Who we are
This site (http://www.rsw-software.com/) belongs to Demia Studio Associato, Via dell’Uva 11, 34136 Trieste, Italia, VAT IT01102680327.
Demia Studio Associato will be what’s known as the ‘Controller’ of the Personal Data you provide to us.
What we need
We only collect basic Personal Data about you – we DO NOT collect any special category data. The information we collect might include your name, your address, your email, your IP address, etc.
Why we need it
We need to know your basic Personal Data in order to:
- provide you with software licenses and analysis support and services in line with the contract in place. We will not collect any Personal Data from you we do not need in order to provide and oversee this service to you.
- provide you with updates by email about new versions of R-sw Platform and MapHelp and similar analytical products or associated analytical services when they become available (our Subscribe to our Updates service).
- help us improve the website and enhance your browsing experience (through the performance and functionality cookies used by our website)
- manage and reply to your emails and other written/oral communications between us.
What we do with it
All the Personal Data we process is processed by the financial team, support team, sales & marketing team, software developers, professional advisors and consultants/contractors working for us.
The basic Personal Data collected through the cookies are not shared with anybody, except for those required by the website (WordPress), by the emailing systems (Simple Signup Form plugin), by the antispam plugin (Wordfence Security), those providing browsing statistics (Google Analytics) and social/business networking (LinkedIn), and by the plugin for GDPR compliance (GDPR by Trew Knowledge). We have reviewed the level of protection for the Personal Data offered by these third-parties facilities and we have considered this level of protection to be adequate.
We may also share your Personal Data with any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
We promise we’ll never share your Personal Data with anyone else.
For the purposes of IT hosting, logistics and maintenance personal data is currently located on servers within the European Union. If necessary, in the future the information might be moved to IT systems outside of the European Union; this can only occur in line with GDPR legislation if there is an adequate level of protection of the Personal Data.
We have a Data Protection regime in place to oversee the effective and secure processing of your Personal Data.
How long we keep it
- If you have a R-sw Platform or MapHelp licenses or have purchased some analytical support and services, your information we use to provide you with the services according to the contract in place will be kept for the duration of the contract. We are required under Italian tax law to keep your basic personal data (name, address, contact details) for a minimum of 10 years after which time it will be destroyed.
- If you have subscribed to our updates (our Subscribe to our Updates service), the information will be kept until you tell us you no longer with to receive such updates.
- Cookies: with regards to the cookies required by the website, some expire after 1 day, some after 2 years. Please note that Third Party (e.g., Google Analytics) cookies last according to their policies; for instance, the GDPR consent cookie currently (as of 19th May 2018) expires after 1 year while the LinkedIn cookies have various expiry dates (after 1 day, after 2 years and when closing the browser).
- If you have sent us an email or you have engaged in any other type of communication with us, we will keep the information for 5 years to facilitate potential follow-ups.
Personal Data supplied by Third Parties
What are your rights?
We acknowledge that individuals have the following rights:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to withdraw consent;
- the right to restrict processing;
- the right to data portability;
- the right to object;
- rights in relation to automated decision making and profiling.
If an individual requests that one or more of these rights is exercised and the relevant conditions are met, we shall review and respond to this request with assistance within 30 days.
This means that at any point you can request to see the information we process on you and, if you believe this is incorrect, you can request to have it corrected. If you have subscribed to our updates (our Subscribe to our Updates service), you can un-subscribe at any time by contacting us at firstname.lastname@example.org.
A key principle of the GDPR is that we process personal data securely by means of ‘appropriate technical and organisational measures’. We acknowledge that:
- we are required to consider things like risk analysis, organisational policies, and physical and technical measures;
- we also have to take into account additional requirements about the security of our processing – and these also apply to data processors;
- we can consider the state of the art and costs of implementation when deciding what measures to take – but they must be appropriate both to our circumstances and the risk our processing poses;
- where appropriate, we will adopt measures such as pseudonymisation and encryption;
- our measures must ensure the ‘confidentiality, integrity and availability’ of our systems and services and the personal data we process within them;
- the measures must also enable us to restore access and availability to personal data in a timely manner in the event of a physical or technical incident;
- we also need to ensure that we have appropriate processes in place to test the effectiveness of our measures, and undertake any required improvements.
Demia Studio Associato undertakes the following specific actions:
- files are stored on an encrypted system whenever practical;
- periodic backup copies are made;
- amount of paper documents with Personal Data is minimized, and electronic archival is preferred;
- paper documents with Personal Data to be disposed of are physically destroyed.
Demia Studio Associato shall not hold Personal Data longer than is necessary and shall minimise the amount of Personal Data it holds and collects regarding data subjects wherever possible.
The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.
If EU Personal Data is to be transferred outside the European Union, Demia Studio Associato must ensure that adequate protection or safeguards are in place.
Internal audits are carried out to ensure that Demia Studio Associato is acting in compliance with this policy. We may also have audits from clients from time to time and we shall endeavour to comply with such exercises where necessary to meet our contractual obligations.
Personal data breaches
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. We must do this within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we must also inform those individuals without undue delay. We should ensure we have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and the affected individuals. We must also keep a record of any personal data breaches, regardless of whether we are required to notify.
Further information and complaints
If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with the law you can complain to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) – http://www.garanteprivacy.it
Our Data Protection Officer is Diego Martone and you can contact him at diego[point]martone[AT]demia[point]it