Corso Venezia 54, 20121 Milano (Italy) +39 0287168721 info@my-score.is

Privacy Policy

1. Information on the privacy of the site

This policy applies to the Score website, hereinafter referred to as the ‘Site‘.

2. Data controller

The Data Controller of the processing of personal data (hereinafter also simply “data”) is Rexilience s.r.l., P.IVA IT12011490963, with registered office in Corso Venezia, 54, Milan (hereinafter the “Data Controller” or the “Company”).

This section contains information regarding the management of SCORE, owned by Rexilience, with reference to the processing of personal data collected through the site itself.

This information, in compliance with the provisions of Law 196/2003, is provided pursuant to EU Regulation 679/2016 ss.mm.ii. (hereinafter referred to as “GDPR”) and the international, European and Italian laws on the processing of personal data, to the extent of their applicability, together with their respective amendments, additions and reforms.

The purpose of the document is to provide indications on the manner, timing and nature of the information that the Controller must provide to users when connecting to the SCORE web page, regardless of the purpose of the connection itself, in accordance with Italian and European legislation.

3. Scope of Application

This Privacy Policy applies to Rexilience’s processing of personal information of:

  • SCORE site users who want to use the service for their own vulnerabilities
  • Users of the SCORE site who wish to use the service to assess third-party vulnerabilities

 

Regarding the last point, it should be noted that users assessing third-party vulnerabilities are responsible for their own personal information collection and processing practices.

4. Purpose and legal basis of processing

The personal data of the users concerned are processed on the basis of the requests expressly made by the same, from time to time, through the Site.
In particular, all data collection and subsequent processing activities are aimed at pursuing the following purposes:

  1. use of the SCORE service;
  2. sharing of content on the Site;
  3. management of the service by third-party evaluators.
 
As explained above, users evaluating third parties have an obligation to inform them of the ways in which we collect and use personal information in this context, as well as an obligation to obtain their consent where appropriate.
Rexilience may also receive information about you through your interactions with SCORE and, therefore, this Privacy Policy informs you of how we process such personal information (see also 1.2, Scope).
 
  1. analysis, development, improvement and optimisation, operation and performance of SCORE;
  2. management of the security and operation of SCORE;
  3. commercial information activities;
  4. purposes connected with obligations under applicable laws or regulations, as well as provisions issued by the competent supervisory and control authorities/bodies.
 

 Therefore, the Controller has a legitimate interest in processing the user’s contact information and other related information in order to respond to the user’s requests and needs (including, therefore, the analysis, development, improvement and optimisation of SCORE’s performance), and, in relation to the customer, to process the user’s information as necessary to enter into or fulfil a contract.

Personal information for business activities is processed on the basis of the user’s consent.

Such information may inform the user of new product releases and service developments, notices, updates, conditions, events, offers and promotional campaigns (including through newsletters).

Rexilience will endeavour to optimise the marketing experience and communications to the user according to the interests expressed by the user.

The Owner will not use the data provided for purposes other than those related to the service listed above, to which the user has subscribed, or only within the limits indicated from time to time in the specific information accompanying the different and particular service requested by the user.

5. Cookies

Cookies are used in accordance with European and national legislation.

Please refer to the relevant section in Terms and Conditions for more detailed information.

6. Newsletter

Upon registration by the user, the user is included in a list of contacts to whom periodic update e-mails will be sent, also for promotion and marketing purposes.

7. Methods of data processing and storage

The data are processed with the procedures necessary to meet the user’s requests, respecting the provisions for their processing, as well as the applicable principles and responsibility of the Controller.

The data are stored in electronic archives located at the Data Controller’s headquarters and at servers controlled by the Data Controller and in any case located in the European Economic Area.

The information systems and computer programs used by Rexilience are configured to minimize the use of personal and identification data; data will be processed for the time strictly necessary to pursue the purposes for which they are collected and in any case not beyond the terms and limits defined by law.

In particular, for marketing purposes, the data will be kept until consent for that purpose is revoked.

Once the retention period has expired, the personal data will be destroyed, deleted or made anonymous, compatibly with the technical procedures of deletion and backup.

8. Types of data processed

Both the data necessary to follow up any requests made by users and the optional data that are not strictly necessary to process the request will be processed.

Any refusal on the part of the data subject to provide personal data or to give consent to processing, where required, will, in the first case, make it impossible for the Data Controller to fulfil the requests, while, in the case of optional data, it will result in partial and/or non-optimal performance.
 
The computer systems and procedures used to operate this site acquire, during their normal operation, navigation data such as IP address, date and time of access to the system, date and time of acceptance of the legal terms for use of the site.

 

9. Data provided voluntarily by the user

The personal data normally required for the use of the SCORE service are personal and contact data.

In general, personal data means information referring to an identified or identifiable natural person. It may include, for example, the user’s name, e-mail address, company contact details or information collected through the user’s interactions with us via the SCORE website.

No data belonging to particular categories of Article 9 of the GDPR are processed.

The information is provided by the user knowingly and voluntarily, releasing this Site from any liability for any breach of law.

It is up to the user to verify that he/she has the necessary permissions to enter personal data of third parties or content protected by national and international regulations.

10. Rights of the persons concerned

Users of the Site may exercise their privacy rights in accordance with applicable laws.

Users have several rights in relation to the processing of their information:

  • withdraw consent at any time
  • ask the Data Controller to confirm the existence of their personal data, their origin and purpose of processing, the categories of subjects to whom they may be communicated and the Data Controller’s identification;
  • request access to one’s personal data, ask for them to be corrected and/or supplemented, anonymised, deleted
  • request the restriction or oppose the processing in the cases provided for by the Applicable Privacy Law
  • exercise the right to portability
  • submit a complaint to the Garante per la Protezione dei Dati Personali, following the procedures and instructions published on the Authority’s official website at garanteprivacy.it

 

At any time the user may request to exercise the above rights to Rexilience, by contacting the following e-mail address: privacy@rexilience.eu

Furthermore, for any communication, request or report, you can send an email to the above-mentioned email address.

The information notice may be subject to changes and/or additions following the introduction of new regulations and/or requirements by Rexilience itself.