Skip to main content

Privacy Policy

Contents

  • Recitals
  • Art. 1) - Value of the recitals
  • Art. 2) - Giving consent to the processing of data
  • Art. 3) - The processing of personal data by Fattura24/Desktale
  • Art. 4)Categories and sources of personal data processed
  • Art. 5) - Why we process data
  • Art. 6) - How we process data and for how long
  • Art. 7) - Categories of recipient to which the data may be disclosed
  • Art. 8) - Personal data rights
  • Art. 9)Cookie notice – consent management
  • Art. 10) - Managing consent for certain Desktale services
  • Art. 11) - Processing third-party personal data – Control and specific obligations of the ORGANIZATION – Fattura24’s obligations – Appointment of a Data Processor – Processing instructions
  • Art. 12) - Fattura24’s use of data controllers and sub-processors

RECITALS

Please read this document carefully before you begin using Desktale.

This document constitutes the Privacy Policy of Desktale, an experimental service created by Fattura24 Srl (hereinafter also “Fattura24”).

At the same time, this document also constitutes the privacy policy agreement between the natural or legal person using Desktale’s services (hereinafter also the “ORGANIZATION” or, in the plural, “ORGANIZATIONS”) and Fattura24 Srl as the owner of Desktale and the related services.

This document has been created and drawn up under EU and Italian personal data protection laws, consisting of the following:

  • Regulation (EU) 679 of 27 April 2016 (GDPR) on the processing and free movement of personal data;
  • Italian implementing legislation (Legislative Decree 196 of 30 June 2003).

Registering with Desktale and otherwise beginning to use the services shall be understood to imply that the ORGANIZATION:

  • has given consent for the processing of its personal data;
  • has read and accepted this document and all the statements, notices and conditions herein, and has agreed to Fattura24 Srl acting as Data Processor for the activities and within the limits indicated in art. 11 of this document;
  • has read and accepted the further terms and conditions in the contract between the USER and Fattura24 relating to the purchase or use of Desktale’s services (hereinafter also the “CONTRACT”).

Anyone who does not accept the terms and conditions set out in this document, or in any future revised versions thereof, is requested not to proceed with the use of Desktale.

For this purpose, the ORGANIZATION should periodically visit the web address https://www.desktale.com/privacy/ to view the latest version of this document, which may be revised in response to, among other reasons, the introduction of new or different practices rendered necessary or appropriate following, for example, changes to legislation and/or changes introduced by the relevant data protection authority.

ART. 1) VALUE OF THE RECITALS

The recitals form an integral part of this document.

Registering with Desktale and otherwise beginning to use the related services shall imply that the ORGANIZATION has given its consent to the processing of the personal data that the ORGANIZATION itself has entered and/or will enter into Desktale’s software in order to use the services.

To ensure that such consent is correctly informed, the following articles contain information concerning the way in which Fattura24, as the owner of Desktale, processes the data and the particular obligations to which Fattura24 Srl/Desktale and the ORGANIZATION are subject in relation to protection of the personal data of the ORGANIZATION, its users and third parties.

ART. 3) THE PROCESSING OF PERSONAL DATA BY FATTURA24/DESKTALE

The personal data provided by the ORGANIZATION when using Desktale’s services is processed by Fattura 24 Srl, with registered office in Rome at Via Benedetto Croce 19 (Italy - postcode 00142), VAT no. 11359591002, REA no. RM 1296997, email info@fattura24.com. Please see the telephone contacts provided on the websites www.fattura24.com and www.desktale.com.

The same telephone numbers shown above may also be used to contact Fattura24’s Data Protection Office (DPO), whose email address is privacy@fattura24.com.

The ORGANIZATION’s personal data is processed by Fattura24 acting as controller. The control and processing of third-party personal data provided by the ORGANIZATION are governed by art. 11 of this document.

Data is processed in compliance with EU and Italian privacy and personal data protection laws.

Personal data is effectively processed by Fattura24’s directors and appropriately trained and trusted personnel with suitable legal accountability, specifically authorised/appointed and provided with specific, confidential authentication credentials, and otherwise under contractual obligations requiring them to maintain absolute confidentiality and privacy.

In carrying out their day-to-day duties, Fattura24 personnel, including those providing user assistance (naturally also for Desktale), are also expressly required to follow the procedures contained in specific “Confidentiality guidelines” drawn up by Fattura24. The guidelines contain further guidance and rules of conduct designed to protect personal data and safeguard the ORGANIZATION’s rights.

Fattura24 has adopted a Quality Management System (and the related Manual) and, among its internal procedures, has introduced:

  • the obligation for directors and personnel to conduct periodic internal audits of the quality of the company’s operations and, in particular, including with regard to privacy in general, of the correct functioning of the internal procedures used in processing personal data, identifying any necessary changes to the Data Protection Impact Assessments carried out (including those specifically relating to Desktale);
  • an internal privacy audit procedure to enable Fattura24’s directors to identify and address any privacy or data breaches.

Fattura24 Srl’s Quality Management System has obtained ISO 9001:2015 certification.

In providing services to ORGANIZATIONS and in managing and storing the data they provide, including the data provided when using Desktale’s services, Fattura24 uses servers currently located at the innovative Data Centre operated by Aruba, a well-established Italian company, that is ISO 27001 and CISPE (Cloud Infrastructure Services Providers Europe) certified, and at the European data centre in the Netherlands operated by Wasabi (ISO 27001 certified and equipped with data protection systems meeting Security Standards Council - PCI DSS standards). Both operators are of course subject to the requirements of the GDPR and their respective privacy notices are published on their websites (for more information, please see the “Security and external services” pages on the websites at www.desktale.com and www.fattura24.com).

To transfer data to Fattura24 and Desktale, Fattura24 uses the “https” security protocol (with the SSL “Secure Sockets Layer” protocol), conducts a full backup of the system every 24 hours, is equipped with a diagnostics system for its systems, and adopts the other security measures described in the specific “Security and external services” page on the website. This page is updated to reflect any changes or additions.

In developing and testing the software used in providing its services, including those offered by Desktale, Fattura24 only utilises environments that do not involve the use of user data or, if this is not possible, that only use anonymised and/or pseudonymised data.

Fattura24 has chosen to maintain a record of processing activities, as provided for in article 30 of Regulation (EU) 679/2016.

ART. 4) CATEGORIES AND SOURCES OF PERSONAL DATA PROCESSED

The data processed is above all the ORGANIZATION’s personal data (for example, name/surname or entity name, address, tax code, VAT number, email, certified email, tax details, etc.) needed by the ORGANIZATION when opening an account with Desktale, to subscribe for or register for certain Desktale services, and that the ORGANIZATION itself enters independently into the specific fields during registration and in the user interface.

The data processed also includes the data entered by the ORGANIZATION itself when effectively using Desktale’s services, functions and software, for example:

  • to create and manage its internal users enabled to use the ORGANIZATION’s Desktale account (names, email addresses, etc.);
  • to create and send responses to tickets, messages, requests for assistance or information (collectively referred to hereinafter as “messages”) from third-party customers or data subjects (hereinafter “customers-subjects”) via Desktale’s services.

Other data processed by Fattura24/Desktale in order to enable the ORGANIZATION to begin using Desktale’s services include:

  • messages from the ORGANIZATION’s customers-subjects received by Desktale via the ORGANIZATION’s email provider;
  • notes and messages that the ORGANIZATION’s internal users exchange with each other when using the Desktale account.

Fattura24 generally processes personal data that is not sensitive as defined in articles 9 and 10 of the GDPR (including, for example, data capable of uniquely linking a person’s name with confidential genetic data or data concerning health, religious beliefs, criminal convictions, etc.).

In any event, when using Desktale, USERS are requested not to enter or cause to enter, without the consent of the relevant data subjects, sensitive third-party data where such entry is prohibited under EU and Italian privacy and personal data protection laws without the consent of the data subjects concerned.

ART. 5) WHY WE PROCESS DATA

Fattura24 processes the data entered by the ORGANIZATION for the following purposes:

  • to perform the contract between Fattura24 and the ORGANIZATION covering Desktale’s services;
  • to manage documents connected with the correct provision of the Desktale services purchased by the ORGANIZATION (for example, to manage the systems used to store data and documents in the areas made available to the ORGANIZATION, reporting systems, ticket and service request management systems, etc.);
  • contacts and correspondence between Fattura24/Desktale and the ORGANIZATION (including after the opening of a ticket by Fattura24/Desktale when providing assistance or information);
  • the correct provision and maintenance of Desktale’s services;
  • to manage the ORGANIZATION’s personal data for Fattura24/Desktale’s administrative, statutory and accounting purposes;
  • to comply with legal and regulatory obligations;
  • to comply with administrative requirements or by order of the relevant authorities;
  • to defend itself in legal proceedings brought by the ORGANIZATION;
  • usage in the pursuit of Fattura24/Desktale’s legitimate interests, as defined in art. 6 of the GDPR.

The legal basis for the processing rests above all, therefore, on Fattura24’s right or need to correctly enter into a contractual agreement with the ORGANIZATION for the provision of Desktale’s services, on the need to meet the resulting contractual obligations in respect of the ORGANIZATION and to manage, in accordance with the law, the relationship entered into. Other legal bases are founded on legal principles and laws and regulations that require, provide for or permit the processing in the above cases.

ART. 6) HOW WE PROCESS DATA AND FOR HOW LONG

With regard to the purposes described in the above article, personal data is processed manually in paper, electronic and telematic form, on a basis closely linked with the above purposes and otherwise in such a way as to guarantee the security and confidentiality of the personal data. In general, processing is limited as far as possible to the activities necessary to provide the services and manage the relationship with the ORGANIZATION.

Processing of the data entered by the ORGANIZATION may continue until the ORGANIZATION’s account has been closed under the terms of the CONTRACT governing closure of the account. Fattura24 may in any event continue to process and retain certain information where still needed by Fattura24 in the pursuit of its legitimate interests under the GDPR, or as proof of a claim or where legal proceedings involving the ORGANIZATION remain unsettled or unresolved, or otherwise in application of statutory, accounting or tax principles, rules or requirements, or in compliance with specific rulings or orders issued by the relevant authorities.

ART. 7) CATEGORIES OF RECIPIENT TO WHICH THE DATA MAY BE DISCLOSED

Unless as otherwise stated in article 3 regarding the location of its servers, to pursue the purposes described above, including the correct provision of services to the ORGANIZATION, it is necessary for Fattura24 to disclose certain personal data entered by the ORGANIZATION to third parties responsible for the transmission, enveloping, transport and sorting of correspondence (for example, emails) between it and the ORGANIZATION.

If Fattura24/Desktale’s use of a particular external service should involve, due to the geographical location of the servers operated by a specific provider, allocation of the data relating to the service to servers located outside the European Union, Fattura24 will disclose the nature of the specific recipient and its compliance with the GDPR in the specific “Security and external services” page on its website.

The personal data entered by the ORGANIZATION may be disclosed to the relevant authorities if required by law and/or when ordered to do so by such authorities. The data processed by Fattura24 is not otherwise disclosed.

ART. 8) Personal data rights

In implementation of privacy principles, within the limits imposed by reasonableness and good sense and technical capabilities, the ORGANIZATION may exercise the following rights:

  • it may request confirmation of the existence or not of data concerning it and data otherwise entered by it;
  • it may request information on the related purposes and the manner in which the data is processed and on the approach applied in the event of data processed using automated electronic means;
  • it may request information on the recipients or categories of recipient to which the personal data may be disclosed or who may have access to it;
  • it may request that any personal data processed in breach of the law be erased and/or removed;
  • it may expressly request, in writing, that Fattura24 erase the data entered by the ORGANIZATION on the basis that it cannot do so independently;
  • it may request the update, amendment or, if of interest, the addition of personal data on the basis that it cannot do so independently;
  • it may object, for legitimate and material reasons, to the processing of its personal data that goes beyond the scope of the processing described in articles 4 and 5 above;
  • it may object to the processing of its personal data following advertising and promotional initiatives conducted by Fattura24/Desktale in relation to new services;
  • it may, in the event of the processing of personal data that repeatedly breaches the law, complain to the supervisory authority provided for under Italian law in accordance with art. 13, paragraph 2(d) of the GDPR;
  • in the event of termination of the contract with Fattura24/Desktale, and when it has been unable to do so independently, it may obtain the personal data entered using at least one of the commonly used, machine-readable formats (this request must be made before termination of the contract with Fattura24 regarding Desktale’s services);
  • it has the right to be notified by Fattura24/Desktale when, following a security incident involving Desktale, Fattura24/Desktale becomes aware that the incident has involved the ORGANIZATION’s personal data and that the security of the data has been put at serious risk;
  • it has the right to obtain clear and transparent responses to any of the above requests.

The above requests may be made in writing in a reasoned email message sent to assistenza@fattura24.com and addressed to Fattura24/Desktale which, before fulfilling the request, may ask the ORGANIZATION for additional information and/or documents.

ART. 9) COOKIE NOTICE – CONSENT MANAGEMENT

Websites may use a series of tools to gather information on how visitors use the specific site. These include cookies, which are generally a file or a string of text, capable of memorising certain browser data, and which can be installed on the device of the person visiting the website (a computer, tablet or mobile phone) through a browser function (stored in a specific cookie directory or, in a broader sense, in local storage).

Technical and functional cookies

Via Desktale’s website, Fattura24 may install and store technical cookies on your device (or data-text that can be inserted into local storage). These are necessary to provide certain functions included in the services provided to the USER by Fattura24.

For example, use of these cookies allows Fattura24/Desktale:

  • to identify the computer of the ORGANIZATION browsing, avoiding the need, for example, to enter the same information multiple times during the same visit, such as login details (session cookies, cancelled at the end of the session);
  • to “remember” if the ORGANIZATION, when logging in again, had previously opted, within the Desktale user interface, for certain viewing options (persistent technical cookies that remain until the history is deleted).

Analytics and marketing cookies

Fattura24 may use its technical services (including those developed using enabling software belonging to third-party providers), which, through the web browser, install two types of cookie on devices used to visit Desktale. These register the data that Fattura24 in any event memorises solely and exclusively on its own servers (see article 3 above).

Where installed, the first type of cookie, strictly of the technical or analytics type, may allow Fattura24 to collect general information on the number of visitors to the website and on how they browse.

The information that Fattura24 may collect in this way includes, for example:

  • the specific browser used to visit the website;
  • the size of screen used;
  • the particular device used (computer, tablet or mobile phone) and the related operating system;
  • the browser language;
  • the most visited and read pages.

If this type of cookie is installed, this information will be collected in anonymous form and aggregated and Fattura24 will use it to improve Desktale’s website and its content and to optimise the viewing experience and use of the services (for example, depending on the most used device or screen).

A second type of cookie, a marketing or profiling cookie that Fattura24 may use for Desktale (and that is in any event disabled by default) enables the collection of more detailed data on how Desktale is used by a specific visitor. This could form the basis for advertising campaigns, with Desktale adverts appearing during a visitor’s browser sessions personalised based on the visitor’s recorded preferences; were Fattura24 to install this type of cookie, particularly if a third-party cookie, the visitor can in any event decide not to give consent for its use and for it to be tracked (see consent management below).

Further information on cookies may be contained in the “Security and external services” page on Desktale’s website, which you are invited to consult.

Giving, refusing and managing consent – other ways to disable cookies

When fully operational, the footer banner on the home page of Desktale’s website will include a “Manage cookie settings” function. This will enable the visitor to see which categories of cookie are used by Desktale and for which of these categories they have given or refused consent. The same function will also allow the visitor to change their previous settings.

Generally, the cookies may also be disabled using the block or disable functions provided by browsers in their respective general “settings” sections (generally found in sub-sections with names such as "Privacy and Security" or "Cookies and other site data" or with other similar names).

Periodically clearing the browser history can also help to delete any cookies. Clearing the history may also clear any references to old cookies on your browser previously used by third parties but now inactive (such as those used by Google Analytics, with regard to which please also see the following link for information on how these cookies work).

Indiscriminately disabling all cookies (without distinguishing between the various websites) could compromise certain functions and affect your ability to use Desktale’s website.

If Fattura24 were to launch additional Desktale services such as a newsletter or the sending of periodic email communications, Fattura24 will add a specific consent management section (yes/no) to the ORGANIZATION’s Desktale user interface.

ART. 11) PROCESSING THIRD-PARTY PERSONAL DATA – CONTROL AND SPECIFIC OBLIGATIONS OF THE ORGANIZATION – FATTURA24’S OBLIGATIONS – APPOINTMENT OF A DATA PROCESSOR – PROCESSING INSTRUCTIONS

With regard to such matters, it should above all be noted that, in relation to any third-party data entered by the ORGANIZATION and processed when using Desktale’s services and to the entry of such data, the ORGANIZATION is subject to certain statutory requirements, rules and safeguards provided for in the CONTRACT.

With regard to such data, the respective roles of the ORGANIZATION and Fattura24 are set out below, according to the different stages and activities involved in the related processing.

As concerns the ORGANIZATION, the ORGANIZATION acknowledges and accepts the following:

  • the ORGANIZATION is the sole controller with regard to the processing of third-party personal (or other) data (customers, data subjects, internal users, sub-contractors, etc.) by the ORGANIZATION itself (or on its behalf) entered into or received by the Desktale account and the fields and tools utilised when using Desktale’s services (for example: messages from and to customers-subjects, emails, ticket responses and notes, storage, lists, etc.);
  • without affecting the responsibilities of Fattura24 described below, in relation to the above entry and processing of data, as data controller, the ORGANIZATION thus assumes sole responsibility for meeting the applicable statutory and/or operational and practical obligations imposed by the EU and Italian data protection laws in force, including, for example, those relating to: i) the notification of third-party data subjects; ii) the need to obtain prior consent from third-party data subjects where obligatory; iii) the potential conduct of a data protection impact assessment; iv) the need to obtain prior consent from third-party data subjects if required when assigning responsibility for stages of the processing to additional controllers or processors; v) the response to and fulfilment of any requests from third-party data subjects for information on the processing, on the refusal or withdrawal of consent, on objections to processing or on the deletion of personal data;
  • the ORGANIZATION also exclusively assumes the same controllerships and responsibilities referred to above if the data in question is transferred to additional third parties by the ORGANIZATION (or a person acting on its behalf) when using Desktale’s services (for example, the sharing of messages received from the ORGANIZATION’s customers or subjects with third parties), also taking into account the fact that Fattura24 can in no way guarantee the security of any data shared with third parties via the internet;
  • the ORGANIZATION must in any event ensure and guarantee that, when entering third-party personal data into Desktale, it will have obtained authorisation and express consent from such third parties, where necessary, for the processing of the personal data and authorisation, where necessary, for the entry of such data into third-party systems such as those operated by Fattura24/Desktale.

Having assumed the above responsibilities, controllerships and functions, once the ORGANIZATION has entered the third-party personal data into Fattura24’s systems, Fattura24 will assume sole and exclusive responsibility for performing the following processing stages, subject to the procedures and limitations established in the CONTRACT:

  • a) storage of the personal data in its IT systems for the duration and according to the procedures indicated in the CONTRACT between Fattura24 and the ORGANIZATION;
  • b) performance of the sole activities involved in ensuring adequate IT security and protection of the stored data from damage, external intrusion or unauthorised and/or unlawful disclosure;
  • c) the fulfilment of requests - if legitimate, detailed and reasoned (and made sufficiently in advance) – from the ORGANIZATION, in implementation of the applicable provisions of art. 28 of the GDPR, requesting Fattura24, for verification purposes, to provide information and evidence of the steps taken, in relation to Desktale’s services, to comply with a particular obligation under the GDPR with regard to one of the tasks indicated in letters a and b above (Fattura24 will respond if technically and economically feasible and response times are dependent on how busy the company is at the time of the request);
  • d) performance of the processing activities strictly necessary for correct provision of the services covered by the CONTRACT with the ORGANIZATION (for example, making available data in the Desktale user interface) and correct management of the relationship with it;
  • e) satisfaction of the ORGANIZATION’s requirements, and at its request, fulfilment of the ORGANIZATION’s rights as indicated above in article 8.

The above indicated processing activities (as described under letters a, b, c and d) to be performed by Fattura24 will be carried out by Fattura24, only in relation to such tasks, in its role as Data Processor for the personal data, for and for the sole benefit of the ORGANIZATION, and in any event only for the duration of the CONTRACT and for no longer; in this respect and within this context, acceptance of the CONTRACT and of this Privacy Policy implies that in using Desktale’s services, the ORGANIZATION has appointed Fattura24 as Data Processor within the terms set out herein. The ORGANIZATION acknowledges and accepts this and also that, also within this context and in this respect, the relationship between the ORGANIZATION and Fattura24 is and will be in any event governed solely and exclusively by the terms of this CONTRACT and this document, and also that processing of the personal data by Fattura24 takes place and will take place according to the methods and procedures chosen and adopted by Fattura24, including those of a technical and security-related nature (such as those indicated in this document and the CONTRACT). The ORGANIZATION may (and must before using the services, if considered essential) request and obtain further information on such methods and procedures in accordance with the rights indicated in article 8.

By registering with Desktale and by in any event beginning to use Desktale’s services, the ORGANIZATION will thus have accepted and acknowledged that the above processing procedures and methods used by Fattura24:

  • guarantee an adequate degree of risk protection in relation to the ORGANIZATION’s needs and the personal data entered by it in order to use Desktale’s services;
  • constitute instructions that Fattura24 must comply with when processing the data in question.

This does not affect the fact that any major changes and/or further improvements to the data processing methods and procedures made by Fattura24 in future in relation to Desktale’s services will be notified to the ORGANIZATION via publication on Desktale’s website and/or in the ORGANIZATION’s user interface.

Without affecting the above, if the ORGANIZATION makes a detailed, reasoned request for improvements to specific processing methods, Fattura24 will assess their legal, technical and economic feasibility. If it believes them to be possible and appropriate (at its sole discretion), Fattura24 may then proceed to research and develop such improvements; in any event, Fattura24 will respond to the ORGANIZATION making the request.

Fattura24 naturally undertakes to ensure the utmost confidentiality and to comply with all mandatory provisions under the GDPR and Italian implementing legislation.

If Fattura24 receives requests or complaints from third parties whose personal data the ORGANIZATION has entered (or has caused to be entered) into Desktale, it will have no other choice than to request that the third-party data subject concerned contact the ORGANIZATION directly in its role as controller of the relevant data and, if appropriate and not excessively onerous, will advise the ORGANIZATION; this does not affect that fact that the above courtesy offered by Fattura24 is not obligatory as it is not included within the services purchased by the ORGANIZATION or fall within Fattura24’s contractual obligations, given that:

  • only the ORGANIZATION has a relationship with the above third-party data subjects;
  • only the ORGANIZATION is fully responsible under the law and has operational responsibility for the above relationship with the third-party data subjects;
  • only the ORGANIZATION is the point of contact for the processing of third-party subjects’ data, thereby assigning the ORGANIZATION sole responsibility for responding to the above requests.

Also on a non-professional basis and in any event not falling within its contractual obligations, Fattura24 may as a courtesy, depending on how busy the company is at the time, and in any event within reasonable limits, provide the ORGANIZATION, with regard to Desktale’s services, with information that may be of use to the ORGANIZATION in responding to such third-party requests, provided that the ORGANIZATION has given adequate notice of such a request.

Finally, Fattura24 has the right (but not the obligation), where deemed necessary, to not process or store third-party personal data entered by the ORGANIZATION. This will apply where Fattura24 is made aware of the fact that entry of the data and/or its processing constitute a serious breach of EU or Italian laws governing the confidentiality and/or protection of personal data; in such cases, Fattura24 will notify the ORGANIZATION, which will have no right of complaint in this regard.

ART. 12) FATTURA24’S USE OF DATA CONTROLLERS AND SUB-PROCESSORS

By registering with Desktale, the ORGANIZATION also accepts that Fattura24 will and may in turn make use of specific data controllers or sub-processors (see for example the instances referred to in articles 3 and 7 of this document). Such parties will of course process the data using adequate technical and ORGANIZATIONal procedures (and in compliance with the GDPR) and, in any event, only within the limits of what is necessary to provide the services.

Fattura24 S.r.l.

The Sole Director

This version of Desktale’s Privacy Notice is effective from 15 October 2022.