INFORMATION ON THE PROCESSING OF PERSONAL DATA BY EUSOFT S.r.l. pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

This statement is made in compliancewith the European General Regulation on the Protection of Personal Data EU 2016/679 (“GDPR”) and subsequent amendments and/or additions as well as national legislation or regulations on the processing of personal data applicable from time to time (“Privacy Policy”) to ensure that the processing of personal data is carried out in compliance with the rights and freedoms of individuals with particular regard to the protection of personal data.

The term “personal data” means any information relating to a natural person, identified or identifiable, including indirectly, with reference to any other information, including a personal identification number.

The term “processing” means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

The term “data subject” means the natural person to whom the personal data refers.

1. Data controller

EUSOFT S.r.l. (“Company“) with registered office in Bari, Via Marco Partipilo 38 VAT Number 05067920727 treats, according to the specific purposes pursued and indicated in this statement in par 3 the personal data of the data subjects pursuant to the GDPR, as Data Controller (“Data Controller“).

2. Sources and type of data processed

The personal data processed by the Data Controller are collected directly by the data subjects or spontaneously provided by them from the Company’s website or via social networks, or on the occasion of events organized by the Group Companies also with third parties such as, for example, business partners.

The data processed by the Data Controller http://www.impresoftgroup.com/ may include personal information and contact information such as: name, surname, e-mail, telephone number, address, role, company name, CV and professional life data in case of application and any other information voluntarily provided by the interested party.

3. Purpose and legal basis of the processing carried out by the Data Controller

The Data Controller may process the personal data of the data subject collected for the following processing purposes:

  1. Purposes strictly connected and instrumental to the establishment and management of a contract of which the interested party is part pursuant to art. 6 paragraph 1 lit. b) GDPR. The provision of personal data does not require consent, but is necessary to perfect, implement or continue the contractual relationship with the Data Controller.
  2. Management of the relationships with the interested party deriving from his requests to use additional or informative content offered within the Data Controller’s website. In this case, the provision of personal data is not mandatory, but the refusal to provide them may make it impossible for the data subject to obtain the services and/ or products and/ or content requested, receive the features, information and information material requested from the Data Controller. To access these additional services/contents, the consent of the data subject to the processing of data for marketing purposes is required, including profiled, as described in point 7 of this list below.
  3. Response to requests for information spontaneously made by the interested party to the Data Controller. The provision of personal data does not require consent because the processing is necessary to implement pre-contractual measures taken at the request of the interested party pursuant to art. 6 paragraph 1 lit. b) GDPR.
  4. Fulfilment of legal obligations, regulations, community legislation, provisions issued by authorities empowered by law or by supervisory and watchdog bodies pursuant to art. 6 paragraph 1 lit. c) GDPR. The provision of personal data for the purposes referred to in this point is mandatory and the related processing does not require consent.
  5. Purposes of business analysis to improve the activity and its services (e.g. detection of the degree of customer satisfaction on the quality of the services rendered and the activity carried out by the Data Controller). The provision of personal data is not mandatory and the related processing does not require the consent for the existence of legitimate interest of the Data Controller to carry out business analysis activities pursuant to art. 6 par. 1 lit. f) GDPR.
  6. Commercial purposes for the promotion and sale of products and services similar to those already purchased by the interested party, through commercial communications. The provision of data is not mandatory and their processing does not require consent for the existence of legitimate interest of the Data Controller pursuant to art. 6 par. 1 lit. f) GDPR to carry out marketing activities towards its customers.
  7. Own marketing purposes, through commercial communications transmitted by email or other contact channels, including customized/ specific interest. The provision of data is not mandatory and their processing requires consent. If the data subject fails to provide personal data, the data subject may not receive information on the products and/or services offered by the Data Controller, but there will be no consequence on the possibility for the data subject to consult the site and on the possible contractual relationship with the Data Controller.
  8. Statistical analysis on the use of the website www.eusoft.co.uk through anonymous browsing data. The processing is however subject to the explicit consent of the interested party and a specific information on the cookie policy: www.eusoft.co.uk/cookie-policy.
  9. Activities of selection and search of personnel carried out for their own business needs. The provision of personal data is not mandatory, but the refusal to provide them may prevent the Data Controller from evaluating the professional profile of the data subject for the purpose of establishing an employment relationship. The related processing does not require the consent of the interested party for the execution of pre-contractual measures taken at the request of the interested party pursuant to art. 6 paragraph 1 lit. b) GDPR.
  10. Judicial defence: if necessary to establish, exercise or defend their rights in court. The provision of personal data is mandatory and the related processing does not require consent for the existence of legitimate interest of the Data Controller pursuant to art. 6 par. 1 lit. f) GDPR.

If additional data processing purposes are added to those indicated above, specific additional information will be provided that will describe in detail the type of data processed in relation to these additional purposes.

4. Place and methods of processing personal data

In relation to the purposes indicated, the processing of personal data takes place through manual, computer and telematic tools with logics strictly related to the purposes themselves and, in any case, in order to ensure the security and confidentiality of the data.

Personal data of the data subject will be treated exclusively with authorized technical personnel, with mainly automated and computerized methods, suitable to guarantee, in relation to the purposes for which the data are processed, security and confidentiality, and to prevent unauthorised access to the data.

The processing of the collected data takes place at the headquarters of EUSOFT and the service providers identified by it and appointed, where necessary, data processors pursuant to art. 28 of the GDPR.

The data collected and processed for marketing purposes, including profiled, by the joint controllers are stored in the CRM that resides at the headquarters of EUSOFT or MS AZURE cloud services located in the Community.

5. Retention of personal data

The personal data of the interested party will be stored only for the time necessary to achieve the purposes for which they are collected, in compliance with the principle of minimization pursuant to art. 5.1.c) of the GDPR.

In particular, as regards the processing for marketing purposes, including profiled, the data will be processed and stored until the withdrawal of consent by the interested party. In any case, the data subject can always request the interruption of the processing or the cancellation of his data, as provided below.

The Data Controller may retain certain data even after the termination of the relationship depending on the time necessary for the management of specific contractual or legal obligations and for administrative purposes, tax and/or contributory period of time imposed by laws and regulations in force, as well as for the time required to assert any rights in court.

In any case, the data are processed not only in compliance with current legislation, according to the canons of confidentiality to which the Data Controller and the joint controllers have always been inspired.

The storage times will vary depending on the type of data processed, but in general the criteria for determining the retention period are exclusively:

  • The existence of a legal or contractual need to store data.
  • If the data is necessary to provide your services.

6. Categories of subjects to whom data may be disclosed

The Data Controller may communicate the personal data of data subjects to third parties, in compliance with legal obligations.

The Data Controller may communicate the personal data of the data subject to third party service providers who will be designated Data Processors pursuant to art. 28 of the GDPR and are essentially included in the following categories as examples and not exhaustive:

  • entities providing banking services, including entities involved in the management of payment systems;
  • persons, companies, associations or professional firms providing services or activities of assistance and advice to owners, with particular but not exclusive reference to accounting, administrative, legal, tax and financial and commercial matters;
  • subjects carrying out control, review and certification of the activities carried out by the Data Controller also in the interest of customers.

The Data Controller undertakes not to communicate to third parties the personal data for which the data subjects have expressed specific consent to marketing.

The data of the interested party will not be communicated, disclosed or sold to third parties or used for purposes other than those indicated above, unless prior notice and express consent of the interested party, if necessary.

7. Transfer of non-EU data

No transfer is currently planned to a third country or an international organization outside the European Union.

Any transfer of data to non-EU Third Countries for the purposes indicated in paragraphs 3 and 4 above, may take place, in compliance with the methods allowed by law and in particular according to the provisions of the GDPR referred to: i) art. 44 – General principle of transfer; ii) Art. 45 – Transfer on the basis of an adequacy decision; iii) Art. 46 – Transfer subject to adequate guarantees; iv) Art.49 – Derogations in specific situations.

8. Rights of the data subject

According to art. 15-22 of the GDPR, data subjects are granted specific rights. In particular, the data subject may obtain from the Data Controller: access, rectification, cancellation, limitation of processing, withdrawal of consent and portability of data concerning him. The data subject also has the right to object to the processing for legitimate reasons and/or for commercial purposes.

The Data Controller undertakes to respond as soon as possible to the data subject after having verified his identity where necessary.

In the event that the right of opposition is exercised, each Data Controller reserves the right to refuse the request, and then to continue processing, where there are compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject.

As for marketing purposes, the possibility remains open to the data subject who has given his consent:

  • to request, at any time and free of charge, to receive communications exclusively through traditional methods of contact such as calls via operator;         
  • to object, at any time and free of charge, to the processing of data for the aforementioned purposes. In this case, the right to object to the processing of data through automated means of contact (such as e-mail), extends to traditional methods of contact (such as telephone calls via operator);
  • to object, at any time and free of charge, to the processing of data for the aforementioned purposes only in part or by expressing a choice on the methods of contact.

The above rights may be exercised by sending a written communication to the following e-mail address: privacy@eusoft.it.

You also have the right to lodge a complaint with the Data Protection Authority.

9. Links to other websites

The site may contain links to other websites. However, once you have used these links and leave this site, The Data Controller will not have any control over the other websites and will in no way be responsible for the protection and confidentiality of the information you provide when visiting such other sites. Please read carefully the privacy policy applicable to the site in question.

10. Changes to this privacy policy

The Data Controller reserves the right to make changes to this information at any time by informing interested parties on this page. In the event of non-acceptance of the changes made to this policy, the data subject may request the Data Controller to remove his personal data as described in paragraph 8.