1. Information on the privacy of the site
2. Data controller
The Data Controller of the processing of personal data (hereinafter also simply “data”) is Rexilience s.r.l., P.IVA IT12011490963, with registered office in Corso Venezia, 54, Milan (hereinafter the “Data Controller” or the “Company”).
This section contains information regarding the management of SCORE, owned by Rexilience, with reference to the processing of personal data collected through the site itself.
This information, in compliance with the provisions of Law 196/2003, is provided pursuant to EU Regulation 679/2016 ss.mm.ii. (hereinafter referred to as “GDPR”) and the international, European and Italian laws on the processing of personal data, to the extent of their applicability, together with their respective amendments, additions and reforms.
The purpose of the document is to provide indications on the manner, timing and nature of the information that the Controller must provide to users when connecting to the SCORE web page, regardless of the purpose of the connection itself, in accordance with Italian and European legislation.
3. Scope of Application
This Privacy Policy applies to Rexilience’s processing of personal information of:
- SCORE site users who want to use the service for their own vulnerabilities
- Users of the SCORE site who wish to use the service to assess third-party vulnerabilities
Regarding the last point, it should be noted that users assessing third-party vulnerabilities are responsible for their own personal information collection and processing practices.
4. Purpose and legal basis of processing
The personal data of the users concerned are processed on the basis of the requests expressly made by the same, from time to time, through the Site.
In particular, all data collection and subsequent processing activities are aimed at pursuing the following purposes:
- use of the SCORE service;
- sharing of content on the Site;
- management of the service by third-party evaluators.
- analysis, development, improvement and optimisation, operation and performance of SCORE;
- management of the security and operation of SCORE;
- commercial information activities;
- purposes connected with obligations under applicable laws or regulations, as well as provisions issued by the competent supervisory and control authorities/bodies.
Therefore, the Controller has a legitimate interest in processing the user’s contact information and other related information in order to respond to the user’s requests and needs (including, therefore, the analysis, development, improvement and optimisation of SCORE’s performance), and, in relation to the customer, to process the user’s information as necessary to enter into or fulfil a contract.
Personal information for business activities is processed on the basis of the user’s consent.
Such information may inform the user of new product releases and service developments, notices, updates, conditions, events, offers and promotional campaigns (including through newsletters).
Rexilience will endeavour to optimise the marketing experience and communications to the user according to the interests expressed by the user.
The Owner will not use the data provided for purposes other than those related to the service listed above, to which the user has subscribed, or only within the limits indicated from time to time in the specific information accompanying the different and particular service requested by the user.
5. Cookies
Cookies are used in accordance with European and national legislation.
Please refer to the relevant section in Terms and Conditions for more detailed information.
6. Newsletter
Upon registration by the user, the user is included in a list of contacts to whom periodic update e-mails will be sent, also for promotion and marketing purposes.
7. Methods of data processing and storage
The data are processed with the procedures necessary to meet the user’s requests, respecting the provisions for their processing, as well as the applicable principles and responsibility of the Controller.
The data are stored in electronic archives located at the Data Controller’s headquarters and at servers controlled by the Data Controller and in any case located in the European Economic Area.
The information systems and computer programs used by Rexilience are configured to minimize the use of personal and identification data; data will be processed for the time strictly necessary to pursue the purposes for which they are collected and in any case not beyond the terms and limits defined by law.
In particular, for marketing purposes, the data will be kept until consent for that purpose is revoked.
Once the retention period has expired, the personal data will be destroyed, deleted or made anonymous, compatibly with the technical procedures of deletion and backup.
8. Types of data processed
Both the data necessary to follow up any requests made by users and the optional data that are not strictly necessary to process the request will be processed.
9. Data provided voluntarily by the user
The personal data normally required for the use of the SCORE service are personal and contact data.
In general, personal data means information referring to an identified or identifiable natural person. It may include, for example, the user’s name, e-mail address, company contact details or information collected through the user’s interactions with us via the SCORE website.
No data belonging to particular categories of Article 9 of the GDPR are processed.
The information is provided by the user knowingly and voluntarily, releasing this Site from any liability for any breach of law.
It is up to the user to verify that he/she has the necessary permissions to enter personal data of third parties or content protected by national and international regulations.
10. Rights of the persons concerned
Users of the Site may exercise their privacy rights in accordance with applicable laws.
Users have several rights in relation to the processing of their information:
- withdraw consent at any time
- ask the Data Controller to confirm the existence of their personal data, their origin and purpose of processing, the categories of subjects to whom they may be communicated and the Data Controller’s identification;
- request access to one’s personal data, ask for them to be corrected and/or supplemented, anonymised, deleted
- request the restriction or oppose the processing in the cases provided for by the Applicable Privacy Law
- exercise the right to portability
- submit a complaint to the Garante per la Protezione dei Dati Personali, following the procedures and instructions published on the Authority’s official website at garanteprivacy.it
At any time the user may request to exercise the above rights to Rexilience, by contacting the following e-mail address: privacy@rexilience.eu
Furthermore, for any communication, request or report, you can send an email to the above-mentioned email address.
The information notice may be subject to changes and/or additions following the introduction of new regulations and/or requirements by Rexilience itself.