Client Privacy Policy

The purpose of this privacy policy is to provide all the information on the processing of personal data by [..] within the context of the contractual relations with its clients (as defined in more detail below).

• INTRODUCTION – WHO ARE WE? 

[..] with registered office address at [..], with VAT Number [..] (hereinafter, the “Data Controller”), provider of the services set forth in the General Conditions and related annexes (hereinafter, jointly, the “Service”) subscribed to by its clients, in its capacity as data controller of the data subjects that represent (or collaborate in any way with) its clients (hereinafter the “Data Subjects”) hereby provides the following privacy policy pursuant to Regulation EU 2016/679 of 27 April 2016 (hereinafter, the “Regulation”, or “Applicable Law”). 

• HOW CAN YOU CONTACT US? 

The Data Controller takes the utmost account of the right to privacy and the protection of the personal data of its Data Subjects. 

 

Data Subjects may contact Data Controller at any time, using the following methods:  

• by sending a registered letter with return receipt to the registered office of the Data Controller;
• by sending an email to the address: privacy@motork.io

 

Data Subjects can also contact the Data Protection Officer (DPO) of the Data Controller at the following email address: dpo@motork.io.

• WHAT DO WE DO? – PURPOSES OF PROCESSING  

The personal data of Data Subjects that may be collected by the Data Controller for the purposes of concluding or performing the agreement for the provision of the Service, will be lawfully processed by the Data Controller pursuant to article 6 of the Regulation exclusively for the following purposes:

 

1. Contractual obligations, for purposes connected to the contractual relationship entered into for the provision of the Service and its performance. The personal data collected by the Data Controller for the purposes of the possible establishment and/or performance of the contractual relationship include: personal details, contact details and all further information contained in contractual documentation and/or related exchanges. Without prejudice to the provisions elsewhere in this privacy policy, under no circumstances will the Data Controller make the personal data of the Data Subjects accessible to third parties;
2. Administrative and accounting purposes, i.e. to carry out organisational, administrative, financial and accounting activities, such as internal organisational activities and activities related to the fulfilment of contractual and pre-contractual obligations linked to the Services, including the possible protection of the rights of the Data Controller;
3. Legal obligations, i.e. to comply with obligations imposed by law, an authority, a regulation or European legislation.

 

The provision of personal data for the processing purposes stated above is optional but necessary, as failure to provide such data may make it impossible for the Data Controller to establish or to perform the contractual relationship for the provision of the Service. 

 

On the other hand, the provision of data is mandatory when it is required in order to comply with specific legal provisions.

• ADDITIONAL PURPOSES OF PROCESSING

• Marketing (sending advertising material or direct sales, market research or commercial communications)

Some of the personal data of Data Subjects (i.e. personal details, contact details and any additional information voluntarily provided within the context of surveys and customer satisfaction questionnaires related to the Service) may also be processed by the Data Controller for marketing purposes (sending of advertising material, direct sales, commercial communications and market research), so that the Data Controller may contact Data Subjects by post, email, telephone (landline and/or mobile, with automated call or call communication systems with and/or without the intervention of an operator) and/or SMS and/or messaging systems and/or social networks in order to: (i) present new products and/or services; (ii) carry out upselling activities, (iii) present offers, promotions and commercial opportunities; and (iv) present surveys and customer satisfaction questionnaires and tests on new products, services or features of products and services already in use to the Data Controller and/or its partners and/or subsidiaries. 

 

If consent is not given to the above processing, Data Subjects will still in any case be able to use the Service.

 

If, on the other hand, consent is given, Data Subjects may revoke it at any time by sending a request to the Data Controller using the methods indicated in paragraph 8 below.

 

Data Subjects may also easily object to further promotional email communications by clicking on the appropriate link to withdraw consent, which is found in all promotional emails. Once consent has been withdrawn, Data Subjects will receive a confirmation message. If a Data Subject intends to withdraw his/her consent to the sending of communications by telephone, while continuing to receive communications by email, or vice versa, a request is to be sent to the Data Controller using the methods indicated in paragraph 8 below.

 

The Data Controller hereby informs Data Subjects that, following the exercise of the right to object to the sending of communications by email, it is possible, for technical and operational reasons (e.g. formation of contact lists already completed shortly before the Data Controller has received the request for objection) that Data Subjects may continue to receive several further messages. Should Data Subjects continue to receive messages after 24 hours have elapsed since the exercise of the right to object, the problem is to be reported to the Data Controller using the contact details indicated in paragraph 8 below.

• LEGAL BASIS

Contractual obligations and provision of the Service (as described in paragraph 3, letter a)): the legal basis of the processing is art.6 , paragraph 1, letter b) of the Regulation: i.e. the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

 

Administrative and accounting purposes (as described in paragraph 3, letter b)): the legal basis of the processing is art.6, paragraph 1, letter b) of the Regulation: i.e. the processing is necessary for the performance of a contract and/or in order to take steps at the request of the Data Subject prior to entering into a contract;

 

Legal obligations (as described in paragraph 3, letter c) above): the legal basis is art.6, paragraph 1, letter c) of the Regulation, i.e. the processing is necessary for compliance with a legal obligation to which the Data Controller is subject; 

 

Additional purposes of processing: for the processing related to marketing activities (as described in paragraph 4.1) above), the legal basis is art. 6, paragraph 1, letter a) of the Regulation, i.e. the Data Subject has given consent to the processing of his or her personal data for one or more specific purposes. For this reason, the Data Controller requires Data Subjects to provide specific free and optional consent in order to pursue this purpose of processing.

• PROCESSING METHODS AND DATA RETENTION PERIOD  

The Data Controller will process the persona data of Data Subjects using manual and IT tools, with systems strictly related to the purposes themselves and, in any case, in a manner that ensures the security and confidentiality of the data.

 

The personal data of Data Subjects will be retained for the time strictly necessary to fulfil the main purposes illustrated in paragraph 3 above, or in any case as long as necessary to protect the interests of both the Data Subjects and the Data Controller in civil law (normally, 10 years).

 

In the case referred to in paragraph 4.1 above, the personal data of Data Subjects will be retained for the time strictly necessary to fulfil the purposes illustrated therein and, in any case, until they withdraw their consent. 

 

The above is without prejudice to any retention periods provided for by the laws or regulations in force.  

• SCOPE OF DISCLOSURE AND DISSEMINATION OF THE DATA

The personal data of Data Subjects may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer is carried out in compliance with the Applicable Law and, in particular, in accordance with articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation. 

 

The personal data of Data Subjects may be disclosed to employees and/or partners of the Data Controller appointed to manage the Service and requests from Data Subjects. These parties, who have been instructed by the Data Controller pursuant to art. 29 of the Regulation, will process the data of Data Subjects exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of the Applicable Law.

 

The personal data of Data Subjects may also be disclosed to third parties appointed to process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, for example, suppliers of IT and logistics services functional to the operation of the Service or the marketing activities referred to in paragraph 4.1, providers of outsourcing or cloud computing services, professionals and consultants.

 

Data Subjects have the right to obtain a list of any data processors appointed by the Data Controller by sending a request to the Data Controller using the methods indicated in paragraph 8 below.

• RIGHTS OF DATA SUBJECTS

Data Subjects may exercise the rights guaranteed to them by the Applicable Law, by contacting the Data Controller at any time, using the following methods:  

• by sending a registered letter with return receipt to the registered office of the Data Controller;
• by sending an email to the address: privacy@motork.io

 

Data Subjects can also contact the Data Protection Officer (DPO) of the Data Controller at the following email address: dpo@motork.io.

 

Under the Applicable Law, the Data Controller informs Data Subjects that they have the right to be informed about: (i) the origin of personal data; (ii) processing purposes and methods; (iii) logic applied in the event of processing carried out with the aid of electronic tools; (iv)  identification details of the data controller and processors; and (v) the parties or categories of parties to whom personal data may be disclosed or which may become aware thereof, in their capacity as authorised parties or processors.

 

In addition, Data Subjects have the right to obtain:

1. a) the access to, updating, rectification or, where applicable, theintegration of the data;

the deletion, transformation into anonymous form or blocking of the data processed in breach of law, including data that does not need to be stored for the purposes for which it has been collected or subsequently processed;

1. c) proof that the procedures, as well as their content, under sections a) and b) have been brought to the attention of those to whom the data has been communicated or disclosed, except in the case where this obligation is impossible or involves the use of means clearly disproportionate to the right being protected.

 

In addition, Data Subjects have:

1. a) the right to withdraw consent at any time where processing is based on consent;
2. b) the right to data portability (the right to receive all personal data concerning them in a structured, commonly-used and machine-readable format),
3. c) the right to object:
4. i) in whole or in part, for legitimate reasons to the processing of personal data, even if pertinent to the collection purposes;
5. ii) in whole or in part, to the processing of personal data for the purpose of sending advertising material or direct sale, or for the purpose of market research or commercial communications;

iii) if personal data is processed for direct marketing purposes, at any time, to the processing of personal data for this purposes, including profiling to the extent to which it is connected to such direct marketing.

1. d) if Data Subjects consider the processing of their data to be in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they usually reside, in the Member State in which they work or in the Member State in which the alleged infringement took place). The Italian Supervisory Authority is the […], with headquarters in […] (http://www….).

 

____________

 

The Data Controller is not responsible for the updating of all the links that can be viewed in this Privacy Policy. Therefore, whenever a link is not functional and/or updated, Data Subjects acknowledge and accept that they must always refer to the document and/or section of the websites referred to in these links.