In compliance with Reg. EU 679/2016, Techstar s.r.l. (hereinafter “Techstar” or the “Data Controller”) recognizes the importance of the protection of personal data and considers its safeguard one of the objectives of this activity. To this end, it intends to inform about the methods of collection, treatment and storage of personal data collected during the use of the Metameeting service provided by Meta Presence® platform (hereinafter, also only “Metameeting” and “Metapresence”, respectively) and how to easily exercise them, with the aim of respecting the principles of lawfulness, fairness and transparency of the processing.
Interested Party: is the identified or identifiable natural person whose personal data is being processed.
Data Controller: Techstar s.r.l. with registered office in Tavagnacco (33010 – UD), Via M. Buonarroti 41, C.F. and P.I. 03035830300 (hereinafter “Techstar” or the “Data Controller”).
DPO: the Data Controller, in accordance with the GDPR, has designated a Data Protection Officer who may be contacted to request information about this Notice or to exercise rights under the data protection legislation described in the text below.
To contact the DPO, you may send an e-mail to email@example.com or send a letter to: DPO c/o Techstar s.r.l. Via M. Buonarroti 41- 33010 Tavagnacco (UD). For any communication towards the DPO, it is necessary to enclose a copy of an Identity Document and include in the request your contact details, which are essential to be recontacted.
APPLICABLE LEGISLATION AND DISCLAIMER
Data will be processed pursuant to the applicable Italian pro tempore legislation in the protection of personal data (the “National Legislation”) and EU regulation 679/2016 – General Data Protection Regulation (“GDPR”) (hereinafter, the National Legislation and the GDPR are collectively referred to as the “Legislation”).
With reference to such data processing, pursuant to GDPR’s Article 13, the following Notice is hereby rendered, the validity of which is understood to be rendered only for the Metameeting service of the Meta Presence® platform, while it does not apply to other platforms or websites that may be reached or accessed through external links.
1.0 This Notice concerns the natural person who provides his or her personal data in order to access the services rendered by Techstar through Techstar’s applications and platforms such as Metameeting and Meta Presence®.
1.2 The person to whom this Notice is addressed is generically referred to as “Interested Party”.
2. HOW CAN YOU CONTROL YOUR PERSONAL DATA PROCESSING?
2.1 One’s rights and how to exercise them
Every interested party has rights, described in more details below, which he or she can exercise in order to meaningfully control his or her own personal data and its processing on our part. If you wish to exercise your rights, simply send a specific request to the following address: firstname.lastname@example.org, attaching a copy of an identity document.
Furthermore, in you have any questions concerning the processing of your personal Data pursuant this Notice, you may contact the DPO through the address email@example.com.
2.2 You may request the access to your personal data
If you wish to have access to your personal data, you will be provided with a copy of the requested data and the information concerning its treatment. Your right of access might be limited in cases provided by law or applicable regulations.
2.3 You may request the correction of your personal data
If you believe that that your personal data is inaccurate or incomplete, you may request to amend or supplement such data accordingly. In some cases, support documentation may be demanded.
2.4 You may request the deletion of your personal data
If you wish, you can request the deletion of your personal data, to the extent permitted by law and in cases where it is not necessary to retain it in relation to the purposes to which it was collected and is processed.
2.5 You can object to the treatment of your personal data processed on the basis of legitimate interests
If you don’t agree with the processing of your personal data based on legitimate interests, you may object, at any time, for reasons related to your specific situation, stating the processing activity to which you are referring and the motivation for your objections. The personal data at hand will no longer be processed, unless there are legitimate grounds for doing so or the processing is necessary for the establishment, exercise or defence in court of a right.
2.6 You can object to the processing of your personal data for marketing communication purposes
You have the right to object at any time to the processing of your personal data for marketing communication purposes, including the profiling related to this aim.
2.7 You can restrict the processing of your personal data
Upon the occurrence of certain conditions, you have the right to obtain the restriction of the treatment concerning data if it is not relevant for the prosecution of the contractual relationship or necessary due to legal obligation.
2.8 You have rights against an automated decision
In general, you have the right not to be subjected to a decision based solely on an automated treatment, including profiling that has a legal effect or significatively affects the data subject. However, you may be subjected to an automated decision that may be necessary for the subscription or execution of a contract with us, which is authorized by an Italian or European Union law or for which consent has been given. In any case, you have the opportunity to challenge the decision, express your opinions and request the intervention of a person who can review the decision.
2.9 You may revoke your consent
In the case that you have given your consent to the processing of your personal data, the same may be revoked at any time, upon notice in the manner and to the addressed indicated above, without prejudice to the legitimacy of the processes already carried out.
2.10 You may request portability of part of your personal data
Where technically feasible, you may request a copy of your personal data provided in a format that is structured, commonly used and machine-readable. Again where technically feasible, you may request the transmission of this copy to specified third party data controllers.
2.11 You may lodge a complaint with the Data Protection Authority.
In addition to the rights mentioned above, you can submit a complaint with the competent supervisory authority (who is usually that of your place of residence); in Italy, you should contact the Data Protection Authority.
3. WHICH PERSONAL DATA ARE SUBJECT OF TREATMENT?
“Personal Data” means any information concerning an identified or identifiable natural person, with specific reference to an identifier such as a name, an identification number or one or more characteristic features of his or her physical, physiological, psychic, economic, cultural or social identity.
3.2 Data processed
The Personal Data processed in the in the context of accessing and interacting with the Metameeting service and the Meta Presence® platform are the following:
– e-mail address used to send the access link to the Metameeting and the chosen username;
– Interaction data with Meta Presence®: computer systems collect some data whose transmission is implicit in the use of web communication protocols. This information is not collected in order to be associated with the user, but – for its very nature – could, through processing and association with data held by third parties, allow the user identification. Among the latter there are, for example, IP addresses or other parameters related to the operating system and the computer environment, or to the type of hardware device and/or software used;
– Cookies: the service with reference to the Meta Presence® part of use employs only technical authentication cookies.
4. HOW IS DATA COLLECTED?
Techstar collects personal data concerning the Interested Party as a direct result of the provision in his or her favour of benefits and/or services, however qualified or described, or through the interaction of the Interested Party with Meta Presence® as part of the use of Metameeting.
5. WHAT SARE PURPOSES AND LEGAL BASES?
IS THE PROCESSING NATURE MANDATORY OR OPTIONAL?
Personal Data collected through the use of Meta Presence® and Metameeting will be tread for the following purposes:
- a) for the performance of a contract to which the Interested Party is involved (this also includes communication with the Interested Party to give him or her technical assistance in order to provide him or her with the envisaged services and to respond to any of his or her requests);
- b) for statistical analysis carried out on aggregated and/or anonymous data, without therefore the possibility to identify the user, aimed at measuring the functioning of the service, measuring traffic and evaluating usability;
- c) for the fulfilment of a legal obligation to which Techstar is subject (e.g., to comply with accounting or tax or administrative obligations);
- d) for the need to establish, exercise or defend a right in court or whenever judicial authorities exercise their jurisdictional functions;
- e) to prevent potential incidents and manage information security (security purposes);
5.2. Legal basis
The legal basis for the processing of Personal Data aimed at the purposes in point a) corresponds to the need to render the requested services. The purpose of point b) does not imply Personal Data treatment, while the purposes expressed under c) and d) correspond to a processing that is necessary to fulfil a legal obligation to which Techstar is subject or to exercise its right of defence in court.
The legal basis for the processing of Personal Data referred to in point e) is the legitimate interest of Techstar and the Data Subjects/Interested Parties in the safe use and enjoyment of the provided services.
5.3. Obligatory and optional nature of the contribution
The provision of Personal Data aimed at the purposed listed in points a) and c) above is necessary to allow the Interested Party to access Meta Presence® and/or the proper enjoyment of Metameeting service, as well as affect the proper fulfilment of regulatory obligations (e.g., accounting, tax and administrative) to which Techstar may be subject.
6. WHICH ARE THE MODES OF DATA PROCESSING? IS THERE EXTRA EU TRANSFER?
Personal Data is treated mainly electronically and telematically, through tools which are appropriated to ensure its security, availability, integrity and confidentiality. Data processing takes place mainly at the premises of the Data Processor and/or through clouds whose servers are located in the European Union.
6.2 Transfer to third countries
Your Personal Data will not be transferred to countries outside the European Economic Area (EEA) to countries that have not been subject to a judgement of “adequacy” according to the criteria of the competent authorities in charge, or without the adoption od the appropriate safeguards established by the Regulation, such as Standard Contractual Clauses, and that do not therefore guarantee adequate security levels is the management of the Interest Party’s Personal Data.
7. WHO ARE THE RECIPIENTS OF THE PROCESSED DATA?
7.1 In general
Interested Parties’ Personal Data are used solely with the scope of performing the requested service or performance, and are disclosed to third parties only in cases where this is necessary for service performance (e.g. service provider) or the disclosure is requires by legal obligations or on occasion of legal proceedings.
7.2 Categories of recipients of your Personal Data
Techstar communicates Users’ Personal Data only within the limits permitted by law and in accordance with what set out below. Without prejudice to communications deriving from any legal obligations, the following may become aware of the Interested Party’s Personal Data: (i) Techstar’s employees and collaborators, who act as authorized subjects for processing and are instructed to do so by the Data Controller; (ii) Techstar’s suppliers, who perform specific technical, IT and organizational services related to the use of the service or to other services which are instrumental to the rendered activity.
These subjects will act time and again since they operate under the authorization of the Data Controller (as in the case of employees and collaborators), as data processors on behalf of the Data Controller or as autonomous data controllers. In the latter case, these subjects, acting for their own purposes as autonomous data controllers, will issue their own notice to which reference is made.
Furthermore, the Data may me disclosed to law enforcement or judicial authorities, in line with the law and upon formal request by such entities, or in the case in which there are well-founded grounds to believe that the disclosure of such data is reasonably necessary to (1) investigate, prevent or take actions regarding suspected unlawful activities or to assist government authorities competent to control and supervision; (2) defend against any claims or accusation from third parties, or to protect the security of the Site and the company; or (3) to exercise or protect the rights, property or security of Techstar, its affiliates, customers, employees or any other entity. Your Data will not be disseminated in any way.
7.3 Treatments related to avatars created through third party services
Within Meta Presence®, avatars created through external services (such as, for example, readyplayer.me) may be used, although embedded in the page displayed also through framing. Avatar-related data will be processed directly by these third-party companies as autonomous data controllers; please refer to the privacy policies of these third parties for more information about the data treatment carried out for this purpose.
8. HOW LONG DOES THE DATA PROCESSING LAST?
8.1 Duration in general
Unless otherwise provided for by Italian or European Union legislation imposing a legally determined retention period, data will be kept for the time strictly necessary to achieve the purposes for which they are collected.
8.2 Anonymization or deletion at the end of the retention period
If not already collected in anomymous signature and after the prescribed period has elapsed, data will be anonymized or deleted, unless there is another legal basis that obliges or permits its retention in accordance with the Applicable Legislation.