Find providers
Apply to projects

Conseasy Privacy Policy

(Pursuant to Art. 13 et seq. GDPR  679/2016)

Conseasy is aware of the aspects of personal data protection and respect for the principles of privacy and dignity of individuals.

According to the new EU Regulation 679/2016, in accordance with the principle of accountability, any processing of personal data must be lawful and fair. It must be transparent to individuals how personal data concerning them is collected, accessed or otherwise processed, as well as the extent to which the same data is or will be processed.

The principle of transparency requires that information and communications relating to the processing of such data be easily accessible and understandable, and that clear and simple language be used.

We remind to carefully read the following information.

Conseasy in its capacity as Data Controller, pursuant to and for the purposes of EU Regulation 2016/679, hereby informs you that your personal data, acquired by the Data Controller or subsequently requested and/or communicated by third parties, are necessary and will be used for the purposes set out below.

 

DATA CONTROLLER

Conseasy

Viale Umbria 50, 20135 Milano (MI) 

P.IVA 12631500969

For any clarification, question or need related to your privacy and the processing of your personal data, you may contact us at any time by sending a request directly to the following e-mail address: info@conseasy.com

 

TYPES OF DATA COLLECTED

The personal data collected by this Website, either independently or through third parties, include: usage data, data communicated through registration on the website such as first name, last name, company e-mail and payment data if required for subscription plans.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or by means of specific information texts displayed prior to data collection (see checkbox page 'Sign up').

Personal data may be freely provided by the User or, in the case of User Data, automatically collected during the use of this Website.

Unless otherwise specified, all data requested by this Website is mandatory. If the User refuses to communicate them, it may be impossible for this Website to provide the service. In cases where this indicates certain data as optional, Users are free to refrain from communicating such data, without this having any consequence on the availability of the Service or its operation.

Users are encouraged to contact the Controller for any doubts concerning the data mandatory.

The possible use of Cookies - or of other tracking tools - by this website or by the owners of third party services used by this website, unless otherwise specified, has the purpose of providing the service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Website and warrants that he/she has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

 

HOW AND WHERE THE DATA COLLECTED ARE PROCESSED

DATA PROCESSING METHODS

The Controller takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of personal data.

Processing is carried out by means of computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other subjects involved in the organisation of this website (administrative, sales, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, web masters) appointed, if necessary, by the Data Controller as data processors, may have access to the data. The updated list of data processors can always be requested from the Data Controller.

LEGAL BASIS OF THE DATA PROCESSING

The Controller processes personal data relating to the User if one of the following conditions exists:

  • the User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be allowed to process personal data without the User's consent or another of the legal bases specified below, until the User objects ("opts-out") to such processing. However, this does not apply if the processing of personal data is regulated by European data protection legislation;
  • the processing is necessary for the performance of a contract with the User and/or the execution of pre- contractual measures;
  • processing is necessary to comply with a legal obligation to which the Controller is subject;
  • processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.

However, it is always possible to ask the Controller to clarify the concrete legal basis of each processing operation and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.

STORE AND DATA TRANSFERS

The data are processed at the Controller's operational headquarters and at any other place where the parties involved in the processing are located. For further information, please contact the Controller.

The User's Personal Data may be transferred to a country other than the country where the User is located. To obtain further information on the processing location, the User may refer to the section on Personal Data Processing Details.

The User is entitled to obtain information on the legal basis for the transfer of Data outside the European Union, as well as on the security measures taken by the Data Controller to protect the Data.

Should one of the transfers just described take place, the User may refer to the respective sections of this document or request information from the Controller by contacting him at the contact details given at the beginning.

DATA RETECTION

Data are processed and stored for the time required by the purposes for which they were collected. Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until such time as the performance of that contract is completed and in accordance with current regulations on the retention and discarding of tax records;
  • Personal Data collected for purposes related to the legitimate interest of the Controller will be retained until such interest is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller;

When the processing is based on the User's consent, the Controller may keep the Personal Data for a longer period until such consent is revoked. In addition, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, at the expiry of this period, the right of access, cancellation, rectification and the right to Data portability can no longer be exercised.

 

PURPOSE AND LAWFULNESS OF PROCESSING

Pursuant to EU Regulation 679/2016, personal data:

  • They are processed lawfully, fairly and transparently with regard to the data subject (Art. 5);
  • They are collected for specified, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with those purposes (Art. 5).

The User Data are collected to enable the Controller to provide its services, as well as for the following purposes: statistics, contacting the user, displaying content from external platforms, interaction with social networks and external platforms.

The purposes for which your data is collected are the fulfilment of legal obligations and those arising from your contract with Conseasy.

For these purposes, the provision of data is obligatory and it is not necessary to request and obtain consent as the purposes for which the data are processed are lawful.

Any profiling activities will only be arranged with the explicit consent of the person concerned when registering with our firm or by means of an explicit request on the website.

 

OBLIGATION OF CONFIDENTIALITY

Data processing is carried out using IT tools and/or paper supports, by persons committed to confidentiality, with logic related to the purposes and in any case in such a way as to guarantee the security and confidentiality of the data. The data collected will not be disclosed or disseminated to third parties in accordance with the law.

 

COMMUNICATION TO THIRD PARTIES

Your personal data may be disclosed to third parties known to us solely and exclusively for the above-mentioned purposes and to the following categories of persons:

  • External companies that perform services on our behalf;
  • Entities and public administrations for legal obligations;
  • Professionals who can help with legal compliance.

These parties will process personal data as external data processors.

 

DATA SECURITY

The measures we take are based on a risk-based approach and aim to protect the confidentiality, integrity and availability of Personal Data. Where we use a service provider who acts as a data controller on our behalf, we also take a risk based approach before disclosing your Personal Data to ensure that Conseasy's security objectives are also met by our service provider.

 

DATA PROCESSING DETAILS

Personal Data are collected for the following purposes and using the following services:

USER REGISTRATION

By filling in the registration form on the "Sign up" page with your data, you consent to their use allowing them to access their account and use the services on the Conseasy platform.

Personal data collected: first name and surname, company, company e-mail (free e-mails or e-mails without customised domain are not allowed, read the “Terms and Conditions”), address, company profile/position.

USER CONTACT

Contact form

The User, by filling in the contact form with his or her data, consents to their use to respond to requests for information, quotations, or any other nature indicated by the header of the form.

Personal data collected: first name and surname, e-mail, telephone number.

Mailing List or Newsletter

By registering to the mailing list or newsletter, the User's e-mail address is automatically added to a list of contacts to whom e-mail messages containing information, including of a commercial and promotional nature, relating to this platform may be sent. The User's e-mail address may also be added to this list because of the purchase of databases containing information relating to private and public companies.

This type of service makes it possible to manage a database of e-mail contacts, telephone contacts or contacts of any other kind used to communicate with the User.

These services may also collect data on the date and time the User views the messages, as well as the User's interaction with them, such as information on clicks on links in the messages.

MailChimp (The Rocket Science Group, LLC.)

MailChimp is an address management and e-mailing service provided by The Rocket Science Group, LLC. Personal data collected: company e-mail.

Place of processing: USA - Privacy Policy

 

FEEDBACKS, COMMENTS and CHAT

Each Buyer user can write reviews on the activity carried out by a Provider user. Reviews are published on the Provider's personal tab, visible to all users, even if they are not registered.

Reviews are verified through the e-mail of the registered user and through a spam protection service (re-captcha).

Conseasy allows users to make use of the chat service, which is operated through third-party service provider 'TalkJS'.

In both cases, Conseasy does not carry out automatic checks on the content of messages and any documents shared. The information and personal data entered is the responsibility of the individual user in accordance with the terms and conditions accepted at the time of registration.

 

PAYMENT MANAGEMENT

Payment processing services enable this Website to process payments by credit card, bank transfer or other means. The data used for payment are acquired directly from the operator of the payment service requested without being processed in any way by this Website.

Some of these services may also allow for the scheduled sending of messages to the User, such as e-mails containing invoices or payment notifications.

Stripe (Stripe, Inc.)

Stripe is a data processor that facilitates payment transactions on behalf of and at the direction of a Stripe User. In this case, the Stripe User is a data controller because Stripe acts on the instructions of the Stripe User regarding processing, i.e. who to pay, how much to pay, when to pay.

Personal Data collected: various types of Data as specified by the privacy policy of the service. Place of processing: USA. See Stripe's privacy policy.

 

HOSTING AND BACK-END INFRASTRUCTURE

These types of services are intended to host data and files that allow this Application to function, enable its distribution, and provide a ready-to-use infrastructure to deliver specific features of this Application. Some of these services operate through servers located geographically in different places, making it difficult to determine the exact location where personal data is stored.

DigitalOcean (DigitalOcean Inc.)

DigitalOcean is a hosting service provided by DigitalOcean Inc.

Personal Data collected: various types of Data as specified by the privacy policy of the service.

Place of processing: USA - Privacy Policy

 

INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS

These types of services allow interactions with social networks, or other external platforms, directly from the pages of this website.

Interactions and information acquired from this Website are in each case subject to the User's privacy settings relating to each social network.

If a social network interaction service is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages where it is installed.

1. Facebook Widget (Meta Platforms, Inc.)

The Facebook widget is an interaction service with the social network Facebook, provided by Meta Platforms, Inc. Personal data collected: Cookies and Usage Data.

Place of processing: USA - Privacy Policy

2. Instagram widget (Meta Platforms, Inc.)

The Instagram widget is an interaction service with the social network Facebook, provided by Meta Platforms, Inc. Personal data collected: Cookies and Usage Data.

Place of processing: USA - Privacy Policy

 

RIGHTS OF THE DATA SUBJECT

Conaseasy guarantees the user the possibility of exercising all the rights recognised to him/her by the applicable legislation. Therefore, the user may:

  • obtain access to their Personal Data;
  • obtain rectification of any inaccurate Personal Data concerning him/her;
  • obtain the deletion of their Personal Data;
  • obtain the restriction of the Processing of one's Personal Data;
  • withdraw consent to the processing of their Personal Data;
  • oppose the Processing of their Personal Data;
  • obtain a copy of your Personal Data (right to data portability);
  • provide instructions for the storage, deletion and disclosure of your Personal Data after your death, where applicable.

You may exercise these rights by sending an email to hello@conseasy.com. We may ask you to provide additional information or documents to prove your identity.

Users may also access their personal data at any time by logging into their account and changing them in their profile settings.

If you are not satisfied with the answer you receive, you may lodge a complaint about the collection and use of your personal data with the competent supervisory authority. In Italy, you can contact the Italian Data Protection Authority on its website at the following address: https://www.garanteprivacy.it.

CHANGES TO THE PRIVACY POLICY

Conaseasy reserves the right to make changes to this privacy policy at any time by informing the Users on this page and, if possible, on this website as well as, when technically and legally feasible, by sending a notification to the Users through one of the contact details held by the Controller. Please therefore consult this page regularly.

If the changes affect processing whose legal basis is consent, the Controller will collect the User's consent again, if necessary.