Privacy Policy - GDPR

1. Information on the processing of personal data

(Article 13 of Legislative Decree no. 196/2003 - Privacy Code - Article 13 of the EU General Regulation on the protection of personal data No. 679/2016)

DWSNET OÜ an Information technology company with registered office in Sepapaja tn 6, 15551 Tallinn - Estonia, is holder of the processing of personal data pursuant to Articles 4 and 28 of Legislative Decree 30 June 2003, n. 196 - Code of the privacy and of the articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data pursuant to art. 13 of the Code and 13 of the Regulations that will proceed to the processing of personal data relating to the Company and to the natural persons who have the legal representation for the purposes and with the methods indicated below.

The privacy policy explains how we use the personal information we collect about you when you use this website and our other services.

2. Field of application, purpose and recipients

DWSNET OÜ undertakes to comply with applicable laws and regulations relating to the protection of personal data in the countries in which it operates.

This Policy establishes the basic principles by which DWSNET OÜ processes the personal data of consumers, customers, suppliers, business partners, employees and other persons and indicates the responsibilities of its corporate departments and employees when processing personal data.

This policy applies and is necessary for activities carried out within the European Economic Area (EEA) or for the personal data of data subjects within the EEA.

The recipients of this document are all interested parties who use the services of DWSNET OÜ

3. Main Definitions

Personal data means any information relating to a data subject; Data subject means any identified or identifiable person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Basic information about personal data processing conducted by DWSNET OÜ

We always process your personal data lawfully, fairly, in a transparent manner and for specified, explicit and legitimate purposes. We process personal data only to the minimum necessary extent and we keep them in a form which permits your identification for no longer than is necessary for the purpose of the processing.

We process your personal data in a manner that sufficiently ensures their integrity and confidentiality, i.e. by appropriate technical or organizational measures and appropriate protection against unauthorized or unlawful processing and against loss, destruction or damage. We take care to ensure that personal data that are inaccurate, having regard to the purpose for which we process them, are erased or rectified without delay.

We respect the principle of refraining from personal data processing and the principle of data minimization. We therefore only retain your personal data if it is necessary in order to achieve the purpose of the processing or for various retention periods specified by law. The relevant data are erased in accordance with the law if the relevant purpose ceases to exist as a result of the withdrawal of your consent and/or upon the expiration of the lawful retention period.

The data processing takes place pursuant to art. 6, par. 1, lett. a) and b), we ask for your consent to be able to process them before installing and using the service.

To offer our services we turn to external data centers, in any case the Data Controller is aware and always maintains control of the data processed. The company is committed to ensuring the maximum security of its infrastructures, in particular by implementing an information systems security policy and responding to the needs of numerous laws and certifications. The company takes the necessary measures to preserve the security and confidentiality of the personal data processed, in particular to prevent them from being violated, damaged or from unauthorized third parties accessing them.

5. What information we collect about you

The controller of data processing is bound by the requirements of the general data protection rules (GDPR). When you decide to use our services, you agree that we have the right to obtain, use and process the information you provide to us, to enable us to give you the best possible user experience and for other related purposes, including Legal and regulatory compliance, prevention of crime.

The company absolutely does not collect information relating to the activities that are performed using the service except the following:

6. Transferring information outside Europe

As part of the services offered to you, the information you provide to us may be transferred to countries outside the European Union ("EU"). For example, some of our third-party suppliers may be outside the EU. In this case, we will take measures to ensure that the right security measures are taken so that your privacy rights continue to be protected as indicated in this statement. By submitting your personal information, you agree this transfer, storage or processing. If you use our services while you are outside the EU, your information may be transferred outside the EU to provide these services.

7. How long will we keep your data

In line with our regulatory requirements, we will retain your data for five years. In case you need it, you will have the possibility to renounce or update or delete data at any time and information on how to do it are indicated in this statement.

8. Data wipe program

Unless subject to an ongoing legal or regulatory investigation, personal data is deleted after 5 years from storage.

9. Access information, correction, portability and deletion

For any request it is necessary to write to Your request will be answered as soon as possible and, in any case, within the terms set out in the GDPR.

Access Request: It is your right to request a copy of the information we have in our possession. We want to make sure that your personal information is accurate and up-to-date. You can ask us to correct or remove the information that you think is inaccurate by contacting us through the procedures above.

Objections to the processing of personal data: it is your right to make an objection to the processing of your personal data. The only reason we can refuse to process your request is if we are able to demonstrate valid and legitimate reasons that in the specific case exceed your interest, your rights and your freedoms, or when the processing of data is aimed at establishment, operation or defense of legal claims.

Data portability: You are also entitled to receive the personal data you have provided to us, in a structured format, commonly used and readable by a machine and entitled to transmit this data to another controller without delay from the current controller if processing is based on consent or a contract, processing is carried out by an automated process.

Your right to be forgotten: If you wish us to completely erase all information about you.

Data Retention Policy

1. Scope, purpose and recipients

This policy sets the required retention periods for certain categories of personal data and sets the minimum standards to apply when destroying certain information within DWSNET OÜ

This policy applies to all management units of the Entity, processes and systems in which the Entity carries out institutional or other activities with third parties.

This Policy applies to all employees, consultants or service providers who may collect, process or access data (including personal data and / or sensitive personal data).

It is the responsibility of all of the above parties to familiarize themselves with this Policy and ensure adequate compliance with it.

2. General Data Retention Program

The Data Controller defines the period of time in which the electronic records must be kept through the data retention program.

As an exception, retention periods within the Data Retention Program may be extended in cases such as:

3. General principle of conservation

In the event that, for any category of personal data not specifically defined elsewhere in this Policy (and in particular in the Data Retention Program) and unless otherwise provided by applicable law, the retention period required for such documents will be considered as 5 years. from the date of acquisition of the data.

4. Data wipe program

Unless subject to an ongoing legal or regulatory investigation, personal data is deleted after 5 years from storage.

5. Data Protection during the Retention Period

The possibility that the data carriers used for archiving will run out will be considered. If electronic recording media are chosen, all the procedures and systems that guarantee access to the information during the retention period (both as regards the information medium and the readability of the formats) must also be kept in order to safeguard information from loss as a result of future technological changes. The responsibility for the conservation lies with the Data Controller.

6. Data destruction

DWSNET OÜ and its employees should therefore, on a regular basis, review all data, whether held electronically or on paper, to decide whether to destroy or delete any data once the purpose for which such documents were created is no longer relevant.

The general responsibility for the destruction of the data lies with the Data Controller. Once a decision has been made to dispose of it under the Retention Schedule, the data should be deleted, or destroyed to an extent equivalent to its value to others and its level of confidentiality.

7. Breach, Implementing and Compliance Measures

Any suspicion of violation of this Policy must be immediately reported to the data controller. All cases of suspected violations of the Policy must be investigated and related appropriate actions must be implemented.

Failure to comply with this Policy may lead to negative consequences, including, by way of example but not limited to, loss of user trust, litigation, financial loss and damage to the reputation of the Entity, personal injury, damage or loss. Failure to comply with this Policy by employees or collaborators, or third parties, who have been granted access to the information of DWSNET OÜ, may therefore lead to disciplinary proceedings or the termination of their employment or contract relationship. Such non-compliance can also lead to legal action against the parties involved in such activities.

The data controller without unjustified delay and, where possible, within 72 hours from the moment in which he became aware of it, notifies the violation to the Supervisory authority unless it is unlikely that the violation of personal data involves a risk for the rights and freedom of individuals. The data controller who becomes aware of a possible violation is required to promptly inform the owner so that he can take action.

Regardless of the notification to the Supervisory Authority, the data controller documents all violations of personal data by preparing a specific register. This documentation allows the Authority to carry out any checks on compliance with the legislation.