Privacy Notice pursuant to
Article 13 of EU Regulation 2016/679 (GDPR)

This notice has been drafted as an integration of any previous versions and does not constitute a replacement of them.

Pursuant to Article 13 of EU Regulation 2016/679 (GDPR), this notice concerns your personal data, meaning information relating to you, processed by Tylent Technologies SRL within the website [www.tylent-technologies.com].

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

1.1. The Data Controller is Tylent Technologies SRL, with registered office at Via Ragazzi del ’99 no. 13 – 38123 Trento (TN), Italy, VAT No.: 02768180222.

1.2. Contact details:
a) telephone +39 0403478508
b) e-mail: info@tylent-technologies.com
c) certified e-mail (PEC): tylenttechnologies@pec.gpi.it

2. DATA PROCESSED, PURPOSES AND LEGAL BASIS OF PROCESSING, NATURE OF PROVISION, RETENTION PERIOD

2.1. In this section, for each purpose, the following will also be indicated: the personal data processed, the legal basis of the processing, the nature of the provision and the retention period.

A. Website browsing

Personal data processed: personal data implicitly transmitted during the use of Internet communication protocols (IP addresses, domain names of the computers used to connect to the website, URI – Uniform Resource Identifier – addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the user’s operating system and IT environment).

Purpose: to allow browsing and consultation of the website.

Legal basis: Art. 6(1)(f) GDPR, as the processing is necessary for the legitimate interest pursued by the Data Controller.

Nature of provision: necessary in order to browse the website.

Retention period: for the entire duration of the browsing session with respect to the data collected during that session and for a maximum period of seven (7) days, except where a longer retention period is necessary for the investigation of liability in case of possible cybercrimes.

B. Request for information

Personal data processed: first name, last name, e-mail address, as well as optional data such as profession, organisation, telephone number, country of origin and other information voluntarily provided.

Purpose: to respond to requests for information.

Legal basis: Art. 6(1)(b) GDPR, as the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the same.

Nature of provision: necessary in order to submit requests for information.

Retention period: for the time necessary to respond to your requests for information.

C. Fraud prevention

Personal data processed: behaviour on the website, including IP addresses.

Purpose: security and prevention of fraudulent conduct. The Data Controller uses an automatic monitoring system involving the detection and analysis of user behaviour on the website associated with the processing of personal data, including IP addresses.

Legal basis: Art. 6(1)(f) GDPR, as the processing is necessary for the legitimate interest pursued by the Data Controller.

Nature of provision: necessary in order to browse the website.

Retention period: seven (7) days, unless anomalies occur. In such case, the data will be retained until the behaviour has been verified and, in case of legal action, until its conclusion.

D. Periodic newsletter

Personal data processed: first name, last name, e-mail address.

Purpose: to send informational communications from the Data Controller by e-mail.

Legal basis: your consent, Art. 6(1)(a) GDPR. Consent may be withdrawn at any time; withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Nature of provision: optional and does not affect the use of other services.

Retention period: until withdrawal of your consent.

E. E-mail marketing

Personal data processed: e-mail address.

Purpose: to send commercial communications from the Data Controller by e-mail, invitations to events or promotional initiatives.

Legal basis: your consent, Art. 6(1)(a) GDPR. Consent may be withdrawn at any time; withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Nature of provision: optional and does not affect the use of other services.

Retention period: until withdrawal of your consent or for a maximum period of twenty-four (24) months from the moment consent is provided. After the expiration of the 24 months, you may be asked to renew consent should you wish to continue receiving such services.

F. Data Provided for Registration to the Membership Area

Personal data processed: e-mail address.

Purpose: to grant access to in-depth information regarding Tylent Technologies solutions and products, to send informational materials, communicate product updates, and notify the user about scientific and/or commercial events or initiatives.

Legal basis: Art. 6(1)(a) GDPR – consent of the data subject.

Nature of provision: optional, but necessary to access the Membership Area services.

Retention period: until withdrawal of consent.

2.2. With regard to cookies, please refer to the Cookie Policy available in the dedicated section of this website.

2.3. With regard to browsing on the Data Controller’s social network profiles, please refer to the privacy section of the respective websites.

2.4. Your personal data may also be processed, where necessary and after they have been provided for the purposes indicated above, to ascertain, exercise or defend a right in judicial proceedings, based on the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR).

3. POSSIBLE RECIPIENTS OF THE DATA

3.1. In order to provide the requested services, the Data Controller may entrust your personal data to various service providers with whom specific contracts have been concluded to ensure the protection of your personal data and compliance with personal data protection legislation.

These entities are identified as Data Processors, who may process your personal data on the basis of a specific appointment pursuant to Art. 28 GDPR, following the instructions and directives provided by the Data Controller.

In particular, these may include:
a) persons, companies or professional firms providing assistance and consultancy services to the Data Controller;
b) entities with whom it is necessary to interact in order to enable the functioning of the website, for example the hosting service provider;
c) entities delegated to carry out technical assistance and maintenance activities for network equipment and electronic communication networks.

The complete list of data processors is available by sending a request to the Data Controller at one of the contact points indicated in this notice.

3.2. The Data Controller may communicate your personal data to subjects, entities or authorities to whom communication is mandatory pursuant to legal provisions or orders of the authorities. These subjects will operate as independent data controllers.

3.3. Your personal data may also be communicated and processed by persons authorised by the Data Controller pursuant to Art. 29 GDPR, who have committed themselves to confidentiality or are subject to an appropriate legal obligation of confidentiality, such as company employees.

4. TRANSFER OF DATA TO NON-EU COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS

4.1. Your personal data may be transferred to countries outside the European Union on the basis of the Standard Contractual Clauses provided for under Art. 46 GDPR.

4.2. With regard to cookies, please refer to the Cookie Policy available on this website.

5. RIGHTS OF THE DATA SUBJECT AND COMPLAINT

5.1. With regard to the aforementioned data, the data subject, or a person authorised in writing, may exercise the following rights, including by contacting the Data Controller at the contact details indicated in this notice:

a) the right of access pursuant to Art. 15 GDPR;
b) the right to rectification pursuant to Art. 16 GDPR;
c) the right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;
d) the right to restriction of processing when one of the conditions set out in Art. 18 GDPR applies;
e) the right to receive confirmation that the operations carried out pursuant to Arts. 16, 17 and 18 GDPR have been communicated to those to whom the data have been disclosed, unless this proves impossible or involves a disproportionate effort (Art. 19 GDPR);
f) the right to data portability pursuant to Art. 20 GDPR;
g) the right to object to the processing of personal data pursuant to Art. 21 GDPR;
h) the right not to be subject to a decision based solely on automated processing pursuant to Art. 22 GDPR;
i) the right to withdraw consent at any time pursuant to Art. 7 GDPR;
j) the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

6. FURTHER INFORMATION

6.1. The Data Controller remains available for any need for clarification and, should the processing change with respect to what is described in this document, the Controller will provide an updated notice.

6.2. The protection of your personal data and compliance with the principles provided by the legislation, particularly the principle of transparency, are values of primary importance to us. We would be grateful if you could assist us by reporting any lack of clarity in this document or suggesting improvements through the contact details of the Data Controller indicated above.

7. DATA PROTECTION OFFICER

7.1. Tylent Technologies SRL has appointed a Data Protection Officer (DPO), who may be contacted at the following addresses for all matters relating to the processing of personal data and the exercise of the rights deriving from the GDPR:

a) telephone: +39 0403478508
b) e-mail: dpo@tylent-technologies.com