Axerve participates in IRX on October 12-13, come visit our stand IR60. Register now

Axerve participates in IRX on October 12-13, come visit our stand IR60. Register now

axerve_logo

Our Solutions

Unique and integrated solutions to manage payments in all shapes and forms in all online channels.

Information notice on the processing of personal data

(Retained EU Legislation) (EU 2016/679) (UK GDPR) (the “Regulation”) and the Data Protection Act 2018 (DPA 2018)

On this page, we inform you of the characteristics of the processing of your personal data carried out by Axerve S.p.A. (hereinafter 'Axerve). In particular, here, information is provided on:

  1. Who is the Data Controller?
  2. How can you contact the Data Protection Officer?
  3. What personal data are processed, for what purposes and on what legal basis?
  4. To whom may the data be disclosed?
  5. Can data be transferred to countries outside the European Economic Area?
  6. How long are data stored?
  7. What are your rights?
  8. Why could Axerve process special categories of data?
  9. How does marketing profiling activity work?
  10. How do we notify you of updates to this policy?
  11. Notice to you?
  12. Personal data protection glossary

1. Who is the Data Controller?

The Data Controller of your personal data is Axerve S.p.A., with registered office in Biella (BI) - 13900, Piazza Gaudenzio Sella, n. 1 - Tel. 015 2526511.

2. How can you contact the Data Protection Officer?

The Data Protection Officer (hereinafter also referred to as "DPO") may be contacted at the following addresses:

  • E-mail address: privacy@axerve.com
  • Postal address: Axerve S.p.A., Piazza Gaudenzio Sella n. 1, 13900 Biella - DPO

3. What data are or may be processed, on what legal basis and for what purposes are the data processed?

The processing concerns your personal data due to the following roles at Axerve's client (hereinafter, "Data Subject"):

  • legal representative/owner;
  • business contact person of the client;
  • company employee of the client.

In particular, Axerve process:

a. the following categories of personal data:

  • identifying and personal data (such as: name, surname, date and place of birth);
  • contact data (such as: e-mail address, telephone number);
  • information relating to the company (such as: company name, kind of business, VAT number, tax code, headquarters, contacts);
  • information relating to payments (such as: customer's payment account details, payee and payment transaction amount);
  • information on the product or service purchased;

to fulfilment a legal obligation to which the Axerve is subject, pursuant to Article 6(1)(c) of the Regulation, in order to comply with its obligations, with particular reference to regulations on taxation, anti-fraud, etc.

b. the following categories of personal data:

  • identifying and personal data (such as: name, surname, date and place of birth, gender);
  • contact data (such as: e-mail address, telephone number, PEC);
  • information relating to the company (such as: company name, kind of business, VAT number, tax code, headquarters, contacts);
  • information relating to payments (such as: merchant's payment account details, payee and payment transaction amount);
  • information on the product or service purchased;

in performance of a contract or of pre-contractual measures, including the management of judicial and extra-judicial disputes, and provide assistance to customers, including when signing contracts, pursuant to Article 6(1)(b) of the Regulation.

c. The following categories of personal data:

  • identifying and personal data (such as: name, surname, date and place of birth, gender);
  • contact data (such as: e-mail address);
  • information relating to the company (such as: company name, kind of business, headquarters);
  • information on the product or service purchased;

based on your consent, pursuant to Article 6(1)(a) of the Regulation and where consent is not required, on the basis of our legitimate interest pursuant to Article 6(1)(f) of the Regulation:

  • keep the documentation of the pre-contractual activities (e.g. quotations, requests for products and services) that did not end with the signing of the contract
  • to carry out activities which aim at the continuous improvement of the service offered, such as:
  • detection of the degree of satisfaction about the quality of the services;
  • the preparation of studies and market research;
  • marketing of its own products and services, those of companies of the Banca Sella Group and/or of third parties;
  • profiling activities to offer you personalized products and services that meet your needs.

d. The following categories of personal data:

  • identifying and personal data (such as: name, surname, date and place of birth, gender);
  • contact data (such as: e-mail address, telephone number, PEC);
  • information relating to the company (such as: company name, kind of business, headquarters);
  • information on the product or service purchased;

to pursue Axerve's legitimate interest to identify the recipients of the commercial offer in order to offering products and services that best meet customer needs, pursuant to Article 6(1)(f) of the Regulation. Axerve carries out a prior assessment of the impact of this activity on the rights, interests and freedoms of the recipients. In addition, Axerve allows the same data subjects to not benefit further from this service through the option of cancellation from the list provided at each occasion of contact.

Within the limits of the specific purposes indicated above, the processing of your personal data is carried out by manual, computer and telematic means. Axerve adopts organisational and technical measures to guarantee the security and confidentiality of your personal data.

4. To whom may the data be disclosed?

Axerve may communicate your data to third parties belonging to the following categories:

  • entities responsible for auditing and certifying the financial statements;
  • supervisory authorities and entities (Banca d'Italia, MEF, CONSOB, EBA, etc.);
  • public entities within the scope of communications provided for by law (e.g. Inland Revenue);
  • entities that manage debt collection or provide professional consulting, tax and legal assistance;
  • marketing and market research companies;
  • companies of the Sella Group, subsidiaries or associated companies pursuant to Article 2359 of the Italian Civil Code, which provide the technological (IT infrastructure) or other services (customer care);
  • service providers (as set out below, this may include by way of an example providing mailing, customer relationship management)

These persons, if the conditions are met, are appointed as Data Processors, pursuant to Article 28 of the Regulation.

5. Can data be transferred to countries outside the European Economic Area?

The Company may allow access to the data, in traced mode, to the company Sella India Software Services Private Limited, based in India, on the basis of standard contractual clauses, approved by the European Commission, to guarantee the adequacy of data protection, for the following activities:

  • profiling, as referred to in paragraph 8;
  • technical assistance, aimed at investigating and resolving anomalous situations, reported by customers or Axerve employees;
  • application testing for the purpose of commissioning.

Personal data are not stored at the foreign company but are accessed remotely and continue to reside in the Company's information system.

6. How long are data stored?

Axerve keeps the data in a form that allows the identification of interested parties for a period of time necessary to achieve the specific purposes of the processing, in compliance with contractual and/or regulatory obligations.
At the end of the storage period, personal data relating to Data Subjects will be stored in a form that does not allow them to be identified (e.g. irreversible anonymisation), unless their processing is necessary for one or more of the following purposes:

  • resolution of pre-litigation and/or litigation initiated before the expiry of the retention period;
  • follow up on investigations/inspections by internal control functions and/or external authorities initiated before the expiry of the retention period;
  • follow up on requests from Italian and/or foreign public authorities received by/notified to Axerve before the expiry of the retention period.

7. What are your rights?

We inform you that you, as a data subject, can exercise specific data protection rights, which are listed below:

  1. Right of access

    The right to obtain confirmation from the Data Controller as to whether or not personal data are being processed and, if so, to obtain access to personal data and detailed information on the source, purposes, categories of data processed, recipients of communication and/or transfer of the data and much more.

  2. Right to rectification

    The right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary declaration.

  3. Right to erasure (“right to be forgotten”)

    Right to obtain from the Data Controller the erasure of personal data without undue delay in the event that:

    • personal data are no longer necessary for the purposes of the processing;

    • the consent on which the processing is based is revoked and there is no other legal basis for the processing;

    • the personal data have been processed unlawfully;

    • personal data must be deleted in order to fulfil a legal obligation.

  4. Right to object to processing

    Right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the Data Controller and/or to processing for marketing purposes, including profiling. In case of opposition to the processing for marketing purposes, personal data are no longer processed for these purposes.

  5. Right to restriction of processing

    Right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is disputed (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has opposed the processing.

  6. Right to data portability

    Right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only for cases where the processing is based on consent or contract and only for data processed by electronic means.

  7. Right to lodge a complaint with the ICO

    without prejudice to any other administrative or judicial remedy, an individual who considers that his or her processing is in breach of the Regulation has the right to lodge a complaint with the ICO at the following link https://ico.org.uk/make-a-complaint/data-protection-complaints/.

We also inform you that, at any time, you have the right to withdraw the consent given to specific optional activities, without prejudice to the lawfulness of the processing performed prior to the withdrawal.

To exercise your rights, you may forward your request to the following addresses:

  • E-mail address: privacy@axerve.com
  • Postal address: Axerve S.p.A., Piazza Gaudenzio Sella n. 1, 13900 Biella - DPO

Axerve provides you with information regarding the action taken in relation to your request without undue delay and at the latest within one month from receipt of your request.

8. Why could Axerve process special categories of data?

Axerve does not require you to provide your particular data (by way of example but not limited to; personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or life, or the sexual orientation of the person). However, Axerve can incidentally process them to execute your specific requests for services and operations (e.g. request for payment of membership fees to political / trade union organizations, transfers to religious associations, etc.). For this reason, pursuant to art. 9 of the Regulation, the Data Controller is required to request your specific consent to the processing of these data. Axerve only processes this information to fulfil legal obligations and/or to perform the contract.

9. How does marketing profiling activity work?

Profiling activity to personalise the services and/or products we offer you concerns personal data that you provide directly and/or indirectly, as well as data available on social networks, websites, external databases (e.g. credit information systems) and public archives (e.g. ISTAT data). These data are processed, in pseudonymized form (therefore without identification of the subject), to evaluate your propensity to purchase a product of Axerve or of other Companies of the Banca Sella Group or of other third parties and to offer you, consequently, products and services that meet your needs.

The profiling activity is partly carried out by Sella India Software Services Private Limited, based in India.

We also inform you that your personal data are processed for profiling activities for direct marketing for a period not exceeding 12 months from their collection.

This processing activity takes place within the limits described in this information notice and it is subject to your optional consent. You have the right to object at any time to the profiling for the personalisation of the commercial offer. In case of opposition, your personal data will no longer be processed for this purpose.

10. How do we notify you of updates to this policy?

We may update this privacy policy from time to time and so we encourage you to periodically check the Privacy and Cookie page. When we change this privacy policy in a material way, we will update the "last modified" date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.

11. Notice to you

If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our website The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this privacy policy.

12. Personal data protection glossary

Personal Data Protection Authority
Independent administrative authority established by Italian Law no. 675 of 31 December 1996 responsible for supervising compliance with regulations on data protection.

Personal data
Pursuant to art. 4, paragraph 1, no. 1 of the Regulation, this means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Profiling
Pursuant to art. 4, paragraph 1, no. 4 of the Regulation, this means “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”

Regulation
Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Data processor
Pursuant to art. 4, paragraph 1, no. 8 of the Regulation, this means “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”

Data Protection Officer (DPO)
Figure introduced by the Regulation, with the main duties of informing and providing consulting to the Data Controller and Data Processors with respect to data protection; supervising observance of the Regulation; providing opinions on the data protection impact assessment; cooperating with the supervisory authority.

Data controller
Pursuant to art. 4, paragraph 1, no. 7 of the Regulation, this means “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data [...].”

Personal data processing
Pursuant to art. 4, paragraph 1, no. 2 of the Regulation, this means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

Last update on 01/06/2022