INFORMATION ON THE PROCESSING OF PERSONAL DATA by 4ward S.r.l.
under articles 13 and 14 of EU regulation 2016/679
This info sheet is release under European Union General Data Protection Regulation 2016/679 (“GDPR”) and subsequent changes and/or addendums as well as national legislation or regulations covering the processing of personal data applicable each time (“Privacy Norms”) to guarantee that the processing of personal data is performed with respect of the individual’s right sand freedom with regard to the protection of personal data.
The term “personal data” refers to any information regarding a physical, identified and identifiable person, including indirectly, with reference to any other information including a personal identification number.
The term “processing” refers to any operation or set of operations performed with or without the help of automatized processes and applied to personal data or sets of personal data, such as collection, registration, organization, layout, conservation, adaptation or editing, extraction, consultation, use, communication via transfer, dissemination or any other way in which it is made available, comparison or interconnection, limitation, cancellation or destruction.
The term “interested party” refers to the physical person the personal data refers to.
Data Controllers and/or joint Controllers
The companies (“Companies”) of the Impresoft Group (“Group”), indicated hereinafter, process, according to the specific purposes indicated in this info sheet, the personal data of the interested party independently or jointly according to European Regulation 2016/679 (“GDPR”).
Formula S.p.A., legal and administrative Headquarters Via Bisceglie 76, Milano, Fiscal and Tax code. 05488960013, as legally represented by Antonello Morina; email address: email@example.com
Qualitas Informatica S.p.A., legal Headquarters Via Vecchia Ferriera, 5 Vicenza (VI), Fiscal and Tax code. 01833260241, as legally represented by Sergio Gasparin; email address: firstname.lastname@example.org
4ward S.r.l., legal Headquarters in Via del Vigneto 33, Bolzano, Fiscal and Tax code. 03408060964, as legally represented by Christian Carlo Alberto Parmigiani; email address: email@example.com
NextTech S.r.l., legal Headquarters Piazza San Nicolò,15 30034 Mira (VE) Fiscal and Tax code 05488960013, as legally represented by Mauro Dal Corso; email address: firstname.lastname@example.org
OpenSymbol S.r.l., legal Headquarters in Via Vecchia Ferriera, 5 Vicenza (VI), Fiscal and Tax code 03184500241, as legally represented by Enrico Maggi; email address: email@example.com
Next CRM S.r.l., legal Headquarters in Via Rossini, 6, Vicenza (VI), Fiscal and Tax code 04119450247, as legally represented by Luigi Mattiazzi; email address: firstname.lastname@example.org
GN Techonomy S.r.l., legal Headquarters in Via Carducci, 32, Milano (MI), Fiscal and Tax code 02391090160, as legally represented by Gualtiero Biella; email address: email@example.com
Cloudnova S.r.l., legal Headquarters in Via Riva Del Grappa, 18, Cittadella (PD), Fiscal and Tax code 04673080281, as legally represented by Alessandro Bodo; email address: firstname.lastname@example.org
Kipcast S.r.l., legal Headquarters in Via Spagnole 2/B, Sant’Ambrogio di Valpolicella (VR), Fiscal and Tax code 03595380233, as legally represented by Giovanni Guardalben; email address: email@example.com
HITECO S.p.A., legal Headquarters in Via Roberto Lepetit 8/10 20124 Milano (MI), Fiscal and Tax code 10751490961, as legally represented by Roberto Battista; email address: firstname.lastname@example.org
hereinafter separately referred to as Controller and together as joint Controllers.
The above mentioned companies act as independent data Controllers for the purposes under paragraph 3. The same may act as joint data Controllers for the generic commercial and marketing purposes as specified under paragraph 4 below, having determined jointly the purposes, methods and means of processing through a specific agreement under article 26 of the GDPR.
The joint Controllers, so as to facilitate relations between the interested party and each data Controller, have identified a common group email, as well as those for each company: email@example.com
Sources and types of processing
The personal data processed by the above mentioned Controllers is collected directly from the Internet site(s) of the single Controller companies of the group, by the web services contained therein (digital touch points) or during events organized by the Controllers also through third parties such as commercial partners and possibly including added information from specific services, private company databases (linkedin, credit safe, etc. ) through the consultation of public registers, chambers of commerce, agriculture, industry and trade.
If the Controllers acquire data from external companies for commercial information, market research, direct offer of products and services, and information notice will be given upon registration of data or, in any case, not beyond the first communication.
The data processed by the Controllers may include personal and contact information (name, surname, email, telephone number, address, role, company name, etc.). Furthermore, under specific obligations relating to the management of relations (such as mandatory communication to the authorities), as well as during the performance of company procedures, it may happen that the Controllers process particular categories of data under art. 9 GDPR and judicial data under art. 10 of the GDPR.
With regard to the activities performed by 4ward S.r.l. as Controller, the company collects and processes both data directly and voluntarily disclosed by the interested party and some personal data from public registers, lists and archives or contained in deeds or documents accessible to anyone (kept, for example, by chambers of commerce or revenue offices) or in any case generally accessible (derived, for example, from category lists, press information websites that may be consulted by anyone) and also through the use of own or third party cookies
Purpose and legal base for data-processing performed by data Controllers
The Controllers process the personal data of the interested party where said processing has a legal basis or is covered by their own legitimate interests and does not affect the protection of data or the rights and fundamental liberties of the interested party. The legitimate interests of the Controllers are aimed at maintaining, supplying and improving their technology, their products and services and guaranteeing their safety.
Each data Controller, except for specific cases of joint control as listed below, may process the personal data of the interested party for the processing purposes below:
- Purposes strictly connected to or required for the execution and management in which the interested party is included under art. 6 comma 1 let. b) GDPR. For this purpose, their personal data will be processed by the companies of the Impresoft group. The disclosure of personal data does not require consent, but is necessary to complete, execute or proceed with the contractual relations with the Controllers.
- Management of relations with the interested party deriving from their request to access services/content offered on the Controller’s website. The disclosure of personal data is not compulsory, but failure to do so could make it impossible for the interested party to obtain the requested services and/or products and/or, access events offered through the site, receive functions answers, information and informative material requested to the Controllers. The processing requires the consent of the user.
- Obligations under law, regulations, EU norms, dispositions by authorities legally delegated for the purpose or by supervising or controlling authorities (under art 6 comma 1 lett c) GDPR. The disclosure of personal data under this point is compulsory and the related processing does not require consent.
- Company analysis purposes: to improve activities and services (for example client feedback surveys on the quality of the services offered and on the activity performed by the company, market research) the disclosure of personal data is non-compulsory and the related processing does not require consent due to the legitimate interest of the Controllers to perform company analysis activities.
- Marketing purposes for the promotion and sale of products similar to those already purchased by the interested party (soft spam) through commercial communication that is also of specific interest to the interested party. The disclosure of data is non-compulsory and the related processing does not require consent due to the legitimate interest of the Controllers under art. 6 par. 1 lett. f) GDPR to perform marketing activities aimed at their clients
- Marketing activities, through commercial communication possibly personalized and of specific interest. Disclosure of data is non-compulsory, and the related processing requires consent, freely expressible which can be withdrawn in any moment as described in greater detail below (“Your rights”). Any failure to disclose personal data by the interested party would make it impossible to improve the offering of products and/or services of the Controllers so as to adapt them to the preferences of the interested party,but will not have any effect on the possibility for the interested party to consult the anonymous access areas of the site. The interested party will not be able to receive information on products and services offered by the Controllers.
- Management of the website(s). The disclosure of personal data is not compulsory, and the relative processing does not require consent due to the legitimate interest of the Controllers under art. 6 par. 1 lett. f) GDPR in the management of their website.
- Recruitment activities performed for company needs. Disclosure of personal data is not compulsory, but refusal to do so may not allow Controllers to evaluate the professional profile of the interested party to initiate a work relationship. The related processing requires the consent od the interested party.
- Legal defence: if necessary to verify, exercise or defend their rights in legal proceedings. The disclosure of personal data is compulsory, and the related processing does not require consent.
If any personal data processing purposes should be added that are not listed above, specific additional information will be released to describe the type of data processed relating to the additional purposes.
Processing performed under joint Controllers
The joint Controllers, as identified under paragraph 1 of this info sheet, have stipulated an agreement of joint Controllership under article 26 of the regulations.
The Controllers, under the above-mentioned agreement, intend to jointly process the data collected during the performance of their activities for the commercial purposes of the management of their client portfolio for marketing. Specifically, said activities are:
- Sending promotional material (newsletters, promotion of workshops, webinars, events, promotion of products and services) and automatically regulated commercial communication (such as emails, sms and instant messaging) and traditional forms (such as calls from an operator);
- Quality service, also through automatically regulated techniques (such as email, SMS, instant messaging) and traditional forms (such as calls from an operator).
Disclosure of data for marketing purposes is non-compulsory and the related processing will be subject to the legitimizing assumption of consent. The lack of consent to the processing will not allow the indicated promotional activity, but will not affect the interested party in anyway.
For the above mentioned commercial and marketing purposes, the joint Controllers have furthermore jointly determined within the specific agreement, the processing methods and have defined, clearly and transparently, the procedures to supply to the interested party a prompt response in case they wish to exercise their rights under the following article 9 of this info sheet, as determined under articles 15, 16, 17, 18 and 21 on the regulation as well as in cases of transferability of personal data under article 20 of the regulations.
Location and method of personal data processing
With regard to the indicated purposes, the processing of personal data is performed manually, via IT and digital tools and with an approach that is connected to the purposes themselves and, in any case, so as to guarantee security and privacy.
4ward S.r.l. will process the data of the interested party exclusively with technical staff delegated to said processing with mainly automatized and computerized methods so as to guarantee, relating to the purposes for which it is processed, the security and privacy, as well as to avoid unauthorized access to the same data. 4ward S.r.l. does not perform automated decision-making processes.
The processing of data occurs at the headquarters of 4ward S.r.l.
The data could also be stored at the Brennercomm datacenter located in Trento and Bolzano and/or on public cloud/SaaS environments, such as, but not limited to Microsoft, Google, Amazon, Hubspot.
Conservation of personal data
The personal data of the interested party will be conserved only for the time strictly necessary for the purposes it is collected for under the minimization principal under art. 5.1.c) GDPR and, with reference to promotional and marketing purposes, until the withdrawal of consent to processing.
In particular, with regard to processing for marketing purposes, unless otherwise specified under regulating norms, the data will be processed and conserved (except for opt out or withdrawal) for a sufficient time for the interest shown by the person the data refers to with regard to the events of the Controller. In any case the interested party may at any time ask for the interruption of processing or the cancellation of their data as specified below.
The controllers may conserve certain data also beyond the termination of the relationship based on the time necessary for the management of specific contractual obligations or laws as well as for administrative, fiscal and or tax purposes for a period of time imposed by governing laws or regulations, as well as the time needed for any legal proceedings.
In any case, the data will be processed in the respect of governing norms, according to privacy procedures that have always inspired the data controllers.
4ward S.r.l. with regard to their activities, conserve the data for the time necessary to perform the service requested by the interested party, or for the performance of the purposes described in this information notice.
Conservation times may vary according to the type of data processed, but, in general 4ward S.r.l. Refers to the following criteria to determine the period of conservation:
- If there is a legal or contractual need for the conservation of data
- If the data is necessary to perform services
Once there is no longer a need or obligation for the processing of personal data of the interested party, 4ward S.r.l. will eliminate it or make it anonymous, or, if this is not possible (for example because the data has been filed in the backup), Will conserve it in a safe anonymous form and exclude it from any further processing until cancellation.
Categories of the subjects data may be disclosed to
The Controllers may disclose the personal data of the interested party to third parties to comply with legal obligations.
With specific consent, the Controllers may disclose the personal data to third-party companies (not part of the Group) who will process it as independent Controllers, for purposes of commercial information, statistical research, market research, direct offers of their products and services.
The Controllers may disclose the personal data of the interested party to third parties who will operate as independent Controllers or will be designated as data processors and are included in the following categories:
- subjects who perform banking services, including subjects involved in payment management systems;
- People, companies, associations or professional firms who offer services or assistance for consulting activities to the Controllers with particular, but not exclusive, reference to accounting, administration, legal matters, taxes and finance and commercial activities;
- Commercial, marketing, legal, technical service provider and/or software platform provider partners and/or System administrators, hosting providers, ICT companies and communication agencies;
- Subject who performs activities under control, revision and certification obligations of the activities performed by the companies of the group also in the interest of the clients.
The updated list of any subjects to whom the personal data of the interested party may be disclosed and or transferred is available at 4ward S.r.l. by contacting us at firstname.lastname@example.org
The data of the interested party will not be disclosed, divulged nor sold to 3rd parties or used for purposes that are different from those indicated above, unless communicated and with the consent of the interested party where necessary.
Transfer of data outside of the EU
Any transfer of data to non-EU countries for the purposes under points 3 and 4 of this document, may occur under the methods allowed by governing law and in particular under the dispositions of the GDPR and precisely:i) art. 44 – General principle for transfers; ii) art. 45 – transfer on the basis of an adequacy decision iii) art. 46 – Transfer subject to appropriate safeguards; iv) art.49 – Derogations for specific situations.
Therefore, the data may be transferred:
- to non-EU countries or international organizations if the European Commission has decided that said countries and organizations guarantee a suitable level of protection (art. 45 of the GDPR)
- to non-EU countries or international organizations that have offered sufficient guarantees (for example the adoption of the standard clauses adopted by the European commission) as long as the interested party has actionable international rights and effective means for recourse (art. 46 GDPR)
- to non-EU countries or international organizations based on Binding Corporate Rules –BCR) for companies that are part of the same business group (art. 47 GDPR)
- To third-party countries or international organizations based on the derogations under the applicability of the conditions of art. 49 and in particular under comma 1, lett: b) execution of a contract; c) conclusion or execution of a contract between the controller and other physical or legal person in the interest of the interested party.
Rights of the interested party
Under articles 15-22 of the GDPR the interested parties have specific rights. In particular, the interested party may obtain from the Controllers access to, correction of, cancellation of, limitation of processing, withdrawal of consent as well as transfer of the data regarding the interested party. The interested party, furthermore, has the right to oppose processing for legitimate reasons and or commercial purposes.
The Controllers undertake to answer the interested party as soon as possible after having verify their identity.
In case the interested party exercises their right to opposition, each Controller and or the joint Controller company reserve the possibility to not act upon the request and therefore continue with the processing if there are legitimate compulsory reasons to proceed with the processing which take precedence over the interests, rights and freedoms of the interested party.
The rights above may be exercised both with the single Controllers and jointly with the joint Controllers sending written communication to the following email address is:
Impresoft Group: email@example.com
Formula S.p.A.: firstname.lastname@example.org
Qualitas Informatica S.p.A.: email@example.com
4ward S.r.l.: firstname.lastname@example.org
NextTech S.r.l.: email@example.com
OpenSymbol S.r.l: firstname.lastname@example.org
Next CRM S.r.l.: email@example.com
GN Techonomy S.r.l.: firstname.lastname@example.org
Cloudnova S.r.l.: email@example.com
Kipcast S.r.l.: firstname.lastname@example.org
HITECO S.p.A.: email@example.com
We hereby inform the interested party that, under art.12 of the GDPR, if the requests of the interested party are evidently unfounded or excessive, in particular for their repetitive nature, the Controllers may: a) charge reasonable expense costs, keeping in mind the administrative costs sustained to supply the information or the communication or to perform the action requested or b) refused to comply with the request.
The interested party furthermore has the right to file a claim with the Data protection agency (Italian: Garante per la Protezione dei Dati Personali).
With regard to any further information regarding right to be exercised with 4ward S.r.l., please visit the page with the procedures for managing the interested parties.
Links to other websites
The site may contain links to other websites. However, once the interested party has used these links and left the present site, 4ward S.r.l. will in no way be responsible for the protection of privacy and of information disclosed while visiting the other sites. We recommend carefully reading the applicable privacy information of the site in question.
Responsibility of 4ward S.r.l.
Without prejudice to the fact that 4ward S.r.l. makes every effort to guarantee that the information contained in this site is accurate, we do not guarantee the completeness of information found herein.
4ward S.r.l. furthermore cannot guarantee that the servers are free from errors, viruses, or bugs. For this reason, it is the responsibility of the interested party to take adequate measures for the protection against all threats. We recommend scanning all files before downloading.
In no case can 4ward S.r.l. be held responsible for any accidental, indirect, consequent, or special damages of any kind, including, but not limited to, damages deriving from profit loss, contract loss or relating to start-up, data, information, revenue or other relations or business including those unknown or not knowable, deriving from or in connection with the use of this website or other connected sites.
Last update: October 2022
Registered and Operating Office
Via Lombardia 2/A
Peschiera Borromeo (MI) 20068
Capital: €80.000,00 I.V.
VAT number: 03408060964
- Corporate resilience
- By industry
- By Competencies
- By Technology
- Success case