At ADmantX we value very highly the protection of personal data.
For us, the protection of all information and personal data we collect, store and process, regardless of the media or the tools we use, is a key priority, the more so in the light of our company’s core business. It is for this reason that we have implemented our Data Protection Policy. Everybody, our employees, our clients, our users and suppliers, have the right to know the principles and rules that we apply when processing personal data, in order to grant a high level of protection of personal information, in full compliance with the law.
Table of Contents
- Purpose and scope of the Policy
- General principles
- Data security
- The data we use and how we use it
- Right of access
- Data communication
- Purpose and scope of the Policy
This Policy describes how our company collects, uses, stores and, in general, processes personal data; our company guarantees that all employees are well aware and comply with it; the Policy describes the rights of the data subjects with respect to the processing of their personal data carried out by our company and establishes the rules under which we process personal data on behalf of other entities.
Our company protects and respects the privacy of personal data of its employees, of its clients and suppliers, of applicants for employment, as well as the personal data of third parties that the company processes while carrying out its business.
This Policy applies to all company employees, who are requested to know and apply it in the carrying out of their daily duties and assignments.
Its purpose is:
- to guarantee that all the company’s employees are well aware of the obligations of the company, set forth by data protection law;
- to ensure an adequate level of knowledge and awareness of the importance of personal data protection;
- to ensure that our operations are carried out in full compliance with data protection law.
- General Principles
In order to guarantee an adequate protection and a proper handling of the personal data that we shall process, our company and its employees shall:
- process personal data in a fair and legal way. The company’s internal procedures and instructions guarantee that the third parties whose data are being processed have been duly informed on the purposes of such processing.
- undertake processing of personal data:
- when the data subject (i.e. the person whose personal data are being processed) involved has given her/his informed consent or,
- to pursue purposes where prior consent of the data subject is not required.
- In carrying out its business, our company may process sensitive data of its employees (regarding sick leaves, union membership, etc). Such data will be used only and exclusively within the limits set forth by the law and will be processed on a need-to-do basis only by other employees in the fulfillment of their duties.
- All employees are required to comply with the security measures implemented by our company; they shall not communicate personal data to third parties (other than in cases where such communication is called for by specific procedures) and to use such personal data only to carry out their duties and assignments.
- Access to personal data shall be allowed only to employees who have been duly authorized and shall have received written instructions on the processing of personal data through their appointment as “person in charge of the processing” based on “need-to-know” criteria.
- Our company has appointed its Data Processors who, among other things, have the task to check our processing operations and verify that they are carried out in compliance with the law and with this Policy. For any request or doubt, the employees will have to refer to their Data Processor. The list of Data Processors is available to all employees.
- The employees are required to report to the Data Processor any problems (security problems, anomalies, etc.) that may have arisen while carrying out their tasks.
- Our company offers to its Customers services that entail the processing of personal data. Our Policy shall also apply to the processing of such personal data, to guarantee their protection and to respect the Customers and their users.
- As a general rule, our company does not process sensitive data, aside from those strictly necessary to comply with their obligations by law or by employment agreements. Such data will not be collected unless (i) the party involved has agreed in writing, after being duly informed on the purposes of and the modalities of the processing, (ii) recording such sensitive data is necessary to comply with statutory obligations or to exercise a right by law, or (iii) in extraordinary circumstances, such as when the processing is necessary to protect vital interests of the involved party.
- The company sets out a retention period for the data, in order to guarantee that they are stored for a period of time coherent with the purposes for which they were collected and processed.
- Data security
The protection of the personal data and information collected and/or processed by our company, whether on its own or on behalf of third parties, is key to respect third parties rights, to comply with statutory obligations and for the integrity of our business. The company has activated all technical, physical and organizational measures to guarantee the protection and integrity of the personal data in its possession.
- How ADmantX uses personal data
ADmantX offers to its Customers state-of-the-art profiling services. Our technology is based on a combination of semantic analysis, correct interpretation of the language combined with a complete semantic network that enables a deep understanding of any type of text. Our services allow our Customers to manage, measure and optimize their marketing actions. We use the data that our Customers pass on to us or web-surfing data only upon condition that users have given their informed consent. We supply on-line advertisement services that offer solutions and ads more consistently in line with end-users’ real interests, based on semantic analysis of text. When acting as a service supplier, we manage and process the data we receive from our Customers. In these cases, we act in the capacity of Data Processor and we operate on the basis of the written instructions that we receive from our Customers.
In other cases, when we act on behalf of our Customers, we may send from their sites our tracking cookies, that collect the IP address of any given user and the activities and web-surfing of such user.
- Users’ rights
The law on protection of personal data, generally referred to as privacy law, grants several rights to the data subjects. Such rights include the right to request a copy of their data (the so-called access right); subsequently, and upon certain conditions, the data subjects have the right to correct their information or request that they be up-dated. In some limited cases (e.g. in case of illegal processing, as defined by the law), they can request the deletion of their data. Any user that wants to exercise their statutory rights should send an e-mail to the following address email@example.com. Our company has a procedure to address such requests and to respond within a reasonable time, in any case within the deadline set forth by the law.
- Communication of data
Our company does not sell, lease or assign, in any way or form, users’ lists, files of personal data nor is engaged in the sale, lease or marketing of personal data: this is not our company’s activity and it is not our practice either.
Internet, by its very nature, is a trans-national network; hence, our company operates in a global environment. Compliance with national laws is a must for us, for the safety of our operations and for the operations of our Customers. For this reason, we have set as our goal to comply with the most stringent European statutory standards, in full compliance with Directive 95/46/EU, Directive 2002/58/EU and Directive 2009/136/EU. Our Cookies Policy, as well as our policy on Customers’ profiling services, has been adopted in compliance of the regulation issued by the Italian Data Protection Authority, the Garante per la Protezione dei Dati Personali.