Privacy Policy

Introduction
Any data we collect through our website will only be used in a manner consistent with this Privacy & Cookies Policy. When you access our website or sign up to our website, newsletters or when you contact us, you expressly agree to our Terms of Service and the Privacy & Cookies Policy. If you do not agree with the use of your data as described in this Privacy & Cookies Policy or any changes to it, you should not use our website or sign up for any of our services.

Why do we have a Privacy & Cookies Policy?
When you access our website, in certain circumstances, we may collect your data. The point of this Privacy & Cookies Policy is to: inform you about how we collect, use, share and transfer your data; highlight our commitment to protecting your privacy; show our compliance with data protection laws including the European GDPR laws.

Who does this Privacy & Cookies Policy apply to?
If you access and use our website, the Terms of Service and this Privacy & Cookies Policy apply to you. By using and accessing the website you are agreeing to our Terms of Service and Privacy & Cookies Policy.

Who Are We?
Alvascience provides you with software services at www.alvascience.com (“website” or “service/s”).

What Do the Different Terms Mean?
Terms not otherwise defined in this Privacy & Cookies Policy have the meanings assigned to them in Terms of Service.
Personal Data: Data which can identify you, for example, your full name and email address.
Usage Data: Data which is automatically generated when you use the website, for example, the duration of a page visit but which is not personally-identifiable information.
Data Controller: A person who is in control of your data, for example, us.
Service Provider: Any person who processes the data on behalf of the data controller and who is not an Alvascience employee.
User or You: The individual using our website or service.
Cookies: Cookies are text strings sent and stored on your computer from the website (for more information, see http://www.allaboutcookies.org/). Cookies are used to make your online experience more efficient and enjoyable, recognize you whenever you visit this website in order to speeds up your access to the website, obtain information about your preferences and use of our website and carry out research and statistical analysis to help improve our content and services and to help us better understand our users’ requirements.
There are different types of cookies: first party/third party cookies: cookies can be installed by the operator of the website the user is visiting (“first party cookies”) or by other websites (“third party cookies”); session cookies/persistent cookies: cookies can be automatically eliminated any time the website browsing session ends or when the browser is closed (“session cookies”) or permanently stored in the user’s device until their expiration or deletion by the user (“persistent cookies”)

When do we collect personal data?
We may collect, store and process your personal data when you access and interact with our website or service, including: If you sign up to the website; If you sign up to our mailing list to receive our newsletter and email updates; If you fill out a survey on our website; If you contact us via email or our website.

What personal data do we collect?
The amount and type of information we collect, store and process depends on how you interact with our website or service, it includes (but is not limited to): First name and last name; Email; Phone number or fax number; Address; organisation/company.

How do we use the data we collect?
We use the collected data for various purposes, including:
* contractual and pre-contractual purposes (for log-in or registration; for providing and improving the services; for billing purposes);
* fulfillment of legal obligation (for detecting, identifying, responding to and protecting against potential or actual claims, liabilities, prohibited behaviour, criminal activity and technical issues; for complying with and enforcing legal requirements, agreements and policies);
* providing upgrades and/or patches;
* (only for data referring to contacts) marketing purpose (sending you emails about a range of topic – products and services -, including marketing communications, newsletter and commercial information. In this case, your consent provides the legal basis).
The provision and processing of data processed for contractual/pre-contractual purposes and for fulfillment of legal obligation is mandatory; therefore, any refusal to provide them may result in the impossibility to reach these purposes of to fulfill the obligation. The provision and processing of data processed for marketing purposes is not mandatory and depends on your consent.
We also collect data through cookies for different purposes (for personalizing and improving your personal experience; for analytical purposes to monitor and analyze our website usage; to interact with social networks or other external platforms): see below.

To whom, when and where we may transfer your data?
The Data Controller may have to communicate Your personal data to the following subjects, qualified as Persons in charge or Joint Controllers or Data Processors: employees or collaborators or consultants (e.g.: accountants, lawyers, auditors, social media managers, etc.) of the Data Controller; companies operating in the electronic payments sector; IT consultants and technicians; consultants in the field of marketing, communication and market research; public administrations; judicial authorities, judicial operators and police forces; supervisory and financial authorities.
The list of Appointee, Joint Controllers and Data Processors is available to data subjects.

Alvascience does not sell, rent, trade or share any of your personal data with any third parties for promotional purposes. We will only disclose your personal data to other third parties in good faith:
* For the purposes of maintain our website and services;
* If you have consented to us sharing your information, for example, if you have emailed us feedback about our services and consented to us using this feedback as a testimonial;
* If we are required to do so by law;
* As may be required for the purposes of national security;
* When we believe disclosure is necessary and appropriate to prevent physical, mental, financial or other harm, injury or loss;
* In connection with an investigation of suspect or actual illegal or inappropriate activity or exposure to liability.

For the purposes related to the payment of the products/services sold/licensed by the Company, Clients’ accounting data may be transferred to Stripe Inc. (https://stripe.com/it/privacy).
Only Clients’ accounting data may be transferred outside the EU, to Stripe, Inc. In this case, pursuant to art. 46 Reg. EU 679/2016, the transfer will be regulated by Standard Contractual Clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).

How long do we keep your data for?
Personal data is processed in accordance with the principles established by EU Reg. 2016/679 (lawfulness, fairness and transparency; determination; adequacy, relevance and limitation; accuracy; security). Except for greater periods of prescription required by law and except for your right to oppose to the processing (also through the cancellation of the account):
* the personal data processed and retained for contractual and pre-contractual purposes are processed for a period of time not exceeding 10 years from the termination of the effects of the contract and, in case of mere pre-contractual negotiations, for a period not exceeding 10 years from the conclusion of negotiations;
* The personal data processed and retained for fulfilment of legal obligations purposes are processed and retained, in case of conclusion of the contract, for a period of time not exceeding 10 years from the termination of the effects of the contract, while, in case of mere pre-contractual negotiations, for a period of time not exceeding 10 years from the termination of the negotiations
* The personal data processed for marketing purposes are processed and retained until the related cancellation is requested by the data subject.

Where do we store your data?
Your data that we collect is backed up automatically and stored by our web-hosting provider on their secure servers. The information is only collected and stored in order to allow users to use the site and it is backed up so that if a problem occurs the site will be able to be restored. Our website’s servers are located in Italy and therefore, if you are located outside of Italy and choose to provide information to us, please note that we transfer your data to Italy and store and process it there.

What service providers do we use?
Our website relies on some third-party service providers to carry out certain tasks. By accessing, signing up for or using the website or our service, sending us an email, or by signing up for email updates, you provide your express consent to our disclosure of your personal data or usage data to our third-party service providers in order to supply our services. These third parties are obligated not to disclose or use your data for any other purpose other than for our tasks. These service providers include (but are not limited to):
* Gmail: When you interact with our site such as fill out our contact form, a copy of those details you provided are sent to our Gmail account so that we can respond to your queries.
* Webhosting: Our website is hosted by a third-party webhosting company which also provides backups of our database and website.
* Google Analytics and Facebook: The way you interact with our website may be monitored by Google Analytics and Facebook through the collection of usage data so that we can monitor the usage.
* Resellers: If you purchase our products or services via a reseller, the reseller may collect and use your data in accordance with their own privacy policy.

How do we keep your data secure?
No method of transmission over the internet, or method of electronic storage is 100% secure and therefore we cannot guarantee absolute security. In the event of a security breach we will notify the affected individuals immediately in addition to reporting the data breach to the relevant supervisory authority. However, the security of your personal data is important to us and we use administrative, organisational, technical and physical safeguards to protect your information from loss, destruction, misuse, unauthorised access or disclosure as required by applicable law Directive 95/46/EC. The security measures we have implemented include (but are not limited to):
* SECURE SOCKET LAYER: When you enter confidential information on our website such as login details, we encrypt the transmission of that information using Secure Socket Layer (SSL) technology so that if it were intercepted it could not be read;
* SECURE HOSTING: Our website host is one of the best and most preferred hosting providers on the market with a range of sophisticated tools to ensure site security.

Can you access, update or delete your personal data?
Yes. You can access, update and delete the personal data that we collect at any time either via your dashboard, by clicking unsubscribe on newsletters or by contacting us. We will respond to your request promptly and within 30 days. Please note that we may ask you to verify your identity before responding to such requests. From time to time we may contact you to ensure that the personal data we hold is accurate and correct.

What about links to other sites?
Our website may contain links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of these other sites. We encourage you to review the privacy policies and statements of other sites to understand their information practices.

Do we collect children’s data?
No. We do not knowingly collect any personal data from anyone under the age of 18 years of age. If you are under the age of 18, you may not use this website unless you have the consent of, and are supervised by, a parent or guardian. If you are a parent or guardian and you are aware that your child under the age of 18 has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under the age of 18 without verification of parental consent, we will take steps to remove that information from our servers.
By accepting this Privacy & Cookies Policy, you declare to be at least 18 years old.

Information for clients/suppliers

Alvascience informs that for the conclusion and execution of contracts and contractual relations with Clients/Suppliers and for the fulfillment of, legal or contractual, obligations, from these arising, the Company will process personal data provided by You.

1) PROCESSED DATA, LAWFULNESS AND PURPOSE OF PROCESSING
The Company will process the following data, provided by You on the occasion of the conclusion of agreements for services provided by the Company or in favor of the Company:
a) personal data (For example: name, surname, company name, fiscal code, date of birth), data referring to contacts (For example: phone number, fax number, email, address) and accounting data (For example: VAT number, bank number, tax details, credit/debit card number).
The lawfulness of data processing is represented by art. 6 co. 1 lett. b) and c) Reg. EU 679/2016, as information necessary for the execution of the contract or the execution of pre-contractual measures and purposes connected with and necessary to fulfill legal obligations to which the Company is subject, as by legitimate interest.
The purpose of data processing consists in the execution of the contract, in the execution of pre-contractual measures and purposes connected with and necessary to fulfill legal obligations to which the Company is subject (for example: obligations in tax, accounting, anti-money laundering, banking/insurance, workplace safety, regulations, judicial);
b) data referring to Alvascience’s software version in use.
The lawfulness of data processing is represented by art. 6 co. 1 lett. b) Reg. EU 679/2016, as information necessary for the execution of the contract, and by art. 6 co. 1 lett. f) Reg. EU 679/2016, as the Company has a legitimate interest.
The purpose of data processing consists in providing upgrades and/or patches.
c) data referring to contacts.
The lawfulness of data processing is represented by art. 6 co. 1 lett. a) Reg. EU 679/2016, being necessary the consent (Please, note that if You are already a Client/Supplier of the Company, in accordance with art. 6 co. 1 lett. f) Reg. EU 679/2016, the Company may send You commercial communications concerning services and products similar to those already provided, except in case of Your dissent).
The purpose of data processing consists in marketing activities (including through newsletters, email, fax).

2) OBLIGATION OF PROVISION AND CONSEQUENCES OF FAILURE TO PROVIDE PERSONAL DATA
The provision and processing of data referred to in art. 1 lett. a) and b) is mandatory to fulfill contractual and pre-contractual obligations relating to the contractual relationship; therefore, any refusal to provide them, in whole or in part, may result in the impossibility for the Company to conclude and/or execute the agreement or to correctly fulfill legal obligations to which the Company is subject.
The provision and processing of data referred to in art. 1 lett. c) is not mandatory, but possible, and depends exclusively on the consent of the Client/Supplier. If consent to data processing is not provided, or the consent is withdrawn, the activities indicated in par. 1 lett. c) cannot be carried out.

3) RECIPIENTS OF THE DATA
For the purposes referred to in par. 1 lett. a), the Company may contact (and transfer data to) the following subjects:
a) public bodies (INPS, INAIL, labor inspectorates, tax offices);
b) professionals (for example: accountants; labor consultants; auditors);
c) pension and assistance funds, also private;
d) insurance companies and banks;
e) judicial bodies and operators in the justice sector;
f) resellers of the products (only name and surname);
g) its employees or collaborators.
For the purposes related to the payment of the products/services sold/licensed by the Company, Clients’ accounting data may be transferred to Stripe Inc. (https://stripe.com/it/privacy).
For the purposes referred to in par. 1 lett. c), the Company may contact (and transfer data to) the following subjects:
a) its employees.

4) RETENTION PERIOD
The data referred to in art. 1 lett. a) and b) will be stored for the entire duration of the contractual relationship and/or for the duration of the fulfillment of legal obligations. At the termination of the contractual relationship, the data will be stored for the duration strictly necessary in order to execute the residual legal obligations in the field of labour law, social security and assistance, taxation and, in any case, for a period not exceeding 10 years from termination of the relationship, except for longer periods of prescription.
The data referred to in art. 1 lett. c) will be stored for the entire duration of the contractual relationship and not later than 5 years after the termination of the relationship.

5) DATA SUBJECT’S RIGHTS
The data subject has the right to ask the Company for access to the personal data, rectification and erasure, restriction of processing, opposition to processing, data portability and withdrawal of consent. The request for opposition or restriction of processing, as well as the request for erasure or withdrawal on the basis of a relationship, may result in the impossibility to continue the contractual relationship.
The Regulation also recognizes the right to lodge a complaint with the data protection Authority.
For more information, it is suggested to visit: https://www.garanteprivacy.it/regolamentoue/diritti-degli-interessati and https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights_en.
The rights can be exercised by sending an e-mail to: info@alvascience.com.

6) DATA TRANSFER
With the possible exception of Clients’ accounting data, your data will not be communicated and/or transferred to subjects operating in non-EU Countries. In any case, should this occur in the future, the Company will provide specific information and the data will be transferred in accordance with applicable law.
Clients’ accounting data may be transferred to Stripe, Inc. In this case, pursuant to art. 46 Reg. EU 679/2016, the transfer will be regulated by Standard Contractual Clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).

7) CONTACT PERSONS
Data Controller: ALVASCIENCE S.R.L. (C.F. e P. IVA 03801840137), with registered office in via Giuseppe Parini n. 35 (23900) Lecco.
The list of Processors is available at the registered office of the Data Controller.

8) CLIENT/SUPPLIER DECLARATION
The Client/Supplier declares to respect the legislations relating to personal data processing. In particular, it guarantees to the Company that it informed and obtained, where necessary, the consent of its employees and/or collaborators, also external, to the processing mentioned in this information.

Cookies Policy

How do we use cookies, which and what usage data we collect trough cookies?
The Site uses the following types of cookies:
a) technical cookies (which guarantee the navigation and operation of the Site), for which the consent of the User is not required;
b) analytical cookies managed directly by the Data Controller and by third parties (which guarantee the optimization of the usability of the Site, by collecting data in aggregate form), for which the consent of the User is not required.
The Site does not use profiling cookies.

We use cookies to track the activity on our website and to optimise your experience, this includes (but is not limited to):
* When you sign up or sign in cookies are involved in the management of your user experience;
* Google Analytics and Facebook use cookies which help us to monitor the use of our site.
When you use our website or service certain usage data may be collected by us or a third-party such as Google Analytics and Facebook. This information is separate to your personal data and is not personally-identifying information. This includes (but is not limited to):
Device-Specific Information: Information about the device you use:
* Type of device you use such as mobile or computer;
* Your computer’s Internet Protocol address;
* Your computer’s browser type.
Service Log Information: Information about how you use the website or service:
* Which of our website pages you visited;
* Which software you downloaded (in this case, your username will be collected).
For more information about cookies and how they are managed, please visit the following pages: http://www.youronlinechoices.com/, https://www.aboutcookies.org/ and https://cookiepedia.co.uk/.

By continuing to browse the website, you accept this Privacy & Cookies Policy. In case of non-acceptance of cookies by abandoning the navigation, any cookies already registered locally on your computer will remain registered there, but will no longer be read, nor used by us.

On our website, we have the so-called “social buttons”. These buttons are direct links to other website (Youtube) or social networks (LinkedIn, Facebook and Twitter). If you click on these links, you will be re-addressed to these website/social networks to interact directly with our accounts.
Please, take note that these website/social networks are independent controllers. On these “platforms”, you can find more information on their privacy and cookies policies and on the methods of managing and disabling the relative cookies.

What rights do you have?
The right of access: you have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and other specific information, pursuant to article 15 of the GDPR.
The right to rectification: you have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement, pursuant to article 16 of the GDPR.
The right to erasure/right to be forgotten and the right of withdrawal of the consent: you have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where the grounds set out in article 17 of the GDPR apply. In relation to the withdrawal of the consent, you have the right to revoke the consent in any moment without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
The right to restriction of processing: you have the right to obtain from the Data Controller restriction of processing where the grounds set out in article 18 of the GDPR apply.
The right to data portability: you have the right to receive the personal data concerning you, which you have provided to the Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the Data Controller to which the personal data have been provided under the conditions set out in article 20 of the GDPR.
The right to object to marketing communications: at any time, in relation to reasons related to your particular situation, you have the right to oppose to the processing of personal data concerning yourself, according to point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The rights can be exercised by sending an e-mail to: info@alvascience.com.

How can you express your consent?
The consent, if requested, can be given through the following technologies by signing a digital document, also by specific checkbox.

Will we make changes to the Privacy Policy?
We may revise this Privacy & Cookies Policy from time to time and the most current version is the one in effect. If we decide to change our Privacy Policy, we will post the update on our website and update the Privacy Policy effective date. Please check back regularly to review any changes. By continuing to use the website after those changes become effective, you agree to be bound by the revised Privacy Policy.

What if you don’t understand this Privacy Policy?
We’ve tried to make our Privacy Policy as clear, simple and transparent as possible so that you can fully understand what we do with your personal data. However, if there is anything you do not understand or if you have any feedback or questions please contact us – we are happy to help.

Last update: 06/04/2021