GENERAL POLICY AND POLICIES FOR EACH SERVICE

pursuant to art. 13 of the EU Regulation 2016/679 on the protection of personal data and the Code on the protection of personal data, Legislative Decree 196/2003, as amended by Legislative Decree 101/2018
______

This document is intended to clearly and comprehensively explain the methods and purposes of using your personal data in accordance with the EU Regulation 2016/679 (hereinafter “GDPR”), in the following cases:
1. When using the website www.paytec.eu;
2. When asking for information about the services offered by Payment Technologies Srl;
3. When applying and sending your curriculum for positions at Payment Technologies Srl;
4. When using Customer Service of Payment Technologies Srl;
5. When registering and logging in the download area of our website;
6. When registering and buying products from the online-shop of Payment Technologies Srl.

Payment Technologies Srl (hereinafter simply “PAYTEC”), owner of the website www.paytec.eu (hereinafter “the website”), devotes the maximum effort to the protection of personal data of Users of its Website, while making use of some of Their data for the specific functions of the web page and for its legitimate interests, as recognized by the GDPR
This document contains:

I. a GENERAL SECTION on Privacy;
II. a DEDICATED SECTION on the Privacy policy for each service available on the website (the User undertakes to view the privacy policy of each service he intends to use, both when logging in / surfing the site and when using the service);
III. a section dedicated to the COOKIE POLICY.

I – PRIVACY POLICY – GENERAL SECTION

1. Data Controller
The Controller of personal data inserted by Users of the website www.paytec.eu is:
Payment Technologies Srl (VAT nr. 07603320966) – registered seat in Milan (MI), Via Fabio Filzi, 47 and operational seat in Rovellasca (CO), Via XX Settembre, 49; Tel.: +39 02 9696141; Fax: +39 02 96961414; email: info@paytec.it.

2. Purpose of data processing
Your personal data will be specifically used for the following purposes:
a) enable Users to surf the website;
b) respond to requests for information regarding the services given by Payment Technologies Srl;
c) allow the selection of personnel for positions at Payment Technologies Srl;
d) enable the operation of the Customer Service to respond to the clients’ requests;
e) enable users to enter the download area of the website;
f) enable users to buy PAYTEC products from the online shop;
g) fulfill any obligations required by applicable laws, regulations or EU legislation, or meet requests from the authorities.

The legal basis for the processing of personal data for the purposes referred to in sections a), b), c), d), e) and f) is art. 6(1)(b) of the GDPR (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract“), as the processing is necessary for the provision of the services offered by the Data Controller and the selection of personnel for positions at PAYTEC.

The purpose of the processing referred to in section g) is lawful under art. 6(1)(c) of the GDPR (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject”). As a matter of fact, once personal data have been collected, processing is necessary in order to comply with legal obligations to which the Controller is subject.

3. Data Processing methods – Storage
The Controller informs you that during their normal operation the computer systems and software procedures used to operate this site collect some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, the URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, how the request was submitted to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, …) and other parameters relating to the operating system and the user’s IT environment.
These data, necessary for the use of web services, are also processed for the following purposes: obtain statistical information on the use of the services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.); check the correct functioning of the services offered
Your personal data will be processed both automatically and manually and, according to the provisions of art. 5 of the GDPR, will be processed lawfully, fairly and transparently by specifically appointed parties, for the time strictly necessary to achieve the scope and purpose for which they were collected.
Specific security measures will be observed to prevent the loss of data, illicit or incorrect use and unauthorized access
Your data will not be used for market surveys.
In compliance with art. 4 of the GDPR, ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
In the event that a User or interested party sends the Data Controller personal data which are:
– unnecessary for the performance of a task or the performance of a service strictly connected,
– unconsistent with the service requested,
the Data Controller cannot be considered the Data Controller of these data and will cancel them as soon as possible, notifying the data subject.

4. Scope of communication and dissemination
Your personal data will not be disclosed but they may be disclosed, where necessary for the provision of the service, to third parties (such as third party technical service providers, mail carriers, hosting providers, IT companies) appointed as External Data Processors by the Data Controller, for technical or organizational tasks instrumental to the provision of services
Access to the data is also permitted to the categories of appointees of Payment Technologies Srl involved in the organization of data processing (administrative staff, collaborators, system administrators)
The updated list of Data Processors may always be requested from the Data Controller by writing to the email address: …
The list and the methods of processing by External Processors, on behalf of the Controller, are constantly updated and available at the headquarters of the Controller.
Any further communication will only take place with your explicit consent

5. Place of data processing
Data are:
– stored in paper, computer and electronic media located at the operational seat of Payment Technologies Srl;
– stored in “hosting” by … in the manner and location agreed with the latter as External Processor.

6. Retention period for personal data
Unless the interested party explicitly expresses his will to remove them, personal data will be kept for no longer than it is necessary for the purposes for which the data were collected:
a. enable surfing of the Site: www.paytec.eu: until the deactivation of technical cookies by the interested party;
b. respond to requests for information regarding the services given by Payment Technologies Srl: for the time necessary to process the request;
c. allow the selection of personnel for positions at Payment Technologies Srl for the duration of the selection process and up to 24 months from receipt of the application;
d. enable the operation of the Customer Service to respond to the clients’ requests: for the time necessary to process the request and in any case for the period deemed necessary for the purposes of any right of defense of the Owner ;
e. enable users to enter the download area of the website: paydoc.paytec.it: until the request for user cancellation;
f. enable users to buy PAYTEC products from the shop online: 10 years (art. 2220 Italian Civil Code – mandatory retention time for the accounting documentation);
g. fulfill any obligations required by applicable laws, regulations or EU legislation, or meet requests from the authorities (until the right expiration date).
In cases of necessary or potential protection of the rights of the Data Controller (also for the purpose of demonstrating compliance with the contract or the services requested), the necessary personal data of the Interested party will be kept for the time necessary for the protection of the right and will be processed for the aforementioned purpose, except for the release of the interested party or third parties having an action or exception.
Personal data that are not necessary for the purpose of performing the requested service or for the provision of a service closely connected to it will be deleted as soon as possible

7. Rights of the Interested party
The Controller guarantees that you can exercise the rights provided by the GDPR at any time.
In particular, the following rights are guaranteed:
– the right to obtain from the Controller confirmation as to whether or not personal data concerning the data subject are being processed, and, where that is the case, access to the personal data. The controller shall provide a copy of the personal data undergoing processing, when requested (Art. 15 GDPR);
– the right to obtain from the Controller the rectification of inaccurate personal data or the right to have incomplete personal data completed (Art. 16 GDPR);
– the right to obtain from the controller the erasure of personal data where one of the grounds indicated in GDPR applies (Art. 17 GDPR); the User of the Site, even if not registered, may at any time oppose the processing by asking PAYTEC to erase the data collected and potentially referable to his IP address, proving to the owner or holder;
– the right to obtain from the controller restriction of processing where one of the grounds indicated in GDPR applies (Art. 18 GDPR);
– the right to receive the personal data the subject has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance (Art. 20 GDPR);
– the right to object partially/in full to the processing of personal data for marketing purposes (sending of advertising material or market surveys) (Art. 21 GDPR);
– the right to oppose partially/in full to automated or semi-automated processing of personal data for profiling purposes (Art. 22 GDPR).
The data subject can exercise these rights by notifying the Controller:
– by phone : +39 02 9696141;
– by email: info@paytec.it.
It is equally possible to submit a complaint to the Authority for the Protection of Personal Data, who can be contacted here:
– Piazza di Monte Citorio, nr. 121, 00186 ROMA, tel. +39 06 696771 (paper complaint);
– garante@gpdp.it or on http://www.gpdp.it (complaint in digital format).

8. Revocation of consent
You can revoke your consent at any time, without this compromising the processing carried out in the period prior to the revocation. The revocation will necessarily entail the cancellation of the registration to the information services to its Customers
In case of violation of your rights in relation to Personal Data processed by the Controller, you have the right to lodge a complaint with the Italian Data Protection Authority, using the following contact details: Piazza di Monte Citorio, nr. 121, 00186 ROMA, tel. +39 06 696771, email: garante@gdpdp.it.
___
For further clarification or in case you wish to exercise your rights: info@paytec.it.

II – PRIVACY POLICY – DEDICATED SECTION
Considering the plurality of data processed by the Data Controller for the provision of its services, we invite you to view the specific information you intend to provide the users, potential customers and Candidates for open job positions in order to make them aware of the purposes and specific methods of data processing in relation to the sending of information relating to the services offered by the Data Controller.
Here below are the specific information for the different categories of interested parties whose data are processed by the website www.paytec.eu.
Here below the specific policies for each service:
1. INFO and Contacts
2. Work with Us
3. Customer Service
4. Download Area
5. PAYTEC online-shop
Given the application of the contents of this general information,
we invite you to pay attention to the specificities of the processings listed below

1. INFO AND CONTACTS
The Controller informs you how he intends to process the personal data necessary to comply with requests for information on the services offered.
1. Object of the processing
The processing concerns only personal data, specifically: Area to contact, company name, first name, last name, email address, telephone number, text message as indicated in the contact form contained at the following link: https://www.paytec.eu/en/contacts.
2. Purposes of data processing and consent
Personal data are collected solely to allow the use of the service and to allow the Controller to respond to your requests.
3. Automated processings (profiling)
We remind you that the personal data collected by the Controller when filling in the request form are not processed with the purpose of profiling or to make automated decisions.
4. Data storage
Your data will be stored starting from their receipt and for the entire duration of the service, which will cease at the end of the contractual relationship with PAYTEC.
Furthermore, they will be stored as long as necessary to guarantee the right to defend PAYTEC rights against any dispute (if any).

2. WORK WITH US
The Controller informs you how he intends to process the personal data necessary to use the contact form “Work with Us”.
1. Object of the processing
The processing concerns only personal data, specifically: first name, last name, email address, telephone number, CV loaded as indicated in the contact form contained at the following link: http://paytec.it/en/p2710/.
2. Purposes of data processing and consent
Personal data are collected solely to allow the management of sending applications for employment positions at PAYTEC and professional collaborations with the company. Your data will be known exclusively for these purposes by the personnel in charge of PAYTEC (employees of the HR department) and by any subjects external to the company (such as selection companies, occupational psychologists, recruiters and evaluators) who can be entrusted with the selection conducting evaluation interviews. The provision of data relating to the professional profile is optional; however, failure to provide the data will make it impossible for PAYTEC to consider the application.
3. Automated processings (profiling)
We remind you that the personal data collected by the Controller when filling in the application form are not processed with the purpose of profiling or to make automated decisions.
4. Data storage
Your data will be stored starting from their receipt and for the entire duration of the selection process. Once the selection process is completed and, in any case, after 24 months from receipt of the curriculum vitae, they will be destroyed in accordance with the rules provided by PAYTEC and can no longer be processed without further notice, except for a new expression of your consent for the indicated purpose.
Furthermore, they will be stored as long as necessary to guarantee the right to defend the Controller’s rights against any dispute (if any).

3. CUSTOMER SERVICE
The Controller informs you how he intends to process the personal data necessary to use PAYTEC Customer Service.
1. Object of the processing
The processing concerns solely personal data, specifically: first name, last name, company name, email address, telephone number, text message as indicated in the contact form contained at the following link: https://www.paytec.eu/en/customer-care/.
2. Purposes of data processing and consent
Personal data are collected solely to allow the use of the service and to allow the Controller to respond to your requests.
3. Automated processings (profiling)
We remind you that the personal data collected by the Controller when filling in the contact form for Customer Service are not processed with the purpose of profiling or to make automated decisions.
4. Data storage
Your data will be stored starting from their receipt and for the entire duration of the service, which will cease at the end of the contractual relationship with PAYTEC.
Furthermore, they will be stored as long as necessary to guarantee the right to defend PAYTEC rights against any dispute (if any).

4. DOWNLOAD AREA
The Controller informs you how he intends to process the personal data necessary to use Paytec Download Area.
1. Object of the processing
The processing concerns solely personal data, specifically: Username and email address as indicated in the registration form contained at the following link: … .
2. Purposes of data processing and consent
Personal data are collected solely to allow the use of the service and to allow the Controller to respond to your requests.
3. Automated processings (profiling)
We remind you that the personal data collected by the Controller when filling in the registration form are not processed with the purpose of profiling or to make automated decisions.
4. Data storage
Your data will be stored starting from their receipt and for the entire duration of the service, which will cease at the end of the contractual relationship with PAYTEC.
Furthermore, they will be stored as long as necessary to guarantee the right to defend PAYTEC rights against any dispute (if any).

5. PAYTEC ONLINE-SHOP
The Controller informs you how he intends to process the personal data necessary to use PAYTEC online-shop.
1. Object of the processing
The processing concerns solely personal data, specifically: first name, last name, email address, Company name, inserted when making an order at the following link shop.paytec.eu.
2. Purposes of data processing and consent
Personal data are collected solely to allow the use of the service and fulfill an order, guarantee the right to defend the Controller’s rights against any dispute and fulfill any obligations required by fiscal legislation. If the user has consented, personal data will be processed to periodically forward commercial communications regarding the products and services offered by PAYTEC.
3. Automated processings (profiling)
We remind you that the personal data collected by the Controller when filling the form to place an order on-line are not processed with the purpose of profiling or to make automated decisions.
4. Data storage
Your data will be stored for the mandatory retention period for accounting documents (art. 2220 Italian Civil Code). Furthermore, they will be kept for as long as necessary to guarantee the right to defend PAYTEC rights in the event of disputes (if any).

III – COOKIE POLICY

Cookies are data transmitted from a website and stored by the Internet browser on the user’s computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or related subdomains. In any case the user can manage, or request, the general deactivation or cancellation of cookies by changing the settings of his Internet browser. However, deactivation may slow down or hinder access to some parts of our site.

1. Web navigation data
While consulting our Site, the computer systems and applications used to operate the Site may detect, during their normal operation, some Personal Data, implicitly transmitted in the use of internet communication protocols, which cannot be immediately associated with identified users but which, through processing or association with public data or data held by third parties authorized to transfer, could allow the identification of visitors to the Site (eg: IP address of the system used for the connection). This identification is not carried out by PAYTEC as the aforementioned data are processed for simple navigation, for the time strictly necessary for the sole purpose of receiving information relating to electronic traffic and the type of user and used to check the correct functioning of the Site. The data are removed from the system and stored off-line for the sole purpose of consultation at the request of the judicial authority.

2. Cookies used by this website (technical Cookies that don’t need the user’s consent to be installed)
This site only uses technical cookies and more precisely:
– cookies relating to activities that are strictly necessary for the site to function and for providing the service;
– third-party statistical cookies (Facebook, Twitter, Google+, LinkedIn and anonymous access statistics such as Google Analytics), used directly by the site manager to collect information in aggregate form to manage statistics in anonymous form, without user IP tracking (data are not profiled at IP level) and without sharing data with the third party.
The management of the information collected by “third parties” is governed by the relative policies available on the respective sites which, for convenience, are listed below:
– Facebook policy: https://www.facebook.com/help/cookies/;
– Facebook (configuration): access your account. Privacy section;
– Google+ policy: http://www.google.it/intl/it/policies/technologies/cookies/;
– Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/;
– Google (in general): Privacy control tools; All technical cookies do not require consent, so they are automatically installed after entering the site. We do not use tracking and / or profiling cookies for which installation requires the prior consent of the user.

3. How to manage cookies on your PC

By accessing the site and accepting the initial Cookie banner, the user expresses his own consent to the use of the cookies indicated above. You can block or delete (in whole or in part) cookies also through the specific functions of your navigation program (access the browser and select the settings menu, click on the Internet options, open the privacy tab and select the desired cookie block level).