In accordance with art.13 of EU Regulation 2016/679 (“GDPR”)This document represents the Privacy Policy of Quentral S.r.l. (hereinafter “QUENTRAL”).

This Privacy Policy has been created to better explain, to data subjects, how their Personal Data is collected and processed by QUENTRAL. Please read carefully this Privacy Policy in order to have a clear understanding of how QUENTRAL collects, uses, protects or otherwise processes your Personal Data.

QUENTRAL commits to the protection of any Personal Data entrusted to it. Therefore, Personal Data processing and security are guaranteed with the utmost care and in accordance with the provisions of the privacy legislation set out in EU Regulation 2016/ 679.

This Policy describes who we are, for what purposes we may use your Personal Data, how the Data is processed, to whom it may be disclosed, where it could be transferred to and what your rights are. Therefore, we invite you to read this document and the information contained therein very carefully.

The terms used in this Privacy Policy have the same meaning ascribed to them in the General Terms and Conditions, therefore we encourage you to read also the aforesaid document. Unless otherwise defined and indicated in the Privacy Policy, all capitalized terms used herein shall have the same meaning as defined in the General Terms and Conditions.

Anything set forth in this document and detailed below refers to the Personal Data processing which will be carried out by QUENTRAL acting as the Data Controller.

With regard to Users’ Personal Data, Processing of which is carried out in order to use QUENTRAL’s Software and for the provision of the Services, QUENTRAL acts as the Data Processor on behalf of the CUSTOMER. The CUSTOMER remains the Data Controller of the Personal Data of the end Users of the Service. Therefore, as Data Controller, the CUSTOMER determines the purposes and means for the collection of Personal Data of the Users-Data Subjects that are the end-users of the Service.

In this regard the user must be aware that QUENTRAL S.r.l. and the CUSTOMER signed a Data Protection Agreement in accordance with art.28 of EU Regulation 2016/679 (GDPR).

Who will process your Personal Data?

Your Data will be processed by the Data Controller:

Quentral S.r.l. (hereinafter the “Controller“)

Via Durini, 27

20122 Milano (MI)

VAT n° 06383360960

Email privacy@quentral.com

A detailed list of external Personal Data Processors is available at QUENTRAL S.r.l.’s registered office.

Why does QUENTRAL require your Personal Data?

QUENTRAL shall use the collected Personal Data for the following purposes only:

1) Purposes connected with the performance of the contractual relationship and the provision of the services offered on the Site selfcommunity.com. Personal Data shall be processed with the following purposes: completion, performance and termination of the purchase orders and of the contractual and commercial relationship with QUENTRAL; compliance with accounting and tax obligations; compliance with legal obligations; money laundering monitoring; accounting and tax inspections; litigation management; provision, assistance, update and information in relation to the Services offered and to the available features; online Service activation.

2) Marketing purposes: with your express consent, Personal Data will be processed for the following purposes: market research; economic and statistical analysis; sending advertising / informational / promotional material and for Marketing purposes and offers from the Controller or third-party companies that co-operate with the Controller, as well as in relation to programs and promotions, also online, to communication and information on the Controller’s activities.

QUENTRAL shall carry out the Processing:

• based on your specific and express consent;
• because it is necessary for contract performance related to the services provided by QUENTRAL (for example, management of the commercial contract and Service);
• because it is necessary for compliance with the legal obligations to which QUENTRAL is subject (i.e. accounting requirements, anti-terrorism inspections and other obligations under the applicable law);
• because it is necessary to meet CUSTOMER’s requests for a better management of the Service;
• because it is necessary for a legitimate interest pursued by the Controller (i.e. money laundering checks; fraud prevention).

The provision of Personal Data is therefore mandatory for the purposes specified at point 1 above.

The purpose set forth at point 2 above is not a legal requirement, therefore the provision of Personal Data and related consent are optional.

Any partial provision of or failure to provide Personal Data will result in the partial or total inability to meet the purposes above and provide the services.

QUENTRAL assesses the entity and the adequacy of the Data provided in order to avoid Processing any Data that exceeds the purposes pursued.

We shall not use your Personal Data for any other or further purpose than those described in this Policy, unless we notify you in advance and if this is necessary and then only with your prior express consent.

What Data do we collect?

When you register or make a purchase order for the Services offered by QUENTRAL, you may be asked to enter your personal details, email address, phone number, additional information and details that may improve your user experience and fruition of the Services.

When do we collect your Personal Data?

We collect your Personal Data when you fill out a request, place a purchase order or any time you enter information by accessing our Site. In addition, our Site uses cookies, both technical and from third parties.

How will we use your Data?

We may use the collected Data when you register, place a purchase order, subscribe to our newsletter, participate in a survey or marketing and/or commercial communications, visit our Site, and use the features on our Site, in the following ways:

• To personalise your user experience with information and contents more in line with your interests.
• For sending you emails and communications regarding the Service you purchased or other services offered.

How do we protect your Data?

QUENTRAL’s objective is the protection of its CUSTOMER’s Data, by basing the processing on principles of correctness, lawfulness and transparency.

We inform you, therefore, that your Personal Data will be processed, through the use of tools and procedures suitable to ensure maximum security and confidentiality, through archives and paper support, with the aid of digital tools, computer and telecommunications means.

Your Personal Data is protected by a secure network accessible to a limited number of people expressly authorised and instructed to that effect. Every person authorised to be involved with Processing is bound to confidentiality. In addition, Sensitive Data related to payments such as credit card numbers, Iban codes, etc, are further protected by Secure Socket Layer (SSL) technology. QUENTRAL implements various security measures whenever a User logs on to the Service and/or accesses to its own Data, in order to maintain a high level of security.

Is your Data shared with any third parties?

We do not sell, exchange or otherwise transfer your Personal Data to any third party, except where specified below:

• QUENTRAL received your express consent to share the Data with third parties.
• Public authorities can access stored Data when required in the event of legal disputes, in accordance with cases and modalities under applicable laws.
• Your data may be communicated to QUENTRAL S.r.l.’s partners for the management of the Services offered by it, as well as to other third parties, to comply with any obligation required by law, regulations, EU legislations or in relation to the management and performance of the contractual relationship.
• When QUENTRAL deems it necessary to remedy and/or prevent any damage and/or fraud and in any other event where it is deemed necessary in order to protect QUENTRAL’s Platform, Software and Services.
• When QUENTRAL deems it necessary for the security of other Users of the Service.
• In the event that QUENTRAL or part of it, is sold to another entity, in which case the Data may also be transferred to such other entity.

Rights of the Data Subject (your rights).

At any time, you will have the right to request :

• access to your Personal Data;
• update of your Personal Data in case of inaccuracy;
• erasure;
• processing restriction;
• the right to its portability, that is to receive the Personal Data you have provided in a structured, commonly used and machine-readable format.

Furthermore, you shall have the right to object processing if Data is:

• processed in the pursuit of a legitimate interest of QUENTRAL S.r.l.;
• processed for direct marketing purposes;

We shall treat your request with the utmost care in order to guarantee you the effective exercise of your rights. You shall also have the right to submit a complaint to the national Supervisory Authority (Garante della Privacy).

Unless you indicate otherwise, you shall have the option to exercise your right to object to both traditional as well as automated communications.

How long do we keep your Data for?

Your Personal Data shall be stored since receipt/update and for an adequate period of time consistent with the processing purposes above.

Listed below is the duration of the different processing:

Can I withdraw my consent after I gave it?

Yes, you can withdraw your consent at any time, without prejudice to: i) the lawfulness of processing based on consent before withdrawal; ii) further processing of the same data based on other legal grounds (i.e. contractual or legal obligations to which QUENTRAL is subject).

For any further questions and clarifications, you can contact us.

For further information on this Policy or on any other privacy matter, or if you wish to exercise any of your rights or withdraw your consent, you can contact us directly at privacy@quentral.com.

Changes to this Privacy Policy

QUENTRAL may decide to review this Privacy Policy and the rules contained therein. If QUENTRAL decides to make any change to this Privacy Policy, at its sole discretion, and if it represents an essential change, QUENTRAL shall notify such changes by publishing them on QUENTRAL’s Site and Platform and/or by email to the email address provided to us, stating the “last update” date to indicate the date from which the changes shall take effect. By continuing to access or use QUENTRAL’s Platform and/or the Website after the entry into force of such changes, the user agrees to be bound by the provisions of the amended Privacy Policy.