as a Data Processor
The General Data Protection Regulation (GDPR) is a Regulation of the European Union and, from 25 May 2018, it applies to all organizations that collect and process personal data of EU citizens.
As a responsible, forward-looking business, Tecnavia recognizes at senior levels the need to comply with the GDPR and, as a processor, has taken steps to ensure that effective measures are in place to protect the personal data of our clients and our clients’ customers, and ensure that they are processed lawfully, fairly and transparently.
This Policy deals with the rules and procedures we adhere to when dealing with our clients’ personal data and with the personal data of EU individuals that we process on behalf of our clients.
- General Principles
Tecnavia respects the privacy of its clients and takes protecting the privacy of its clients and of the end users of the Tecnavia service seriously. In this policy, “we”, “us”, and “our” means Tecnavia. By Tecnavia, we refer to all companies of the group and more specifically Tecnavia Apps S.r.l., Tecnavia S.A. and Tecnavia Press Inc. (full addresses provided at the end of this document).
By the term “Client” we make reference to the Newspaper or organization that is requesting Tecnavia to perform a service on their behalf. By the term “End User” we refer to the customers of our Client that make use of the service.
In all respects, the Client always represents the Controller of the personal data of the End Users we process on its behalf, and undertakes all responsibilities as far as any interaction with the End Users is concerned. Tecnavia may interact directly with the End Users in a very limited number of cases, always on behalf and in the interest of the Client; e.g.:
- Upon an End User request, to solve technical problems with the fruition of the service
- Upon a Client request, to provide information on how to exercise one of the rights granted by the GDPR
- Clients’ Personal Data
Information that We Collect
Tecnavia may process your employees’ personal information to meet our contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from your employees and do not process their information in any way, other than as specified in this notice.
The personal data that we may collect from your employees are: –
- Business Title/Function
- Work Address
- Business Email
- Business Phone Number
- Mobile Phone Number
- Latitude/longitude of access location (for security reasons)
We collect information in the below ways:
- Online Forms
- Visit Cards
- Record of a call they make to our Support service, or any other business contact with us
When We Collect Personal Information
We can collect your employees’ personal information when they:
- Ask us for an offer, confirm an offer or sign a contract for one of our products and/or service
- Ask us for more information about a product or service, or contact us with a question or complaint
- Use our network and other products or services
- Visit or browse our website or other Tecnavia managed websites
- When registering in the BlueBird back-end (BBE) portal
How We Use Personal Data
We may use and analyze your information to:
- Process the goods and services you’ve bought from us, keep you updated with your order progress and notify about the availability of a service
- Keep you informed generally about new products and services (unless you choose not to receive our marketing messages)
- Provide the relevant service or product to you.
- Bill you for using our products or services
- Respond to any questions or concerns you may have about you/your End Users using our network, products or services
- For training purposes and quality assurance
- Prevent and detect fraud or other crimes
We will store your information for as long as we have to by contractual obligations or by law. If there’s no legal requirement, we will only store it for as long as we need it. We will also keep some personal information for a reasonable period after your contract has expired – just in case you decide to use our services again. We, or one of our partners, may contact our Client about Tecnavia services during this time, unless you opted out of receiving marketing communications from us.
- End Users’ Personal Data
Information that We Collect
Tecnavia processes your End Users’ personal information to meet our contractual obligations and to provide them with products and services you purchased as a Client. We will never collect any unnecessary personal data from them unless instructed by you, and do not process their information in any way, other than as specified in this notice.
NOTE: The provisions of this section apply also to your employees’ personal information when they use our products and services during their business activities.
The information we collect about the End Users depends on the Tecnavia products and services they use and subscribe to. It includes (but isn’t limited to) the following:
- Name, address, phone number, IP address, email address, and other information required to validate an End User identity. No sensitive information is by default requested by our Service.
- Upon Client’s instruction, additional information can be requested to the End User, but in such a case the Client is responsible for notifying the End User and preliminarily collect its consent.
- Their preferences for particular products or services when they tell us what they are (for example, searches they want us to perform to notify about the presence of an article of interest) – or when we assume what they are, depending on how they use our products and services.
- Their account information – such as the subscription services they use, the username they create when registering for our services, or any other information related to their account.
We will also get information on how they use our products and services, such as:
- The date, time and IP of the login
- Device type used
- The level of service they receive – for example, failed to login because of wrong password, invalid pages accessed.
- Information relating to their use of your websites on their devices, and subsequent websites visited. For more information, please see our section on Cookies.
- The date, time and length of their internet browsing
We collect information in the below ways:
- Online forms
- Subscribers’ list in electronic format, transmitted by the Client by means of email or internet upload
- Collecting the information sent from the devices when accessing a http server
When We Collect Personal Information
We can collect End Users’ personal information when they:
- Subscribe online to a service you purchased from us
- Have subscribed or passed information to you and you require us to perform a service; e.g. typically in order to verify and activate a non-online subscription by the End User
- Contact us with a question or complaint
- Use our network, servers and other products or services
Conversely, all information related to a payment process, as Credit Card information and/or other sensitive information necessary for the transaction of a purchase, although it could be temporary collected in order to forward it to the gateway processor, does NOT get stored in any way on our servers nor kept for debugging and, in case of temporary collection, it is immediately cancelled after being processed. We therefore do NOT collect information about the End Users from any other organization with reference to the payment processes.
How We Use Personal Information
We may use and analyze your End Users’ information to:
- Provide the goods and services you’ve bought from us and they subscribed to
- On behalf and by request of the Client, keep them informed generally about new products and services (unless they choose not to receive the Client’s marketing messages)
- Require the gateway processor to take the appropriate amount of credit from them
- Respond to any questions or concerns they may have about using our products or services
- For training purposes and quality assurance
- Protect our network and manage the volume of calls, texts and other use of our network. For example, we identify peak periods of use so we can try and ensure the network can handle the volume at those times
- Understand how they use our network, products and services. That way, we can develop more interesting and relevant products and services, as well as personalizing the products and services we offer
- Carry out research and statistical analysis including monitoring how customers use our network, products and services on an anonymous or personal basis
- Prevent and detect fraud or other crimes.
We will store personal information for as long as we have to by law. If there’s no legal requirement, we will store them for as long as they are registered within the system and the user expressly requires the cancellation from the system. The expiry of a subscription does not mean the expiry of the registration. We will not contact the End Users on our initiative, and all the information of the End Users is kept only to provide the Client with the related information upon request.
- Your Rights
You as a Client, and your End Users through you, have the right to access any personal information that Tecnavia processes about you/them and to request information about: –
- What personal data we hold
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store personal data for
- If we did not collect the data directly from you/them, information about the source
If you believe that we hold any incomplete or inaccurate data about you, your personnel and/or your End Users, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You/your End Users also have the right to request erasure of personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you/they have the right to data portability of personal information and the right to be informed about any automated decision-making we may use. NOTE: we currently do NOT use any automated decision-making.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
- Sharing Personal Information
We do not share or disclose any personal information of your employees and/or End Users without your consent, other than to the subjects and for the purposes specified in this notice, or where there is a legal requirement.
We may share information about Clients or End Users with:
- Companies in the Tecnavia group
- Partners or agents involved in delivering the products and services you’ve ordered or used
- Companies who are engaged to perform services for us, on behalf of us, or the Tecnavia group
- Law enforcement agencies, regulatory organizations, courts or other public authorities, if we have to or are authorized to by law
However, all processors/partners acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
We will release information if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our Clients.
Because of our organization, we may need to transfer your information outside the EU (European Union). Nevertheless, all the personal information gathered is maintained on servers within the Tecnavia Group and in countries for which the European Commission has release an adequacy decision (Switzerland and United States of America), and it is not transferred to the Cloud. Some information might be collected on servers in the cloud, but the logs and the data are then transferred locally on Tecnavia’s servers operated within the group.
Some information are gathered by servers or suppliers and service providers that are based outside the EU, or if you use our services and products while visiting countries outside this area. The data that is gathered is anyway not put in reference with the personal information known to us, nor put in relation with a subscription of end users and therefore is to be considered anonymous. In any case we will seek to ensure that similar strict security standards apply and that personal information is transferred to and stored in accordance with applicable laws. By submitting your personal information, you agree to this transfer, storing or processing of your personal information.
We will never sell, trade, or disclose personally identifiable information to third parties for purposes unrelated with the service required by the Client.
- Consequences of Not Providing Your Data
You are not obligated to provide your employees’ personal information to Tecnavia; however, as this information may be required to perform our contractual obligations and provide you with our services, we could not be able to offer some/all our services without it.
Similarly, there is no obligation for your End User to provide their personal information, but this could make it impossible to activate their accounts and complete their subscription process.
Tecnavia has invested in and deployed a variety of technology and security features and policies, to protect the privacy of customer information on its network. In addition, Tecnavia has implemented operational guidelines to safeguard customer privacy throughout the company. Tecnavia will continue to revise policies and implement additional security features as the emergence of new technologies warrant.
Tecnavia does not sell products or services for purchase by children. Tecnavia does not knowingly solicit or collect customer identifiable information from minors under the age of sixteen. In addition, Tecnavia will not knowingly link to any third party web site that solicits or collects customer identifiable information from minors.
If you believe that a minor has disclosed personally identifiable information to Tecnavia, please contact us at so that the information can be removed, or provide a valid consent by an adult related with the minor.
Cookies controlled by Tecnavia
We use “cookies” (small text files stored in the browser) in our information gathering process in order to improve the quality of our website, as well as the quality of customer interaction with us throughout the browsing process. End Users may choose to block the use of such “cookies”, though that will make interaction with us less efficient and could limit the availability of certain functionality features.
The usage of these cookies and the information in the browser are all in relation to provide the service and to permit End Users to gain access to a valid subscription owned by the End User itself.
Cookies controlled by other entities within the service
For what concerns the tracking services, like for example “Google Analytics”, we use these services exclusively for the following purposes:
- Anonymously cross check and proof to our Clients the number of End Users accessing our services
- Track statistical type of devices accessing our services
- Anonymously track the most read articles or the most used functions within our system
We do not pass any information to these services that would allow them to recognize a person and we, by default, DISABLED from these services the functions of Ad servicing and Unique Id tracking. The Client can require us to change these settings but must make provision on their communication to the End Users in order to inform them accordingly and require the necessary consents.
- Tecnavia Spam Policy
Use of Tecnavia facilities for spamming purposes is strictly prohibited. Misuse of Tecnavia facilities will be dealt with seriously and can result in the loss of Tecnavia privileges (e.g.: cancellation of the account, etc.)
- Lodging a Complaint
Tecnavia only processes personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you can contact us at any time at below addresses and you ultimately have the right to lodge a complaint with the supervisory authority of your Country of residence.
Tecnavia Apps S.r.l. – Piazza Don Mapelli 60, 20099 Sesto San Giovanni – Italy
Tecnavia S.A. – Via Cadepiano 28, 6917 Lugano-Barbengo – Switzerland
Tecnavia Press Inc. – 13965 W Preserve Blvd, Burnsville 55337 MN – USA
Privacy Contact: firstname.lastname@example.org – Mr. Luca Demarchi
Last update: 24/05/2018