POLICY ON THE PROCESSING OF PERSONAL DATA CARRIED OUT IN THE CONTEXT OF NAVIGATION AND USE OF CONTENTS OF THE WEBSITE CHIMPA.EU PURSUANT TO ART 13 REG. EU 679/16.

Dear User,

pursuant to Reg. EU 679/16, this page describes the methods of processing personal data of users who visit the Data Controller’s website, accessible at the following addresses: www.chimpa.eu , www.chimpa.education , www.chimpa.it , www.chimpa.school .

This information does not concern other sites or pages or online services accessible through hypertext links, that may be published on the site but refer to resources outside the domain of the Data Controller.

Following the consultation of the site listed above, data relating to identified or identifiable natural persons may be processed.

The Data Controller is XNOOVA SRL, Via dei Mille 3, 29121 Piacenza (PC) Tel./ Telefax  02-37901660, E-mail:info@xnoova.com, pec: xnoovasrl@legalmail.it, C.F./P.IVA 01698590336, COD. ID CEE IT01698590336, Iscr. Reg Imprese di Piacenza 01698590336, C.C.I.A. REA N.184332.
Data Protection Officer is lawyer Rossella Calicchio, e-mail address: dpo@xnoova.com.
This site is internally developed by the Data Controller through its authorized personnel for the processing of personal data.

1. WHAT PROCESSING DOES THE SITE PROVIDE?

  1. Browsing data.

The computer systems and software procedures responsible for the operation of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses, date and time of the request to the server, URL visited, browser and operating system used, the device used, the numeric code that indicates the response status of the server (successful, error etc.), the logs of the download activities of the explanatory material contained in the site.

The http redirect does not generate personal data accessible or negotiable by the Data Controller.

The legal basis is the legitimate interest of the Data Controller pursuant to art 6.I let. F) of Reg. EU 679/16 and therefore the user’s consent is not required.

  1. Processing of data communicated by the user.

The optional, explicit and voluntary sending of messages or data using the contact details or forms of the Data Controller, involve the acquisition of the contact data of the sender as well as any personal data communicated by the interested party necessary to verify the request or to allow the use of the services offered.

B1. Sending requests via contact from “request a demo” and “request more information”.

During navigation, the user can contact the Data Controller using the appropriate contact form on the site. The Data Controller will take charge and verify the request. The legal basis of the treatment is constituted by the fulfilment of contractual obligations pursuant to art. 6.I let. b) of Reg. EU 679/16.

B2. Sending of requests to the Data Controller via contact form for whitelabel partnership.

The user can contact the Data Controller during navigation to obtain information about a Whitelabel Partnership for the integration of Chimpa in OEM solutions, with the possibility of re-branding and co-branding.

The legal basis of the treatment is constituted by the fulfilment of contractual obligations pursuant to art. 6.I lett. b) of the General Data Protection Regulation (Reg. EU 679/16).

  1. Fulfilment of legal obligations.

The Data Controller will process your personal data in order to comply with obligations imposed by the laws and regulations in force such as, for example, making data available to the Public Authority in case of accesses, investigations and inspections.

The legal basis of the treatment is constituted by the fulfilment of legal obligations pursuant to art 6.I let. c) Reg. UE 679/16.

  1. Investigation and defense of legitimate rights and interests of the Data Controller.

In the event of disputes, the Data Controller may, if necessary, process your personal data in order to ascertain or defend its own subjective legal positions during judicial or pre-litigation proceedings.

The legal base of the treatment is constituted by the legitimate interest of the Data Controller pursuant to art 6.I lett. f) Reg. UE 679/16.

2. FOR WHAT PURPOSES WILL YOU PROCESS MY DATA?

A. Browsing data.

Browsing data, necessary for the use of web services, are processed for the purpose of:

  • obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical area of origin, etc.);
  • checking the correct functioning of the services offered.

B. Data communicated by the Data Subject.

B1. Sending of requests via contact form “request a demo” and “request more information”.

Data will be processed by the Data Controller to check the request of the Data Subject or to take charge of the request to send a demo.

B2. Sending of requests to the Data Controller via contact form for whitelabel partnership.

Data will be processed by the Data Controller to check the request of the Data Subject.

C. Fulfilment of legal obligations.

The Data Controller may process identification and contact data of the Data Subject in order to comply with legal obligations imposed on the Data Controller itself.

D. Investigation and defense of legitimate rights and interests of the Data Controller.

The Data Controller will process data of the Data Subject in order with a view to establishing and protecting its subjective legal positions.

3. HOW WILL YOU PROCESS MY DATA? TO WHOM WILL YOU COMMUNICATE MY DATA?

A. Browsing data.

The browsing logs are saved on servers, located within the territory of the European Union, property of Armada, of Mascio Fabio – Via Sesto Giulio Frontino n. 3, 86079 Venafro (IS) Tel. 06 452216038 Fax 06 89280222, C. F. MSCFBA72D06L725A. P. Iva 00873530943, REA IS-38469, tel. 06 452216038, fax 0689280222, http://www.hostingperte.it , formally appointed as Data Controller. 

Browsing data are accessible only to the Data Controller, to the developer of the site to carry out service and maintenance activities via FTP.

Browsing data are not transferred by the Data Controller outside the territory of the European Union and are not subject to automated decision-making processes including profiling.

B. Data communicated by the user

B1. Sending of requests via contact forms “request a demo” and “request more information”.

B2. Sending of requests to the Data Controller via contact form for whitelabel partnership.

The data communicated by the user through the forms are stored on the server of the email provider of the Google workspace Data Controller located within the EU.

Personal data involved in this process will not be transferred outside the EU territory and will not be subject to automated evaluations or profiling.

C. Fulfilment of legal obligations.

The data may be made available to the Public Authority in case of investigations and inspection.

  1. Investigation and defense of legitimate rights and interests of the Data Controller

The Data Controller may communicate the data subject’s data to legal advisers, lawyers and experts if such communication is necessary to establish or defend a right in court or in the context of out-of-court proceedings.

4. HOW LONG WILL YOU KEEP MY DATA?

A. Browsing data.

The browsing data are kept are kept for 30 days from the date of data generation, except for any extension of the retention time resulting from requests from the Judicial Authority.

B. Data voluntarily communicated by the user

B1. Sending of requests to the Data Controller via contact form on the website

B2. Sending of requests to the Data Controller via contact form for the whitelabel partnership.

The data communicated by the user through the contact form are saved for 24 months from the date of receipt of the same.

C. Fulfilment of legal obligations.

Any personal data contained in administrative acts processed by the Public Authority or by the Data Controller in the fulfilment of legal obligations will be kept for the time required by the current legal provisions from time to time considered.

D.Investigation and defense of legitimate rights and interests of the Data Controller.

The data contained in procedural or extra-judicial documents will be kept for 10 years from the conclusion of the extrajudicial or judicial proceedings.

5. COOKIE POLICY

5.1. WHAT COOKIES ARE

Cookies are small text files that the sites visited by users send to their terminals where they are stored and then transmitted to the same sites on the next visit. A cookie does not retransmit any other data stored on the user’s hard drive, nor does it retransmit viruses or communicate email addresses.

Cookies are used for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations regarding users accessing the server, storage of preferences, etc.

5.2 TYPES OF COOKIES

Cookies are divided into first-party cookies and third-party cookies. The first-party cookies are sent by the site itself and are used to allow the site to remember the user’s data and preferences.

Third-party cookies are cookies set by sites other than the one you are visiting.

  1. TECHNICAL COOKIES

Technical cookies are those used for the sole purpose of “transmitting a communication over an electronic communications network, or to the extent strictly necessary to the provider of an information society service explicitly requested by the subscriber or user to provide that service”.

These are cookies used to perform navigation or to provide a service requested by the user. They are not used for any other purpose and are normally installed by the website Data Controller.

They can be further divided in the following categories.

Navigation or session cookies: they guarantee the normal navigation and use of the website (they are necessary for the proper functioning of the site, for example, they allow you to remember the user logged in during subsequent accesses to the reserved area).

Functional cookies: they allow the user to navigate according to a series of selected criteria (for example, the cookie reminds the second access that a certain language has been preset).

The consent of the user is not necessary for the installation of technical cookies.

This site includes the following technical cookies.

DEVELOPER

COOKIE NAME

VALUE

COOKIE CATEGORY

FUNCTION OF THE COOKIE

COOKIE DURATION

Google Analitics

_ga

GA1.2.503603010.1640872598

Analytical managed in order to be equated to a technical cookie.

It is used to distinguish users

2 years

Google Analitics

_ga_*

GS1.1.1650364336.1.1.1650365473.0

Analytical managed in order to be equated to a technical cookie.

It is used to distinguish users

2 years

Google Analitics

_gid

GA1.2.1678679672.1641225018

Analytical managed in order to be equated to a technical cookie.

It is used to distinguish users

24 hours

Google Analitics

_gat_gtag_UA_*

Analytical managed in order to be equated to a technical cookie.

It is used to distinguish users

1 minute

PHP

PHPSESSID

h7sj1pr6sq8c00u9h7fj67ks3p

Technical cookie

is a native PHP cookie and allows websites to store session status data. The website is used to establish a user session and to communicate status data

Browsing session

Polylang

pll_language

it, en, es, de, ru

Technical cookie

Remembers the language selected by the user during navigation when you go back to the website

Browsing session

Xnoova

scroll

Technical cookie

Certifies the scroll down block of the site

Browsing session

  1. ANALYTICAL COOKIES

Analytical cookies serve to analyze the use of the site by the user.

Analytical cookies have the purpose to monitor the use of the site by the user in order to enhance the website itself. These cookies gather for example information in aggregate form on the number of users of the site and how the latter visit the site itself.

This site uses third-party analytical cookies in order to gather statistical information on the use of the site. Google Analytics cookes are described in the section dedicated to technical cookies, because IP addresses have been anonymized and because a specific agreement has been signed with Google for the effect of which Google undertakes to process the data only for the purpose of providing the requested analysis service and not to use the data collected by the site for other purpose. The analytical cookies on the website have also been set in accordance with the Cookie Guidelines of the Data Protection Authority of 10 June 2021.

  1. PROFILING COOKIES

The site does not use either first or third-party profiling cookies.

6. WHAT ARE MY RIGHTS?

You can, at any time, exercise your rights of Reg. EU 679/16 by contacting the Data Controller at the addresses indicated in the header of this policy.

  • Right of withdrawal of consent

You have the right to to withdraw your consent at any time by contacting the Data Controller at the addresses indicated in the header of this policy. The withdrawal of consent in no way prejudices any ongoing negotiation relationship. The withdrawal of consent does not affect the lawfulness of the processing based on the consent previously granted.

  • Right of access to personal data

You have the right to obtain from the Data Controller the confirmation that personal data concerning you are being processed or not and, in this case, to obtain a copy of the personal data subject to processing unless the issue of the copy is detrimental to the rights and freedoms of other Data Subjects.

  • Right to rectification

You have the right to obtain from the Data Controller of the processing the rectification and updating of personal data and incorrect news concerning you without undue delay. Taking into account the purposes of the processing, you will also have the right to obtain the integration of incomplete personal data.

  • Right to cancellation

You have the right to obtain from the Data Controller the cancellation of personal data concerning you without undue delay if: the data are no longer necessary for the purposes for which they were collected or processed; You withdraw the consent on the basis of the processing and there is no other legal basis for the processing, you object to the processing and there is no overriding legitimate reason to proceed with the processing; the personal data have been processed unlawfully; the personal data must be erased to fulfil an obligation imposed by national or Community provisions.

  • Right to restriction of processing

You have the right to obtain from the Data Controller the limitation of the processing if: you contest the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful and you request the limitation of use instead of cancellation; you need the personal data for the establishment, exercise or defence of a right in court although the Data Controller no longer needs it; You oppose the processing pending the verification of the possible prevalence of the legitimate reasons of the Data Controller. If processing is limited, personal data are processed, except for storage, only with your consent or for verification, the exercise or defence of a right in court or to protect the rights of another natural or legal person or on grounds of public interest.

  • Right to oppose the processing

You have the right to oppose the processing of your personal data at any time, even for profiling purposes. The Data Controller refrain from further processing your data unless it proves the existence of compelling legitimate grounds for processing that override your interests, rights and freedoms or for the establishment, exercise or defense of a right in court.

  • Right to lodge a complaint with the Authority.

You have the right to lodge a complaint with the Control Authority by hand delivery to the offices of the Guarantor (at the address indicated below) or by forwarding registered A/R addressed to the Guarantor for the protection of personal data , Piazza di Montecitorio, 121, 00186 Roma or by sending certified email to protocollo@pec.gpdp.it.  

Chimpa’s use to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements. ”

Other policies:
Chimpa MDM: http://box.chimpa.eu/resources/privacy_app?chimpa=mdm&lang=en
Chimpa Learn: http://box.chimpa.eu/resources/privacy_app?chimpa=learn&lang=en
Chimpa Teach: http://box.chimpa.eu/resources/privacy_app?chimpa=teach&lang=en
Chimpa Bazaar: http://box.chimpa.eu/resources/privacy_app?chimpa=bazaar&lang=en
Chimpa Home: http://box.chimpa.eu/resources/privacy_app?chimpa-home&lang=en
Chimpa MDM Agent: http://box.chimpa.eu/resources/privacy_app?chimpa=mdmagent&lang=en