Privacy Policy as pursuant to EU Reg. 679/2016 General Data Protection Regulation – “GDPR”

Introduction

In compliance with Reg. EU 679/2016, OverIT S.p.A. informs you on the methods of collection, data processing and storage of personal data collected through this website with the intent to make you fully aware of your rights and how to exercise them easily, in order to comply with the principles of lawfulness, fairness and transparency of processing.

Data Controller

OverIT S.p.A., a company incorporated under Italian law, with registered office in Via Ugo Bassi n. 81, 33080 – Fiume Veneto (PN), P.IVA 01391460936

Data Protection Officer: Avv. Gianluca Rubinato – dpo@rbb-legal.it

Controller’s e-mail address: privacy@overit.ai

Type of Data Collected

The browsing of the Controller’s website entails the processing of personal data, which may include an identifier such as a name, an identification code or number, an online identifier suitable for making the data subject identified or identifiable (hereinafter “personal data“).

1. Browsing the website

The computer systems and software procedures set up and used to run this site will acquire, as part of their ordinary operations, specific personal data, the transmission of which is implicit in the use of Internet communication protocols.

This category of data includes, among others, the IP addresses or domain names of the computers employed by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method adopted to submit the request to the server, the origin or referrer of the user and further parameters related to the user’s operating system and computer environment.

Any use of Cookies – or other tracking tools – by this Website or by the owners of third-party services used by this Website, is merely intended to provide the Service requested by the User, unless otherwise specified.

For further information, please consult our Cookie Policy.

2. Data provided by the data subject on a voluntary basis

When filling out forms to request information concerning our products and services, or to request a product demo, the following data will be collected: first name, last name, company name, e-mail address, telephone number, industry, country.

The User shall be responsible for any third-party Personal Data collected, published or shared through this Web Site and warrants that they have the right to disclose or disseminate them, thus indemnifying the Controller from any liability to third parties.

Summary of processing activities

Purposes Legal Basis Mandatory or Optional
1 Browsing our website Processing is based on the consent of the data subject Providing consent is a prerequisite to enable the use of the website
2 Sending promotional or marketing communications, including newsletters, through automated tools (e-mail) Processing is based on the consent of the data subject The provision of personal data for this purpose is optional. The refusal shall not entail any consequences.
3 Information request via contact form Processing is required when executing a contract or the pre-contractual measures The provision of personal data is a necessary requirement for the Controller to respond to the request. In case of refusal, the Controller may not follow up on any contact or demo requests.

 

Purposes and Legal Basis of Data Processing

1. Browsing the website

Part of the data collected when browsing the Controller’s website is required for using the Site. The legal basis underlying the processing is the consent of the data subject.

Also, the Controller processes the data collected in order to:

  • obtain statistics on the use of the services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
  • monitor the proper functioning of the services offered.

The legal basis for the processing is the consent of the data subject.

2. Marketing communications and statistics

The Controller may use the e-mail address provided in the contact forms to send advertising material, to provide commercial information regarding new products or services, to promote events and initiatives organized by the Company or other group companies, our suppliers or customers, partners or third parties.

The legal basis for the processing is the consent of the data subject.

Should, in any event, the Data Subject want to object to the processing of their data for marketing purposes as performed by the means specified herein, as well as withdraw the consent given, they may proceed to do so at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

3. Filling out information request forms

In the event of filling out a form to request information regarding our products and services, or to request a product demo, the data entered (e.g., company name, e-mail, telephone and VAT number) will be processed to provide feedback on such requests.

In this scenario, the processing is required for the performance of a contract or in order to take steps at the request of data subject prior to entering into a contract. Failure to provide personal data will prevent the Controller from following up on contact requests.

Data Processing and Data Transfer

Data processing

Collected data are processed by persons authorized by the Controller to process personal data,  depending on their role in the company, on paper and/or magnetic, electronic, telematic support and, in any case, through suitable tools intended to guarantee the security and confidentiality of the processed data.

The processing of your data mainly occurs at our Company’s premises, although we may as well avail of third-party e-mail marketing platforms.

However, the Controller has implemented appropriate measures to ensure that its service providers fully comply with the security standards set forth in the “GDPR”.

Recipients

The personal data collected through the Controller’s website may be shared with:

  • persons authorized to process personal data due to their job duties ( i. e., employees and system administrators).
  • Service providers acting as Processors under the instructions of the Controller.
  • Business partners acting as joint controllers or as independent controllers.
  • Subjects, entities or public authorities this transfer is mandatory for, pursuant to legal provisions or orders of the authority.

The data may also be accessible to OverIT subsidiaries and affiliates companies for the same purposes stated above, as well as for administrative and accounting purposes pursuant to Article 6 and Recitals 47 and 48 of the GDPR.

The complete and updated list of data recipients may be requested from the Controller, at the address reported above.

Data transfer outside the EU

OverIT hereby informs that any transfer of personal data to a third country or international organization shall be based on:

  • an adequacy decision by the Commission;
  • the standard contractual terms for data transfer to third countries, as approved by the Commission by Implementing Decision (EU) 2021/914 of 4 June 2021.

Storage period

The Controller intends to retain Personal Data for no longer than is necessary for the purposes for which were collected and processed for. This shall not affect the need to retain such data in order to ascertain, exercise or defend a right in court. Thereafter, the data will be permanently deleted or anonymized.

Browsing data shall not be stored for more than 1 year.

Data collected through contact forms will be stored for as long as necessary to provide feedback to requests from data subjects.

Rights of the data subject

We hereby inform you that at any time you may:

  • access your data to obtain information on the processing (art. 15);
  • rectify inaccurate data or demand the integration of incomplete ones (art. 16);
  • delete any personal data (art. 17);
  • restrict the use of data within the cases referred to in art. 18;
  • request that a document, including digital format ones, containing your data is produced to you for the purpose of portability (art. 20);
  • withdraw consent to the specific processing. Such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
  • lodge a complaint with the competent supervisory authority.

With respect to the right to object, we would like to inform you that you have the right to refuse to consent to the use of your personal data in the cases referred to in Article 21, and in particular:

  • object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6 (1)(e) or (f) of the GDPR, including profiling base on those provisions. In this case, the Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for such processing, which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims;
  • should it be intended for marketing activities, you may object to the processing at any time, this including any profiling carried out for this purpose.

In respect of automated individual decision-making processes, you have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects against you.

This privacy policy is a translation. In the event of any inconsistency or discrepancy between this version and any other language versions of this publication, the Italian language version shall prevail.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services: