Privacy Notice for Clients

 

The undersigned company Bluenext S.r.l. (hereinafter also “Bluenext”) pursuant to Article 13 of the European Regulation (EU) 679/2016 (hereinafter GDPR), and in relation to your personal data processed for the execution of ongoing contractual relationships with you, communicates the following:

 

1 – Data Controller and Data Protection Officer

The Data Controller is Bluenext Srl, with registered office at Via 23 settembre 1845, No. 95, 47921 Rimini – VAT and Tax Code 04228480408.

The Data Controller can be contacted by writing to: Bluenext srl located at Via 23 settembre 1845, No. 95, 47921 Rimini or by sending an email to: info@bluenext.it

The Controller has appointed the Data Protection Officer (DPO) Ph.D. Dr. Elisabetta Galli reachable at the following address Bluenext s.r.l. with headquarters in Rimini (RN), Via XXIII Settembre 1845 no.95 and who can also be contacted by sending an email: info@bluenext.it; pec: ebettagalli@pec.it.

 

2 – Subject of the Processing

The Controller may process:

– Personal identification data (e.g., name, surname, nationality, province and municipality of residence, company name, tax code, VAT number, address, landline and mobile phone, fax, email, bank details, etc.);

– Banking data (IBAN and bank and postal details, excluding credit card numbers);

– Electronic traffic data: including information recorded by Bluenext’s IT systems during the normal provision of its services (e.g., information related to internet communication protocols, IP addresses, access logs to IT systems, cookies) and in the context of providing email services, any data processed for the purpose of transmitting a communication, including data necessary to identify the user. Our software uses essential technical cookies to ensure session security and improve the user experience of our products. They are not used for additional purposes;

– Data voluntarily provided by the User: the user, during the registration process or use of services, voluntarily provides their personal data after completing the procedure;

– Third-party data voluntarily provided by the User: the user may use the Company’s services on behalf of third parties who do not have a direct relationship with the company.

 

3 – Purpose of Data Processing and Legal Basis for Processing

All data processing operations are implemented to guarantee the integrity, confidentiality, and availability of personal data.

The processing is aimed at:

1. a) the correct and complete execution of the contractual obligations assumed (including preliminary activities and those following registration requests and registration, access to reserved areas, product sales, payment management, service provision, providing assistance or information, etc.);
2. b) the operational, technical and administrative management of services purchased by the customer, the management of the commercial relationship (relationships with agents, representatives, clients, external collaborators);
3. c) marketing and promotional activities carried out also through profiling and automated decision-making processes, including sending informational, promotional, and advertising material via email, mail, and/or SMS and/or telephone contacts regarding products or services similar to those subject to the existing commercial relationship, unless the interested party explicitly objects;
4. e) security and prevention of fraudulent conduct;
5. f) the processing is also aimed at the correct and complete execution of legal obligations resulting from the contract, including in the fiscal and accounting fields.

For the purposes referred to in points a) and b), the legal basis supporting the processing is the execution of the contract and the services related to the request for registration, information, and contact. For the purposes referred to in point c), the legal basis is your free consent, which can be revoked at any time.

For the purposes referred to in points e) and f), the legal bases are respectively the pursuit of the legitimate interest of the data controller and compliance with a legal obligation.

 

4 – Processing Methods

Personal data may be processed both through paper archives and magnetic, electronic or telematic media and processed in ways strictly necessary to meet the purposes specified in the privacy policy and indicated above, and in any case in a way that guarantees the security and confidentiality of the data itself.

 

5 – Consequences of Failure to Provide Personal Data

For all the purposes indicated in point 3 letters a), b), e), f), the provision of data is necessary to fulfill the related contractual and legal obligations.

Failure to provide data may only result in the inability to obtain what is requested.

The provision of personal data is necessary to use the products offered by the Company, and, if necessary, to receive support for installing software updates. In particular, the provision of data in fields marked with an asterisk is mandatory, and failure to provide them prevents the completion of the registration process. The provision of data in fields not marked with an asterisk, while useful to facilitate relations with us, is optional, and failure to provide them does not affect the completion of the procedure.

For the purposes indicated in point 3 letter c) the provision of data is not mandatory.

 

6 – Data Retention

Personal data, subject to processing for the purposes indicated above, will be retained for the duration of the contract and, subsequently, for the time in which the undersigned company is subject to retention obligations for tax purposes or for other purposes, provided for by laws or regulations.

Personal data, subject to processing for the purposes indicated above, may also be retained for future commercial purposes. In the case of data provided for marketing and profiling purposes will be retained for a period of time not exceeding what is strictly necessary to achieve the indicated purposes.

Data is also processed by Bluenext for ordinary business processing related to service provision (e.g.: for documentation purposes in case of invoice disputes or payment claims, for fraud detection, to perform analysis on behalf of clients), by virtue of what is provided by regulations. In this case, data is retained with stringent security measures applied in accordance with the law and subsequently deleted.

 

7 – Data Communication

Your personal data may be communicated to:

1. collaborators, employees, consultants, suppliers for the provision of services related to the requested service, including those belonging to other companies of the Bluenext Group.
2. collaborators, consultants, suppliers (e.g., Accountants, Labor Consultants, Lawyers, Occupational Safety and Hygiene Experts, Competent Doctors, etc.) to fulfill the purposes mentioned above;
3. financial institutions, banks, including digital payment and insurance institutions that provide services functional to the purposes mentioned above;
4. Financial Administration, Public Entities, Judicial and Supervisory Authorities for compliance with legal obligations and defense of rights;
5. third parties (e.g., payroll processing companies, credit institutions, professional firms, consultants, etc.) that perform outsourcing activities on behalf of the Data Controller, as external data processors, whose list is available at our headquarters.

Third-party suppliers and/or Bluenext’s data processors adopt security measures to ensure compliance with current legislation on personal data protection.

 

8 – Transfer of Personal Data

The Controller will not transfer data to a third country, unless it’s necessary for the execution of the contract and provided that appropriate and suitable guarantees exist.

Personal data may be transferred to non-EU countries for which there is an adequacy decision by the European Commission pursuant to Articles 13 and 44 et seq. of Regulation 2016/679 EU, in any case, appropriate safeguards are adopted.

 

9 – Profiling and Data Dissemination

Your personal data are not subject to dissemination. As part of data processing for the marketing purposes indicated above, and only if the interested party has provided their consent (revocable at any time), the controller may use processes, including automated ones (such as CRM software or email sending programs) for sending personalized promotional communications based on existing relationships.

 

10 – Data Subject’s Rights

Among the rights recognized to You by the GDPR are those to:

1. Request from the company access to your personal data and information related to them; the rectification of inaccurate data or the integration of incomplete data; the deletion of personal data (upon the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided in paragraph 3 of the same article); the restriction of the processing of your personal data (upon the occurrence of one of the cases indicated in Article 18, paragraph 1 of the GDPR);
2. Request and obtain from the company – in cases where the legal basis for processing is the contract or consent, and the same is carried out by automated means – your personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to data portability);
3. Object at any time to the processing of your personal data in the occurrence of particular situations;
4. Revoke consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and concerns common personal data (e.g., date and place of birth or place of residence) or particular categories of data. Processing based on consent and carried out before its revocation retains its lawfulness;
5. Lodge a complaint with the supervisory authority (Data Protection Authority – www.garanteprivacy.it).

 

11 – Changes and Updates to the Information Notice

Also considering future changes that may occur in privacy regulations, the company may supplement or update this information notice in whole or in part.

Any modification, update, or integration will be communicated to you in accordance with current regulations, also by publication on the company’s website www.bluenext.it

 

Update: January 2025.