Dear user,
in order to allow you access to the website family.hiveflow.io and to be able to answer the questions submitted via the “Contact” form, as Data Controller of your Personal Data, we hereby provide you with this privacy notice pursuant to and of the purposes of art. 13, Reg. EU/679/16, as well as Italian legislation in force.
1. Data controller
The Data Controller is Nethive SPA, Via Vincenzo Stefano Breda 26, 35010 Limena (PD) Italt, Phone: +39.049.7442600, e-mail: privacy@nethive.it (hereinafeter referred to as “Controller” or “Company”).
The controller has not appointed a Data Protection Officer (DPO).
2. Data processing
2.1 Mandatory purposes
The following processing operations, whose legal bases are found in the contractual or legal obligation, are mandatory because, without them, it will not be possible to manage the relationship with the Company:
| Purpose | Legal basis for the processing |
|---|---|
| Reply to requests received through the form “Contacts”; personal data required: a) Name; b) Email Address, c) Company Name |
(Art. 6, para. 1, letter B), GDPR Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
| Registration of visitors’ IP addresses; personal data required: a) IP address |
(Art. 6, para. 1, letter C), GDPR Processing is necessary for compliance with a legal obligation to which the controller is subject |
2.2 Optional purposes
The following processing operations, whose legal bases lies in the explicit consent, are optional and a possible refusal will not affect the possibility of establishing a relationship with the Company:
| Purpose | Legal basis for the processing |
|---|---|
| Contact the data subject for direct marketing purposes; personal data required: a) Name; b) Email Address, c) Company Name |
(Art. 6, para. 1, letter A), GDPR The data subject has given consent to the processing of his or her personal data for one or more specific purposes |
3. Recipients of the personal data
For the pursuit of the above purposes, your Personal Data may be communicated to:
- Employees and/or Collaborators of the Company, duly appointed as authorized and instructed on how to process such data;
- Third parties other than the Data Controller, such as:
| Third party | Purpose | Note |
|---|---|---|
| IT Company | Management, maintenance, updating of systems and software used by the Controller | Appointment as Data Processor (art. 28, GDPR) |
| Network providers, electronic communication services and computer and telematic data storage and management services | Hosting, housing, cloud, SaaS and other remote IT services essential for the provision of the Controller’s activities, filing services and storage of electronic documents in accordance with the regulations | Appointment as Data Processor (art. 28, GDPR) |
The third parties to whom your Personal Data may be communicated act as:
- Autonomous Data Controllers, i.e. subjects who determine the purposes and means of the Personal
Data processing; - Data Processors, i.e. subject who process Personal Data on behalf of the Data Controller.
The list and updated information of the subject identified as Data Controller or Data Processor is available
from the Company
4. Period of retention of Personal Data
We explain below the period of retention of your Personal Data or, if that is not possible, the criteria used
to determine that period:
| Personal Data | Period of retention or criteria determination |
|---|---|
| Purpose: Reply to requests received through the form “Contacts” Name, Email Address, Company Name |
Time required to respond to the requests + retention period for the email backup (policy available from the Controller) |
| Purpose: grant access to the website IP Address |
6 months + retention period for the website backup (policy available from the Controller) |
| Purpose: marketing Name, Email Address, Company Name |
24 months |
5. Data Subject Rights
We inform you of the existence of certain rights provided by the GDPR with regard to your Personal Data
and related processing that you may request to the Controller:
| Right | Description | How to make it work |
|---|---|---|
| Right to withdraw his or her consent (art. 13, comma 2, lett.C) | You shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, you have to be informed thereof. It shall be as easy to withdraw as to give consent. | Send an email to privacy@nethive.it |
| Right of access by the data subject (Art. 15) |
You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from you, any available information as to their source; (h) the existence of automated decisionmaking, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; (i) where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer. The controller shall provide you a copy of the personal data undergoing processing. For any further copies requested, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form. |
Send an email to privacy@nethive.it |
| Right to rectification (art. 16) |
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. |
Send an email to privacy@nethive.it |
| Right to erasure (right to be forgotten) (art. 17) |
You have the right to obtain from the Data Controller the cancellation of Personal Data concerning you, if such Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed. | Send an email to privacy@nethive.it |
| Right to restriction of processing (art. 18) |
You have the right to obtain from the Data Controller the limitation of the processing when you have contested the accuracy of the Personal Data (for the period necessary for the Data Controller to verify the accuracy of such Personal Data) or if the processing is unlawful, but you object to the deletion of the Personal Data and ask instead that its use be limited or if it is necessary for the establishment, exercise or defence of a right in court, while the Data Controller no longer needs it. | Send an email to privacy@nethive.it |
| Right to data portability (art. 20) |
You have the right to receive, in a structured, commonly used and machinereadable format, the Personal Data concerning you and the right to transmit them to another Data Controller if the processing: (i) is based on consent, (ii) on the contract and (iii) is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority and such transmission does not infringe the right of the third party. |
Send an email to privacy@nethive.it |
| Right to object (art. 21) |
You have the right, at any time, in whole or in part, to object to the processing of your Personal Data if such processing is carried out in the pursuit of a legitimate interest of the Data Controller or if the processing is carried out for direct marketing purposes. | Send an email to privacy@nethive.it |
| Right to lodge a complaint with a Supervisory Authority (art. 77) | You have the right to complain to the Supervisory Authority if you believe that the Processing concerning you violates the GDPR. | Forms on the website of the Supervisory Authority |
The exercise of the above mentioned rights is subject to the limits, rules and procedures set forth in the
GDPR and which the Data Subject must be aware of.
6. Changes and updates
This Privacy Notice may be subject to change and/or amendment, including as a result of the applicability
of GDPR and future regulatory changes and/or updates.
The updated Privacy Notice is constantly available on the Company’s website.