PRIVACY POLICY OF THINKINSIDE

Data controller

The data controller is Thinkinside s.r.l., Via Alessandro Volta 13A, 39100 Bolzano, PEC: thinkinside@legalmail.it

Any request concerning your rights (access/update/rectification/erasure etc.) must be addressed to such email or directly to the owner: privacy@thinkin.io

Types of Data collected

The information systems and the software procedures to operate this web site acquire certain personal information which must be transmitted to be able to use the internet communication protocols. The data collected are IP address, the type of browser, operative system, domain name, addresses of websites from which access has been made, informations about website pages visited by the user, access time, duration of stay on a single page, analysis and other information related to user browsing on our website.

Moreover, if you send a contact/demo request  using the form “Contact us” or “Request a demo” or you download our resources (case studies, whitepapers, etc.), Thinkinside collects and stores the data that you shared with us. Data collected are: name, surname, email address, company name and any other optional data provided by you. The processing of that data is strictly necessary for the execution of the requested service. They will only be used to communicate with you about our products and service offer.

Thinkinside does not process any special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, natural person’s sex life or sexual orientation).

Profiling is expressly excluded.

For any information about the use of Cookies, please read the Cookie Policy.

Purposes of Data Processing

Thinkinside collects, elaborates and processes data described above for the following purposes:

  • Make our website work;
  • Verify and make an analysis of user access to website content and user browsing experience on our website;
  • Elaborate statistics by processing data in aggregate form;
  • Reply to your contact, demo and/or download resource requests.

Legal basis for the processing

The Data provided will be processed pursuant to art. 6 GDPR for legitimate interests of the Company and, in particular, for commercial activities and direct marketing as expressly indicated by whereas n. 47 of GDPR (“The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”).

Data Processing Arrangements

Data are processed at the Controller’s operating offices and in any other places where the parties involved in the processing are located, using electronic means. For further information please contact us.

Your data will not be transferred to third subjects or to recipients in third countries or international organisations.

Thinkinside takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the Data may be accessible to certain types of persons in charge, involved with the operation or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Data Controller.

Time-limits for storing the Data

Your Personal Data will be stored only for the time necessary for processing purposes and, anyway, for a maximum of ten (10) years.

The Controller may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Right to object

It is always possible to object any time to data processing according to art. 21 EU Reg. 2016/679, sending a request to the mail address indicated at point 1.

Data Subjects’ Rights pursuant to Artt. 15, 16, 17, 18, 20, 21, 22 and 77 of the EU Regulation 2016/679

Data Subject shall have the right to lodge a complaint with a supervisory authority. Data Subject shall have the following rights:

Article 15 – Right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

Article 16 – Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Article 17 – Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.

Article 18 – Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Article 20 – Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Article 21- Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

Article 22 – Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Article 77 – Right to lodge a complaint with a supervisory authority

1. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

2. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.

According to art. 7 GDPR, you can always withdraw your consent.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Controller at any time. Please see the contact information at the beginning of this document.

Changes to this privacy policy

The Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page and – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Controller.
Should the changes affect processing activities performed on the basis of the User’s consent, the Cotroller shall collect new consent from the User, where required.