EXPANDI PRIVACY POLICY
Personal Data Processing

The following document has been drawn up in compliance with the provisions defined in articles 13-14 of the 2016/679 EU Regulation.

Expandi Limited is made of a group of agencies specialized in the consulting, planning and implementation of sales and marketing programs and the delivery of SaaS marketing platforms and services for large and medium size companies in the B2B sector. You can see a full list of Expandi subsidiaries at this link: expandigroup.com/legal-entities.

All companies in the group will be from now on referred as Expandi.

Expandi is acting as data controller, collects, processes and stores personal data provided by the data subjects, available from public sources and collected by automated mean. The following information has been drawn up to ensure the safeguard and the exercise of the rights provided by the law regarding the protection of personal data.

Information We Collect

The types of information we may obtain about you include:

• Personal or business contact information (such as name, postal and email address, Twitter handle or phone number, name of your company or department, and your business function or title)
• Demographic information (such as age and gender)
• The information you provide by interacting with us through our sites, including by submitting questions, commenting on our forums and interacting with us through social media
• If you are making a job application or inquiry, you may provide us with contact information and with a copy of your resume or CV or other relevant information
• Contact information of individuals with whom you would like to share Expandi content
• Other details that you may submit to us or that may be included in the information provided to us by third parties.

The information we may collect by automated means includes:

• Information about the devices our visitors use to access the Internet (such as IP address, cookies, domain name, and the device, browser and operating system type)
• Information on actions taken by visitors on our sites (such as page views and site navigation patterns)
• URLs that refer visitors to our sites
• Dates and times of visits to our sites
• A general geographic location (such as country and city) from which a visitor accesses our sites
• Search terms that visitors use to reach our sites.

The automated means that may be used to collect this information may include cookies, web beacons, scripts and tags. We may also use third-party website analytics tools that collect automated information about visitor traffic on our sites.

Expandi uses Google Analytics to improve our website content. You can learn how Google collects and processes data by going to the website “How Google uses data when you use our partners’ sites or apps”, located at www.google.com/policies/privacy/partners/.

Data Protection Officer

The contact of the Data Protection Officer (DPO) is [email protected]

Purpose of the personal data processing

Personal data will be processed to fulfil one or more of the following purposes:

1. Provide information concerning activities carried out by Expandi and/or by associated companies.
2. Provide commercial information about Expandi’s customers, in accordance with the personal preferences granted us by telephone, e-mail and/or paper.
3. Provide information and services in accordance with your demands through a profiling process based on non-discriminatory criteria, in compliance with the provisions of the article 22 of EU 2016/679 Regulation.

Personal contact details are shared with third-party organisations only when explicit consent has been obtained from the interested party while pseudonymized details (not directly associated with a specific individual) can be shared with third-party organisations for advertising purposes.

Right to process

Expandi collects in its data base, companies and decision makers public information via acquisitions from third parties and direct collection using public data sources such as the internet or other social media channels.

The data collected and stored in our system is purely related to the business-to-business sector, no individual private information or sensitive data is collected by the company nor shared with any third party. All company data is regularly checked with legal data (chamber of commerce) to verify its validity.

The objective of the treatment is to propose uniquely targeted commercial information directly related to the company direct business. The legal basis under which this treatment is act upon is the legal legitimate interest of the data controller. We strictly limit the service we deliver to our customers to the usage of professional contact details.

Security

Expandi has taken all precautions to safeguard the data it holds. A series of security measures and policies have been put in place to minimise unlawful usage of all data and company assets.

Data processing Recipients

Expandi shares data with clients only for the purposes indicated in the section above: Purpose of the personal data processing. Personal data could be communicated to Companies and Public Administrations being part of, among others, the following sectors:

1. Information & Communication Technology sectors (es. ERP, CRM, Security, Infrastructure, etc.), with an offer of technological solutions/products potentially in accordance with your demands.
2. Insurance Field (es. CyberSecurity, Professional Responsibility, etc.), with an offer of solutions potentially in accordance with your demands.
3. Transport Sectors (es. Car Fleet, Car Rental, Package delivery, etc.), with an offer of solutions potentially in accordance with your demands.
4. Professional Services (es. Audit, Legal Services, Expert Advise, etc.), with an offer of solutions potentially in accordance with your demands.
5. Business Services (es. Productivity Tools, Utilities, Security, Telecommunications, Workplace Canteen, Maintenance, etc.) with an offer of services/solutions potentially in accordance with your demands.
6. Banking & Financial Services (Foreign Exchange, Payments, Financing, Treasury management, etc) with an offer of services / solutions potentially in accordance with your demands
7. Data Management Platforms or Customer Data Platforms for Advertising purposes (after being pseudonymized) with an offer of services / solutions potentially in accordance with your demands
8. Public Authority

Data storage location

Expandi stores the personal data of data subjects within the borders of European Union; however personal data occasionally can be processed in non-EU Countries in accordance with Commission’s decision 2010/87/EU on 5th February 2010 (for a complete list expandigroup.com/legal-entities).

Data retention

Data subjects are informed that the personal data provided will be stored in the systems owned by Expandi until the consent is withdrawn.

Data subject’s rights

1. How data subject’s rights are exercised

   Data subjects are informed, in compliance with the provisions of article 13 paragraph 2 of EU 2016/679 Regulation, on the modalities with which they will be able to exercise their rights.

   1. Up to 1 month from the time the request is forwarded by the data subject, to respond to the exercise of the rights listed below.
   2. This term, depending on the number of requests, may be extended by two months.

2. Access to personal data

   Expandi, in compliance with the provisions of article 15 of EU 2016/679 Regulation, undertakes to ensure the full exercise of the right of access, unless this jeopardizes a legitimate interest or fundamental rights of other data subjects. Data subjects can exercises the right of access to their own personal data by sending an e-mail to [email protected].

3. Right of rectification

   Expandi, in compliance with the provisions of article 16 of EU 2016/679 Regulation, undertakes to ensure the full exercise of the right of rectification of personal data from the data subject. Data subject is informed that he/she may demands the rectification of his/her own personal data by sending an e-mail to [email protected], in order to verify the type of personal data in our possession and, therefore, to demand the rectification.

4. Right of erasure (right to be forgotten)

   Expandi, in compliance with the provisions of article 17 of EU 2016/679 Regulation, undertakes to ensure the full exercise of the right of erasure of personal data, unless this jeopardizes data controller’s legitimate interest or other data subject’s fundamental rights. Data subject is informed that he/she may exercises that right by sending an e-mail to [email protected].

5. Right to restriction of processing

   Expandi, in compliance with the provisions of article 18 of EU 2016/679 Regulation, undertakes to ensure the full right to restriction of processing. Data subject is informed about the possibility to demand every time the restriction of personal data processing where one of the following conditions applies:

   1. The accuracy of the personal data is contested by the data subject;
   2. The lawfulness of processing is contested by the data subject;
   3. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
   4. The data subject demands to exercise the right of object (article 21). Expandi undertakes to provide the data subject prompt communications about the restriction limitation within thirty days starting from the request is received at [email protected].

6. Right to data portability

   Expandi, in compliance with the provisions of the article 20 of EU 2016/679 Regulation, undertakes to ensure the data subject the full right to data portability. Data subject is informed that he/she may demands the exercise of the right to data portability by sending an e-mail to [email protected] (data sharing standard model in modality .csv)

7. Right to object

   Expandi, in compliance with the provisions of article 21 of EU 2016/679 Regulation, undertakes to ensure the exercise of the right to object from the data subject. Data subject is informed, where personal data are processed for “marketing campaign”, about the possibility to exercise that right directly from the specific form “opt-out” provided inside marketing communications. Data subjects are informed that they may exercise the right to object, except what stated above, by sending an e-mail to: [email protected].

8. Complaint

   Data subjects are informed that, in compliance with art. 13 par. 2 D of EU Regulation 2016/679, in case they recognize serious non-fulfilments or the failure to comply with one of the rights set out in this statement by Expandi Ltd, may present a formal complaint to the national privacy guarantor.

9. Consent Withdrawal

   The data subject is informed about the possibility to withdraw his/her consent for the processing at any time. The data subject can withdraw the consent through the following methods:

   • Verbal communication in case of telephone contact (confirmed by sending an electronic communication to the e-mail address provided by you).
   • Following the procedure described: email [email protected]

   In compliance with the provisions of article 13 paragraph 2 clause C of the EU 2016/679 Regulation, the data subject, which decides to withdraw the consent, is informed that such action will not affect the lawfulness of the processing carried out before the revocation of the same.

   After completing this communication, the data processing for that specific purpose, for which the consent has been withdrawn, can be said, according to the cases, terminated. Data subjects are informed that the withdrawal of the consent could affect in whole or in part the services provided to themselves.

Missed Consent

Data subject is informed that in compliance with the provisions of the Article 13 paragraph 2 clause e) of EU 2016/679 Regulation, Expandi will be unable to fulfil its contractual and legal obligations if the data subject decides not to consent to the following processing purposes:

1. If the data subject does not give his/her consent to point A) of the paragraph “Purpose of the Personal Data Processing”, included in this statement, the purpose inherent to the provision of information related to “activities carried out by Expandi and/or its associated companies”, will not be processed.
2. If the data subject does not provide his/her consent to point B) of the paragraph “Purpose of the Personal Data Processing”, included in this statement, the purpose inherent to the provision of “commercial information on customers Expandi, according to the preferences granted to us by telephone or by e-mail”, will not be processed.
3. If the data subject does not give his/her consent to point C) of the paragraph “Purpose of the Personal Data Processing”, included in this statement, the purpose inherent to the provision of “information and services in line with his demands through a profiling process On the basis of non-discriminatory criteria, in compliance with the provisions of the article 22 of the EU 2016/679 Regulation”, will not be processed.