We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the EU General Data Protection Regulation, other relevant Italian and EU legislation (together Data Protection Legislation), as well as marketing rules.
In this privacy notice we explain how we will process your personal information obtained through your use of the Consono platform and mobile app.
This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.
Who we are
When we say we, us or our in this privacy notice, we mean Consono Srl, a company incorporated and registered in Italy. For the purposes of the Data Protection Legislation, we are the controller of your personal data covered by this privacy notice. This means that we are responsible for deciding how we hold and use personal information about you. In addition, if you use our Consono platform and app to request advance on salary from your employer, we process your personal data uploaded or entered onto our Consono platform by you, your employer or generated by your or your employer’s use of the platform as a data processor. This means that we do that on behalf of, and under the instructions of, your employer, who act as the controller of your personal data. This privacy notice does not cover that type of processing but, if you have access to and use our Consono platform, this means that we have a written contract in place with your employer, which sets out how we must process your personal data. For further information, please contact your employer. If you have any questions in regard to any part of this notice, please contact us by e-mail at firstname.lastname@example.org.
Personal data we collect
Personal data means information which relates to an identified or an identifiable individual.
- Identity data: first name; last name; name of your company/employer;
- Contact data: e-mail address; mobile number; address;
- Contract data: details of our contracts with you (for example, our terms and conditions governing your use of our Consono platform);
- Professional data: if you represent our corporate customer or prospective customer (e.g. a company using or interested in using our Consono platform): your name; work contact details; company name and address; job title;
- Regulatory data: if you are a director of our corporate customer (e.g. a company using or interested in using our Consono platform): your name, residential address and date of birth;
- Usage data: services you signed up to (e.g. our blogs); reason for using the platform; and
- Technical data: internet protocol (IP) address; login data; browser type and version; time zone setting and location; browser plug-in types and versions; time spent on the website or platform; operating system and platform and other technology on the devices you use to access our website or platform.
Before you disclose to us the personal information of another person you must ensure that you have a lawful basis to do so. For information on when and how you can lawfully disclose personal data, please see the Information Commissioner’s Office Guide to the General Data Protection Regulation.
We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data (including personal data which we may process on behalf of our employer in connection with your use of our Consono platform) but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website to calculate the percentage of users accessing a specific feature.
How we collect personal data
We collect most of this information from you direct. However, we may also collect information from other sources.
- Your use of our platform, website and/or services: when you sign up to or use our services; sign up to our mailing list; submit an online or e-mail enquiry to us; subscribe to our blogs, complete a contact form; complete a survey; submit feedback;
- Direct interactions with you: when you first contact us; when you register interest in our services; when you give us your business card;
- Consono platform: when you use our Consono platform (e.g. interact with the elements of our website that are locked behind account functionality or use our employee mobile app);
- Automated technologies or interactions: as you interact with our website, app and advertisements, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
How and why we use personal data
Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so.
1. Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:
- place cookies and similar tracking technologies on your device
- send you our blogs, newsletters or other electronic marketing communication, if you requested or expressly agreed to receive such communication; and
- respond to your enquiries.
Where your permission is required, we will ask you for such consent separately and clearly. You have the right to withdraw consent to marketing at any time by emailing us at email@example.com or using the ‘unsubscribe’ link in our marketing emails. Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.
2. Contract. We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you.
For example, if we need to:
- register you as a new employee who can use the app or administer your account;
- provide our services to you;
- manage our relationship with you (e.g. to respond to your enquires or to notify you about changes to our services and to inform you about updating preferences); and
- provide after sale care services (e.g. technical support).
3. Legitimate interests. We may process your personal data when we (or third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests.
- to provide our products and services to, and manage our relationship with our customer or prospective customer whom you represent;
- to administer and protect our business, website and our Consono portal (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- to manage your account and our relationship with you;
- to manage payments, fees, charges, and to collect debts which you may owe to us;
- to interact with you professionally (e.g. if you represent our client, supplier or business partner);
- to deal with your enquiry unrelated to a contract which we may have with you;
- to provide you with a free service (e.g. a free trial);
- to ask you to leave a review or complete a survey;
- to send you our updates or other electronic marketing communications in respect of similar products or services to those which we had previously supplied to you or which you had previously enquired about;
- to increase our business or promote our brand through delivering relevant content to you and marketing communication;
- to measure or understand the effectiveness of the advertising we provide to you;
- to improve our app, website, products, services, marketing, and customer relationships and understanding;
- for the prevention and detection of fraud and spam; and
- for the establishment, exercise or defence of legal claims.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or structure of our business.
4. Legal obligation. We may process your personal data to comply with our legal obligation.
For example, to:
- notify you about changes to our terms or privacy notice;
- address your complaint; and
- comply with a request from a competent authority.
Who we share personal data with
We may share your information with third parties for the purposes set out in this notice. We also share data with providers of cloud-based tools and services, which we use to operate our business:
Amazon Web Services, a US company who provide web and app hosting services to us. Transfers of personal data to US companies who subscribe to the EU-US Privacy Shield framework are deemed by the European Commission to provide an appropriate level of protection; and
We may also:
- disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
- disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
- disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
- share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
How long we keep personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
For example, if:
- we have a contract with you, we will keep your data for 7 years after the end of that contract;
- if subscribe to our updates or other marketing communication, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communication;
- if enquire or purchase our business-to-business services, we will keep your personal data for marketing purposes for two years from when we last heard from you, unless you opt-out from receiving marketing communications; and
- if you represent our prospective customer, we will generally keep your data for six months from when we obtained your data or our last interaction with you.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).
Keeping personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How to contact us section of this policy.
The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority, in particular in the European Union (or the European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws has occurred. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.
How to contact us
If you have any questions about this privacy notice, (including any requests to exercise your legal rights) please contact us by e-mail at firstname.lastname@example.org