Collecty Privacy Policy
Privacy Policy (AU)
This Privacy Policy sets out our commitment to protecting the privacy of your personal information that we collect through this website www.collecty.com.au (Site) or directly from you. Geek Group Pty Ltd T/A Collecty endeavour’s at all times to comply with the Privacy Act 1988 and the Australian Privacy Principles which together will be referred to in this policy as “Australian Privacy Law.”
Please read this Privacy Policy carefully. Please contact us if you have any questions. This Privacy Policy applies to all persons accessing our website, dealing with us or from whom we otherwise collect personal information. By accessing this website you acknowledge and agree to be bound by this privacy policy.
You providing us with personal information indicates that you have had sufficient opportunity to access this Privacy Policy and that you have read and accepted it.
If you do not wish to provide personal information to us, then you do not have to do so, however it may affect your use of this Site or any services offered on it.
Personal information collected
By accessing this website or otherwise you agree to our Privacy Policy in relation to the Personal information collected by the website. As a result of your visit to our website, we may collect and store information about your visit to this website including:
• the domain name and IP address of the computer from which you accessed the internet;
• the date and time you accessed the website;
• the internet address of the website from which you linked directly to our website;
• the pages you accessed while visiting the website; and
• through the use of websites, software and internet tracking devices such as cookies, anonymous identifiers and session variables, we may also collect your email address. Your internet service provider or the providers of your internet browser software may also collect such information for their own purposes. We are not responsible for the collection, storage and use of such information by these entities and refer you to their respective privacy policies. As a result of you dealing further with us, whether as a prospective customer, an actual customer, guarantor, contractor, supplier or service provider, we may collect and store personal information from you such as:
• your name;
• address;
• your employer or business name;
• your email address; and
• your telephone numbers.
Collection of personal information
We may collect personal information about you from your visit to our website through the use of technologies such as anonymous identifiers, session variable, and/or cookies. You may be able to set your internet web browser to block or limit cookies. Some features of our website may not work as efficiently or not at all if you have done so. As a result of you dealing further with us, we may collect personal information directly from you and this may be in person, over the telephone, by mail, over the internet or by email.
Security of your personal information
We take reasonable steps to secure your personal information from loss and unauthorised access, by:
• maintaining a secure environment for storage of information whether in hard copy or in electronic form;
• requiring that access to such information be confined to authorised personnel only;
• using technology such as encryption and password protection to secure any information kept in electronic form.
We are not responsible for the security of any computer or other device which you use to access our website.
Unfortunately no data transmission over the Internet is guaranteed to be completely secure. So while we strive to protect such information, we do not warrant or guarantee the security of any information you transmit to us and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security.
The purposes for which we collect, store, use and disclose personal information
If you are a user of our website, a prospective customer, a customer, a contractor or supplier of goods and services to us, a job applicant or other person from whom we collect, hold, use and disclose your personal information we shall do so only for those purposes which are:
• permitted by Australian Privacy Law;
• necessary for:
o the administration of any contract of supply of goods or services to or by us;
o the provision of our products to our customers;
o otherwise for the administration and management of our business;
• better improve website useability;
• to provide our products and services to you;
• required by law;
• in order to investigate or assist with any investigation into any complaint about the conduct of our business, in particular, under Australian Privacy Law;
• to otherwise enforce any term of any contract or other right which arises out of our dealings with you.;
• to communicate with you, by way of direct marketing, information about our products and services. If you do not wish us to do so, you can “opt out” of such communication by informing us in person, by telephone, by facsimile, by post or by email;
• to search and/or register any Personal Property Securities;
• as part of a prospective sale, transfer or restructure of our business; or
• to otherwise communicate with you or the purposes outlined above. In addition, if you sign an advertising contract with us, we will collect, hold, use and disclose your personal information in order to:
• manage your contract;
• collect any debt or otherwise enforce any rights arising under your contract.
We may disclose your personal information to our partner organisations and other parties as part of a process of merger, acquisition, sale of our business or our other assets and, before doing so, will give you notice and an opportunity to opt out of the provision of such information in that instance. If, for any of the above purposes, we disclose your personal information to any supplier of services to our business or to any prospective purchaser of our business which we shall do so only if it is necessary for the purposes listed above, we shall:
• do so in accordance with Australian Privacy Law;
• obtain assurances from those suppliers that they comply with Australian Privacy Law.
Access to and correction of personal information
Access: You may request details of personal information that we hold about you, in certain circumstances set out in the Privacy Act 1988 (Cth). An administrative fee may be payable for the provision of information. We may refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act. Please Geek Group Pty Ltd’s contact information below.
Correction: If you believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us by email. We rely in part upon customers advising us when their personal information changes. We will respond to any request within a reasonable time. We will endeavour to promptly correct any information found to be inaccurate, incomplete or out of date.
Links
This website contains links to the websites of other organisations which may be of interest to you. Linked websites are responsible for their own privacy practices and you should check those websites for their respective privacy statements/policies and terms of use.
This privacy policy only covers Geek Group Pty Ltd’s website at https://collecty.com.au Other websites are not covered by this policy.
We also make no representation as to accuracy or completeness of the information contained in such third party websites.
Complaints about breach
If you believe that we have breached the Australian Privacy Principles and wish to make a complaint about that breach, please contact us on the email address below.
Email: hello@collecty.com.au
Phone: 13 GEEK (13 4335)
If Geek Group Pty Ltd takes more than 30 days to respond to your privacy complaint, or if you are dissatisfied with the outcome, you can make a complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner. The OAIC can be contacted on 1300 363 992 or at www.oaic.gov.au
Unsubscribe
To unsubscribe from our e-mail database, or opt out of communications, please contact us at the details below.
For any questions or notice, please contact us at:
Geek Group Pty Ltd ABN: 67 631 524 288
Ph: 13 GEEK (13 4335)
Email: hello@collecty.com.au
Changes to our Privacy Policy
From time to time, we may make changes to this General Privacy Policy because of:
• changes to the law;
• changes to technology;
• changes to our systems.
We will notify such changes on our website via www.collecty.com.au. Where the changes may affect you in a particular way, and you have a contract with us, we will notify you if required by Australian Privacy Law
GDPR Privacy Policy (Global)
Dear Interested Party, Geek Group Pty Ltd T/A Collecty has great respect for the privacy of Users.
The data that may be communicated through the Site will be treated with the utmost care and with all the tools necessary to ensure their security, in full compliance with current legislation placed to protect the confidentiality of data. We wish to inform you that the “European Regulation 2016/679 on the Protection of Individuals with regard to the Processing of Personal Data and on the free movement of such data” (henceforth “Regulation” or “GDPR”) provides for the protection of individuals with regard to the processing of data of a personal nature as a fundamental right. Therefore, pursuant to Article 13 of the GDPR, we would like to inform you of the following.
- WHAT IS COLLECTY AND HOW IT WORKS
Collecty offers its users a software platform called Collecty, accessible through the website of the same name which, through a series of features and interactions with external providers, allows Customers to:
(a) Centrally manage the reviews of their end customers, also selecting a carousel of the best reviews that they can display on their landing pages;
- b) Actively communicate with end customers in order to request the opportunity to review the venue and/or product/service purchased;
- c) Monitor the progress of reviews and scores (or “ratings”), which will also be aggregated among the various service providers;
Collecty, in accordance with the GDPR Regulations, acts as:
– Data Controller, with respect to the data of Users who own businesses of various kinds and/or further business activities (hereinafter “Merchants”) and browsing data, in particular the data referred to in points a) and b) of Article 2 of this Policy.
– Processor for the data of end customers (i.e. those who review the Merchant’s business) conferred by Merchants in the context of requesting, creating and organizing reviews. The processing carried out by Collecty in relation to these categories of data is governed by the “Data Processor Addendum” pursuant to Article 28 of the Regulations. The Addendum constitutes an integral part of the contractual relationship between Collecty and The Merchant, together with this notice and the terms and conditions.
Collecty does not use the data provided by Merchants for its own purposes, such as marketing, market research, communication to third parties, or dissemination. It is understood that Merchants ensure that end customers have been adequately informed that their data will also be processed through external data processors and, in particular, by Collecty.
- GLOSSARY
“Addendum” is the document that governs the relationship between the Merchant and Collecty regarding privacy. “Personal Data” means any information concerning an identified or identifiable natural person, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
Collecty is the company “Geek Group Pty Ltd” email: hello@collecty.com.au
“Processor” the natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Controller.
“Controller” the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including security measures.
“User(s)” and/or “Customer(s)” “Data Subject(s)” the individual who visits the website “www.collecty.com.au” and uses the service, i.e. the one to whom the Personal Data refers who, unless otherwise specified, coincides with the Data Subject.
- CATEGORIES OF DATA
The Controller collects directly from its Users, Personal Data and other information as part of the online registration processes on the website “www.collecty.com.au”, in order to provide the services requested by Users (typically these are data such as e-mail address, first name, last name, contact telephone number of a contact person).
The subject of processing may be personal data of Users such as:
- Data provided in the basis of registration and the data necessary for payment.
Collecty will process personal data necessary to register properly on the site to allow access to the platform and the use of related services. This data is provided directly by the Data Subject and may include personal data and contact details, including but not limited to first name, last name, date of birth, e-mail address and telephone number. Collecty will also process data necessary for the payment of non-free services by the registered User, including any billing information. If the User authorises it, or through the use of cookies, Collecty may store authentication or payment and billing data, which the User may delete at any time and will be used only for the purposes of contract performance.
- Automatically collected data.
The computer systems and applications dedicated to the operation of the Collecty website detect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used by Users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.. ) and other parameters regarding the operating system, browser and computer environment used by the user, name of the internet service provider (ISP), date and time of visit, web page of the visitor’s origin (referral) and exit.
- Data provided voluntarily by the User.
The voluntary and explicit sending of electronic mail to the addresses indicated in the different access channels of this site does not imply a request for consent and involves the acquisition of the sender’s address and data, necessary to respond to requests, as well as any other personal data included in the message. These data are understood to be voluntarily provided by the User at the time of the request for the provision of the service. By entering a comment or other information, the User expressly accepts this document, and in particular agrees that the contents entered may also be freely disseminated to third parties. On the contrary, specific summary information will be reported or displayed on the pages of the site set up for particular services on request (forms). The user must therefore explicitly consent to the use of the data in these forms in order to send the request.
- Data processed as Data Processors.
Collecty processes the data provided by Merchants as a data processor and in accordance with the requirements contained in the Addendum. In particular, Collecty guarantees to comply with the instructions of the Merchant and not to use such data for its own purposes, such as marketing, market research, communication to third parties or dissemination.
- Cookies.
The site uses cookies. The data collected through cookies may be used to access parts of the site or for statistical purposes or to make the browsing experience more pleasant and more efficient in the future, trying to assess user behavior and to modify the proposition of offering content according to their behavior. For more information visit here “www.collecty.com.au”
- Plug-ins.
The site also incorporates/incorporates social media plug-ins and/or buttons to enable easy sharing of content on your favorite social networks. Such plug-ins are programmed not to set any cookies when you access the page, to safeguard your privacy. Eventually cookies are set, if so provided by the social networks, only when the user makes actual and voluntary use of the plug-in. Keep in mind that if the user browses while being logged into the social network then he/she has already consented to the use of cookies conveyed through this site at the time of registration with the social network. The collection and use of information obtained by means of the plug-in is governed by the respective privacy policies of the social networks, to which please refer.
- SOURCE OF PERSONAL DATA
Personal data held by the Owner are collected directly from the Data Subject. End-customer data are uploaded by Merchants as part of the use of services.
- PURPOSE DATA PROCESSING AND LEGAL BASIS
The processing of Users’ data has the following purposes and legal basis:
- Registration and access to services
Purpose: authentication and use of the site. Legal basis: contractual fulfillment.
- Payment processing.
Purpose: access to certain purposes of the service. Legal basis: contractual fulfillment.
- Storage of Users’ payment data.
Purpose: to speed up the purchase process. Without consent, nothing will be stored. Legal basis: consent of the User.
- Communication to business partners and/or third parties
Purpose: Communications for marketing, promotional and/or commercial purposes. Legal basis: consent of the User.
- Newsletter
Purpose: to send e-mail about news and topics of interest. Legal basis: consent of the User.
- Sending direct marketing communications
Purpose: updates on the Owner’s products and services. Legal basis: legitimate interest of the Owner.
- Service maintenance and improvement.
Purpose: Use of aggregated and anonymous data to improve the service. Legal basis: legitimate interest of the Owner.
- Detecting or preventing fraudulent activities.
Purpose: To detect, prevent or stop fraudulent activities on the site. Legal basis: legitimate interest of the Owner and legal obligation.
- Compliance with court orders Purpose: to comply with legal obligations.
Legal basis: legal obligation.
- Accounting records.
Purpose: to comply with legal obligations. Legal basis: legal obligation.
- Automatically collected data.
Purpose: to ensure and improve the web browsing experience. Legal basis: the legitimate interest of the Data Controller.
- Data voluntarily provided by the User,
Purpose: is the purpose inherent in the request to enter that data. Legal basis: consent of the User.
- For cookies and plug-ins: see the cookies policy by clicking here “www.yourwebsite.com/legal”.
The provision of personal data for the purposes referred to in point 1 and 2 of this article is necessary to allow you to register on the platform and to conclude the contract. Therefore, in the absence of the aforementioned data, you will not be able to use our services.
Consent for the purposes referred to in point 3, 4 and 5 is optional and does not entail any negative consequences for Users’ experience.
- DATA RECIPIENTS
To the extent relevant to the stated processing purposes, Users’ data may be disclosed to partners, consulting companies, private companies, third-party technical service providers, hosting providers, IT companies, communications agencies.
If the suppliers process personal data on behalf of the Data Controller, they will be appointed as data processors ex art. 28 GDPR.
- DATA TRANSFER TO A THIRD COUNTRY
The Collecty website may share some of the data collected with services located outside the European Union area. In particular, through social plug-ins and the Google Analytics service. The transfer is authorised and strictly regulated by Article 45, paragraph 1 of the EU Regulation 2016/679, so it does not require specific authorizations.
- PERIOD OF CONSERVATION
According to the principle of storage limitation (art.5, GDPR), the verification of the obsolescence of the stored data in relation to the purposes for which they were collected is carried out periodically.
In particular:
(a) automatically collected data are processed, for the time strictly necessary, for the sole purpose of
derive statistical information on the use of the site and to check its regular operation,
also for security purposes or according to the deadlines stipulated by legal regulations;
- b) the data voluntarily provided by the user will be kept for a period of time not exceeding the achievement of the purposes for which they are processed or according to the deadlines provided by the
legal regulations.
- RIGHTS OF THE DATA SUBJECT
The Data Subject always has the right to request from the Data Controller access to his/her data, rectification or erasure of data, restriction of processing or the possibility to object to processing, to request data portability, to revoke consent to processing by asserting these and other rights under the GDPR by simple communication to the Data Controller. The Data Subject may also lodge a complaint with a supervisory authority.
The Interested Party may forward these requests to the following e-mail address: hello@collecty.com.au
10.DATA PROCESSING METHODS.
The personal data provided by the Users will be subject to processing operations in compliance with the aforementioned regulations and the obligations of confidentiality that inspire the activity of the Data Controller. The data will be processed both with computer tools and on paper media as well as on any other type of suitable media, in compliance with the adequate security measures pursuant to Article 5 par. 1 letter F of the GDPR.
11.FINAL NOTES AND WAY OF UPDATING
The information is provided only for the Collecty website and not also for other websites that may be consulted by the user through links contained in this site. The policy may be subject to change due to the introduction of new legislation in this regard, therefore the User is invited to periodically check the Privacy Policy in order to be updated on the latest legislative changes.
COOKIE POLICY
Dear Data Subject,
cookies are small text files sent by the site to the Data Subject’s terminal (usually the browser), where they are stored and then transmitted back to the site the next time the same User visits. A cookie cannot retrieve any other data from the User’s hard drive or transmit computer viruses or acquire e-mail addresses. Each cookie is unique to the User’s web browser. Some of the functions of cookies may be delegated to other technologies. In this document the term ‘cookies’ is intended to refer both to cookies, properly so called, and to all similar technologies. By means of cookies, it is possible to record information related to preferences, such as pages browsed or file downloads from the site or other similar actions performed while browsing the site.
FIRST- OR THIRD-PARTY COOKIES
Cookies can be first-party or third-party cookies:
– “First Party” means cookies developed by the Site Owner itself,
– “Third Party” means cookies developed by Third Parties than the Site Owner.
NATURE OF COOKIES
Relative to the nature of cookies, there are different types:
Technical cookies
Technical cookies are those used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service” (see Article 122(1) of the Code). They are not used for any further purposes and are normally installed directly by the website owner or operator.
They can be divided into:
– navigation or session cookies, which ensure normal navigation and use of the website
website (allowing, for example, to make a purchase or authenticate to access restricted areas
reserved areas); they are in fact necessary for the proper functioning of the site;
– analytics cookies, assimilated to technical cookies where used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site itself, in order to improve the performance of the site;
– functionality cookies, which allow the User to navigate according to a set of criteria
selected (for example, products selected for purchase, language, etc.) in order to improve the service rendered to the same. Users’ prior consent is not required for the installation of such cookies.
Profiling cookies
Profiling cookies are aimed at creating profiles related to the User and are used in order to send advertising messages in line with the preferences expressed by the same in the context of web browsing.
The consent of the Data Subject is required for the use of profiling cookies.
According to Order No. 229 of May 8, 2014, the User must be able to authorize or deny consent to the installation of profiling cookies if they are present.
In the case of third-party cookies, the site does not have direct control over individual cookies and cannot control them (it can neither install them directly nor delete them). However, the User can manage these cookies through the browser settings (follow the instructions below), or the sites indicated in the “Cookie Management” section.
The User is therefore invited to check the relevant cookie policies on the Third Party sites.
The updated list of cookies in use on the platform can always be accessed through the following process:
- Click on the lock icon next to the url;
- Select the “Cookies” button;
- View the various categories and subcategories of cookies in use;
- Opt “block” or “remove” from each unwanted cookie.
COOKIE DURATION
Cookies have a lifetime dictated by the expiration date (or a specific action such as closing the browser) set when they are installed.
Cookies can be:
- temporary or session “session cookies”: these are used to store temporary information, allow you to link actions performed during a specific session, and are removed from your computer when you close your browser;
- permanent “persistent cookies”: these are used to store information, such as the login name and password, so that the user does not have to type them in again each time he or she visits a specific site. These remain stored on the computer even after closing the browser.
The so-called session cookies, once the connection to this website is terminated, are not stored. The computer systems used for this website use temporary cookies and permanent cookies.
COOKIE MANAGEMENT
Users can disable cookies on websites by downloading special software such as Ghostery (https://www.ghostery.com) for your browser and disabling the use of individual cookies. Or they can activate the “anonymous browsing” mode – this is a function that allows you to browse without leaving a trace of your browsing data in your browser. This function only allows them not to keep their browsing data in the browser.
Alternatively, they will be able to disable/delete cookies by accessing the configuration panel of your browser.
ACCEPTANCE AND WAIVER OF COOKIES
By continuing to browse this site, closing the information wrapper or clicking anywhere on the page or scrolling down to highlight further content, you agree to the Cookie Policy and cookies will be set and collected. If you do not accept cookies by quitting browsing, any cookies already registered locally in your browser will remain registered there but will no longer be read or used by us until you later accept the policy. Users will always have the option to remove such cookies at any time through the aforementioned methods.
ADDENDUM DATA CONTROLLER
APPOINTMENT OF DATA CONTROLLER
The User (hereinafter “Owner” or “Customer” or “Data Controller”),
by express acceptance of the Terms and Conditions of Collecty (hereinafter “Provider” or the “Data Processor”), accepts this addendum on the processing of personal data, which constitutes an integral part of the relationship between the Parties. This Addendum is signed pursuant to Article 28 of Regulation 679/2016 and governs the manner in which the Data Processor will process personal data on behalf of the Data Controller. Data Controller and Data Processor, may also be referred to individually as the “Party” and jointly as the “Parties”.
WHEREAS.
-the processing operations of personal data carried out by the Data Controller are listed in the register of processing operations kept by the Data Controller;
-for some processing operations the Data Controller makes use of the cooperation of the Supplier;
-the Supplier, as part of the services offered to the Data Controller, as better detailed in the specific contract in place, may carry out personal data processing on behalf of the Data Controller;
-the Data Controller and the Provider have signed an agreement for the provision of an integrated web and tablet for creating, managing and sending review requests (“Service”), of which this document is an integral part;
-with reference to the Service made available by the Provider, the latter may process data personal data owned by the Controller and, more specifically, common data (first name, last name, contact details) of the Holder’s end customers;
-the purpose of the processing is to provide a technological solution that allows the Holder to be able to take advantage of the Service;
-in accordance with Article 28.1 of Regulation (EU) 2016/679, General Data Protection Regulation (henceforth “GDPR”), “where a processing is to be carried out on behalf of the Controller of the Processing, the latter shall only use data controllers.”
-the Data Controller has verified that the Provider, again pursuant to Article 28.1 of the GDPR, presents “sufficient guarantees to put in place appropriate technical and organizational measures so that the processing meets the requirements of the Regulation and ensures the protection of the rights of the data subject.”
The Data Controller appoints the Provider as the “PERSONAL DATA PROCESSING RESPONSIBLE” (henceforth also simply “Processor” or “Processor”), with respect to the personal data that Supplier may process in the performance of its activities and those that may be entrusted to Supplier in the future.
In accordance with the GDPR, the activity performed by the Processor will be governed as follows:
- DURATION. This appointment shall be effective for the duration of the Processor’s relationship with the Controller and shall be deemed automatically revoked in the event of termination of the same.
- PURPOSE OF THE PROCESSING. The data that are entrusted to the Manager, as part of the activities entrusted to him/her for the use of the Service, may be processed only for the purposes indicated in the mandate entrusted and/or in the contract entered into with the Owner. In particular, the data will be processed by the Provider only for the purpose of being able to guarantee the provision of the Service to the Owner who, in any case, will remain the only entity obliged to have to communicate to the end customer the purposes and obtain consent to the processing, as well as the communication of the data to third parties.
- METHODS OF PROCESSING. The data may be processed on paper or digital media, depending on the activities carried out, provided that the tools are properly identified and inventoried by the Manager and systematically communicated to the Owner for his approval. In particular, the data will be processed by means of the Collecty software platform.
- DUTIES AND TASKS OF THE RESPONSIBLE PERSON. The Data Processor, as stipulated in Article 28 of the GDPR, undertakes to:
(a) process the entrusted personal data only on the documented instruction of the Controller, even in case of transfer of personal data to a third country, unless otherwise provided by law. In this case, the Responsible Party is still obliged to inform the Controller;
(b) ensure that the persons authorized to process have committed to confidentiality, or have an appropriate legal obligation of confidentiality. To this end, the Responsible Party to periodically verify that the persons in charge: (i) carry out the processing in a lawful and correct manner, exclusively for the purpose of providing the services covered by the contractual relationship between the Parties; (ii) process personal data solely for purposes inherent to the tasks assigned to them; (iii) do not communicate or disseminate personal data without the prior authorization of the Data Controller; (iv) verify, in case of even temporary interruption of work, that the processed personal data are not accessible to unauthorized third parties; (v) guard and keep authentication credentials strictly confidential; (vi) comply with the security measures required by the Data Controller and/or the Data Controller;
(c) ensure adequate and proven training for persons authorized to process, pursuant to Article 29 of the GDPR;
(d) take, pursuant to Article 32 of the GDPR, all appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art and the costs of implementation, as well as the nature, object, context and purposes of the processing, as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons, so as to minimize the risks of destruction or loss, including accidental loss of the data themselves, of unauthorized access or processing that is not permitted or not in accordance with the purposes of collection
- e) to inform the Data Controller, in accordance with Article 28 GDPR, if it is necessary to use another Data Processor;
- f) assist the Controller in complying with the legal obligations under Articles 32 (Security of Processing), 33 (Notification of a Personal Data Breach to the Supervisory Authority), 34 (Notification of a Personal Data Breach to the Data Subject), 35 (Data Protection Impact Assessment), 36 (Prior Consultation), taking into account the nature of the processing and the information available to the Controller.
- g) provide for the updating, modification, rectification of personal data if this is necessary in relation to the purposes of the processing, and delete or return promptly, upon the request of the Controller, all personal data and existing copies of which the Responsible is in possession without being able to retain any copies, unless expressly agreed otherwise or provided for by law. In any case, delete and/or destroy, as required by law (such as “wiping” for digital data), personal data when the purposes for which the data were collected and processed have been achieved in the absence of a legal obligation or the need for further retention;
- h) allow the Controller to exercise the power of control under Article 28 GDPR: in this context, make available to the Controller all information necessary to demonstrate compliance with the obligations of this Addendum and to demonstrate compliance with legal obligations and allow verification activities (Audit), carried out by the Controller or by third parties commissioned by the Controller, in order to ascertain the observation of these data processing methods and compliance with legal requirements. The Data Controller shall have the right to verify, with at least 20 (twenty) working days’ notice, also at the Data Controller’s premises, the compliance of the procedures adopted by the latter with what is indicated in this Addendum or required by law;
- i) undertake to comply with the General Provision of the Guarantor for the Protection of Personal Data of November 27, 2008 “Measures and expedients prescribed for the holders of data processing carried out with electronic instruments in relation to the attributions of the functions of system administrator” as amended by the Order of the Guarantor of June 25, 2009 “Amendments to the order of November 27, 2008 on prescriptions to the holders of processing carried out with electronic tools with regard to the attributions of system administrator and extension of the time limits for their fulfillment,” as may be amended or replaced by the same Guarantor, and to any other relevant measure of the Authority;
- j) to cooperate for the purposes of the exact application of the law, including through periodic meetings and to act within the scope and limits of their duties, autonomously, but always in accordance with the directives established by the Controller.
- SUPERVISION. The Data Controller may supervise the punctual compliance with the instructions given herein to the Data Processor and will verify the continuation of the requirements of experience, capacity and reliability that influenced the designation of the Data Processor.
- VIOLATION. The Processor is hereby made aware that if he/she violates the provisions of the law by independently determining the purposes and means of the Processing, or disregarding the instructions received from the Controller, he/she will be considered the Controller of the Processing in question;
- ASSISTANCE TO THE CONTROLLER IN CASE OF A BREACH. In the event of a personal data breach, the Provider agrees to inform the Controller without undue delay from the time it has knowledge of the breach. The Supplier shall assist the Holder by initiating a preliminary analysis aimed at collecting data concerning the anomaly and compiling an event sheet, containing all information collected and at that time available, such as, but not limited to:
– Date of event, also the presumed date of occurrence of the violation (in which case it should be specified)
– Date and time when knowledge of the violation was obtained;
– Reporting source;
– Type of violation and information involved;
– Description of abnormal event;
– Number of data subjects involved;
– Numerousness of personal information alleged to have been breached;
– Indication of the date, including alleged date, of the breach and when it became
Knowledge;
– Indication of the place where the data breach occurred, also specifying whether it occurred
Occurred as a result of loss of devices or portable media;
– Concise description of the data processing or storage systems involved, with
indication of their location.
- CONFIDENTIALITY. The Processor agrees to keep strictly confidential and
confidential and to use only for the performance of the obligations under the contract, any information relating to the other Party and/or those involved in the processing of personal data and/or products, services, organization, business or technical strategy received from the other Party or of which come to their knowledge during the execution of the contract related to the Service (hereinafter referred to as “Confidential Information”). The Responsible Party undertakes not to use the Confidential Information outside the purposes envisaged by this agreement, nor to disclose it to parties not envisaged by this agreement, without the written approval of the Owner. The Manager shall take all necessary measures not to disclose or make available in any way the Confidential Information of the Owner and/or interested parties to third parties, and shall in any case be held directly liable to the Owner for any violation by its employees and/or subcontractors of the confidentiality obligations set forth in this article. The provisions of this Article shall not apply or shall cease to apply to those individual pieces of information that the Controller can prove: (i) have already become public knowledge for reasons other than the breach by the Controller itself; (ii) were already known prior to having been received by the Controller; (iii) were disclosed or disclosed in compliance with a lawful order of any authority or by virtue of a legal obligation. Disclosed Confidential Information shall remain the property of the Data Controller. Upon written request by the Owner itself such information shall be returned or destroyed by the Responsible Party.
- AMENDMENTS AND ADDITIONS. The Parties shall have the right to make such amendments and adjustments to this Agreement as may be necessary at any time, including to comply with any regulatory updates. Notice of any request for amendment will be given to the Manager by registered letter with return receipt or certified e-mail. Following the aforementioned change request, the Manager will have 60 days to withdraw from the agreement. After this period, the changes will be deemed accepted by the Processor. For anything not expressly provided for in this agreement, please refer to the general provisions in force regarding the protection of personal data.
- APPLICABLE LAWS. In the event of any dispute concerning the validity, interpretation, performance and termination of this Addendum, the Parties agree to seek a fair and amicable settlement among themselves. Should the dispute not be settled amicably, it shall be deemed to fall under the exclusive jurisdiction of the Judicial Authority of the Court of Rome. For the resolution of any dispute concerning the validity, interpretation, execution and termination of this agreement the Italian Law will be applied.
It is understood that this appointment does not imply any right of the Supplier to any specific compensation and/or indemnity and/or reimbursement arising from this appointment, beyond what is already provided for in the terms and conditions.
Try Collecty today!
Collect more reviews. Boost your business!
Collect more reviews. Boost your business!