Daitomic is an exclusive product of Aptus.AI S.r.l., who is therefore the owner of the treatment of the data concerning the website www.daitomic.com.
At Aptus.AI S.r.l. we are committed to safeguarding and preserving the privacy of our visitors, so we provide you with information
about the treatment of the personal data regarding the browsing and the use of this website.
We do update this Policy from time to time, so please do review this Policy regularly.

pursuant to Articles 13 and 14 of EU Regulation No. 679/2016 (GDPR)

‍In order to conduct correct and transparent processing, Aptus.AI S.r.l. renders the following information - drafted pursuant to Articles 13 and 14 of Regulation (EU) No. 679/2016 on the "Protection of Individuals with regard to the Processing of Personal Data" ("GDPR"), Legislative Decree No. 196/2003 (so-called "Privacy Code"), as amended by Legislative Decree 101/2018 - intended for all those who visit and interact with the "Daitomic" platform, accessible at www.daitomic.com ("Platform").
Unless otherwise specified, all words with capital letters contained in this policy have the meaning attributed to them in the General Terms of Use of the Daitomic platform ("GTU").
‍
1. Data Controller  - Who processes your data? ​​
The data controller who processes your personal data is Aptus.AI S.r.l., with registered office in Pisa (PI), Via dell'Argine n. 1, 56122, VAT no. 02288220508 ("Data Controller").
For any questions concerning the processing of your personal data, you may contact the Data Controller at the following addresses: 
(a) Mail: at the registered office;
(b) E-mail: info@aptus.ai; 
(c) PEC: aptus.ai@pec.it.

2. Subject of processing - What personal data do we process?
‍The Data Controller collects and processes the following personal data: 
(a) Personal data directly provided by the data subject: personal data directly provided by the data subject: personal data, identifying and non-sensitive data (such as, name, surname, e-mail address, telephone number);
(b) Personal data not directly provided by the data subject: personal data not directly provided by the data subject: personal, identifying and non-sensitive data automatically collected while browsing the Platform (such as, for example, page accesses, amount of data transferred, session ID numbers, IP addresses, URL addresses, cookies, etc. - click here to view our Cookie Policy) and/or communicated by the Customer who has signed the service contract with the Company (v. CGU).

3. Purposes and legal basis of the processing - Why do we process your personal data? 
‍The Data Controller may process your personal data, also by manual, computerized and telematic means, for the following purposes: 
(a) Allow the navigation on the Platform: 
Some of your personal data may be automatically collected during the browsing on the Platform. In order to process some of this data, it is necessary to acquire your consent (e.g. analytics cookies), for others your consent is not necessary (e.g., technical cookies).
The legal basis of this processing is, in the first case, the consent to the processing of personal data (Art. 6, c. 1, lett. a) of the GDPR) or, in the second case, the legitimate interest (Art. 6, c. 1, lett. f) of the GDPR).
The legitimate interest of the Data Controller consists in ensuring a secure browsing on the Platform and its smooth operation. Without prejudice to the provisions of Section 7 lett. (c), you have the right to object at any time, on grounds related to your particular situation, to the processing of your personal data performed for the purpose in question. In order to exercise such right, you may contact the Data Controller at one of the addresses listed under Section 1 ("Data Controller - Who processes your data?").
For further information on the processing for this specific purpose, on the data retention time or for other details, please consult our Cookie Policy.
If you simply browsing the Platform, this is the only processing that we perform on your personal data.
(b) Manage the service requests from non-registered users. 
‍Some of the services of the Platform can also be used by non-registered users (e.g., the service to book a demo, through the external application Calendly, in the "Book a Demo" section). In such cases, your data may be processed to manage the service requests.
The legal basis for this processing is the performance of a contract or, as the case may be, the implementation of pre-contractual measures at the request of the data subject (Art. 6, c. 1, letter b) of the GDPR). The provision of personal data for this purpose is necessary, therefore, failing to provide such data shall imply the impossibility to conclude the request.
(c) Complete the registration on the Platform and access the reserved area: 
‍Personal data of the Client's contact person will be processed to enable registration on the Platform and the use of services reserved for registered users. The legal basis for this processing is the performance of a contract or, as the case may be, the implementation of pre-contractual measures at the request of the data subject (Art. 6, c. 1, lett. b) of the GDPR). The provision of personal data for this purpose is necessary, therefore, therefore, failing to provide such data shall imply the impossibility of completing the registration process on the Platform.
(d) Send a confirmation e-mail following an action on the Platform. 
The personal data of the Client's contact person may be processed for the purpose of sending a confirmation e-mail of the successful completion of a given action on the Platform. The legal basis for this processing is the legitimate interest (Art. 6, c. 1, lett. (f) of the GDPR). It constitutes a legitimate interest of the Data Controller to ensure the accurate input of information provided by users (including non-registered users). The provision of personal data for this processing is necessary and, therefore, failing to provide such data shall result in the impossibility to complete the request. Without prejudice to the provisions of Section 7 lett. (c), you have the right to object at any time, on grounds related to your particular situation, to the processing of your personal data performed for the purpose in question. In order to exercise such right, you may contact the Data Controller at one of the addresses listed under Section 1 ("Data Controller - Who processes your data?").
(e) Creation and management of a Team. 
The personal data of members of a Team may be processed to enable the Data Controller to create and subsequently manage the Team (adding or removing a member, e.g.). The personal data of a Team member may be entered directly by the Client's contact person or, alternatively, may be communicated to the Data Controller who will then proceed to include the new member in the Team. 
The legal basis for this processing is the performance of a contract (Art. 6, c. 1, lett. b) of the GDPR). The provision of data for this purpose is necessary and, therefore, failing to provide such data shall imply the impossibility to create and manage a Team.
(f) Notification of regulatory alerts, release notes, or other communications (standard or customized). 
Your personal data will be processed to send you regulatory alerts, release notes, or other communications (standard or, depending on the services concretely used, customized). These communications may be directed to the e-mail address provided during registration/Team creation or, alternatively, directly on the Platform. 
The legal basis for this processing is the performance of a contract (Art. 6, c. 1, lett. b) of the GDPR). The provision of data for this purpose is necessary and, therefore, failing to provide such data shall result in the impossibility to properly provide the services referred to in the GTU.
(g) Send informations and promotional communications. 
Your personal data may be used for general marketing purposes, including the sending of informational and promotional communications related to the Platform's services. 
The legal basis for this processing is the explicit consent of the data subject (Art. 6, c. 1, lett. a) of the GDPR).
If you change your mind, you may withdraw your consent in any moment or object to this processing, by contacting the Data Controller at one of the addresses listed under Section 1 ("Data Controller - Who processes your data?") or through the “unsubscribe” link included in any promotional communication sent by the Data Controller. 
Providing data for this purpose is optional: there is no legal or contractual obligation on your part. 
(h) Respond to your requests. 
Your personal data may be processed to manage and respond to requests for information, assistance or of other nature sent to us. The legal basis for this processing is the performance of a contract, the implementation of pre-contractual measures at the request of the data subject (Art. 6, c. 1, lett. b) of the GDPR) or, as the case may be, the legitimate interest of the Data Controller (Art. 6, c. 1, lett. f) of the GDPR). 
It constitutes a legitimate interest of the Data Controller to respond to requests for information, reports complaints or claims from data subjects. This legitimate interest of the Data Controller also coincides with the legitimate interest of the data subjects making the requests, who can reasonably expect their personal data to be used by the Data Controller to provide a response within the context of their relationship. The legitimate interest of the Data Controller thus identified may therefore be deemed to override the fundamental rights and freedoms of the data subject, also due to these reasonable expectations. 
The provision of personal data for this processing is necessary, and, therefore, failing to provide such data shall result in the impossibility to respond to your requests. Without prejudice to the provisions of Section 7 lett. (c), you have the right to object at any time, on grounds related to your particular situation, to the processing of your personal data performed for the purpose in question. In order to exercise such right, you may contact the Data Controller at one of the addresses listed under Section 1 ("Data Controller - Who processes your data?").
(i) Fulfill current administrative, accounting and tax obligations.
‍Your personal data may be processed in order to fulfill obligations incumbent on the Data Controller, with particular reference to administrative, accounting and tax obligations. 
The legal basis for such processing is the compliance with a legal obligation to which the Data Controller is subject (Art. 6, c. 1, lett. c) of the GDPR).
The provision of personal data for this processing is necessary, therefore failing to provide such data shall imply the impossibility for the Data Controller to fulfill the legal obligations.
(j) Allow the exercise of your rights. 
‍The Data Controller may process your personal data in order to:
i. Respond to requests for the exercise of the right related to the provision of Platform services;
ii. Carry out activities that are necessary as a consequence of the exercise of such rights;
iii. Receive and respond to requests for the exercise of rights related to the protection of personal data, as provided for by GDPR, and to perform all related activities.
The legal basis for this processing is the compliance with a legal obligation to which the Data Controller is subject (Art. 6, c. 1, letter c) of the GDPR). The provision of data for this purpose is necessary and, therefore, failing to provide such data shall imply the impossibility for the Data Controller to allow the exercise of your rights. 
(k) Exercise our rights.
The Data Controller may process your personal data for the ascertainment, exercise or defense of a right before all the competent authorities. The legal basis for this processing is the legitimate interest (Art. 6, c. 1, lett. f) of the GDPR).
It is a legitimate interest of the Data Controller to seek legal remedies to ensure the respect of its contractual rights, or to demonstrate its compliance with obligations arising from the contract with the data subject or imposed on the Data Controller by law. Its legitimate interest is further grounded in the constitutionally protected right to defense. The legitimate interest of the Data Controller thus identified may therefore be deemed to override the fundamental rights and freedoms of the data subject.
Without prejudice to the provisions of Section 7 lett. (c), you have the right to object at any time, on grounds related to your particular situation, to the processing of your personal data performed for the purpose in question. In order to exercise such right, you may contact the Data Controller at one of the addresses listed under Section 1 ("Data Controller - Who processes your data?").

4. Data disclosure – Who are the recipients of your personal data?
‍Your personal data will be processed exclusively by employees and collaborators of the Data Controller, specifically authorized pursuant to Articles 29 of the GDPR and 2-quaterdecies of the Privacy Code, or by companies expressly appointed as data processors, pursuant to Article 28 of the GDPR.
The data subject may request from the Data Controller, at any time, an updated list of the data processors carrying out processing operations on your personal data. 
Your personal data will not be disseminated in any way, meaning it will not be made known to indeterminate subjects, in any form, even through mere availability or consultation..

5. Data transfer - To whom are your personal data transferred?
In general, the Data Controller does not transfer the personal data of data subjects to recipients in third countries outside the European Union or to international organizations. In the event that this should occur, the Data Controller ensures that all transfers will be subject to the appropriate safeguards described in Article 46 of the GDPR.

6. Data retention period - How long do we store your personal data?
‍The period for which personal data is retained depends on the specific processing and the intended purpose. Below is a comprehensive list of data retention periods, specifically pertaining to the purposes outlined in Section 3 of this Privacy Policy.

‍Main purpose: (below) purpose 1
User Management: Registration on the Platform (User Data entered by the Client)
Retention period: 6 months

Main purpose: (below) purpose 2
User Management: Registration on the Platform (User Data entered by the Client)
Retention period: 6 months

Main purpose: (below) purpose 3
User Management: Sending of confirmation e-mail
Retention period: 12 months

Main purpose: (below) purpose 4
User Management: Validation of the User profile
Retention period: 24 months

Main purpose: (below) purpose 5
User Management: Creation of a Team
Retention period: Duration of the Contract

Main purpose: (below) purpose 6
User Management: Editing members of a Team 
Retention period: Duration of the Contract

Main purpose: (below) purpose 7
User Management: Access to the User Profile
Retention period: 6 months

Main purpose: (below) purpose 8
User Management: Regulatory alert notification
Retention period: 12 months

Main purpose: (below) purpose 9
User Management: Release note notification
Retention period: 12 months

Main purpose: (below) purpose 10
User Management: User Data Backup on Google Drive
Retention period: 36 months

Main purpose: (below) purpose 11
User Management: Manual profiling
Retention period: 12 months

Main purpose: (below) purpose 12
User Management: Automated profiling (GA4)
Retention period: 6 months

Main purpose: (below) purpose 13
User Management: Technical and analytical cookies
Retention period: Technical cookies: duration of the session; Analytical cookies: 24 months

Main purpose: (below) purpose 14
User Management: Erasure of User Data
Retention period: Time required to manage and execute the cancellation

Main purpose: (below) purpose 15
User Management: Exercise of a right of the Data Controller
Retention period: 10 years from the end of the Contract

Main purpose: (below) purpose 16
User Management: Support provision
Retention period: 6 months

‍Main purpose (below) purpose 1
Management of simple visitors (no users) of the Platform Automated profiling (GA4)
Retention period: 24 months

‍Main purpose (below) purpose 12
Management of simple visitors (no users) of the Platform Technical and analytical cookies
Retention period: Technical cookies: duration of the session; Analytical cookies: 24 months

7. Rights of the data subjects - What are your rights? 
‍The GDPR grants you, as a data subject, some important rights that you can exercise against the Data Controller. According to the GDPR, you are granted the right to:
a. Request the access to your personal data and to the information related to them (pursuant to Article 15 of GDPR); request the rectification of inaccurate personal data or to have incomplete personal data completed (pursuant to Article 16 of GDPR); request the erasure of personal data concerning you (if one of the grounds provided for by Article 17, paragraph 1, of GDPR applies and in compliance with the exceptions as per paragraph 3 of said Article); request the restriction of processing of your personal data (in accordance with the conditions provided for by Article 18, paragraph 1, of GDPR);
b. Request and obtain from the Data Controller – in cases where the legal basis is the performance of the contract or consent and the processing is performed by automated means – the personal data provided to the Data Controller, in a structured, commonly used and machine-readable format, with the right to transmit that data to another controller (the so-called right to data portability, provided for by Article 20 of GDPR);
c. Object at any time to a processing of your personal data which has a legitimate interest as the legal basis (pursuant to Article 21 of GDPR). In case of an objection, the Data Controller will refrain from further processing of your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims;
d. Withdraw your consent at any time, limitedly to the cases where the processing is based on your consent for one or more specific purposes and concerns common personal data (such as date and place of birth or the place of residence), or special categories of personal data (such as data revealing your racial origin, political opinions, religious beliefs, state of health or sexual life), without prejudice to the lawfulness of the processing performed before the withdrawal of consent (pursuant to Article 13, paragraph 2, lett c.) of GDPR).
e. Lodge a complaint with a supervisory authority (Autorità Garante per la protezione dei dati personali – garanteprivacy.it) (pursuant to Article 13, paragraph. 2, lett. d) of GDPR).

Pursuant to Article 12 of the GDPR, the Data Controller will provide any information on actions taken on a request of exercise of right without undue delay and, in any event, within one month of receipt of the request. That period may be extended by 3 (three) further months where necessary, taking into account the complexity and number of requests. In such cases, the Data Controller will inform you of the extension and the reasons for the delay within one month of receiving the request. If you have made the request electronically, the information will be provided to you electronically, where possible, unless you request otherwise.
‍
‍Last update: 31 October 2023