Privacy Policy

PRIVACY POLICY
Information on the processing of personal data

Introduction

Protecting your personal information is a core value of our business. From this page we provide you with information that may help you understand how we protect your privacy and control the use of your information.

This policy covers the processing of your personal data carried out through our website www.modefinance.com (the "Site") or otherwise in connection with the purchase and use of our products and services.

For any further information on the privacy policies observed by Modefinance S.r.l. in relation to the processing for commercial information purposes, we invite you to consult our dedicated page.

We process your data in compliance with Regulation (EU) No 2016/679 (General Data Protection Regulation, "GDPR") and we provide you with this notice in accordance with articles 13 and 14 of the GDPR

In this policy we tell you in a simple and detailed manner:

1. Who we are and how to contact us;
2. What personal data we process;
3. What we collect your data for and how long we keep it for;
4. Who we share your data with;
5. How we process your data;
6. What your rights are and how you can exercise them.

1. About us and how you can contact us

In this section we list the persons to whom you can refer to in order to exercise your rights:

• Data controller
• Data protection officer

Data controller

This is the entity that decides why and how your personal data are processed and sets up the organisational security measures to protect your privacy.

The data controller is Modefinance S.r.l. who can be contacted at:

Data controller
Modefinance S.r.l.
AREA Science Park, Building A,
Padriciano 99, Trieste
privacy@modefinance.com

Please remember to include your name, e-mail/postal address and/or telephone number(s) so that your request can be handled correctly.

Data Protection Officer

The company Modefinance has appointed a Data Protection Officer (DPO): this is the person in charge of overseeing compliance with the legislation on the processing of personal data and responding to your requests for clarification on how we process your data.

The DPO is also the person appointed by the company to respond to your requests to exercise your right of access and other rights under the GDPR. You can contact him by writing to the following contact details:

Data Protection Officer
Studio legale Avv. Paolo Vicenzotto,
Corso Giuseppe Garibaldi 4 G – Pordenone
EMAIL: dpo@studiolegalevicenzotto.it

Please remember to include your name, e-mail/postal address and/or telephone number(s) so that your request can be handled correctly.

2. What personal data we process

Personal data is any information with which you can be identified, directly or indirectly, if you are a natural person.

We collect and use your personal data in order to enter into and perform your contract with Modefinance and when you visit, consult, request or use Modefinance's services and/or products (including those available on this Site.

In some cases we may also collect your personal data from other TeamSystem group companies or public databases.

Types of data we collect:

★ Contact and access identification data
Such as first name, surname, username, e-mail address, postal address, telephone number, as well as a copy of your ID, where required by applicable law.

★ Product data
Such as data relating to products supplied to you under licence and/or services subscribed to by you, including information contained in documents managed through the product or service, as well as what is required to comply with legal obligations (e.g. compilation of transaction log required by current legislation on the conduct of business information activities).

★ Billing and payment data
Such as VAT number, tax code, address, if applicable, and company name.

★ Browsing data
Such as connection data, IP address (1), domain names and other parameters relating to your browser and operating system.

★ Usage Data
Meaning information generated in the context of the use of products or services purchased by you, such as log data (2), data relating to licences, installations and configurations, data relating to registrations made, or interaction and transaction processes.

_________________

(1) The IP address is the equivalent of the postal address but related to your device (PC, mobile phone, tablet). So a unique address that identifies a unique device

(2) Log data are files that store information on the operation of devices and, above all, records of errors and problems

3. For what purposes we collect your data and for how long

In this section we explain to you the purposes for which we use your data, i.e. the purpose of the processing.

We also tell you whether you have an obligation to provide us with the data, what happens if you do not want to provide us with the data and how long we keep the data.

These are the purposes for which we process your data:

• Contractual and legal purposes
• Service improvement purposes and other purposes not based on consent
• Marketing purposes

1. Contractual and legal purposes

IN SHORT

★ Are you obliged to provide us with your data?
Yes, without them we cannot provide our services/products.

★ What happens if you do not provide us with the data?
We will not be able to perform the contractual relationship and provide you with the services or products you have requested us.

★ Is your consent necessary to process your data?
Your consent is not required.

★ On what legal (basis) grounds do we process your data?
Processing is necessary in order to perform the contract you have concluded with us, to handle your requests or to carry out the activities necessary to conclude a contract with us and to fulfil an obligation imposed on us by law.

★ How long do we keep your data?
For a period equal to the duration of the provision of the services you have requested and for 10 years thereafter (period in which the statute of limitations for any contractual liability accrues). Except in cases where retention for a later period is necessary for litigation, requests by competent authorities or under applicable law.

Here we describe the different contractual and legal purposes in more detail:

• a. Allow you to browse the Site
  
• b. Register and manage your account (including any account verification and credential recovery) and use the features related to your account.
  
• c. Perform the activities necessary for the conclusion and execution of the contract to provide the service/product you have requested or purchased, including through the Site.
  
• d. Handle requests for interaction with our company relating to our services and initiatives (for example, requests for quotes and order processing, registration for webinars (3), events, newsletters, etc.).
  
• e. Handling any complaints and requests for the dispatch of service communications and product updates, both through traditional communication tools such as paper mail and through remote communication tools, such as – but not limited to – e-mail, chat, telephone, SMS, chatbots (4), banners, notification systems and other remote communication tools.
  
• f. Assisting, supporting and training those who use our services and products. Product Usage Data may also be processed for support activities. For example, by examining user activity logs it is possible to understand the reasons for any criticalities in the use of certain product functionalities.
  
• g. Fulfilling obligations arising from national or Community regulations or legislation (e.g. tax and accounting obligations, as well as obligations related to the performance of business information and/or rating activities) or managing or responding to requests from judicial authorities or administrative and tax authorities.

_________________

(3) A webinar is an educational or information session whose participation takes place remotely via an Internet connection.

(4) A chatbot is an instant electronic conversation (chat) that takes place between you and an artificial intelligence (bot).

2. Service improvement and other non-consent-based purposes

IN SHORT

★ Is your consent necessary to process your data?
Your consent is not required.

★ Can you object to these processing operations?
You can object to processing carried out for reasons related to your particular situation, in the manner indicated in the section 'What are your rights and how can you exercise them'. In this case, we will not process your data for this purpose, except where we can demonstrate an overriding legitimate reason or the exercise or defence of a right under Article 21 of the GDPR.

★ On what legal grounds do we process your data?
The processing is based on the legitimate interest of the Data Controller, provided for in Article 6, paragraf 1), letter f) of the GDPR. In accordance with the GDPR, we have carried out a thorough balancing of interests with the aim of protecting and guaranteeing your privacy and fundamental rights.

★ How long do we keep your data?
For a period equal to the duration of the provision of the services you have requested and in accordance with the principle of minimisation. Except in cases where:

• Modefinance needs to retain your personal data for defence purposes (letter j) for the following 10 years (period in which the statute of limitations for Modefinance's contractual liability, if any, accrues);
• or, in the event of litigation, the further retention depends on the duration of the litigation itself or on specific requests by the proceeding authority.

Here we describe in more detail the different purposes of service improvement and other non-consent-based purposes:

• h. To carry out analysis and research activities with respect to the products and services provided and the use thereof by you, in order to improve and develop our products and services. In accordance with the principle of minimisation (5) these activities will be carried out using your personal data only when necessary to ensure the reliability and correctness of the activities; if possible we will also anonymise (6) or aggregate the data before using it.
  
• i. Evaluate your satisfaction with products purchased and services provided by Modefinance or to resolve any difficulties or problems with their use: for example, initiatives designed to help you make the best use of the product or service, including to prevent possible cancellations and to improve the user and customer experience.
  
• j. To assert and defend Modefinance's rights, including in the context of debt collection procedures and the assignment of credits to authorized companies, to assess the customer's status and reliability, and to carry out checks for the purpose of preventing and/or suppressing fraudulent or harmful actions.
  
• k. Carrying out a potential merger, sale of assets, transfer of business, business unit or financial transaction by communicating and transferring data to the third parties involved.
  
• l. Carry out customer segmentation activities based on non-invasive categories such as, among others, the professional category you belong to, the city/province/region in which you are based, the type of product or service you purchased or for which you requested information through the Site. This segmentation activity may also be done on third party vendor platforms, through interconnection activities with the third party platform's own data. In any case, communications for Marketing Purposes will be sent in compliance with the consent you have given and in accordance with what is stated in this policy. In this context, the data could also be used to detect similar customer profiles.
  
• m. Manage Modefinance's IT resources, including infrastructure, websites and technological equipment, to ensure continuity of service and guarantee IT security (e.g. to prevent cyber attacks or perform checks in case of attacks).

_________________

(5) see above

(6) Anonymisation is a technique whereby personal data can no longer be traced back to a specific person

3. Marketing purposes

IN SHORT

★ Are you obliged to provide us with your data?
No, you are not obliged to.

★ Can you object to processing?
You can object at any time to the processing of your data for direct marketing purposes, including profiling if related to such direct marketing.

★ What happens if you do not provide us with data?
We will not process your data for these purposes without any consequences with regard to your contractual relationship with us and the use of our services.

★ Is your consent required to process your data?
Yes, your consent is required, with the exception of the purpose indicated under p.

★ On what legal grounds do we process your data?
We process data on the basis of your prior consent. The only exception relates to the purpose indicated in letter p: in this case the processing is carried out in accordance with Article 130, paragraph 4 of Legislative Decree no. 196/2003 ("Privacy Code") and subsequent amendments and additions, without prejudice to your right to object to the processing.

★ Modification of choices and withdrawal of consent
If you change your mind, you may at any time change the consent given for marketing purposes in the manner indicated in the section "What are your rights and how you can exercise them". In any case, if you no longer wish to receive our marketing communications, you can use the unsubscribe link available at the bottom of our marketing communications received by e-mail. In these cases, we will keep the minimum personal data necessary to register your opt-out and avoid contacting you again.

★ How long do we keep your data?
For a period of 24 months from the date of termination of the contractual relationship regarding the products/services provided or the date of the last contact with you. By last contact we mean, for example, participation in a Modefinance event, use of a product or service provided by Modefinance or the opening of a newsletter. This does not affect your right to revoke your consent at any time.

Here we describe the different marketing purposes in more detail:

• n. To send you updates on news and commercial offers of Modefinance's products and services, also after interconnection (7) of your Usage and Browsing Data and analysis of your behaviour both with respect to the navigation of the Site and, more generally, to the use of Modefinance's services and products (in compliance with the consents expressed to acquire these data);
  Or to invite you to participate in events, conduct market research or other commercial initiatives.
  This may be done either through traditional communication channels such as paper mail or a phone call from an operator or through automated communication tools such as e-mail, chat, messaging (SMS and other instant messages), chatbots (8) and other remote communication tools.
  
• o. Communicate your personal data to other TeamSystem group companies and/or network of its business partners, for the purpose of sending marketing communications and other promotional initiatives through automated communication tools and according to the purposes indicated at letter n) above.
  
• p. To send marketing communications by e-mail about services or products similar to those object of the contract concluded with Modefinance to the e-mail addresses you have provided for the conclusion of the contract itself, in the hypothesis that your specific consent for this purpose has not already been requested for the purpose indicated at letter n) above. You will be able to object to the sending of these communications at any time and free of charge.

_________________

(7) Interconnection consists in using several databases in connection with each other. For instance, data contained in one database can be automatically updated in the event of changes to data contained in a second database

(8) See above

4. With whom we share your data

We may share your data with other parties who carry out activities related to our products or services. When sharing your data we respect the principles of purpose and minimisation (9) set out in the GDPR.

The parties to whom we disclose data are: third party service providers and consultants of ModeFinance with reference to activities in the IT, technology, accounting, administrative, legal, banking and insurance sectors. Subject to your consent, the data may also be passed on to TeamSystem and/or network of business partners for the purpose of sending marketing communications and other promotional initiatives through automated communication tools and for the purposes indicated.

The subjects to whom we disclose your data, process them, as appropriate, as autonomous data controllers, data processors or persons in charge of processing. For a complete list of the entities that process data as data processors, please write to us at privacy@modefinance.com

★ Do we transfer your data abroad?
Your personal data may be freely transferred within the European Union. If, for the purposes indicated, Modefinance needs to transfer your personal data outside the European Union, to countries not considered adequate by the European Commission (e.g. United States), Modefinance will take the necessary measures to protect your personal data. We will do this in compliance with the legal guarantees, in accordance with the applicable legislation and in particular Articles 45 and 46 of the GDPR.

If you wish to receive further information about the guarantees in place and would like to request a copy of them, you may contact the Data Protection Officer at dpo@studiolegalevicenzotto.it

_________________

(9) The purpose principle requires that personal data be processed for specified, explicit and legitimate purposes

5. How we process your data

Your personal data are processed by Modefinance by means of electronic and manual systems according to the principles of fairness, loyalty and transparency and by protecting your confidentiality by means of technical and organizational security measures to ensure an adequate level of security.

These processing operations take place at Modefinance's head office and/or at the offices of external data processors who carry out the processing on behalf of Modefinance.

For more information on cookies and tracking tools used on the site and the related processing of your browsing data, you can consult our cookie policy here.

6. What are your rights and how you can exercise them

You have control over your data. Here we list the rights you have in respect of the processing of your personal data:

★ Right of access
You can receive confirmation of the existence of your personal data and have access to its content.

★ Right of correction
You can update, amend and/or correct your personal data.

★ Right to be forgotten and right to limitation
You can request the deletion or restriction of the processing of your personal data processed in breach of the law, including data whose retention is not necessary for the purposes for which the data was collected or otherwise processed. This is subject to an overriding public interest or our legal obligation to retain the data.

★ Right to object
You can object to processing, including profiling. This is subject to the case where there is an overriding legitimate reason for Modefinance to continue the processing.

★ Right to withdraw consent
You may revoke your consent to marketing activities if you have previously given it.

★ Right to complain
You can lodge a complaint with a supervisory authority in the Member State where you normally reside, work or where the alleged infringement has occurred. In Italy, the supervisory authority is the Garante per la protezione dei dati personali (10). This is without prejudice to any other administrative or judicial remedy.

★ Right to data portability
You can receive an electronic copy of the personal data related to you. You have the right to transfer this data to a different service provider if Modefinance processes the data on the basis of your consent or on the basis that the processing is necessary to provide you with the requested services and if the data is processed by automated means.

To exercise your data protection rights as set out above at any time and free of charge, you may contact the Data Protection Officer by sending a request to dpo@studiolegalevicenzotto.it

We will respond to your requests within 30 (thirty) days of receipt, subject to an extension of 60 (sixty) days, taking into account their complexity and number.

In any case, you have the right to lodge a complaint with the Supervisory Authority of the country where you live or work (for Italy, the Garante per la Protezione dei Dati Personali) in the form and manner provided for by current legislation. Likewise, you have the right to appeal to the competent judicial authority for the protection of your privacy rights.

When contacting us, be sure to include your name, e-mail, postal address and/or telephone number to ensure that your request can be handled properly.

★ What happens in the event of your death?
If you are not a legal person, in the event of your death, Article 2-terdecies of the Privacy Code applies: these rights relating to your personal data may be exercised by those who have an interest of their own, or who act as your proxy, or for family reasons worthy of protection.

You may expressly prohibit – under the conditions laid down in the aforementioned Article 2-terdecies – some of these rights from being exercised by these persons by sending a written declaration to the Data Controller, at the contact details you can find in the "About us and how you can contact us" section of this notice. You may also revoke or amend this declaration at a later date in the same manner.

_________________

(10) The website of the Data Protection Authority is www.garanteprivacy.it

Changes and updates

We may also change this policy as a result of regulatory changes.

We will notify you in advance of any changes to the policy.

The updated policy text will be available at https://www.modefinance.com/en/privacy-policy

Privacy Contacts

For all enquiries relating to this privacy policy you may contact the Data Controller at the following addresses:

Data Controller
Modefinance S.r.l.
AREA Science Park, Building A,
Padriciano, 99 -Trieste
privacy@modefinance.com

Please remember to include your name, e-mail/postal address and/or telephone number(s) so that your request can be handled correctly.

Last update: 16 May 2022

References

Below are the articles mentioned in the document with their relative simplification:

Article	Description
Art. 13 GDPR	Information to be provided to the data subject Establishes the information that the data controller must provide to the data subject, i.e. the person to whom the data relate, when obtaining his data
Art. 14 GDPR	Information to be provided to the data subject Establishes the information that the data controller must provide to the data subject, i.e. the person to whom the data refer, when obtaining his/her data
Art. 130 paragraph 4 DL 196/2003 ("Privacy Code")	Promotional communications without the consent of the data subject If the data subject has provided the data controller with his e-mail address in connection with the sale of a service or product, then the data controller may send the data subject promotional or market research communications even without his consent. The communications must relate to products or services similar to those sold and the data subject always has the right to object to these communications.
Art. 45 GDPR	Transfer on the basis of an adequacy decision Establishes that personal data may be transferred to foreign states or international organisations if there is an adequate level of data protection, as decided by the European Commission.This article also defines the requirements on the basis of which this decision is made.
Art. 46 GDPR	Transfer subject to adequate safeguards Personal data may be transferred to foreign states or international organisations if the data controller has established appropriate safeguards to protect the data.
Art. 6, paragraf 1), letter f) GDPR	Lawfulness of processing based on legitimate interest The processing of personal data is lawful if it is necessary for the purposes of the legitimate interest of the data controller or a third party, provided that this interest is not overridden by the interests or fundamental rights and freedoms of the data subject
Art. 21 GDPR	Right to object The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data when it is based on the pursuit of a legitimate interest. In the event of an objection, the data controller must refrain from further processing the personal data unless it can demonstrate the existence of compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the exercise or defence of a legal claim.