Altilia Privacy Policy

LEGAL & PRIVACY PERSONAL DATA PROTECTION INFORMATION

Pursuant art. 13, EU Regulation 2016/679

Dear Data Subject,

the protection of potential and/or current clients’ and users’ personal data has always been considered crucial by Altilia S.r.l.

Through this document (hereinafter referred to as “the Information”), we intend to renew our effort to guarantee that the processing of your personal data, performed by any means, both automatic or manual, will be executed in full observance of the rights and protections recognized under the (EU) 2016/679 Regulation (hereinafter referred to as the “GDPR” or the “Regulation”) and under further applicable laws concerning personal data protection.

With the term personal data reference is made to the definition provided by art. 4(1) of the Regulation, namely “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter referred to as “Personal Data”).

The Regulation provides that, before proceeding with the Personal Data processing – whereby it is to be understood, according to the definition provided by art. 4(2) of the Regulation, namely “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (hereinafter referred to as “the Processing”) –the owner of such Personal Data must be informed on the reasons for which they were requested and in which ways they will be used. In that respect, this Information – drafted according to the transparency principle and all the elements set out by art. 14 of the Regulation – aims to provide, in a simple and intuitive way, all the useful details you need to confer your Personal Data intelligently and prudently, or to request, at any time, clarifications or modifications.

DATA CONTROLLER

The subject performing your Personal Data Processing for the purposes of Section C of this Information and that will therefore assume the role of Data Controller – according to the definition provided by art. 4(7) of the Regulation, namely “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” – is:

Altilia S.r.l. (hereinafter referred to as “the Data Controller” or “Altilia”), with its registered office in Via Alessandro Volta n. 41, 87036 – Rende (CS) (hereinafter referred to as “the Registered Office”).

B. DATA PROTECTION OFFICER’S CONTACTS

In order to facilitate the relationship between you, as Data Subject – namely “an identifiable natural person who can be identified, directly or indirectly” as indicated under art. 4 (1)of the Regulation (hereinafter referred to as “Data Subject”) – and the Data Controller, the Regulation requires, in some particular cases, the appointment of a control and support subject which, among the various tasks, will act as a reference point for the Data Subject. The Data Controller has chosen to implement such subject, the so-called “Data protection officer”, establishing and appointing, pursuant to art. 37 of the Regulation, Mr. Vincenzo Tomasello (hereinafter referred to as “the DPO”).

The DPO, pursuant and in accordance to art. 39 of the Regulation, is called upon to fulfill, among others, the following tasks:

inform and advise the Data Controller, as well as the employees performing the Processing’s operations, on the obligations arising from the Regulations, along with other EU or national provisions concerning Personal Data protection;

supervise and monitor the observance of the Regulation and the applicable laws in relation to Personal Data protection as well as the policies and procedures implemented by the Data Controller

provide support on the request of the data subject;

cooperate with the competent Data Protection Authority

In accordance with art. 38 of the Regulation, you can freely contact the DPO for any issue regarding the Processing of your Personal Data and/or if you wish to exercise your rights as set out in Section G of this Information, sending a written communication to [email protected].

C. PURPOSES

In order to allow you to register on the website https://altilia.ai (hereinafter referred to as “the Website”) – in the sections wherein registration and/or the submission of a request using contact modules and/or the newsletter subscription is allowed – the Data Controller needs to collect some of your Personal Data.

Therefore, the Processing of your Personal Data will be performed by the Data Controller to allow you to join the initiatives promoted through the Website, to receive the newsletter, to access free or chargeable demo trials, to send information requests as well as to enjoy all the other services in turn offered on the Website in which you have registered and/or in which you are browsing.

To ensure that the Data Controller correctly performs the Processing’s operations for the aforesaid purposes, you are required to provide the Personal Data marked with the [*] symbol.

Such processing is lawful pursuant to art. 6, comma 1, point b) of the Regulation. Failing to provide even one of the marked data will impede your Personal Data’s Processing; subsequently, your registration to the Websites will not be finalized and/or you will not be able to access the services for which the Personal Data provision was required.

The Personal Data required for the aforesaid purposes will be the ones indicated in the registration form and/or the contact form, including but not limited to: name, surname, date of birth, permanent address/domicile, e-mail, house phone number, fiscal code or social security number. In this case, you are entitled to read this Information within the Privacy section of the Website.

In addition to the purposes stated above, your Personal Data may be processed for Direct Marketing; the term “Direct Marketing” refers to promotional and/or marketing activities the Data Controller carries out to provide you an enhanced service, promote products and services of your liking sold and/or delivered by the Data Controller.

With respect to such direct marketing purposes, it should be noted that pursuant to letter f) of art. 6(1) of the Regulation, the Data controller may carry out those activities pursuing a legitimate interest, regardless of your consent and, in any case, until you object or restrict (according to Section G, letter d) of this Information) such Processing, as it is clear in Recital 47 of the Regulation, in which it is stated that: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. This may be also due to evaluations made by the Data Controller concerning the potential and possible primacy of your interests, rights and fundamental liberties involved in the Personal Data Protection over his legitimate interest to send direct marketing communications.

You can legitimately revoke your consent, even partially, for direct marketing purposes without prejudice to the Processing for other purposes.

The contacting methods related to direct marketing activities may be both traditional or automated. In any case, as better stated in Section G of the present Information, you can revoke your consent even partially, e.g. agreeing to the sole traditional contacting methods. As for the contacting methods involving the usage of your mobile contacts, we remind you that direct marketing activities will be carried out only prior to verification of your subscription to the “Registro delle Opposizioni”, pursuant to and in accordance to Italian D.P.R. 7 September 2010, n. 178 and subsequent modifications.

D. SUBJECTS TO WHOM YOUR PERSONAL DATA MAY BE DISCLOSED

Your Personal Data may be disclosed to specific subjects deemed recipient of such Personal Data. In fact, art. 4(9) of the Regulation, defines as Recipient of Personal Data a “natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.” (hereinafter referred to as “the Recipient”).

Under this regard, in order to perform all the Processing activities needed for the purposes indicated in this Information, the following Recipients may have to process their Personal Data:

third parties carrying out processing activities and/or connected and/or instrumental to them, on behalf of the Data Controller. Such subjects are appointed Processors, which term according to art. 4(8) of the Regulation indicates: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller” (hereinafter referred as to “the Processor”);

single individuals, employees and/or assistants of the Data Controller, to whom specific and/or more activities involving Personal Data Protection are entrusted. Specific instructions concerning Personal Data security and correct usage are issued to these individuals who are defined by art. 4(10) of the Regulation, as: “Any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, [that] are authorized to process personal data” (hereinafter referred to as “Authorized subjects”).

Where required by the law or to prevent and repress the commission of a criminal offence, your Personal Data may be disclosed to public entities or judicial authorities without them being defined as Recipients. In fact, according to art. 4(9) of the Regulation, “public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients”.

E. PROCESSING’S DURATION

One of the principles applicable to your Personal Data Processing involves storage limitation period, disciplined by letter e) of art. 5(1) of the Regulation states as follows: Personal Data are “kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to the implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the Data Subject”.

For these reasons, your Personal Data will be processed by the Data Controller within the limits of what is necessary for the pursuit of the purposes set out in Sections B and C of this Information. In particular, your Personal Data will be processed for no longer than the time needed, as indicated in Recital 39 of the Regulation, i.e. until the termination of any contractual relationship at that moment in place between you and the Data Controller, without prejudice to the Data Controller’s legitimate interest, as indicated in Recital 47 of the Regulation, as well as an additional storage period imposed by the law or Recital 65 of the Regulation.

F. WITHDRAWAL OF CONSENT

As required by the Regulation, in case you have given your consent to your Personal Data Processing for one or more purposes for which it was required, you can, at any time withdraw it fully or partially without prejudice to the lawfulness of the Processing based on the consent given prior to the withdrawal.

The methods whereby your consent can be withdrawn are simple and intuitive: you will only need to contact the Data Controller and/or the DPO using the contacting methods indicated in this Information, respectively in the B and H Section.

G. RIGHTS

Pursuant to art. 15 of the Regulation, you can access your Personal Data, ask for their rectification and update, if incomplete or erroneous, ask for their removal in case the collection was performed in breach of the law or regulation. In addition, you can object to the Processing for legitimate and specific reasons.

Furthermore, here you find listed all the rights you can exercise, at any time, towards the Data Controller:

a. Right of Access

You have the right, pursuant to art. 15(1) of the Regulation, to obtain confirmation from the Data Controller that a Personal Data Processing is ongoing and, in such circumstance, to obtain access to such Personal Data and to the following information: a) the purpose of the Processing; b) the types of Personal Data at issue; c) the Recipients or the types of Recipients to whom your Personal Data were or will be disclosed, especially if Recipients belong to third countries or international organizations; d) if applicable, the required storage period of Personal Data or, if not applicable, the criteria used to determine such period; e) the existence of a right of the Data Subject to ask the Data Controller the rectification or erasure of Personal Data or the restriction of the Personal Data Processing or to object to the Processing; f) the right to lodge a complaint to the relevant Data Protection authority; g) if the Personal Data were not collected through the Data Subject, all the information concerning their origin; h) the existence of an automated decisional process, including profiling mechanisms as referred to in the art. 22(1,4) of the Regulation and, at least in these cases, relevant information on the logic used as well as the importance and the expected consequences of such Processing for the Data Subject.

b. Right of Rectification

You can obtain, pursuant to art. 16 of the Regulation, the rectification of your Personal Data that is incorrect. Furthermore, taking into account the purposes of the Processing, you can obtain the integration of your Personal Data that is incomplete, also by giving a supplementary statement.

c. Right to Erasure

You can obtain, pursuant to art. 16 of the Regulation, the erasure of your Personal Data without unjustified delay and the Data Controller will have an obligation to erase your Personal Data when one of the following applies: a) your Personal Data is not necessary to the purposes for which they were collected or otherwise processed anymore; b) you proceeded with the withdrawal of the consent on which the Processing of your Personal Data is based and there is no other legal reason for their Processing; c) you objected to the Processing according to art. 21(1,2) of the Regulation and there is not any prevailing legitimate reason to proceed with your Personal Data Processing; d) your Personal Data was illegally processed; e) it is necessary to erase your Personal Data in fulfilment of a statutory obligation indicated in the EU or national legislation.

In some cases, as required by art. 17(3) of the Regulation, the Data Controller can lawfully refuse to proceed with the erasure of your Personal Data if their Processing is necessary, for instance, to exercise the right to freedom of expression and information, to fulfill a statutory obligation, on grounds of public interest, for archiving in the public interest, scientific, statistical, historical use, and for the establishment, exercise or defence of legal claims.

d. Right to Restriction of Processing

You have the right to obtain from the Data Controller restriction of processing, pursuant to art. 18 of the Regulation, where one of the following applies: a) you have contested the accuracy of the Personal Data (at least for a period enabling the controller to verify the accuracy of the Personal Data); b) the Processing is unlawful but you objected to the erasure of the Personal Data, requiring the restriction of their use instead; c) despite the Data Controller no longer needs your Personal Data for the purposes of the Processing, they are required for the establishment, exercise or defence of legal claims; d) you objected to the Processing pursuant to Article 21(1) of the Regulation, pending the verification whether the legitimate grounds of the Data Controller override yours.

In case of Treatment’s restriction, your Personal Data will be processed, without prejudice of their storage, only with your consent or for the establishment, exercise or defence of legal claims, or for upholding the rights of another natural or legal person or on grounds of relevant public interest. We will inform you, in any case, before such restriction will be revoked.

e. Right to Data Portability

You have, at any time, the right to ask and obtain, pursuant to art. 20(1) of the Regulation, all your Personal Data processed by the Data Controller in a structured, commonly used and machine-readable format, and transmit to another Data Controller without hindrance. In this case, you will ensure that we receive all the exact contact information concerning the new Data Controller to whom you intend to transfer your Personal Data, providing us with written authorization.

f. Right to Object

Pursuant to art 21 (2) of the Regulation and the Recital 70, you have the right to object, at any time, to the Processing of your Personal Data when these are processed for direct marketing purposes, including profiling as far as it is linked to such direct marketing.

g. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you consider that the Processing of Personal Data infringes this Regulation and/or the applicable laws.

To exercise the aforementioned rights, you will have to contact the Data Controller in the following ways:

Sending an email to [email protected]

Sending a registered letter to the Registered Office of the Data Controller

Please note that, at any time, you can also refer the matter to the Altilia DPO with the means listed in Section B of this Information.

H. PLACE OF PROCESSING

The personal information you provide to ALTILIA through our websites will not be shared outside of ALTILIA and its controlled subsidiaries and affiliates without your permission.

Your Personal Data will be processed by the Data Controller within the territories of the European Union.

If for technical and/or operational issues, it is necessary to make use of subjects located outside the EU, we inform you forthwith that those subjects will be considered Processors pursuant and according to art. 28 of the Regulation, and the transfer of your Personal Data to such subjects, limited to the execution of specific activities of the Processing, will be regulated in conformity to what provided by Chapter 5 of the Regulation.

Therefore, all the care will be taken to guarantee the utmost protection of your Personal Data, relying on a) the existence of an adequacy decision concerning a third country by the Commission; b) on adequate guarantees given by the third-party Recipient according to art. 46 of the Regulation; c) on the adoption of binding corporate rules; d) adopting standard contractual clauses approved by the Commission.

In any case, you can require further details to the Data Controller if your Personal Data were processed outside the EU, demanding evidence of the specific warrantees adopted.

INFORMATION ON THE USE OF COOKIES

Pursuant EU Regulation 2016/679

The website https://altilia.ai employs cookies to improve the online experience and ensure efficient browsing. This document provides detailed information on how cookies are used, how https://altilia.ai employs them and how to manage them.

What are cookies

Cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored and then retransmitted to the same sites on the next visit by the same user. While browsing a site, the user can also receive cookies on his terminal that are sent from different sites or web servers (so-called “third parties”), on which some elements may reside (such as, for example, images, maps, sounds, specific links to pages from other domains)on the site he is visiting.

Cookies, usually present in users’ browsers in very large numbers and sometimes even with characteristics of long persistence, are used for different purposes: execution of IT authentications, session monitoring, storage of information on specific configurations regarding users accessing the server, etc.

Types of cookies

In general, there are three different ways to classify cookies: what purpose they serve, how long they endure, and their provenance.

Duration

Session cookies – These cookies are temporary and expire once you close your browser (or once your session ends).

Persistent cookies – This category encompasses all cookies that remain on your hard drive until you erase them, or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary. According to the ePrivacy Directive, they should not last longer than 12 months, but in practice, they could remain on your device much longer if you do not take action.

Altilia https://altilia.ai does not use persistent cookies. However, by browsing the pages of the website https://altilia.ai, you can interact with sites managed by third parties that can create or modify permanent and profiling cookies.

Provenance

First-party cookies – As the name implies, first-party cookies are put on your device directly by the website you are visiting.

Third-party cookies – These are the cookies that are placed on your device, not by the website you are visiting, but by a third party like an advertiser or an analytic system.

The management of information collected by “third parties” is governed by the managers themselves. More information is available at the web addresses of the various information notices and how to manage cookies.

Facebook and Instagram information: https://www.facebook.com/help/cookies/

Facebook and Instagram (configuration): access your account. Privacy section.

Twitter information at: https://support.twitter.com/articles/20170514

Twitter (configuration): https://twitter.com/settings/security

LinkedIn information: https://www.linkedin.com/legal/cookie-policy

LinkedIn (configuration): https://www.linkedin.com/settings/

Google+ information: https://www.google.it/intl/it/policies/technologies/cookies/

Google+ (configuration): https://www.google.it/intl/it/policies/technologies/managing

Google Analytics: https://www.google.it/policies/privacy/partners/

YouTube: For more information on YouTube click here.

Purpose

Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow webshops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.

Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.

Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.

Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.

Management of cookies

The user can decide whether or not to accept cookies using his browser setting. Sometimes, however, the total or partial disabling of technical cookies can compromise the use of some features of the site. On the contrary, the usability of public content is also possible by completely disabling cookies.

Disabling “third-party” cookies does not affect browsing in any way.

The setting can be defined specifically for the different websites and web applications. In addition, the best browsers allow you to define different settings for “proprietary” and “third party” cookies.

Here are some links relating to the management of cookies for the main browsers:

Chrome: https://support.google.com/chrome/answer/95647?hl=it

Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Internet Explorer: https://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-ininternet-explorer-9

Opera: https://help.opera.com/Windows/10.00/it/cookies.html

Safari: https://support.apple.com/kb/HT1677?viewlocale=it_IT

Data controller

The data controller is Altilia Srl, in the person of their legal representative p.t., with offices in Via A. Volta, 41 – 87036 Rende (CS)

Exercise of rights by the interested party

At any given moment it will be possible to exercise the rights of the art. 7 of “Codice della privacy”, and this exercise Is not subject to any form of constraint. Pursuant to the same article users have the right to request the cancellation, the anonymous transformation or the block of the processed data in violation of law, as well as to oppose for legitimate reasons to their processing in any event.

Such requests may therefore be addressed to:

Altilia Srl, in the person of their legal representative p.t., with offices in Via A. Volta, 41 – 87036 Rende (CS), Italy