Online accounting software

Index
Preconditions
Art.1: Value of the pre-conditions
Art.2: Details about the consent to data processing
Art.3: Treatment of personal data by BizleMe
Art.4: Source of personal data
Art.5: Purpose of the processing of personal data
Art.6: Methods of data processing and duration of processing
Art.7: Categories of data being processed
Art.8: Categories of persons to whom the data can be communicated
Art.9: USER rights regarding personal data
Art.10: Cookie Policy
Art.11: Processing of third parties personal data - Ownership and specific obligations of the USER - Appointment as Data Processor

Preconditions
Please read this document carefully before accessing BizleMe services via a computer or mobile application (App).
This document constitutes the "INFORMATION ON CONFIDENTIALITY", drafted and prepared in accordance with and as implementation of EU legislation concerning the protection of personal data of persons and therefore, in particular:
- EU Regulation no. 679 of 27 April 2016 (RGPD/GDPR) on the processing and free movement of personal data;
Registration with BizleMe and, in any case, the start of the use of its services by the user of BizleMe (hereafter also referred to as the "USER") mean and prove for all intents and purposes that said USER:
- has given consent to the processing of personal data;
- has read and accepted this document and all the declarations, communications and conditions contained herein, as well as the appointment of BizleMe as Data Processor in the cases and within the limits indicated in art. 11 of this document;
- has read and accepted the Conditions of Contract between the USER and BizleMe (from here on also referred to as the CONTRACT).

Users are therefore informed that if they do not accept the contents of this document or its future updated versions, they must not proceed with the use of BizleMe.

Also for this purpose, the USER has a duty to periodically check the most recent version of this document, in particular at the web address https://www.BizleMe.com/it/privacy-policy/, which is also subject to change, among other reasons, following amendments to the laws currently in force with the possible creation of new laws and/or modifications and/or cancellation of the laws currently in force.

All this being said,
Art. 1) Value of the pre-conditions
The pre-conditions are an integral part of this document.

Art. 2) Details about consent for the processing of personal data
Registration with BizleMe and, in any case, start of use of the related services, imply consent on the part of the USER to the processing of personal data that the USER has entered and/or will enter in the BizleMe software for use of services.
In order for the consent given to represent properly informed consent, information concerning the methods which BizleMe uses for the processing of data and the particular responsibilities belonging to BizleMe and also to the USER regarding data protection are provided in the following articles.

Art. 3) Treatment of personal data by BizleMe
The USER's personal data will be processed by BizleMe Srl, with registered office in Campobasso, Via Altobello 3/A (CAP 86100), email info@BizleMe.com; for telephone contacts and specific e-mail addresses for each sector, please see the company's official website at www.BizleMe.com The telephone numbers indicated above are also valid as contact data of the appropriate BizleMe Office dedicated to the Protection of Personal Data (RPD/DPO), whose specific e-mail address is privacy@BizleMe.com.
The USER's personal data will be specifically processed by the administrators of BizleMe and by their authorised personnel, who are trained and trusted persons, adequately and legally responsible, accredited through specific and confidential authentication credentials, and in any case contractually bound by special obligations of confidentiality and secrecy.
The processing takes place in compliance with the criteria and obligations of confidentiality and protection of personal data provided for by EU legislation. BizleMe, among its various internal procedures, has established an obligation for its directors and employees to hold periodic meetings with each other in order to carry out a continuous evaluation and deepening on the subject of confidentiality in general and, specifically, on the verification of the correct functioning of the internal procedures used for the processing and protection of personal data and of the accuracy of its internal Impact Assessments.
The servers currently used by BizleMe are located in Campobasso, Via Altobello 3/A (CAP 86100), email info@BizleMe.com;these servers may at any moment be expanded and/or replaced; any such updates and changes will be included in this document and these changes will be communicated to all users currently registered and operational on the BizleMe systems using the e-mail address registered by the user.
As part of the development and testing of the software relating to its services, BizleMe uses only environments that contain no User data or, in cases where this is completely impossible, totally pseudonymised and/or blurred.
For the transfer of data in BizleMe, BizleMe uses the "https" security protocol, creates a complete backup every 24 hours, and makes use of the rest of the security measures indicated on the specific "security" page of the website, which will be updated whenever there are news and implementations. BizleMe has chosen to use the Register of processing tasks pursuant to art. 30 of EU Regulation no. 679/2016.

Art. 4) Source of the User's personal data
The personal data provided by the USER is collected by BizleMe directly from the USER, who enters this data independently in the appropriate fields provided in the web and mobile forms.

Art. 5) Purpose of the processing of personal data
BizleMe processes the personal data entered by the USER for the following purposes:
- execution of the contract between BizleMe and the USER;
- management of documents connected to the correct execution of the BizleMe services purchased by the USER (e.g. management of the document filing system in the USER files, reporting, the document sharing system with third parties indicated and/or chosen by the USER, etc.);
- contacts and correspondence between BizleMe and the USER;
- correct maintenance of BizleMe services;
- administrative and accounting internal management of the USER's personal data by BizleMe;
- fulfillment of obligations established by law or by regulations;
- performance required by administrative provisions or by orders of the competent Authorities; and all uses that fall within the legitimate interest of BizleMe as defined in art. 6 of the GDPR.

Art. 6) Methods of data processing and duration of processing
In relation to the purposes described in the previous article, the processing of personal data takes place using manual, paper, IT and digital tools, with a logic strictly related to the purposes described above and in any case such as to guarantee the security and confidentiality of the personal data and a processing that should generally be reduced to the tasks necessary for the provision of services.
The processing of the data provided by the USER may continue until the USER account has been canceled pursuant to the provisions of the CONTRACT as it relates to the cancellation of the account, provided that the keeping of this data is no longer required by BizleMe to prove a credit or for a legal situation relating to that USER that remains unsolved or unresolved.

Art. 7) Categories of data being processed
In relation to the purposes described in the previous article 5, BizleMe processes the USER's personal data other than the "sensitive" data referred to in articles 9 and 10 of the GDPR (e.g., among others, data that may unambiguously relate a person's name to genetic or health data, religious beliefs, criminal convictions, etc.)
In any case, the USER is encouraged not to enter sensitive third-party data into BizleMe, something that EU legislation prohibits without due consent.

Art. 8) Categories of persons to whom the data can be communicated?
For the pursuit of the purposes described above, BizleMe needs to transfer the personal data entered by the USER to third parties, who carry out the transmission, enveloping, transport and sorting of communications with the USER and between the USER and third parties. This is indicated in the data-sending and communications or sharing functions provided as part of the BizleMe services.
The personal data entered by the USER may also be made known to the Competent Authorities in the event of an order from them.
The data processed by BizleMe is not subject to general disclosures.

Art. 9) USER rights regarding personal data
As part of the implementation of the principles relating to the protection of confidentiality, the USER may exercise the following rights within the limitations imposed by the criteria of reasonableness, common sense and technical possibilities:
- they may request confirmation of the existence or lack thereof of data concerning them and in any case data entered by them;
- they may request information about the purposes and methods of the processing of the data as well as the logic applied in cases where the processing is carried out with the aid of automated electronic tools;
- they may ask for information about the subjects or categories of subjects to whom the personal data may be communicated or who may learn about it;
- they may request the cancellation and/or blocking of personal data that may be processed in violation of the law;
- they may ask for the deletion of the data entered by the USER in cases in which the USER cannot do this independently, by sending an express written request to BizleMe;
- may request the updating, rectification or, when appropriate, the integration of personal data in cases in which the User cannot do this independently;
- may oppose, for legitimate and relevant reasons, the processing of personal data concerning them which exceeds the processing necessary for BizleMe to fulfill the contract with the USER and perform the services the USER has purchased;
- they may object to the processing of personal data resulting from BizleMe's information and promotional activities relating to new services;
- they may file a complaint to the supervisory Authorities established by the law pursuant to art. 13, paragraph 2, lett. d) of the GDPR in cases of processing of personal data which have occurred in repeated violation of the law;
- they may request, in the event of termination of any contractual relationship with BizleMe, and only in the event that the USER has not been able to do it independently, to obtain the personal data entered by themselves in at least one of the structured formats that are commonly used and readable by automatic devices (this request must be made no later than the moment of the termination of the contractual relationship with BizleMe).
- they have the right to obtain answers to the requests provided here in a clear, transparent and concise form.
The requests provided here can be submitted to BizleMe in writing by means of an e-mail message to info@BizleMe.com. Before fulfilling the request, BizleMe may request from the USER further information and/or documents.

Art.10) Cookie Policy
In order to make its services as efficient and easy to use as possible, BizleMe can make use of cookies. These are small files which, when the USER visits the website or mobile application, are saved in the web browser directory of the User´s device.
The cookies that may be used by BizleMe are there to improve the USER's use of BizleMe services because:
- they allow for efficient navigation from one page of the website to another;
- memorize the preferences entered by the USER;
- if permitted by BizleMe, they make it possible to avoid entering the same information (such as username and password) several times during the same visit.
- measure the use of the services by the USER in order to optimize the browsing experience and the services themselves.
The installation of cookies and other tracking systems operated by third parties on the web cannot be technically controlled; therefore, any specific reference to cookies and tracking systems installed by third party web operators that is expressly present on the website and/or mobile application is to considered merely as an indication. Whenever traffic analysis and recording tracking services such as Google Analytics or other tools from other web operators are expressly operating on the BizleMe pages, the USER, in order to view the related privacy policy and to potentially avoid any tracking, must use the special tools made available by that specific web operator.

Art. 11) Processing of third parties personal data - Ownership and specific obligations of the USER - Appointment as Data Processor
Taking also into account the particular operating methods of the services offered by BizleMe, as described in the CONTRACT (see in particular articles 2, 3 and 4), the USER is responsible for all third party data they themselves enter which are then processed as part of the use of the services purchased from BizleMe. This is especially true when it comes to the protection of the confidentiality of the personal data of said third parties.
Therefore, without prejudice to BizleMe's tasks and responsibilities aimed at establishing adequate IT security when it comes to the BizleMe's IT infrastructure in which the data is to be entered, with the methods and limitations indicated in the CONTRACT, the USER acknowledges and accepts the following: the USER is the sole holder and the sole party responsible for the entering and processing personal and other data they enter into the BizleMe fields reserved for this purpose and in the documents created as a result (e.g. invoices, files, lists, address books, e-mails, etc.) and for its third parties, customers, suppliers, collaborators, etc., and therefore assumes exclusively all legal obligations and/or operational-practical obligations applicable according to EU and Italian legislation on the protection and security of personal data in relation to such data entry and processing, also more specifically as Data Controller, including, by way of example: a) information to interested third parties,
b) prior acquisition of the consent of interested third parties where mandatory, c) any assessment of the impact on the risks related to processing; d) obtaining the prior consent of third parties that may be necessary for the assignment of phases of the processing of personal data to other owners or managers of the processing, e) response to and fulfillment of potential requests for information made by interested third parties on the processing carried out, blocking or revoking consent, opposition to the processing or cancellation of personal data;
the USER assumes the same ownership and responsibilities indicated in the previous paragraph exclusively, also and especially, when it comes to the transfer of the data related to third parties that the USER (or anyone on their behalf) carries out through the services offered by BizleMe (such as sharing with an accountant, sending mail, etc.), also considering that Internet transmission to third parties is a medium whose security BizleMe cannot guarantee in any way;
In any case, the USER ensures and guarantees that, at the time they enter third-party personal data in BizleMe, they will have already obtained from said third parties, where necessary, the authorisation and the express consent to the processing of personal data and also the authorisation, where necessary, for entry of the data in third-party systems such as BizleMe.
After the User, holder of the responsibilities, ownerships and functions indicated above, has entered the personal data of third parties in BizleMe, BizleMe itself will only and exclusively undertake, as indicated above, the performance of the following stages of processing:
1) storage, with the methods and limitations indicated in the CONTRACT, of that personal data in its IT infrastructure for the duration and with the methods indicated in the CONTRACT between BizleMe and the USER;
2) performing only the tasks related to the maintenance of adequate IT security of the storage itself and of the data in order to prevent damage from external intrusions and from undue and/or illegal dissemination, using the methods and with the limitations indicated in the CONTRACT;
3) satisfaction before the USER and upon claim of the USER's rights indicated in the previous article 9;
4) fulfillment of processing tasks strictly necessary for the correct execution of the services covered by the Contract for the benefit of the USER.
The aforementioned processing activities referred to in the earlier points 1) and 2) and directly expected from BizleMe will be carried out by BizleMe itself, only as related to these aforementioned tasks, under its assignment as the party Responsible for the processing of personal data, for and for the benefit of the USER only, for the USER's activities for which the appointment of BizleMe as Data Processor is legally necessary in order to be able to enter data in BizleMe, and in any case only for the duration of the CONTRACT and no longer than that (under this profile and in this context, the acceptance of the Contract and the Information has the value of appointment by the USER, of BizleMe as Data Processor in the terms indicated in this document); the USER acknowledges and accepts this and also that, in this context and in this respect, the relationship between the USER and BizleMe is and will always be governed solely and exclusively by the provisions contained in the Contract Conditions and in this document, and also that the processing of personal data by BizleMe takes place and will always take place using the methods and procedures, including technical and safety-related, chosen and institutionally used by BizleMe itself (such as those indicated in this document and in the Contract Conditions), in relation to which the USER will be able to (and must before using the services, if it is essential to them) request and obtain further information, as implementation of their rights listed in art. 9, but cannot by right request changes that BizleMe reasonably believes it cannot or should not make; by registering with BizleMe and in any case with the beginning of the use of the services, the USER therefore accepts and recognizes that the aforementioned procedures and processing methods used by BizleMe guarantee a level of protection that is adequate to the risk as regards the needs of the USER and the personal data they have entered.
It is understood that any important changes and/or further improvements to the methods and procedures of data processing that BizleMe may put in place in the future will be communicated to Users through publication on the BizleMe website.
Without prejudice to the foregoing, should BizleMe receive requests or complaints related to the processing of data from third parties whose personal data the USER has entered in BizleMe, it can only advise the interested parties themselves to contact the USER-data owner of the processing directly, and it will warm the USER about it as well, where it is appropriate and not too onerous; it is understood that this courtesy task by BizleMe is not at all mandatory because it does not fall in any way under the services purchased by the User, nor under the contractual obligations of BizleMe, given that: only the USER has a relationship with the aforementioned interested third parties; only the USER has full legal responsibility and full operational management of said relationship with interested third parties; only the USER is the contact point for the processing of data of interested third parties and therefore it is exclusively the USER who must respond to the aforementioned requests.
Always in the context of a non-professional courtesy task and in any case not included in the professional and/or contractual obligations, BizleMe will be able to, where it is compatible with the business activity at that specific moment and only as a courtesy, always within the limits of the reasonably possible, provide the USER with information that could be useful to the USER so that they can respond to the aforementioned third party requests, always, of course, provided that the USER has requested it with adequate notice.
Finally, in any case, BizleMe reserves the right not to perform the processing and thus the storage of personal data entered by the USER if it becomes aware that the entering of the data itself and/or the processing are in violation of EU or Italian rules on confidentiality and/or protection of personal data; in this case, it will of course notify the User, who may not complain about this in any way.

11.1 Appointments by BizleMe
For the USER, registration with BizleMe also means allowing BizleMe to potentially appoint its own Data Processors, who, of course, will carry out the processing with adequate technical and organisational measures in place and, in any case, only within the limits of what is necessary for the provision of services