Privacy Policy
Back to index

Why we collect your personal data and how long we retain them

In this section we illustrate why we use your data, i.e., which are the purposes of our processing activity.
We also specify if you are required to provide your data, what happens if you decide not to provide your data to us, and how long we retain your data.

We process your data for the following purposes: :
1. Contractual and legal purposes
In short
Do you have the obligation to provide your data?
Yes, in the absence of your data we cannot supply our services/products to you.
What happens if you do not provide your data to us?
We will not be able to perform the contract existing between you and us and to supply the services or products as requested by you.
Is your consent required to process your data?
No, your consent is not required.
What is the legal basis for processing your data?
The processing is necessary for performing the contract that you have entered into with us, responding to your requests or carrying out the activities which are necessary to execute the contract between you and us, and for meeting the obligations placed on us by the law.
How long do we retain your data?
For as long as the requested services are supplied and for the following ten-year period (i.e., the duration of the limitation period applicable to our contractual liability). This is without prejudice to retention for longer periods insofar as such retention is necessary in the framework of pending litigation, or for responding to a request made by a competent authority, or pursuant to the applicable law.
Please also find a more detailed description of the above-mentioned contractual and legal purposes:
  1. Enabling navigation on the Website
  2. Creating and managing the user account (including possible verification of the account and recovery of the credentials) and using account-related features.
  3. Carrying out the necessary activities to execute and perform the contract for the provision of services/products requested or purchased by users, whether or not on the Website.
  4. Dealing with the requests for participating in webinars
    Webinar
    A webinar is an educational or training seminar that is attended remotely, through an internet connection.
    or events,
    subscribing newsletters, receiving fee quotes, and processing orders.
  5. Handling the complaints (if any) and the requests for sending service communications and product updates, either via traditional communication media, such as postal mail, or by remote communication systems, such as e-mail, chat, telephone, SMS, chatbot
    Chatbot
    A chatbot is an electronic instant conversation (chat) between you and an artificial intelligence (bot).
    , banners, notification systems and other means of distance communication.
  6. Providing assistance, support, and training to the users of our products and services. In order to provide assistance to users, we may also process Usage Data relating to the product.
    For instance, the examination of the user navigation flows may enable us to identify the causes for the issues arising, if any, when using certain product’s features.
  7. Complying with the obligations arising from national or European law provisions, regulations, or rules (e.g., tax and accounting obligations) or dealing with, or responding to, the requests made by judicial authorities, or by administrative and tax authorities.
2. Service enhancement purposes and other purposes not relying on consent:
In short
Is your consent required to process your data?
No, your consent is not required.
Can you object to these processing operations?
You shall have the right to object to processing operations, on grounds relating to your particular situation, according to the formalities specified in the section "What are your rights, and how you can exercise them". In such case, we will not process your data for this purpose, unless we can demonstrate that there are overriding legitimate grounds, or unless we are exercising or defending a legal claim pursuant to Article 21 of the GDPR
What is the legal basis for processing your data?
The processing is based on the legitimate interest of the Controller, pursuant to Article 6 (1), letter fof the GDPR. In compliance with the GDPR, we have carried out a thorough balancing of interests aimed at ensuring that the privacy and fundamental rights of the users are protected and respected.
How long do we retain your data?
For as long as the requested services are supplied, and in compliance with the principle of data minimisation
What is the "principle of data minimisation"?
This principle means that we only process personal data that are “adequate, relevant and limited” in relation to the purposes for which they are processed.
save for the following exceptions:
  • If, in case of legal claims and/or complaints, TeamSystem has the necessity to retain your personal data in order to ensure legal defence (letter j) for a period of 10 years (corresponding to the limitation period applicable to the contractual liability of TeamSystem);
  • Or if, in case of pending litigation, further retention is due to the duration itself of the pending proceedings or to specific requests made by the competent judicial authority.
Please also find a more detailed description of the various service enhancement purposes and other purposes not relying on consent:
  1. Carrying out analysis and research activities concerning the products and services provided by us, and the way you use them, in order to enhance and develop our products and services. In compliance with the principle of data minimization
    What is the "principle of data minimization"?
    This principle means that we only process personal data that are “adequate, relevant and limited” in relation to the purposes for which they are processed.
    these activities shall only be carried out on your personal data in so far as it is necessary, by ensuring that such activities are carried out fairly and correctly. Furthermore, where possible, we will anonymise
    Anonymisation
    Anonymisation is a technique used to make the data subject to which personal data relate no longer identifiable.
    or aggregate personal data before using them.
  2. Measuring satisfaction with the products and services that you have purchased from TeamSystem or dealing with problems or issues relating to the use of products or services (e.g., initiatives contributing to promoting better use of products or services, also in order to prevent returns/withdrawals from subscriptions, and to improve the users and customers experience).
  3. Enforcing and defending the rights of TeamSystem, also in the framework of credit recovery procedures and assignment of credits to authorised companies, assessing the position and reliability of customers, and carrying out controls aimed at preventing and/or punishing deceitful or damaging actions.
  4. Carrying out prospective mergers, assignments of assets, transfers of business, assignments of an on-going business or financial operations, by disclosing and transferring your data to the concerned third parties.
  5. Performing customer segmentation based on non-invasive categories such as, among others, the professional category, the city/district/region of residence, the type of product/service that you have purchased, or about which you have requested information through the Website. Segmentation may also be performed on platforms of third-party providers, through the interconnection with the data of such third-party platforms. In any case, the communications made for Marketing Purposes shall only be sent in compliance with the express consent given by you and with the provisions laid down in this policy. In such a context, we may also use personal data to identify similar customer profiles.
  6. Managing the information resources of TeamSystem, including infrastructures, websites, and technological equipment, to ensure service continuity and to guarantee IT security (for instance, to prevent cyberattacks or to perform verifications in case of cyberattacks).
3. Marketing purposes
In short
Do you have the obligation to provide your data?
No, you are under no obligation to provide your data.
Can you object to processing?
At any time, you shall have the right to object to the processing for direct marketing purposes, including objecting to profiling where this latter is in connection with direct marketing.
What happens if you do not provide your data to us?
We will not process your data for these purposes, without detriment of the contract relationship with us and of the provision of our services.
Is your consent required to process your data?
Yes, your consent is required, except for the purpose mentioned under letter p.
What is the legal basis for processing your data?
We process your data based on prior consent given by you. The only exception relates to the purpose mentioned under letter p: in this case the processing is carried out pursuant to Article 130 (4) of the Legislative Decree No. 196/2003 (“Privacy Code”), without prejudice to your right to object to the processing.
Change of preferences and withdrawal of consent
If you change your mind, you may amend your consent to the processing of your personal data for marketing purposes at any time, according to the formalities specified in the section "What are your rights, and how you can exercise them". If you do not wish to receive further commercial communications by us, you may unsubscribe by following the special link available at the end of the commercial communications sent via e-mail. In such cases, we will limit the storage of personal data only to the minimum data that are necessary to record your withdrawal and to avoid contacting you again.
How long do we retain your data?
For a period of 24 months from the date when the consent is given or renewed at the purchase of a new TeamSystem product or service, or from the date of the last contact with you. Last contact means, for instance, the participation in a TeamSystem event, the use of a product or service provided by TeamSystem or the opening of a newsletter.
These are further details on different marketing purposes:
  1. Sending you updates and commercial offers about the TeamSystem products and services, also upon prior interconnection
    Interconnection
    Interconnection refers to the use of two or more combining databases. For instance, the data contained in a database may be automatically updated in case of amendments to the data contained in a second database.
    of Usage Data and Navigation Data and analysis of your behaviour, as concerns either the navigation of the Website and, more widely, the use of the TeamSystem products and services (provided that the consents expressed upon collection of such data are respected), or sending invitations to take part in events, to carry out market surveys or to conduct other commercial initiatives.
    All the above may be performed either via traditional media, like postal mail or telephone call by an operator, or via automated communication means like e-mail, chat, messages (SMS and other instant messaging), chatbot
    Chatbot
    A chatbot is an electronic instant conversation (chat) between you and an artificial intelligence (bot).
    and other distance communication means.
  2. Disclosing your personal data to other companies of the TeamSystem group and/or to the network of its commercial partners, to send marketing communications and to realize other promotional initiatives for the purposes, and via the communications means, specified in previous letter n).
  3. Sending marketing communications via emails concerning products or services that are similar to those representing the object of the contract between you and us. You may opt-out from such communications at any time.

List of articles in this section:

Art. 6 (1), letter f
Details of Art. 6 (1), letter f GDPR
Lawfulness of processing based on the legitimate interests
The processing of personal data is lawful where it is necessary for the purposes of the legitimate interests of the controller, or of third parties, provided that there are no overriding interests or fundamental rights and freedoms of the data subjects.
Art.130 (4)
Detail of Art.130 (4) Legislative Decree No. 196/2003 (“privacy code”)
Promotional communications not relying on the consent of the data subject.
In the event that an e-mail address has been supplied by a data subject in the context of the sale of a product or service, then the controller may use this address to send communications for promotional purposes or relating to market surveys, with or without the data subject’s consent. These communications must concern products or services that are similar to those that have been sold, and the data subject is entitled to object at any time to such communications.
Art. 21
Details of Art. 21 GDPR
Right to object
The data subject shall have the right to object, at any time, on grounds relating to his or her particular situation, to processing of his or her personal data where it is carried out to pursue a legitimate interest. In this case, the controller shall no longer process the personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the exercise or defence of legal claims.