PRIVACY POLICY Information pursuant to art. 13 REGULATION (EU) 2016/679

Dear User, Automatica Software Consulting srl  (“Automatica Software Consulting” or Automatica software), Data Controller, pursuant to art. 13 of Regulation EU 2016/679 (hereinafter, “GDPR”) and Legislative Decree 196/2003, as amended by Legislative Decree 101/18, intends to describe, with the following information, the methods of processing the personal data of users who consult the website accessible electronically at the following address:

www.automaticasoftware.it

This information does not concern other sites, pages, or online services that can be reached via hyperlinks that may be published on the site.

In this document, we wish to explain:

1. What is meant by ‘data processing’? Pursuant to art. 4 of Reg. EU 2016/679, the term “processing of personal data” means “any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.”

2. Who is the Data Controller of your data? The Data Controller is Automatica Software srl, VAT 08973590725, with registered office at Viale Federico II di Svevia 7/C , 70038, Terlizzi (BA). The Data Controller can be reached at the email address: info@automaticasoftware.it

3. What data is processed? Automatica Software Consulting uses two types of personal data: those connected to accessing our website (“navigation data”) and those directly provided by the user (“identifying data”).

Navigation data This category includes all data whose transmission is implicit in the use of Internet communication protocols, particularly the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computing environment. These data may also be collected using cookies. In this case, the information is not collected to be associated with identified data subjects, but, due to their nature, they could still allow third parties to identify the user through processing and association with other data already in their possession. Information on cookies and systems similar to cookies is made available to the user by clicking the “COOKIE POLICY” link on the website.

Identifying data The optional, explicit, and voluntary sending of messages to the contact addresses of the Data Controller, private messages sent by users to profiles/pages on social media (where this possibility is provided), as well as the completion and submission of the contact form on the site, entail the acquisition of the sender’s contact details, necessary to respond, as well as all personal data included in the communications. In particular, data such as name, surname, place and date of birth, residence, phone number, and email address may be acquired.

4. Why do we process your data? The purposes of processing navigation data are as follows:

• Allow navigation on the website;
• Obtain statistical information on the use of services (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc.);
• Check the correct functioning of the services offered. The purposes of processing the personal identifying data provided by the user are as follows:
• Utilization of the services offered by Automatica Software Consulting;
• Responding to information requests. The website indicates the contact details of the Data Controller (email, registered office, phone, etc.). The user who uses these contacts to request information about the Data Controller’s activity provides the latter with their personal data (such as name, surname, and other personal data, which will be processed exclusively to respond to the request for clarification, doubts, etc.);
• Responding to information requests made by the user through the contact form. The user’s data (name, email, phone, etc.) provided by filling out the contact form will be processed by the Data Controller to respond to the user’s request for information;
• Sending advertising communications (so-called Direct Marketing). The following information will apply whenever, during navigation on this website, the user is asked to provide their data and consent for the Data Controller to send the data subject advertising material, commercial communications, offers and promotions, direct sales, or for market research or opinion surveys (hereinafter collectively referred to as “direct marketing activities”). The purpose of the processing is to carry out “direct marketing” activities towards the user. The personal identifying data of users may also be processed for the following purposes provided by law:
• Comply with legal obligations. The data provided by the data subject will be used to comply with legal obligations provided by national, European, or supranational regulations.
• Needs for ascertainment, exercise, or defense of rights. The data provided by the data subject will also be processed if necessary, for the ascertainment, exercise, or defense of the Data Controller’s rights in court.

5. On what legal basis do we process your data? The processing of the personal data indicated on this page finds its legal basis in the cases described by art. 6 of the GDPR. In particular, concerning navigation data, the legal basis of the processing lies in art. 6, no. 1, lett. f) of the GDPR, which prescribes the lawfulness of the processing if it is necessary for the pursuit of the legitimate interest of the data controller or third parties. Concerning the personal identifying data provided by the user (intended for the use of services or the request for information), the legal basis of the processing is identified in art. 6, no. 1, lett. a) of the GDPR, which states that the processing is lawful when the data subject has given consent to the processing of their personal data for one or more specific purposes, as well as in art. 6, no. 1, lett. b) of the GDPR, which indicates as a legal basis the execution of pre-contractual or contractual measures adopted at the request of the data subject. The processing of personal data for commercial purposes (sending commercial communications) is based on the following legal bases: in the consent (optional) provided by the data subject pursuant to art. 6, no. 1, lett. a) of the GDPR; in art. 130, paragraph 4, of the new Privacy Code, but only in the case of processing via email and for sending communications regarding services similar to those already “sold” to the Customer; in the legitimate interest pursuant to art. 6, no. 1, lett. f) of the GDPR (in combination with Recital no. 47), when the data subject expects such processing from the Data Controller and this does not harm their rights and freedoms. Finally, the processing of personal data in cases of compliance with legal obligations and needs for ascertainment, exercise, or defense of rights, finds its legal basis in art. 6, no. 1, lett. c) of the GDPR, which states that the processing is based on compliance with a legal obligation to which the Data Controller is subject, and in art. 6, no. 1, lett. f) of the GDPR.

6. How are your data processed, communicated, and disseminated? The data will not be disseminated but communicated to formally appointed individuals as data processors (for example, employees, if any) or designated as data controllers (for example, the company providing the hosting service, the web agency managing the website), who will process the data adopting appropriate and adequate security measures to prevent unauthorized access, disclosure, alteration, or destruction of your data. To comply with legal or contractual obligations, the data of the data subject may be communicated to the following entities: insurance companies in the case of claims; public bodies where required by law; lawyers, law enforcement, judicial authorities (for example) in the case of unlawful acts, contractual breaches, or other legally relevant facts caused by the data subject or by the Data Controller towards the data subject. For all the aforementioned purposes, the data may be known by entities that carry out, on behalf of the Data Controller, even as data controllers, certain technical and organizational activities, such as administrative, accounting, and fiscal services. Pursuant to art. 28 of the GDPR, the Data Controller will appoint third parties who process personal data on its behalf as data processors; a list of external processors is available at the Data Controller’s registered office. For more information on the appointed individuals or data processors, please contact the Data Controller at the email address indicated in the heading.

7. How long are your data retained? Concerning navigation data, except for what will be said about cookies or other tools similar to cookies, the Data Controller does not retain any data potentially provided through simple navigation. The personal data provided by the data subject for the request for information will be retained for the time necessary to provide the requested information service: once this period has expired, the data will be immediately deleted. The personal data provided for the use of services in the case of a contract conclusion will not be deleted but properly managed in compliance with the GDPR. For all information regarding such processing, please refer to the specific privacy policy. In cases of processing due to compliance with legal obligations, the retention period depends on the regulation applied by the Data Controller at the time of processing. In case of processing due to needs for ascertainment, exercise, or defense of rights, the Data Controller will retain the data of the data subject for this exclusive purpose only if there is a reasonable probability of needing to take legal action. In the case of a dispute, the data will be retained until the final judgment. Finally, personal data processed for commercial purposes will be retained, in the case of consent, until the consent is revoked pursuant to art. 7 of the GDPR. While, in the case of processing carried out pursuant to art. 130, paragraph 4, of the new Privacy Code and art. 6, no. 1, lett. f) of the GDPR, the data will be retained for this purpose until the objection pursuant to art. 21 of the GDPR by the data subject, to be asserted from the beginning of the processing or during its continuation.

8. Where are your data processed? Is it possible to transfer your data to non-EU countries? The data processing is carried out at the operational offices of the Data Controller and any other place where the parties involved in the processing are located. The Data Controller undertakes not to transfer the users’ data to non-EU countries. In the case of transfers, the Data Controller guarantees the application of the rules set out in articles 44 et seq. of the GDPR. For any information, please contact the email address indicated above.

9. What are your rights? The data subject can assert their rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR. In particular, the data subject has the right to:

• Request confirmation of the existence of their personal data, among the data collected by the company;
• Know their origin, logic, and purposes of their processing;
• Obtain their updating, rectification, and integration;
• Request their deletion and the right to be forgotten, their anonymization, or blocking in case of unlawful processing;
• Object to their processing for legitimate reasons or in the case of use of the data for sending advertising material, commercial information, market research, direct sales, and interactive commercial communication if consent has not been given;
• Request the transfer of their data to third parties, where possible and necessary;
• Revoke the consent given at any time; The exercise of the aforementioned rights can take place by direct request of the data subject to the Data Controller, using the references indicated in this information. The Data Controller, upon receiving the communication from the data subject, will process the request, handling it in the necessary time for the practice (maximum 14 days), and will then confirm it to the data subject. If the data subject becomes aware of a violation of the regulations regarding the processing of personal data, or the loss or unlawful disclosure thereof, they must urgently notify the Data Controller, using one or more contacts indicated in this information; The Data Controller must, within 72 hours, report the violation to the Privacy Authority, along with the measures taken to address the violation. The data subject also has the right to file a complaint with the supervisory authority. For more information on the procedures, the user is invited to visit the website www.garanteprivacy.it. The Data Controller, who becomes aware from other control sources (DPO if present – Data Processor – Data Processing Officers) of the violation, loss, or accidental dissemination, must notify the Privacy Authority within 72 hours, indicating the measures to address the violation, as well as the data subject; For reports related to the violation of their personal data or damages suffered as a result, the competent authority is the Privacy Authority www.garanteprivacy.it. In case of disputes regarding the interpretation of this document, the competent authority, pursuant to Legislative Decree 206/2005, will be the Consumer Forum.

Cookie Policy Information on cookies and systems similar to cookies is made available to the user by clicking the “COOKIE POLICY” link located in the footer of the website.

For any information, clarification, or exercise of rights, please contact the Data Controller at the email address indicated above.