“Processing of Personal Data”, in plain words, means any operation or set of operations which is performed on any information relating to an identified or identifiable natural person (Data Subject). As an example, your e-mail address is considered Personal Data and while we collect and store it we are “processing” it. Transmission to third parties and erasure are other processing operations.
We are defined “Data Controller”, as we determine the purpose and means of the processing of Personal Data.
You, as a “natural person to whom Personal Data are related”, are defined “Data Subject” and you are entitled to be informed on who we are, which Data we process, why/how/how long we process them, your rights and obligations.
In addition, we’d like to inform you that when you browse this Website we collect Browsing Data (e.g. IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status, and other parameters related to the user’s operating system and computer environment). Normally, collection of this Data does not imply processing of Personal Data, as we cannot identify you through those data; in any case, Browsing Data are erased immediately after being aggregated (except if judicial authorities need such data for establishing the commission of criminal offences).
|Who we are?|
|ReaQta BV, a company duly existing and organised under the laws of Netherlands, with registered offices in Amsterdam, Molenpad 6H, 1016 GM (“ReaQta” or “Controller”).|
|Why are we processing Personal Data?|
|In order to:|
|Why are we allowed to process your Personal Data?|
|Processing of your Personal Data may be:|
|To whom do we transfer your Personal Data?|
(Categories of Recipients)
|In the minimum necessary extent in relation to the above purposes the Controller may disclose your Personal Data to:|
|How long do we retain your Personal Data?||The Controller will store your Personal Data only for as long as is necessary for the above purposes and to comply with its legal obligations, resolve disputes and enforce legal agreements and policies.|
Browsing Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or we are legally obligated to retain this data for longer time periods.
|Do we transfer Personal Data outside the European Economic Area (EEA) or to international organisation?||Personal Data may be transferred to – and maintained on – computers and persons outside the EEA.|
|Do we do Profiling?||No, we actually don’t profile our users.|
|Are you obliged to provide your Personal Data?||You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent, except Session Identification- cookies (n. 1 above), which are temporary maintained, only during the session.|
|What happens if you don’t provide your Personal Data?||You may disable, restrict or delete the cookies from this website at any time by changing the configuration of your browser.|
|Which are your rights?||You have the right to:|
|How you can contact us?||If you have any questions about the processing of your Personal Data, or you want to exercise your rights, please contact the Controller at firstname.lastname@example.org you may also contact our representative in the EU, designated according to Article 27 GDPR.|
List of definitions
- “Applicable Regulations”: any provision of law, independently of its ranking, belonging to the legal systems of the European Union, which is in any way applicable to the Agreement.
- “Authorised”: the individual who, under the supervision of the Company, is instructed by the latter in relation to the Processing of Personal Data as per art. 29 GDPR.
- “Authority”: the entity or organisation, whether private or public, entrusted with the judiciary, administrative, disciplinary, surveillance and police powers.
- “Committee” or “EDPB” the European Committee for the protection of personal data, as established by art. 68 GDPR and regulated in arts. 68 to 76 GDPR, which substitutes WP29 from 25 May 2018.
- “Communication”: “the providing of information concerning personal data to one or more subjects other than the data subject, as operated by a representative of the Controller in the territory of the European Union, by the Processor or its representatives in the territory of the European Union, by those who are Authorised to the processing of personal data in light of art. 2-quaterdecies under the direct supervision of the controller or the processor, independently of the modalities of the processing, even by making the information concerning the personal data available, consultable or reachable by interconnection” (as set forth in art. 2-ter, comma 4 lett. a of the Privacy Code).
- “Controller”: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”, as defined in art. 4, subparagraph 1, no. 7, GDPR.
- “Supervisory Authority”: the independent public authority of a Member State of the European Union or of the European Union itself that in entrusted with the task of assessing the application of Privacy Regulations.
- “Data”: one or more categories indicated as Personal Data or Special Data.
- “Database”: group of Data and/or Information which is homogenous in relation to its content and format, as owned by each of the Parties and sent to the other Party for the purpose of signing and/or performing the Agreement.
- “Data Subject”: “an identified or identifiable natural person”, as defined in art. 4, subparagraph 1, no. 1, of EU Regulation no. 2016/679 (“GDPR”).
- “Director”: the individual provided with the powers to legally represent a Party or a Third Party.
- “Employee”: natural person who carries out work under the supervision of one of the Parties or the Commercial Contract, independently of the type of the formal contractual relationship with them.
- “GDPR”: EU Regulation no. 2016/679 concerning “the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”;
- “Information” o “Confidential Information”: the data or information (of any nature, whether technical, productive, financial, commercial, operative, accountancy-related or economical etc.), as well as the documents, declarations, and generally any piece of information concerning, by way of example, the know-how, processes, results, milestones, draft, specifications, forecasts, business plans, also in the form of memos, figures, internal communications, studies, reports, lists, data, tables, forms, security infrastructures, clients and/or suppliers, exchanged among the Parties and/or made available to each of the Parties for the purpose of the signing or performance of the Agreement, or developed by the other Party in relation to the Opportunity, independently of their format (oral, electronic or in writing), which is labelled as “confidential” or anyway regarded as such by the Party that submits it.
- “Lead”: the individual or entity who is potentially interested in the possibility of entering into an agreement with one of the Parties, as well as with their Directors, Employees or agents.
- “Marketing”: indicates singularly or collectively the submission of advertising, marketing, sale and market research materials.
- “Personal Data”: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”, a defined in art. 4, subsection 1, no. 1, GDPR).
- “Privacy Regulations”: EU Regulation no. 2016/679 (“GDPR”) and further applicable Regulations, independently of their legal rank, thus including the opinions of WP29 and, from 25 May 2018, of the Committee.
- “Processing”: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as defined in art. 4, subparagraph 1, no. 2, GDPR.
- “Processor”: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”, as defined in art. 4, subparagraph 1, no. 8, GDPR.
- “Profiling”: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”, as defined in art. 4, subparagraph 1, no. 4, GDPR
- “Prospect”: the individual or entity who is actually interested in entering into an agreement with any of the Parties, thus including their Directors, Employees and agents.
- “Recipient”: “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, a defined in art. 4, subparagraph 1, no. 9, GDPR.
- “Restriction of the processing”: “the marking of stored personal data with the aim of limiting their processing in the future”, as defined in art. 4, subparagraph 1, no. 3, GDPR.
- “Services”: the work of any kind (e.g. supply of goods/services) as performed by each of the Parties.
- “Special Data”: Personal Data that “reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, […] concerning […] a natural person’s sex life or sexual orientation” (art. 9.1 GDPR), “concerning health” (“personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status”, as defined in art. 4, subparagraph 1, no. 15, GDPR) and the “data relating to criminal convictions and offences or related security measures” (art. 10 GDPR), as well as “genetic data” (“personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question”, as defined in art. 4, subparagraph 1, no. 13, GDPR); “biometric data” (“personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data”, as defined in art. 4, subparagraph 1, no. 14, GDPR).
- “Spreading”: “providing information in relation to the personal data to unidentified subjects, in any format, also by making them available or consultable” (as defined in art. 2-ter, comma 4, lett. b of the Privacy Code).
- “Supplier”: the individual or entity that submits a commercial offer to any of the Parties or to the Commercial Contract (independently of their acceptance), as well as to their Directors, Employees or agents.
- “Third Party”: anyone who is not a Party.
- “WP29”: the Working Group for the protection of individuals with regard to the processing of personal data, as established by art. 29 Directive 95/46/CE, whose tasks were established by art. 30 of Directive 95/46/CE and by art. 15 of Directive 2002/58/CE.