CEZA srl has always committed itself to protect the personal data of its customers, ensuring

high security standards and the respect of the rights provided by the rules on the protection

of personal data.

The attention and professionalism with which we process your data, through our website,

consulting services, hardware / software supply and technical assistance, are illustrated with

complete transparency by the following information, in line with the new Regulation European

n. 679/2016 ("GDPR") on the protection of personal data.

Data Controller

CEZA srl - Registered office: Via Lisbona n ° 9, PONTASSIEVE (FI) ITALY

VAT number / tax code: 01944700481

Email address of the Owner: ceza@ceza.it

Types of Data collected

Personal Data is all information useful to identify a natural person. They can be freely

provided by the User or collected from external sources.

In particular, the data collected are all those required in the contracting phase and supplying

goods or providing our services, such as personal data, telephone, email, bank details,

geolocation information provided in the use of the App, navigation data, data of the devices

used for the use of our software and any other information necessary or provided voluntarily

to use the services requested.

Regarding the collection of technical, third-party or profiling cookies, you can consult the

cookie policy on our website.

Unless otherwise specified, all data required during the course of the business relationship

are mandatory; it follows that the failure to indicate these could prevent the correct execution

of contractual relationships. Where data is specified as optional, the user may also refrain

from providing it.

The User assumes responsibility for the sharing of Personal Data of third parties and

guarantees to have the right to share them, freeing the Owner from any responsibility

towards third parties.

External Links

Our website and our software products may contain links to external sites of third parties.

CEZA srl is not responsible in any way for the methods of collection and processing of data

and privacy policy adopted by the aforesaid subjects.

Purpose of the treatment

Personal data are collected only if necessary to perform the required services. In this case

the collection and treatment purposes can be:

• The stipulation of contracts, all pre-contractual activities, administrative and accounting activities;

• Sending notifications, payment notices, regulatory updates and all the necessary communications for

the management of the business relationship;

• Interaction with social networks and external platforms;

• The creation of statistics;

• Technical assistance, training, product configuration and consultancy;

• Custom software development and all test and demo activities;

• The fulfillment of legal obligations and compliance with current regulations, the protection of our

corporate assets and the defense of our rights;

• fulfillment of the request for contact, sending of newsletters and registration on the mailing list;

• Personnel selection and HR management;

• Communicate and / or transfer certain data to third-party companies supplying services, products and

technologies necessary for the realization and supply of our products / services. These subjects will be

responsible for the treatment as autonomous owners.

• Communicate and / or transfer certain data to third-party companies to which they are bound by

contractual obligations:

• Marketing activities for the continuous innovation of the technologies offered and the direct

promotion of our products / services. In this case, the specific consent to the aforementioned

processing will always be requested and it will always be possible to object to receiving such

communications by writing an email to ceza@ceza.it

In any case, we undertake to ensure that the collection and processing of data always

comply with the purposes described and that the personal sphere of the users involved is

never infringed in any way.

Method of treatment

The processing is carried out through IT, telematic and paper means, with methodologies

and strategies aimed solely at the purposes indicated above. The Data Controller, in order to

protect the confidentiality of data, has implemented security measures, adapted to the level

of risk, aimed at preventing unauthorized access, sharing, alteration or destruction.

In addition to the Data Controller, internal administrative, technical, commercial and legal

staff may also have access to the Data. They may also have access to data for third party

companies supplying services / products, appointed as Data Processors by the Data

Controller.

However, it is at any time possible to request the Owner to clarify the modalities and the legal

nature of each treatment.

Place of data processing

The server-farm of the Owner and the Server-farm of which the Data Controller relies on third

parties are all located in Italy or in countries belonging to the European Economic Area.

The Data are processed at the operational headquarters of the Data Controller, the User's

offices where the Data Controller performs consulting activities and in any other place where

the parties involved in the processing work.

Data are not transferred to subjects located outside the European Economic Area. Should

this need arise, we will take care to verify that the Data are protected by suitable security

measures.

Retention period

The Data are processed and stored for a different time depending on the purpose for which

they were collected:

• For purposes related to the execution of a contract will be retained until the execution of the

contract is completed. After the termination of the contract, we will retain the Data for 11

years, in order to comply with legal obligations and the possible defense of our rights;

• for purposes related to our legitimate interest and the fulfillment of legal obligations will be

retained until this interest is met. In this case the User can request in-depth information on

the legitimate interest exercised by the Owner

• for purposes granted by explicit consent of the User, the Data Controller may retain the

Personal Data until the consent is revoked.

At the end of the period provided for the specific case, the data will be deleted and the User's

right of access, cancellation, modification and portability will be lost.

Rights of the Subjects concerned

The User has the right to ask the Owner:

• Access to your data and confirmation of the existence of the same

• Information on how to process your data

• Data correction, if they are inaccurate

• The cancellation (so-called "right to be forgotten") of the data, provided they are not indispensable

for contractual or legal purposes

• Limitation of treatment, provided it is not indispensable for contractual or legal purposes

• The portability of data, ie the ability to receive your data in a structured format of common use in

order to transfer them to another owner

• Opposition to data processing

• Withdrawal of consent to treatment

The User also has the right to make a complaint to the competent Supervisory Authority, if he

considers that the processing of his data violates his dignity or his rights.

These rights may be exercised by sending an email to ceza@ceza.it

If the cancellation of your data is requested, the User's right of access, cancellation,

modification and portability will be less.

Changes to the privacy policy

CEZA srl, as Data Controller, reserves the right to make changes at any time to this privacy

policy.

In this case, the modification will be notified on its website www.ceza.it