Document number: LEG0003EN rev. 4 of May 25, 2018
Quipu s.r.l. is committed to safeguarding the privacy of our customers and website visitors; this policy sets out how we will treat your personal information.
1. 1. What information do we collect?
We may collect, store and use the following kinds of personal information:
- information that you provide to us when you purchase one of our products (including Name, Company, Address, Email, Phone number);
- information relating to any transactions carried out between you and us, including information relating to any purchases you make of our goods or services;
- information that you provide to us for the purpose of using our free trial software (including Name, Company, Address, Email, Phone number, City, State, Country);
- information that you provide to us for the purpose of get an evaluation license (including First Name, Last Name, Company, Address, Email, Phone number, City, State, Country);
- information that you provide to us for the purpose of activate license (including First Name, Last Name, Company, Address, Email, Phone number, City, State, Country);
- information about your computer and about your visits to and use of our website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation);
- information that you provide to us when you visit the "Contact us" section on the website to have further information (including Name, Email and Phone number)
- any other information that you choose to send to us;
2. 2. Why we collect your personal data
We ask you to share your personal data with us for purposes that include, but are not limited to:
- Activating or registering licenses for QUIPU's product or enabling functionalities;
- Receiving information about QUIPU's product and services;
- Participating in QUIPU online communities, including our social media channels/pages and blogs;
- Helping us to improve the product and services, and allowing QUIPU to keep you informed of new versions of the software;
- Resolving consumer and/or product and services issues;
- Managing customer relationships;
- Facilitating information access;
- Enhancing communications;
- Traceability of medical device;
We generally process your personal data only for those purposes that we have communicated to you. If we use it for other (closely related) purposes, additional data protection measures will be implemented if required by law.
3. 3. Definitions for personal data processing
The individual using this Application, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer.
The legal or natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
Referring Person of Personal Data Processing
The natural person that the CEO of the Company nominates as a person who acts as an Internal Referring Person for processing personal data. This person is nominated after a verification of his/her competencies and abilities in Personal Data Processing and related legal issues.
The hardware or software tool by which the Personal Data of the User is collected.
Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under Art. 10 of EC Directive n. 95/46/EC, and under the provisions of Directive 2002/58/EC, as revised by Directive 2009/136/EC, on the subject of Cookies. It has also been prepared in fulfillment of the obligations of the General Data Protection Regulation (GDPR) (EU) 2016/679.
4. 4. Contact data
Data controller's personal data:
- Name: Vincenzo Gemignani
- Address: Via Verdi 3/b, Torre del Lago (LU)
- Email: firstname.lastname@example.org
- PEC: email@example.com
- Phone number: 0039/050-3152612
Referring Person of Personal Data Processing's personal data:
- Name: Elisabetta Bianchini
- Address: via Nottolini 466, San Concordio (LU)
- Email: firstname.lastname@example.org
- PEC: email@example.com
- Phone number: 0039/050-3152630
5. 5. Methods of processing
The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
6. 6. Place
Personal data are processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller at firstname.lastname@example.org.
7. 7. Retention time
Personal data are kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data, sending an email at email@example.com.
8. 8. Cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both "session" cookies and "persistent" cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer (version 9) you can refuse all cookies by clicking "Tools", "Internet options", "Privacy", and selecting "Block All Cookies" using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites.
There are a number of different ways of managing cookies; please refer to the instruction manual or help screen of your browser to determine how to control and adjust settings. Users may change the predefined configuration and disable cookies (block them permanently) by setting the highest level of protection.
Below are the paths to follow to manage cookies on the following browsers:
How to disable third party services' cookies:
Google Analytics services:
Third party cookies are not controlled directly by the Data Controller, and so if you wish to revoke your consent to use of these cookies you must contact the third parties' internet sites or go to the website www.youronlinechoices.com to obtain information on how to delete or manage cookies on the basis of the browser you use and to manage your preferences regarding third-party profiling cookies.
9. 9. Using your personal information
We may use your personal information to:
- send you e-mail invitation in product usability surveys;
- keep you posted on last products’ updates;
- send statements and invoices to you, and collect payments from you;
- send you general commercial communications;
- send you email notifications which you have specifically requested;
- administer the website;
- improve your browsing experience by personalizing our website;
- enable your use of the services available on our website;
- send you goods purchased via the website, and supply to you services purchased via the website;
- deal with enquiries and complaints made by or about you relating to our website;
- keep the website secure and prevent fraud;
- set up your free trial software license;
- set up your license activation;
We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.
10. 10. Duration of Data Processing
The duration of data processing is balanced with the scope of the processing itself. It is limited to the services required by the customers. You can request for restriction or suspension of the processing by sending an email at firstname.lastname@example.org.
11. 11. Obligatoriness of personal data provision
Your consent to processing of personal data is mandatory for the Company for the reasons listed in section 2, especially for the traceability of the medical device sold by the Company. If you do not agree with this consent, it will not be possible to download Company's product or activate any evaluation/activation license.
12. 12. How to propose requests for Personal Data
If you desire to modify, get access, ask for erasure or rectification, or any other request related to your personal data provided, it is necessary to send an email to email@example.com specifying your request. The Data protection Officer or the controller will perform your request and reply to your mail.
13. 13. Disclosures
In addition, we may disclose your personal information:
- to the extent that we are required to do so by law;
- in connection with any ongoing or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
14. 14. International data transfer
Information which you provide may be transferred to countries (including the United States and Canada) which do not have data protection laws equivalent to those in force in the European Economic Area.
You expressly agree to such transfers of personal information.
15. 15. Security of your personal information
We will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
All electronic transactions entered into via the website will be protected by encryption technology.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
QUIPU's activities include also ultrasound images analysis for third parties. Images provided by the customer to Quipu should be in an anonymous form. Quipu, if required by the customer, can provide a cryptographic process to ensure data security.
16. 16. Personal data breach
In case of a personal data breach, QUIPU carries out specific actions in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation). QUIPU shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 of GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
Article 32 of GDPR indicates that QUIPU shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
17. 17. Policy amendments
18. 18. Your rights
A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist and to know their content and origin, to check their accuracy and to request integration or updating, or rectification (section 7 of Legislative Decree no. 196/2003) or objection to data processing, as stated in Article 21 of GDPR. Your rights are listed here:
- Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
- Article 13: Information to be provided where personal data are collected from the data subject
- Article 14: Information to be provided where personal data have not been obtained from the data subject
- Article 15: Right of access by the data subject
- Article 16: Right to rectification
- Article 17: Right to erasure (‘right to be forgotten’)
- Article 18: Right to restriction of processing
- Article 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Article 20: Right to data portability
- Article 21: Right to object
- Article 22: Automated individual decision-making, including profiling
Under the same section, data subjects are entitled to request erasure, anonymization or blocking of data that have been processed unlawfully, and in all cases to object to their treatment on legitimate grounds.
Requests in this regard should be sent to the Data Controller, sending an email at firstname.lastname@example.org.
We may withhold such personal information to the extent permitted by law.
You can expressly agree to our use of your personal information for marketing purposes; you can opt out of the use of your personal information for marketing purposes by sending an email to us at email@example.com.
19. 19. Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
We may provide only your email address to third party websites in order to set up a survey about our services and products. The email address will be used only to send the invitation to our surveys. Every kind of sensitive information given to the survey provider are treated as an aggregate variable so both Quipu and any eventual third part involved in surveys don’t retain anything except of what explained in section Cookies.
It is in count that joining any kind of survey powered by a third part you accept also the private policy of the third part.
We are not responsible of the eventual wrongs belonging to the third part.
20. 20. Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated. You can send an email to firstname.lastname@example.org specifying your request.
22. 22. Contacts
23. 23. Data controller
The data controller responsible in respect of the information collected on this website is Vincenzo Gemignani, Via Verdi 3/b, Torre del Lago (LU), Italy.