation period, starting from the closing date of the pre-contractual and/or contractual relationship with the user.
Purpose D) (Managing the spontaneous applications of users who send curricula) 24 months from data collection
Purpose G) (Direct marketing and newsletter service) As long as interested parties do not ask to revoke consent to the sending of direct marketing communications and their subscription from the newsletter service using the specific unsubscribe button (“Click here”) in the manner indicated at the bottom of the communication or by request to the Data Controller at the addresses indicated.
Purpose H) (soft spam) Until the right of opposition is exercised using the specific unsubscribe button (“Click here”) following the methods indicated at the bottom of the communication or by sending a request to the Data Controller at the addresses indicated.
Purpose I) (verification of the Sites’ functionality) The data will be kept for the period strictly necessary to carry out the Sites functionality checks.

After the expiry of the terms indicated above, the personal data shall be deleted or possibly rendered anonymous only for internal statistical-actuarial needs. Personal data may also be processed for a longer period of time if there is an interruption and/or suspension of the limitation period that justifies an extension of data storage retention.
Upon expiry of this term, the right of access, deletion, rectification and the right to portability of the data may no longer be exercised. Alleantia may also collect and store aggregate information that is anonymized or pseudonymous in order to protect the security of our Sites, improve our services or comply with legal obligations. In this case, Alleantia reserves the right to keep this information indefinitely.

 

10. Transfers of data outside the EU

Personal data is processed by Alleantia within the territory of the European Union and is not disclosed. If necessary for technical or organizational reasons, Alleantia reserves the right to transfer data to countries outside the European Union. In this regard, the Data Controller shall hereby ensure that the transfer of data outside the EU is regulated in accordance with the provisions of Chapter V of the Regulation and authorized on the basis of specific decisions of the European Union. All the necessary precautions will, therefore, be taken to ensure the most complete protection of personal data, basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the third party recipient pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules pursuant to art. 47 of the GDPR or, failing that, by virtue of one of the derogatory measures referred to in art. 49 of the GDPR.

 

11. Exercising of the rights of the interested parties

Users are granted the rights to their personal data defined by European legislation (EU Regulation 679/2016 of the GDPR) listed below.

Users have the right to:
– access their data;
– oppose its processing;
– have the data rectified;
– have the data deleted;
– have data processing limited;
– have the data transferred (data portability);
as well as:
– withdraw consent;
– submit complaints to the Supervisory Authority (Privacy Guarantor).
The interested party may exercise the right of opposition for direct marketing purposes, as well as for the periodic sending of information material with reference to the automated methods only or with reference to the traditional ones or decide to receive communications only through traditional or automated methods, or neither of the two types of communication.

The rights may be exercised by sending a written communication to: Alleantia S.r.l., email of the Privacy Coordinator at the address: [email protected]

 

12. Notification of contacts by email or telephone

Direct contacts, however they are realized, could be carried out, only if necessary, to finalize, check, or fulfill commercial relationships being established or already established with the user or to provide customer care services at the request of users who require clarification or explanations on any topic.
Contact via email is allowed from a promotional point of view (direct marketing) and to provide information regarding “newsletter” services only with express consent, except in the case of “soft spam” and without prejudice to the right of the interested party to oppose this at any time in the manner indicated at the bottom of the communication or at the addresses indicated.

 

13. Security measures

The Alleantia Site processes the data of users in a lawful and proper manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data. Processing is carried out using electronic and/or telematic instruments, with organizational methods and logic strictly related to the stated purposes.

14. Changes to the Privacy Policy

Periodic changes to this Privacy Policy are communicated with notification of updates at the bottom of the Privacy Policy accompanied by the date of issue, by means of the caption “Update of 30/08/2021.”.
Previous versions of the Privacy Policy no longer online can be requested from the address of the Data Controller or the Privacy Coordinator.

 

15. Contact addresses

You can contact our Privacy Coordinator by sending an email to the following address: [email protected]

LAST MODIFICATION DATE: August 30, 2021