Taktech S.R.L. operating as Tifosly, has adopted and continues to update and refine a set of corporate procedures and policies in line with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) of the European Union, in order to ensure high security standards and full compliance with the rules aimed at allowing a handling of Personal Data in accordance with the legislation. This statement - aimed at ensuring an informed, correct, and transparent processing of Your Personal Data - explains who we are, for what purposes we may use Your data, how we manage it, who it may be disclosed to (e.g., affiliated companies, consultants, Public Bodies, etc.), where it might be transferred, and what Your rights are.

What is personal data?

Any information concerning an individual (identified or identifiable), including, for example: name, identification codes and numbers (tax code, car registration number, etc.), residence data, an online identifier, characteristics of physical, physiological, genetic, mental, economic, cultural identity, economic and financial data (credit card number, bank account, property data, etc.), health data, data relating to legal proceedings, etc.

What does the processing of Personal Data entail?

The term 'processing of Personal Data' refers to a series of operations, performed with or without the aid of automated processes, concerning the Personal Data of an individual. These operations include, by way of example: collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, communication (through transmission, dissemination, or any other form of making available), comparison, interconnection, restriction, erasure, and destruction, among others.

What does the processing of Personal Data consist of?

Your data will be processed, as the controller, by Taktech S.R.L., Tax Code and VAT Number: IT 11455730967, operating as Tifosly, based in Seveso, Via Col di Lana 10, by the legal representative for the time being (hereinafter referred to as the “Company”) as well as by entities that:

Within the Company, will process Your Personal Data as authorized processing officers;

Outside of the Company, will process Your Personal Data, as data processors and in accordance with current legislation, for the purposes outlined herein.

Why do you need my data?

The Company requires Your Personal Data for the pursuit of certain purposes, particularly:

I. Purposes instrumental and related to the management of the contractual relationship mainly concerning the provision of the software service on the platform offered by Tifosly;

Your Data will therefore be processed, among other things, for the following purposes:

Provision of services offered by Tifosly in general;

Management, in all aspects, of the obligations related to the services provided by Tifosly and to the platform on which they are implemented (customer information, support, software and/or service updates, etc.);

Updating our records and, in general, management of the account related to your profile and the connected database;

Management of any disputes;

Any other purpose necessary and related to the performance you have requested.

II. Purposes related to promotional and marketing activities, such as:

Market research

Economic and statistical analysis

Sending advertising/informational/promotional material about the services and products offered

Improving our service;

III. Purposes related or instrumental to the fulfilment of legal obligations or the pursuit or execution of a public interest and/or a legitimate interest of the data controller pursuant to Regulation 2016/679; for example, Your Personal Data could be analyzed and communicated to counter fraud, for anti-money laundering purposes, to safeguard the rights of the data controller, etc.

The lawfulness of the Personal Data processing carried out by the Company is ensured by the presence of a legal basis expressly provided by the law; Your Data will be processed:

Because it is necessary for the contractual obligations referred to in point I (e.g., the supply of goods offered and sold);

Based on Your freely given Consent, as indicated in point II (e.g., for promotional purposes and account operations);

Because it is necessary to comply with legal obligations and to pursue a legitimate interest, as indicated in point III (e.g. accounting obligations, fraud prevention, anti-money laundering purposes or preventing abuses against our website, etc.).

Given the above, the provision of Personal Data is mandatory and necessary for the purposes indicated in point I. Any partial or total failure to provide such data will result in the partial or total impossibility of carrying out the contractual obligations.

Conversely, the provision of Data for the purposes mentioned in points II is not derived from a contractual or legal obligation, and the provision of related consent is optional and does not affect in any way the correct execution of the obligations set out in point I.

The extent and adequacy of the Data provided will be assessed from time to time, in order to determine the consequent decisions and avoid the processing of Personal Data exceeding the purposes pursued.

How will you use my data?

Tifosly aims to protect the Personal Data of our clients, aligning the processing with principles of fairness, legality, and transparency. Consequently, we inform you that Your Personal Data will be processed using tools and procedures designed to ensure maximum security and confidentiality, through archives and paper-based supports, with the help of digital media, computer and telecommunication means.

Communications related to contractual obligations and, if applicable, those related to promotional activities, may occur in traditional modes (e.g., paper mail, operator calls), automated (e.g., automated calls) and similar ones (e.g.: fax, email, SMS).

How long will you retain my Personal Data?

We will retain Your Personal Data for the time period necessary to carry out the activities aimed at achieving the purposes set out in points I., II., and III.

Essentially, the data controller will retain Your Personal Data for a period appropriate to the performance of the activities indicated above (points I. and II.) as well as for the period possibly established by legal provisions.

With reference to the purposes outlined in point III, the retention period for Personal Data is, unless revoked, 10 years from collection.

Will you share my information with other parties?

For the purposes indicated above, Your Personal Data may be communicated to third parties, including:

hosting companies;

companies that maintain and manage IT systems (including companies and professionals appointed to manage web devices, management, maintenance and remote assistance of computer devices, as well as software houses and producers of software solutions used by the Company for the Processing of Personal Data);

companies that provide services for the management of the Company's information system;

entities that take care of and manage the communications that the Company, for any reason, intends to transmit to third parties;

professional consulting firms for fiscal, tax and legal advice;

public bodies competent for the performance of activities required by law;

partners or agents responsible for the management of services offered;

law enforcement, government entities, regulatory bodies, courts or other public authorities authorized by law;

third parties or bodies to whom such disclosure is required to satisfy any applicable law or other legal requirement;

companies that carry out on behalf of the Company services of acquisition, processing and elaboration of data necessary for the use of services and for the provision of goods;

firms and companies within the framework of assistance and consultancy relationships;

companies that perform control, audit and certification of the Company's activities also in the interest of their customers and users;

banking and financial institutions;

companies that conduct market research aimed at detecting the degree of customer satisfaction;

business partners in case of joint promotions/offers and joint supplies;

service companies involved in the above activities;

payment service companies and/or payment management;

partners for banking and/or financial connections (SaltEdge End-user Dashboard).

Can the Company engage in processing activities for purposes beyond those outlined in this notice?

No, the Company is forbidden from processing any data for purposes beyond those specified in this notice; should there be a need to pursue different objectives, the Company will provide you with additional information before engaging in such activities and, if necessary, will seek your consent.

Can the Company engage in processing activities for purposes other than those set out in this notice?

At any time, you may exercise the following rights with respect to the Company:

The right to access your Personal Data: you can get from the Company confirmation as to whether or not personal data concerning you is being processed, and obtain access to the personal data with the indication of the ways and characteristics of the processing (right of access according to Article 15 of Regulation (EU) 2016/679).

The right to rectification of Personal Data: you can obtain from the Company the rectification of inaccurate personal data concerning you. To this end, you will need to send an additional declaration to the data controller (right to rectification according to Article 16 of Regulation (EU) 2016/679).

The right to portability of Personal Data: you can ask the Company to send - in a structured, commonly used and machine-readable format - the personal data provided and stored at the Company.

The right to restriction of Personal Data. You can request the Company to restrict the processing: a. during the verification by the Company following the dispute of the accuracy of the Data; b. where the processing has been unlawful but you have not exercised the right to erasure of the Data; c. where the Data is no longer needed by the Company but is necessary for you to establish, exercise or defend a legal claim; d. pending verification of whether the legitimate interests of the Company override your interests in the event of an objection to processing under Article 21(1) of Regulation (EU) 2016/679. (right to restriction of processing according to Article 18 of Regulation (EU) 2016/679).

The right to object to the processing of Personal Data: you may object at any time, for reasons related to your personal situation, to particular processing activities and, specifically: a. to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company (including profiling); b. to processing necessary for the purposes of the legitimate interests pursued by the Company or a third party (including profiling). In such a case, the Company must refrain from further processing your Personal Data unless there are compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. The same right is granted to you if the data is processed for direct marketing activities (right to object to processing according to Article 21 of Regulation (EU) 2016/679) as well as in relation to the options provided for in Article 130(4) of Legislative Decree No. 196/2003 (so-called soft spam).

The right to erasure of Personal Data. You can ask the Company to delete the Data when: a. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; b. the consent on which the processing is based has been withdrawn and there is no other legal grounds for the processing; c. objection to processing has been raised under Article 21(1) of Regulation (EU) 2016/679 and there is no overriding legitimate ground for processing, or objection has been raised to processing under Article 21(2) of Regulation (EU) 2016/679; d. the personal data has been unlawfully processed (right to erasure according to Article 17 of Regulation (EU) 2016/679).

You may request additional information and make your requests by sending a signed request accompanied by a valid identity document to the email address hello@taktech.software; once the request has been received, and after all the appropriate checks have been made to verify the actual identity of the applicant and the validity of the request, the Company - if the requirements are met - will proceed to carry out the requested operation without delay.

Can I revoke my consent after giving it?

Certainly, you may revoke your consent at any time, without this in any way:

Affecting the lawfulness of the processing based on consent given before its revocation;

Prejudicing further processing of the same data based on other legal grounds (for example, contractual obligations or legal obligations to which the Company is subject).

N.B: The revocation of consent will lead to the termination of services offered by the Company where the processing of the Data provided is necessary for that purpose.

Can I appeal to an authority in case of violations?

If you believe that you have been prejudiced or harmed by a process carried out by us, or if you believe that there have been irregularities or unlawful activities in the processing of Your Personal Data by us, you have the right to file a Complaint with the Supervisory Authority, according to the procedures established by the latter available at the following address: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524

I still have some questions...

For more information about this notice or any privacy matters related to the activities carried out by the Company, or if you would like to exercise Your rights or revoke Your consent, you can directly contact the relevant offices of the Company by sending an email to hello@taktech.software. This notice completely replaces any previous communication on the same subject.