This policy provides information to its Clients and Suppliers and describes the procedures followed by eFM S.p.A., registered office in Rome, Via Laurentina 455 (hereinafter "eFM") in relation to the processing of personal data in accordance with art. 13 of Regulation (EU) no. 2016/679 (hereinafter the "Regulation").
According to the present policy, the below notions have the meaning described in the present section. All the terms here defined in the singular form are also intended to refer to the plural and vice versa.
A. “Special Categories of Personal Data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
B. “Consent of the Data Subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
C. “Biometric Data”: personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
D. “Genetic Data”: personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
E. “Personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
F. “MYSPOT”: the eFM Platform to provide services, accessible at the www.myspothub.com web address;
G. “Profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
H. “Data Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
I. “Data Protection Officer”: the person designated by the Data Controller, according to Article 37et seq. of the Regulation;
J. “Services”: eFM services and activities, such as for instance (i) search and publishing of shared workspaces and workplaces (“co-working”), (ii) networking and marketing activities (iii) interaction with users;
K. “Data Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
L. “Data Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
M. M.“User”: any eFM Client or vendor accessing MYSPOT and/or availing of MYSPOT services.
1. DATA CONTROLLER, DATA PROCESSOR AND DATA PROTECTION OFFICER
The Data Controller is eFM.
eFM appointed a Data Protection Officer (DPO) who can be contacted at [email@example.com]
2. GENERAL PRINCIPLES AND SAFEGUARDS
eFM collects Personal Data for reasons of operational efficiency and to offer the best possible experience to its Users when accessing MYSPOT and providing the Services.
Users provide their Personal Data at the time of registration on MYSPOT, both directly and indirectly.
Some Personal Data is collected during Users’ interactions, through the use of technologies such as cookies.
Additional Personal Data is purchased from third parties such as, for example:
- social network;
- service provider;
- systems for determining the position based on the IP address;
- business partners;
- associated companies and/or companies belonging to the same eFM group;
- open government databases and/or other web pages.
eFM reserves the right to:
- process Personal Data in the public domain;
- treat particular categories of Personal Data with the consent of the interested party, unless there are legal exceptions;
- collect the information provided during correspondence and/or telephone conversations with Users (e.g. feedback and/or information shared during the provision of services).
The exchanges of correspondence and telephone conversations with the Users could be monitored and/or recorded.
eFM expressly declares and guarantees that the Personal Data of Users are:
- processed in a lawful, correct and transparent manner;
- collected for specific, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");
- accurate and, if necessary, updated;
- where required, deleted or rectified with respect to the purposes for which they are processed;
- kept in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed;
- processed in such a way as to guarantee adequate security, including protection, encryption and pseudonymisation, by means of adequate technical and organizational measures.
3. PURPOSE OF THE PROCESSING
Pursuant to and for the purposes of Article 6 of the Regulation, eFM declares that the Personal Data of Users are processed for the following purposes:
a) a)Pre-contractual and contractual purposes: eFM collects Personal Data for (i) the provision, management and improvement of the Services (for both contractual and pre-contractual stages), including MYSPOT, as well as for (ii) the execution of contractual obligations, including administrative and/or accounting obligations, and (iii) the development of new features and support service. Examples of these uses include:
- Product offering: eFM uses Personal Data to offer its Services. Often these Services include features and personalized recommendations that improve the User Experience.
- Customer support: eFM uses Personal Data to diagnose problems relating to the Services, or to solve problems related to the use of MYSPOT.
- Product activation: eFM uses Personal Data to activate or confirm any Services chosen by Users.
- Product improvement: eFM uses Personal Data to constantly improve its Services and the satisfaction of Users, also by adding new features or functionalities.
- Security and protection: eFM uses Personal Data to protect the security of its Services and Users, and in order to detect and prevent fraud and enforce conventional use of MYSPOT, as well as any other means of accessing its Services.
- Communication: eFM uses the Personal Data collected to communicate with Users and customize their communications. For example, eFM reserves the right to contact Users by telephone, e-mail or other means to inform them of any unpaid payments and update them regarding the use of the Services.
With respect to this purpose, the legal basis of data processing lies in the contract and/or in the need to meet the requests of the Users: it is therefore not necessary to acquire the consent of the interested party.
The retention period of the Personal Data coincides with the duration of the relationship and/or the single operation, except for different legal obligations and/or different storage needs referred to in this policy.
b) Legal obligations: eFM may acquire Personal Data for the fulfilment of legal and / or regulatory obligations, including the obligations deriving from EU legislation, as well as for the fulfilment and / or response of orders, provisions and / or requests given and / or advanced by competent governmental, judicial, supervisory and / or control authorities, and for carrying out comparison and profiling activities.
With respect to this purpose, the legal basis of the data processing lies in the fulfilment of legal obligations: it is therefore not necessary to acquire the consent of the interested party.
The retention period of Personal Data for this purpose is differentiated according to the related legislation (e.g. 5 years, unless otherwise required).
c) Reporting and internal control purposes: eFM may acquire Personal Data for the purpose of verifying the functionality and adequacy of the internal organization, the compliance of internal processes with the provisions of the law, as well as the profiling and comparison activities.
With respect to this purpose, the legal basis of the processing lies, depending on the type of checks and analyses conducted, in the fulfilment of legal obligations or in the legitimate interest of the Data Controller: it is therefore not necessary to acquire the consent of the interested party.
The retention period of Personal Data for this purpose is differentiated according to the related legislation, without prejudice to the conservation needs for other purposes.
4. CATEGORIES OF PERSONAL DATA
The collected Personal Data depend on the type of interaction with eFM, on the choices made on MYSPOT, including the privacy settings, and on the functions used. The data collected for the purposes indicated above may include:
a) e-mail address or other contact details: eFM collects the contact details of the Users, the connections with other people or subjects;
b) Credentials: eFM collects passwords, password hints and similar security information used for authentication and account access;
c) Demographic data: eFM collects data on users such as age, country of residence and origin and preferred language;
d) Data relating to the device and its use: eFM collects data on the devices and on how the Users and their devices interact with MYSPOT. For example, eFM collects:
- Data on the use of the Services: this data includes search queries, selected settings and mostly used software configurations;
- Device, connectivity and configuration data: this data includes data relating to the device and the network used for connection and includes the IP address, device identifiers (such as the IMEI number for phones) and local and language settings;
- -Error reports and performance data: this data is useful for diagnosing any MYSPOT problems, as well as for improving its performance and may include data relating to the type and severity of the problem, software and hardware details;
e) Interests and preferences: eFM collects data on the interests and preferences of Users, such as the preferred language or the types of spaces booked. Users' interests and preferences can also be derived or inferred from other collected data.
5. ENTITIES OR CATEGORIES OF SUBJECTS TO WHICH PERSONAL DATA MIGHT BE DISCLOSED
For the pursuit of the aforementioned purposes, eFM may disclose its users’ Personal Data to certain entities/subjects, such as:
a) Categories of subjects to whom Personal Data may be communicated for the pursuit of eFM legal, contractual or commercial purposes:
- subjects identified by law (for example, for purposes of management, assessment, litigation and collection of taxes, for exchange of information between authorities under bilateral international agreements; for justice administration; for supervisory, control and other legislation function);
- subjects that provide services for management of eFM information systems;
- subjects who process and manage information to/from eFM clients and suppliers;
- subjects who carry out document archiving activities;
- subjects who provide assistance to eFM clients and suppliers;
- entities that manage national and international systems or that provide services for the control and prevention of fraud;
- subjects who carry out investigations and activities in the fight against international terrorism;
- freelancers, public officials;
- subjects who carry out marketing activities or market surveys or contribute to the promotion of eFM or third parties products and services;
- subjects who control, review and certify activities carried out by eFM.
b) Categories of subjects to whom Personal Data may be disclosed, beyond reasons of eFM legal, contractual or commercial purposes, also for their own pursuit of autonomous commercial purposes:
- subjects to whom eFM offers products and services;
- subjects with whom eFM stipulates collaboration agreements;
- subjects resulting from eFM transformation, merger and acquisition operations.
Subjects belonging to these categories may use the received Personal Data as independent Data Controllers, unless they have been designated Data Processors by eFM.
eFM does not disclose its Users’ Personal Data, meaning by dissemination the disclosure of Personal Data to undefined subjects, including making them available for consultation purposes.
6. RIGHTS OF THE DATA SUBJECT
eFM informs its Users that the Regulation guarantees the exercise of specific rights to protect them. In particular, the Regulation provides for a specific right of access that allows users to receive confirmation of the existence of their Personal Data Processing, obtaining, if necessary, all the information required by law, as well as receiving a copy of the documentation.
Users can also exercise the following rights:
a) Rectification of inaccurate Personal Data or integration of incomplete Personal Data;
b) Erasure (so-called “right to be forgotten”) of Personal Data in the presence of particular conditions and reasons, such as in the case of Personal Data not necessary with respect to the purposes for which they are collected or in the case of illegitimate processing;
c) Limits to the processing of personal data, for example pending its rectification or correction;
d) Portability of Personal Data to another Data Controller if the processing is automated and based on consent or on a contract;
e) e)Opposition to data processing for specific purposes, such as direct marketing. The opposition is always possible and free in the case of advertising, commercial communication or market research purposes. Users may also object to automated processing, including profiling, which produce legal or otherwise significant effects on the person, unless the processing is necessary for the conclusion or execution of a contract or by law.
Whenever the processing is based on the release of the interested party's consent, users have the right to withdraw their consent at any time. The consent revocation of the interested party does not affect the lawfulness of the processing carried out before the revocation.
For the purpose of exercising their rights, users can access their reserved area or send a specific request, enclosing a copy of their identity card and tax code, to the address:
Via Laurentina 455
Users also have the right to lodge a complaint with the Data Protection Supervisor.
7. CONSEQUENCES OF THE REFUSAL TO TREATMENT
Users have the possibility to choose which Personal Data can be collected by eFM and can refuse the Data Processing.
However, whenever the processing is determined by the fulfilment of a legal or contractual obligation or constitutes a necessary requirement for the conclusion of a contract, the denial of processing or the withdrawal of the consent of the interested party may make it impossible for eFM to fulfil the requests.
8. MODIFICATION AND UPDATE
This information is updated on the date indicated above.
eFM reserves the right to make changes which will, in any case, be communicated.
CONSENT TO THE PROCESSING OF PERSONAL
The undersigned users give the following consent:
1. Information on MYSPOT and services provided by eFM:
□ GIVE MY CONSENT
to the Processing of my Personal Data by eFM, exclusively for the purposes referred to in point 3 sub e) of the policy (including the communication to third parties referred to in point 5) in relation to the products and services offered by eFM or other companies belonging to.
2. Processing of personal data:
□ GIVE MY CONSENT
to the Processing of my Personal Data by eFM - including the communication to third parties referred to in point 5), for related processing - exclusively for the execution of specific operations or for the supply and management of specific products / services requested by the undersigned, aware that, in the absence of such consent, EFM will not be able to perform those operations that require such processing or communication.