Information on the processing of personal data
(pursuant to EU Regulation 2016/679 and DLgs 196/2003 as amended by DLgs 101/2018)
In compliance with the European Regulation on the protection of personal data, with the information below, we provide you with all the data that will allow you to understand what personal data we process and the methods of treatment, including security measures and your rights
SUBJECTS OF THE TREATMENT
The Data Controller of your personal data is TXT S.p.A., with registered office in TXT S.p.A. con sede in Via Dell’Industria 12 45030 – Occhiobello (RO) P.IVA/CF 01389690387
TXT S.p.A. is a limited liability company that is part of a Group made up of other companies. These companies are joint controllers of your data. To find out who the Joint Data Controllers are, you can contact the Data Controller at the addresses indicated.
The Data Controller and the Joint Data Controllers have appointed their own Data Protection Officer (DPO), who can be reached at the following e-mail address: dpo@txtspa.it.
The GDPR makes a distinction between entities that process Personal Data directly (Data Controllers) and entities that process Personal Data on behalf of other entities (Data Processors).
If you have any doubts or complaints regarding the way in which your Personal Data is processed, you should always contact the Data Controllers as it is they who are primarily responsible for the Data processed.
TXT S.p.A. may act as both Data Controller and Data Processor with regard to your Personal Data, depending on the circumstances.
For example, if you create an account TXT S.p.A. will be the Controller of the Personal Data provided by you in your account.
However, if you receive a questionnaire from an organizer user, we will still process your Personal Data on behalf of the organizer. However, TXT S.p.A. does not decide which personal data to request in questionnaires nor is it responsible for keeping the personal data provided up-to-date at all times. Any questions about personal data and your rights to it should therefore be directed to the organizer, as the data controller.

PERSONAL DATA AND COLLECTION METHODS
Personal data provided during registration
In order to create, manage and share a questionnaire with QuestBase you will need to register a profile and provide us with the information indicated in the form when you first log in. When you log in for the first time, you will be asked to provide an e-mail address and password to create a free Standard account with no expiration date. Subsequently, you can purchase a Premium paid version, in which case you will be asked to provide us with these additional data: name, surname, address, tax code (or VAT number), possibly credit card data.

Third Party Personal Data.
We collect information about the people and groups that you connect with using QuestBase (so-called communities). Before sharing information about third parties on QuestBase, it is your responsibility as an organizing user to properly inform and obtain consent from such third parties. In particular, you must inform such third parties of your intention to process their personal data, how and for what purpose. Please note that if you do not obtain their consent in advance, you may not share that personal data, either on QuestBase or elsewhere; and you will be liable for unlawful sharing of such personal data.
Other Data.
We may collect data about your use of QuestBase and the internet, including through the use of cookies, pixels and other similar tools, to track how often you start QuestBase and how you use it, to improve functionality, to fix bugs or software malfunctions. Cookies are small pieces of data that are stored on your computer, cell phone or other device. Pixels are small blocks of code on Web pages that do things like allow another server to measure how a Web page is displayed and are often used in conjunction with cookies. The information obtained with the above tools will be collected in an anonymous and aggregate form and will not be recorded as your personal data; consequently, you will not be able to be identified through them and they will not be traceable back to you.

DATA STORAGE AND SECURITY.
Your data collected for the use of services will be kept for the entire duration of the contract and, after termination, for 10 years the period of conservation in accordance with the law, accounting, tax, civil and procedural. The data collected for other purposes as stated above will be kept until the withdrawal of consent for that purpose.
We will manage and store your personal data in electronic format, using computer systems that guarantee specific security measures. Please note, however, that no system is completely secure and we encourage you, for this reason, to use a password that cannot be easily deciphered, to restrict access to your computer and browser and to log out after using QuestBase. Your personal data will be managed with automated tools and will be stored on servers owned by Aruba and located in Italy (within the EU). The data will be backed up periodically in the manner indicated in the Register of treatments of the Owner.
COMMUNICATION OF DATA TO THIRD PARTIES.
Your personal data will be collected by TXT S.p.A. and will only be made accessible to subjects duly appointed to process the data by TXT S.p.A. and may be communicated to companies that are co-processors (i.e. companies belonging to the same group), to third party companies (appointed External Data Processors) that offer services complementary to the use of QuestBase (for example, e-mail transmission and hosting services). These companies will only use your personal data to the extent necessary to provide you with those commercial services that are complementary and/or necessary for you to use QuestBase. We will always process your personal data in accordance with this Policy and in compliance with European and Italian data protection legislation. We will share your personal data for statistical analysis and academic research purposes, but only in a pseudonymized format. We will share your personal data when necessary to comply with an obligation under applicable law or to respond to a valid legal process, such as a search warrant, court order or subpoena. We will also share your personal information when it is necessary for our own or a third party’s purposes relating to national security, law enforcement, protecting the safety of any person or preventing imminent death or injury, provided that we believe that your interests, rights and fundamental freedoms do not outweigh those interests.
YOUR RIGHTS
At any time, you may exercise, pursuant to Articles 15 to 22 of EU Regulation No. 2016/679, the right to:
(a) right of access: the right to be informed of and request access to processed personal data concerning you (commonly known as a “data subject access request”);
b) right of rectification: the right to request the modification or updating of the user’s personal data in case of inaccuracy or incompleteness;
c) right of deletion: the right to request the definitive deletion of your personal data;
d) right of restriction: the right to request us to temporarily or permanently stop processing all or some of your personal data;
e) the right to object at any time to the processing of personal data on grounds related to the specific situation of the user;
g) the right to object to the processing of personal data for direct marketing purposes;
h) the right to data portability: the right to request a copy of your personal data in electronic format and the right to transmit such personal data for use in the service of others.

You may exercise these rights at any time by writing to: support@questbase.com. At the aforementioned e-mail address you can send any requests for clarification regarding the processing of personal data or this Policy, as well as any requests for cancellation of personal data. We will respond to your requests within a reasonable period of time after verifying your identity. If you are dissatisfied with the way we use your personal data, you can also contact the Italian Data Protection Authority and lodge a complaint about it (e-mail: garante@gpdp.it, PEC: protocollo@pec.gpdp.it).
CHANGES TO THE POLICY ON THE PROCESSING OF PERSONAL DATA.
This information on the processing of personal data may be subject to changes and / or additions over time. If we make any significant changes to this Privacy Policy, we will notify you by email and/or by means of a notification on your QuestBase account. However, we recommend that you periodically review the Privacy Policy. Any questions or comments regarding this Privacy Policy should be directed to support@questbase.com.