PRIVACY POLICY
FOR PERSONAL DATA PROCESSING

We take your privacy very seriously and are committed in protecting it.

The following is our privacy policy. Namely, the information for the processing of personal data, pursuant to and in accordance with Article 13 et seq. of EU Regulation No. 679/2016 of April 27, 2016, (General Data Protection Regulation – GDPR).
This notice explains who we are, what we may use your data for, how we handle it, to whom it may be disclosed, where it may be transferred, and what your rights are.

DATA TREATMENT HOLDER

The Data Treatment Holder is Spindox S.p.A. and can be reached by sending a written communication to Spindox S.p.A., based in Milan, via Bisceglie 76, or by sending an e-mail to the following address: spindox@legalmail.it
The Data Protection Representative of the Spindox Business Group, appointed by the Data Treatment Holder, can be reached via e-mail at the following address: dpo@spindox.it

NATURE OF THE TREATED DATA

NAVIGATION DATA

Refer to the ‘’COOKIES’’ section for further clarification

VOLUNTARILY DISCLOSED USER DATA

If visitors of the website send their personal data to access certain services of this site, i.e., to make e-mail requests, this will result in the acquisition of such data by Spindox.
It will be processed exclusively for the purpose of responding to the query, i.e., for the provision of the service in accordance with this policy and the specific Privacy Information provided when subscribing to individual services.
Personal data expressly provided by users will be disclosed to third parties only if such communication is necessary to comply with the requests of the users themselves, without prejudice to what is provided for in the specific Informative Notices of the each of the services.

OTHER DATA SOURCES

The Spindox Group can harvest your data via multiple sources. For illustrative purposes, possible harvesting sources are:
– Social media interactions;
– event attendance;
– public records;
– presence in customer databases.
It is your right to ask in detail how the business group came into their possession.
Data may be processed only for the purposes and with the legal bases outlined in the following point.

PROCESSING PURPOSE AND NATURE OF THE TREATED DATA

Spindox Group will use your data exclusively for the following purposes:
– allow the Holder to manage the selection of startups interested in participating in the offered acceleration programs;
– allow the Holder to expand the range of startups interested in its service, to personalize communication and increase user engagement;
– allow the Holder to manage all marketing stages, up to the time the contract is signed, if any;
– allow the Holder to create and manage a database composed of data obtained at events or through website and social iterations;
– allow the Holder to create tailored offers and send communications in the context of direct marketing actions.

The Spindox Group will handle the premise of your consent. It follows that the disclosure of personal data is mandatory for the purposes mentioned at point 4.
Any partial or total lack of providing data will result in the partial or total inability to achieve the above purposes.
The extent and adequacy of the data provided will be evaluated from time to time, in order to establish consequent decisions and avoid the processing of redundant data in relation to the purposes pursued.
We will not use your data for further impetus information notice, other than by inquiring yourself in advance and, where necessary, obtaining your consent.
Treated data are the following:
– Name & last name
– E-Mail address
– Phone number
– Company to which you are affiliated
– Professional background founder & co-founder
– IP address
– Browsing data
– Event registration or newsletter subscription date/time;
– Available internet information from sources such as LinkedIn, Facebook, Twitter or Google;
– Tracking of activity through automated marketing tools (e.g., tracking of opened emails, downloaded documents, sites visited, event attendance).

DATA PROCESSING PROCEDURES

Personal data will be processed in paper, telematic and computerized form and stored in the relevant databases (customers, users, etc.) that can be accessed, by the employees expressly designated by the holder as data processors and officers in charge of the processing of personal data. They may carry out consultation, use, processing, comparison, and any other appropriate operation, including automated operations in compliance with the legal provisions necessary to ensure, among other things, the confidentiality and security of the data as well as the accuracy, up-to-date and relevance of the data with respect to the stated purposes.

DATA TRANSMISSION

For the stated ends, your data may be used to give information to potential investors regarding your business and the solutions you have developed. We assure you that in this case, your personal data will not be disclosed. The data could be, after the analysis and the masking of not strictly necessary information, presented through reports to investors or partners.

POSSIBLE REPERCUSSIONS FOR NOT PROVIDING DATA

Consent to data processing for the above purposes is free and optional. However, any denial will result in the inability of the Holder to follow up on the above purposes, respectively.

PROCESSING PLACE

The processing operations mentioned in the preceding points take place at the aforementioned headquarters of the Holder. However, the Holder retains the possibility of using cloud services. In such case, service providers will be carefully drawn from among those who provide adequate assurance, as provided for in Article 46 GDPR 679/16.

SAFEKEEPING OF INFORMATION

Your personal data will be processed, starting from their receipt/update, until consent is withdrawn.

LEGAL BASIS OF THE PROCESSING

The Controller processes personal data related to the user on the basis of the user’s consent to its processing.

DATA PROVISION FACULTY

Apart from what is specified for navigation data, users are free to provide their personal data. Failure to provide them may only result in the impossibility of obtaining what has been requested.

RIGHTS OF THE DATA SUBJECT

Users may exercise certain rights with reference to the data processed by the Data Controller. In particular, the user has the right to:
– be informed about the processing carried out on their personal data and, if necessary, to receive a copy; the data subject’s right of access [Art. 15 of the EU Regulation];
– to rectify inaccurate personal data concerning the user; right to rectify one’s own personal data [Art. 16 of the EU Regulation];
– delete own personal data without any unjustified delay (“right to be forgotten”) [Art. 17 of the EU Regulation];
– limit the processing of one’s personal data. When certain conditions are met, the user may request the restriction of the processing of their data, in which case the Holder will not process any of the data for any purpose other than its preservation. [Art. 18 of the EU Regulation];
– receive own data or have it transferred to another data Holder [Art. 20 of the EU Regulation];
– object to the processing of data. Users may object to the processing of their data when it is done on a legal basis other than consent [Art. 21 of the EU Regulation];
– not to be subject to automated decision-making [Art. 22 of the EU Regulation].
Further information about the data subject’s rights can be obtained on the www.garanteprivacy.it/website or by asking the Data Holder for a full excerpt of the articles recalled.
The above rights may be exercised in accordance with the Regulation:
– by sending an e-mail to dpo@spindox.it;
or
– by sending a registered letter with return receipt to the Holder’s registered office in Via Bisceglie, 76, 20152 Milan, Italy;
or
– by sending an e-mail to the PEC: spindox@legalmail.it, with the attention of the Data Protection Officer.
In accordance with Article 19 of the EU Regulation, Spindox AG, will proceed to inform the recipients to whom personal data have been disclosed, any rectification, deletion or restriction of the processing required, where this is possible.
Pursuant to Article 7 of the EU Regulation, revocation of consent shall not affect the lawfulness of processing based on consent given before revocation.

RIGHT TO LODGE A COMPLAINT

If the data subject considers that his or her rights have been compromised, they have the right to lodge a complaint with the Italian Data Protection Authority, according to the procedures indicated by the Authority itself at the following internet address: www.garanteprivacy.it

AUTOMATED DECISION-MAKING PROCESSES

Under no circumstances whatsoever does the Holder carry out any processing of personal data that involves automated decision-making processes.