The company the company NextAI Srl in the person of its legal representative p.t., VAT no. 02717930743, with headquarters in viale Francia snc - 72019 San Vito dei Normanni (BR), pec address: nextai.srl@pec.it (hereinafter, "Data Controller"), in its capacity as Data Controller of personal data pursuant to Article 1 of Legislative Decree No. 196 of June 30, 2003 - Privacy Code (hereinafter, "Code") and Articles 4, No. 7) and 24 of EU Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data (hereinafter, "Regulation") informs pursuant to Article 13 of the Regulation that it will proceed to the processing of personal data referring to customers.
Foreword:
Under the European Data Protection Regulation, legal persons cannot be considered data subjects and therefore the European Regulation does not apply. However, if personal data referring to a natural person is included in the context of the collection of corporate data, that person is to be considered a data subject under the aforementioned regulation.
- Definitions
1.1 Agency: is a marketing agency, digital agency, consultant, i.e. freelancer, natural or legal person, acting in the context of its business activity, related to marketing and corporate communication.
1.2 Customer: is a legal entity or a natural person, acting in the context of their business, trade, craft or profession, and who is interested in using the Services through the Web App.
1.3 End Customers: end customers of the Customer who communicate, via Web App, with the Users and, more generally, with the Customer.
1.4 Contract: the contract from time to time entered into by NextAI with Interested Parties for the purposes of the Services through the consent forms on the Site and represented by the Agency Contract in the commercial relationship between NextAI and the Agency, the Client Contract or the QMarketing For Free Contract in the commercial relationship between NextAI and the Client, and the General Terms and Conditions in the commercial relationship between NextAI and Users.
1.5 Agency Agreement: the agency agreement under which the Agency accesses a control panel on the Site to proceed with the purchase of the Web App license to use the Services on behalf of its Customers.
1.6 Customer Agreement: the Web App license agreement for the provision of the Services signed between NextAI and the Customer.
1.7 QMarketing For Free Contract: the contract for the provision of Free Services signed between NextAI and the Customer.
1.8 General Terms and Conditions: the general terms and conditions of the Services signed between NextAI and the User.
1.9 Cookies: Cookies are text files (letters and/or numbers) that contain packets of information that are stored on Data Subjects' computers or mobile devices every time they visit a website through a browser. On each subsequent visit, the browser sends the cookies back to the website that originated them or to another website. Cookies can be stored only for the time of use of a particular site (i.e. session cookies), or for a longer period of time and independent of the session (i.e. persistent cookies).
1.10 Fees: any fee charged by NextAI to the Agency or Client for use of the Services via the Web App.
1.11 Personal Data means any information relating to a natural person who is identified or identifiable, directly or indirectly, by reference to name, an identification number, location data, an online identifier, or characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
1.12 GDPR: the EU Regulation 679/2016 of April 27, 2016.
1.13 Disclosure: This document.
1.14 Data Subjects: the natural persons to whom the Personal Data refer, pursuant to Article 4 of the GDPR.
1.15 NextAI: NextAI S.r.l. with registered office in San Vito dei Normanni, Viale Francia s.n.c., Tax Code, VAT No. 02717930743.
1.16 Profiling: Processing Personal Data by evaluating personal aspects of the
Interested parties with the use of fully or partially automated procedures.
1.17 Data Controller: the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Data Controller in accordance with Article 4 of the GDPR.
1.18 Services: the services enjoyed by Users through the Web App, as described in the Agreement.
1.19 Site: this site.
1.20 European Economic Area: consisting of the EU countries, Norway, Iceland and Liechtenstein.
1.21 Data Controller: the natural or legal person, public authority, service or other body that, individually or jointly with others, determines the purposes and means of the processing of Personal Data within the meaning of Article 4 of the GDPR.
1.22 Processing means any operation or set of operations involving Personal Data, such as, but not limited to, collection, organization, structuring, storage, modification, extraction, consultation, use, communication, interconnection, restriction, deletion, and destruction.
1.23 Users: all natural person users belonging to and/or connected to the Customer who, individually, use the Web App in the name and on behalf of the Customer or in their own name and on behalf of End Customers.
1.24 Web App: web app aimed at delivering the Services offered by NextAI.
- Data controller
(a) NextAI: The Data Controller of the Processing referred to in point 3 of this Notice is NextAI. Any request by the Data Subjects regarding the Processing performed by NextAI concerning their Personal Data (including the exercise of the rights referred to in Section 9 below), should be addressed to NextAI, either by mail to the registered office, or by e-mail to the e-mail address: info@qmarkting.com.
(b) Client: the Data Controller of the Treatments referred to in Section 4 of this Policy is the relevant Client of the User or End Clients, based on the Client's privacy policy, which NextAI invites you to consult. With respect to such Processing, NextAI acts asResponsible, on behalf of the Client, from time to time Owner. Such Processing is therefore not governed by this Policy.
- Legal Basis Purposes of NextAI Treatments.
NextAI collects and uses Personal Data to achieve the following purposes:
a) Facilitating navigation on the Site, essentially through the use of Cookies: the Processing for the purpose referred to in point a) is regulated in the cookies policy, available on the banner on the Site, which NextAI recommends reading.
b) Registration on the Site by the Interested Party: Processing necessary to enable the signing of the Contract, which is based on the signing of the Contract by the Interested Party and related pre-contractual measures proposed by NextAI;
c) Handling Contact Requests: Processing necessary to send a contact request to NextAI and refusal prevents you from receiving feedback from NextAI regarding your contact request. This Processing is based on NextAI's legitimate interest in responding to contact requests, which NextAI believes takes precedence over the Data Subjects' right to privacy. Opposition to this Processing (if the requirements are met) may be exercised at any time by following the directions in Section 9(e) of this Notice.
d) Enable Agencies and Clients to make payments of the Fees provided on the Site: Processing necessary for the enjoyment of the Services and any refusal prevents the enjoyment of the Services in accordance with the provisions of the Agreement, as applicable from time to time, and which is based on the signing of the Agreement and related pre-contractual measures proposed by NextAI.
e) Retain Agencies' or Customers' means of payment data (e.g., credit cards) for the sole purpose of facilitating further purchases on the Site: Optional Processing for the purpose of facilitating subsequent purchases by Agencies or Clients, subject to the ability to purchase and access available Services even in the absence of prior retention of payment means data. Such Processing is based on the free, specific, informed and unequivocal consent of the Agency or Client, expressed by declaration or positive action (e.g. flag or click) on the Site. Withdrawal of consent may be exercised at any time, following the directions set forth in Section 9 letter a) of this Notice.
f) Sending direct marketing communications to Clients by NextAI (so-called soft spam) related to the Services by email or other channels (e.g. WhatsApp): Optional Processing for sending direct marketing communications and any refusal by the Client who has already used the Services prevents the Client from staying updated on the Services and benefiting from direct marketing communications for the sale by NextAI of Services similar to those already purchased. This Processing is based on NextAI's legitimate interest constituted by the benefit that NextAI may obtain from sending direct marketing communications that promote the sale of Services to its Clients by involving those Clients in NextAI's growth and development, which NextAI believes outweighs the Clients' right to privacy (who, moreover, may reasonably expect to receive such communications). Opposition to this Processing may be exercised by the Client, at any time, and without any reason, by following the directions set forth in Section 10 of this Notice.
g) Subject to optional consent, perform Profiling: Optional Processing and any refusal prevents you from receiving Personalized Direct Marketing Communications referred to in point f) above. Such Processing is based on the free, specific, informed and unequivocal consent of the Data Subject, expressed by declaration within the form on the Site. Withdrawal of consent may be exercised at any time, following the indications set forth in point 9 letter a) of this Notice.
h) Preventing and repressing fraud and abusive behavior (including by third parties) contrary to current regulations and the rules of fairness and good faith: Treatment necessary to protect the proper functioning and enjoyment of the Site and the Web App. This Processing is based on NextAI's legitimate interest in protecting its company and the Interested Parties from fraud or abusive behavior, which NextAI considers to be overriding with respect to the Right to Privacy of the Interested Parties. Opposition to this Processing (if the requirements are met) may be exercised at any time by following the directions set forth in Section 9(e) of this Notice.
i) Collect and process Web App usage data in aggregate form: the Processing is necessary to improve the functionality of the Web App and the Site, provided that any Personal Data related to the Data Subjects are previously and irretrievably anonymized by NextAI itself. This Processing is based on the legitimate interest of NextAI, consisting of the benefit that NextAI may obtain from the realization of statistics in aggregate form, involving the Data Subjects in the growth and development path of NextAi, which the latter considers overriding with respect to the right of the Data Subjects. Opposition to this Processing (if the requirements are met) may be exercised at any time, following the directions set forth in Section 9(e) of this Notice.
j) Fulfilling legal obligations and enabling NextAI to ascertain, exercise and defend its rights in court or before any other competent authority: Treatment necessary to protect NextAI's legal position, rights and interests with respect to the signing, interpretation and performance of the Agreement. In particular, should a User upload content (such as text, images and videos) to the Web App, NextAi may retain the User's Personal Data to protect itself in the event of potential audits or investigations by the competent authorities or claims by third parties arising from the uploading of content that is unlawful or otherwise detrimental to the Contract. Such Processing is based on NextAI's legitimate interest, consisting of the benefit NextAI may obtain in protecting its legal position, rights and interests, which NextAI considers to take precedence over the Users' right to privacy; and ii) where the involvement of third party authorities is necessary or appropriate, based on NextAI's legal obligation to cooperate with the competent authorities in conducting investigations related to the execution, interpretation and performance of the Contract. Opposition to this Processing (if the requirements are met), in the case of legitimate interest, may be exercised at any time by following the directions set forth in Section 9(e) of this Notice.
- Purpose and Legal Basis of Customer Treatments
The Client collects and uses Personal Data for the achievement of the following purposes:
a) Enable Users and End Customers to use the Services: the Processing for the purpose of point a) is necessary for the use of the Services through the Web App in accordance with the provisions of the Customer Agreement and the General Terms and Conditions. Such Processing is based on the existing contractual relationship between the Customer and the Users and between the Customer and the End Customers, and the related pre-contractual measures proposed by the Customer.
(b) Ensuring the IT security, access and use of the Web App by Users and End Customers: the Processing for the purpose of (b) is necessary to ensure the IT security of the Web App. Such Processing is based on the existing contractual relationship between the Customer and Users and between the Customer and End Customers, and the related pre-contractual measures proposed by the Customer.
- Methods of collecting Personal Data
Personal Data of Data Subjects are collected in the following ways:
a) Personal Data automatically collected by the Site: this is the Personal Data automatically collected by the Site through, but not limited to, Cookies (for more information, NextAI recommends reading the cookies policy available on the banner on the Site.
b) Personal Data voluntarily disclosed by the Data Subject through registration on the Site and/or contact request: this is the Personal Data of the Data Subjects, which the latter voluntarily disclosed to NextAI through registration and/or contact request;
c) Personal Data collected during the provision of Services: this is the Personal Data of Data Subjects provided during the use of Services by the Agency or Users.
- Possible categories of recipients of Personal Data
Personal Data is processed by NextAI and/or third parties, selected for reliability and competence, and to whom it may be disclosed as necessary or appropriate, provided that it is within the European Economic Area. The Personal Data may be subject to transfer outside the European Economic Area; in this case, the Data Controller undertakes as of now to use appropriate transfer guarantees, stipulating, if applicable, the standard contractual clauses approved by the European Commission in Decision No. 914 of June 4, 2021. In particular, Personal Data may be processed by, and/or communicated to:
(a) employees and/or contractors of NextAI;
(b) Clients;
(c) third party service providers necessary to ensure the operation of the Site and the Web
App (by way of example: company in charge of hosting services);
(d) third parties, contractually bound to NextAI, necessary for the performance of the Services;
(e) third parties that provide data analysis services for browsing the Site.
- Retention period of Personal Data (or Criteria for determination)
Personal Data is retained for the period of time strictly necessary to achieve the purposes for which it was collected, as set forth in Section 3 above. Subject to the right to object as set forth in Section 9(e) below, NextAI retains Personal Data from Processing for the following time periods:
a) Cookies: for the purpose mentioned in point 3 letter a), we recommend reading the cookies policy, available on the banner on the Site;
(b) Personal Data for registration on the Site, to enable the execution of payments, and to collect and process data in aggregate form for the use of the Web App: for the purposes set out in 3(b), (d) and (i) above for the term of the Contract, as applicable from time to time, and for an additional period of 12 months after termination of the Contract;
(c) Personal Data for the handling of contact requests: for the purpose mentioned in point 3 letter c), for a period of 6 months from the receipt of the contact request sent by the Data Subject. Notwithstanding this period, if a complaint or grievance is sent, the Personal Data will be retained for the period referred to in (e) below;
(d) Personal Data for the retention of data relating to the means of payment of the Interested Parties: for the purpose set forth in 3(e), for the period of the duration of the Contract, as applicable from time to time, and for an additional period of 12 after the termination of the Contract;
(e) Personal Data for the prevention of fraudulent and abusive behavior: for the purposes of 3(h), for a period of 26 months after the termination of the Contract;
(f) Personal Data for Direct Marketing Communications: for the purpose referred to in Section 3 letter f), for a period of 24 months (in the absence of Profiling associated with Direct Marketing Communications) or 12 months (in the case of Profiling associated with Direct Marketing Communications) following the last purchase by Customers, suitable for demonstrating an interest in NextAI's Services;
(g) Personal Data for Profiling: for the purposes set out in 3(g) above, for the term of the Contract, as applicable from time to time, and for an additional period of 12 months after termination of the Contract;
h) Personal Data to comply with legal obligations and to allow NextAI to ascertain, exercise and defend its rights in court or before any other competent authority, NextAI is authorized to retain, in whole or in part, Personal Data for the maximum period of 10 years from collection (or for the longer period of duration of any litigation, where applicable), limited to the information necessary to comply with legal obligations and to allow NextAI itself to ascertain, exercise and defend, in any appropriate forum, its own rights. Once these terms have expired, NextAI will automatically delete the Personal Data collected, or irreversibly transform it into anonymous form.
- Profiling
The Profiling operated by NextAI has the following characteristics:
(a) subject matter: Personal Data collected on the Site and/or during the performance of the Services, suitable for revealing essentially geographic origin, as well as behavioral trends and preferences regarding adherence to NextAI's Services;
(b) Purpose: To improve NextAI's promotion and advertising communications, through the sending of Direct Marketing Communications in line with the interests expressed by Interested Parties regarding the same, and the signaling of targeted Services offered by NextAI;
(c) legal basis: consent;
d) Logic of Processing: profiles of Data Subjects are defined on a statistical basis by analyzing and processing Personal Data of all Data Subjects and creating homogeneous categories of Data Subjects;
(e) effects for Data Subjects: receipt of Direct Marketing Communications in line with the preferences expressed by Data Subjects, navigation of the Site and in the use of the Services. In no way, NextAI's Profiling: i) constitutes an automated decision-making process from which legal or similarly significant effects derive for Data Subjects within the meaning of Article 22 of the GDPR; ii) affects the behavior and purchasing choices of Data Subjects; iii) has a prolonged and permanent impact for Data Subjects, given that the Personal Data collected by NextAI can be independently updated at any time by NextAI; and iv) by reason of the type of services offered by NextAI causes any discrimination of Data Subjects.
- Rights of data subjects
Pursuant to and in accordance with the GDPR, for the period set forth in Section 7 of this Notice above, each Data Subject has the right to:
a) with reference to the Processing referred to in point 3 letters e) and g), withdraw consent at any time without affecting the lawfulness of the Processing, by sending an e-mail to NextAI (see Article 7 of the GDPR);
(b) request from NextAI access to Personal Data and related Processing information and any copy in electronic format, unless specifically requested otherwise by the Data Subject (see Article 15 of the GDPR);
c) request rectification and/or supplementation of Personal Data, without undue delay (see Article 16 of the GDPR);
d) for specific reasons (e.g., unlawful processing, non-existence of the purpose of the Processing), request the deletion of Personal Data, without undue delay (see Article 17 of the GDPR);
e) with reference to the Processing referred to in point 3 letters c), h), i) and j (i), object at any time to the Processing of Personal Data (if not used anonymously), by sending an e-mail to NextAI (see Article 21 of the GDPR);
f) upon the occurrence of specific instances (e.g., inaccuracy of Personal Data, unlawfulness of the Processing, exercise of a right in a court of law), request restriction of the Processing (Art. 18 GDPR);
g) in case of automated Processing, receive Personal Data in a readable format, for the purpose of its communication to a third party, or, where technically feasible, request the transmission of Personal Data by NextAI directly to such third party (so-called right to Data portability - see Article 20 of the GDPR);
h) to be informed, where required by law, by NextAI without undue delay of any breach or unauthorized access by third parties to its systems containing Personal Data (so-called data breach - see Article 34 of the GDPR);
i) to lodge a complaint with the supervisory authority of the EU country where he/she resides (a list of the authorities can be found at the link https://www.garanteprivacy.it/web/guest/home/footer/link), works or where he/she believes the violation of his/her rights has occurred (see Article 77 of the GDPR). For further information regarding the terms and conditions for the exercise of the rights granted to the Data Subject, the Data Subject may consult the text of the GDPR published at the following link: http://eur-lex.europa.eu/legal- content/IT/TXT/PDF/?uri=CELEX:32016R0679&from=IT, or contact NextAI in the forms provided for in point 2 above of this Notice.
- Objection to Treatment Related to NextAI's Direct Marketing Communications
NextAI points out that each Data Subject has the right to object to the Processing of Personal Data referred to in point 3 letter f), at any time and without any reason, by sending an email to NextAI or exercising the opt-out in NextAI's direct marketing communications.
If this right is exercised, NextAI will discontinue the use of the Data Subject's Personal Data for the direct marketing purposes of Services similar to those previously used by the Data Subject.
The interested party at any time may exercise the rights referred to in the preceding article by sending:
- a registered letter with return receipt to: NextAi Srl viale Francia snc - 72019 San Vito dei Normanni (BR),
- an e-mail to the PEC address: nextai.ltd.@pec.it
