PRIVACY POLICY AND LEGAL NOTES of the Siverapp platform

DATA PROCESSING HOLDER:
Medilink S.r.l. Via Parma 36A, Città Giardino (SR)
E-mail: supporto@siverapp.com

DATA PROCESSING MANAGER:
Medilink S.r.l. Via Parma 36A, Città Giardino (SR)
E-mail: supporto@siverapp.com

Siverapp. Types of collected data. Navigation data.
Siverapp is a learning evaluation platform that allows multiple choice tests. The platform consists of a web portal accessible at the URL www.siverapp.com and an app called SIVERAPP that interacts with the web portal, which can be downloaded for free from the most popular stores. Users can access the platform or app through login credentials provided after the necessary registration. The users, different from the personnel who take care of the platform, are made up of teachers and their relative students. The computer systems and software procedures used to operate this application, in normal operation and only for the duration of the connection, can acquire some user data related to your personal data (name, surname and social security number), email, mobile number (not mandatory), and the preparation or response data of the tests performed. The data of each registered student are made known on the platform, for educational purposes, only to the respective registered professors.

Cookies.
This site uses cookies or markers, which are technically packets of information sent by a web server to the user's browser and from the latter stored on their device (personal computer, tablet, mobile phone, etc.) and automatically returned to the server at each next access to the site. To know the types and purposes of the cookies used you can consult the appropriate Cookie Policy available on the web portal www.siverapp.com.

Data provided voluntarily by users / visitors.
The welcome page of the www.siverapp.com platform clearly explains how the system works (portal + app) also through the use of guides and video tutorials, so that you can easily choose whether to register or not. If connecting to this web application you decide, where provided, to send your personal data (for example: name, surname, email, social security number) to access certain services, or, to make requests via e-mail, such data will be retained for respond to your request, or to provide you with the service you requested in accordance with this information and the specific privacy information made in the process of joining the individual services. The data will be kept for the time necessary to provide the requested service and manage any future problems. Your personal data will be communicated to third parties only if the communication is necessary to comply with the requests of the users themselves, as specified in the specific information of the individual services. Unless otherwise specified, it is mandatory to provide all the data required by the application in order to take advantage of the services offered. In cases where the inclusion of optional data is requested, the user is free to refrain from communicating such data, without this having any consequence on the availability of available services. In line with the DLGS nr 101 of 10/8/2018 (GU nr 205 of 4/9/2018), in force since 19/9/2018, it is possible to register directly on the platform if you are at least 14 years old. Otherwise you will have to send by e-mail, as indicated in the online registration form, the authorization to register by those who have your legal responsibility in the matter.

Mode and place of processing of collected data.
Medilink S.r.l. take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. The processing is carried out using computer and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated, taking care to transfer and store the data in a manner The Data Protection Officer, a top manager in the company organization, supports the owner in the management of the problems of the processing of personal data, in this way it is ensured that a qualified subject deals exclusively with the matter of personal data protection, updating on risks and security measures, in consideration of the growing importance and complexity of the sector. In addition to the owner and the DPO, in some cases, others involved in organizing the activities of Medilink S.r.l. (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, communication agencies, consultants, etc.) also appointed, if necessary, "Data Processors" by the owner. The updated list of managers can always be requested from the data controller.

Place.
The Siverapp platform is allocated in a dedicated cloud at the servers of the provider OVH (supplier of third party technical services) in France, then in Europe, and administered by the Medilink srl staff from its operational offices in Italy. The OVH privacy statement is available at: www.ovh.it/protezione-dati-personali The data are therefore processed at the operational headquarters of the owner and in any other place, in Europe, where the parties involved in the treatment are located. The personal data of the user could be transferred to a different country, belonging to the European community anyway, from the one in which the user is located (in case of use of dedicated servers located abroad). To obtain further information on the processing site, the user can refer to the section concerning the processing of personal data. The user is entitled to obtain information on the legal basis for the transfer of data outside the European Union or to an international organization of public international law or consisting of two or more countries, as well as on the security measures adopted from the holder to protect data.

Purposes of processing the collected data.
Personal data are collected to allow the holder to contact the user and provide their services, as well as for purposes related to statistics on aggregated data, marketing and interaction with other possible external platforms. The types of personal data used for each purpose are indicated in the specific sections of this document.

Retention period.
The data are processed and stored for the time required by the purposes for which they were collected, therefore:
• Personal data collected for purposes related to the execution of the relationship / commitment between the owner and the user will be retained until the execution of this relationship / commitment is completed;
• Personal data collected for purposes related to the legitimate interest of the owner will be retained until the satisfaction of this interest. The user can obtain further information regarding the legitimate interest pursued by the owner in the relevant sections of this document or by contacting the holder;
• When the treatment is based on the user's consent, the holder can keep the personal data for a longer time until such consent is revoked. Furthermore, the owner may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, personal data will be deleted. The user can at any time request the interruption of the processing and the cancellation of their data.

Details on the processing of personal data.
Personal data are collected for the following purposes:

1. Contact the user. Some personal data, such as name and surname, tax code, e-mail address, can be collected through dedicated forms present in different areas of the application. The owner also uses the newsletter and / or notification forms to register the user's email address that is automatically added to a list of contacts to which email messages containing information can be transmitted, including commercial and promotional information , related to Medilink Srl and to this application.

2. Creating a user database. This type of service allows the owner to build user profiles starting from an email address, the name or any other information that the user provides, as well as tracing the user's activities through statistical features directly related to the purpose of operation and use of the 'application. Some of these services could also allow the programmed sending of messages to the user, such as informative emails based on the experience of using this application or notification messages related to the operation of the application. In particular, the part of the student database generated on the specific request of the relative teacher (for example the data generated by the administration of a test) is visible to the student teacher and the Siverapp platform can generate statistics useful to the teacher for educational purposes necessary for the pupil's growth. Teachers can by explicit consent in the platform share part of their teaching material with other teachers.

3. Address management and sending of email messages. This type of service allows you to manage a database of e-mail contacts, contacts (not obligatory) telephone or any other type, used to communicate with the user. These services could also allow to collect data relating to the date and time of display of messages by the user, as well as to the interaction of the user with them, such as information on clicks on links inserted in messages.

4. Remarketing e behavioral targeting. This type of service allows you to serve advertisements based on the past use of the web application by the user. This activity is carried out through the tracking of usage data and the use of cookies. The user can, at any time, opt-out (possibility of refusing to receive further mailings in the future). The user can opt for the exclusion with respect to the receipt of cookies related to a third party service. Each request can be sent by e-mail to supporto@siverapp.com.

5. Statistics. The services contained in this section allow the data controller to monitor and analyze traffic data and are used to keep track of user behavior and the status of data entered in the application. Further statistical analyzes always take place on aggregated and anonymous data.

Google Analytics
Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses personal data collected in order to track and examine the use of this site, compile reports and share them with other services developed by Google. Google may use personal data to contextualise and personalize the advertisements of its advertising network. Cookies and usage data are collected, the place of data processing is US, you can consult the policy of use of data at: www.google.com/intl/it/policies/privacy and disable their use by clicking: tools.google.com/dlpage/gaoptout

Further information on the processing of personal data. Defense in court.
The data collected by the user can be used for the defense by the owner in court or in further stages for the establishment from abuse in the use or related services by the user. The user declares that he / she is aware that the owner could reveal the data collected at the request of the public authorities.

Further specifications.
The user may request to provide further information for the collection and processing of their data in specific applications on this site and in the various related application software.

More information that is not indicated in this document.
At any time the user can request more information on the processing of personal data to the data controller using the contacts on this web application.

User rights.
Users can exercise certain rights with reference to the data processed by the owner. In particular, the user has the right to:

• Revoke the consent previously expressed at any time;
• Oppose to the processing of personal data when it occurs on a legal basis other than consent. Further details on the right of opposition are indicated in the section below;
• Access your data processed by the owner and receive a copy of the data processed;
• Verify and request the correction on the correctness of your data and request the update or correction;
• When certain conditions are met, the user can request the limitation of the processing of their data. In this case the holder will not process the data for any other purpose other than their conservation;
• Obtain the cancellation or removal of personal data;
• Receive your data or have it transferred to another holder without any obstacles. This provision is applicable when the data are processed with automated tools and the processing is based on the user's consent, on a contract of which the user is a party or on contractual measures connected to it;
• Propose a complaint to the competent authority for the control of personal data protection or act in court.

Details on the right of opposition.
When personal data are processed in the public interest, in the exercise of public authority to which the owner is invested or to pursue a legitimate interest of the owner, users have the right to oppose the treatment for reasons related to their particular situation. Users are reminded that, if their data are processed for direct marketing purposes, they can oppose the processing without providing any reasons. To find out if the owner deals with data with direct marketing purposes, users can refer to the respective sections of this document.

How to exercise the rights.
To exercise the rights of the user, a request must be addressed to the contact details of the owner indicated in this document. The requests are filed for free and processed by the owner as soon as possible.

Changes to this privacy policy.
The data controller reserves the right to make changes to this privacy policy at any time giving information to users by updating this page and, if possible, if technically and legally feasible, by sending a notification to users through one of the contact details of which is in possession of the holder. Please therefore consult this page regularly, referring to the date of the last modification indicated at the bottom. If the modifications concern treatments whose legal basis is consent, the holder will collect again the user's consent, if necessary.

Definitions and legal references.

Personal data (or data): constitutes personal data any information concerning a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.

Usage data: are the personal data collected automatically by the application (or by third party applications that uses it), including: IP addresses or domain names of the computers used by the user who connects to the application, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (good order, error, etc. .) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the application, with particular reference to the sequence of the pages consulted, to the data inserted in them, to the parameters relating to the operating system and to the user's computer environment.

User: the individual who uses this application, which must coincide with the interested party or be authorized by him and whose personal data are being processed.

Interested: the natural or legal person to whom the personal data refer.

Responsible for processing (or responsible): the natural person, legal person, public administration and any other body, association or body appointed by the data controller to process personal data, as established by this privacy policy.

Data controller (or data controller): the natural person, legal entity, public administration and any other body, association or body to which they are responsible, even together with another holder, decisions regarding the purposes, methods of processing personal data and the tools used, including the profile of the security, in relation to the functioning and use of this application. The data controller, unless otherwise specified, is the owner of this application.

Data Protection Officer: apical subject in the company organization that supports the owner in the management of the problems of the processing of personal data.

This application: the hardware or software tool through which the personal data of the users are collected.

Legal references
This privacy statement has been prepared in fulfillment of the obligations provided for by Legislative Decree no. 101 of 10/8/2018 (GU nr 205 of 4/9/2018) which enters into force on 19/9/2018, by EU Regulation 2016/679 " General Regulation on Data Protection "(also known by the English acronym GDPR) entered into force on 25 May 2018, by the DLGS nr 196 of 30/6/2003 for the part not repealed, as well as the provisions of Directive 2002/58 / EC, as updated by Directive 2009/136 / EC, concerning Cookies.

This privacy statement only applies to the Siverapp web application and the Siverapp APP.

Last modification: 1 October 2018