Network & Trust S.r.l. (hereinafter “N&T”) is particularly attentive to the protection of the personal data of its users and clients.
By using the HIPPO software, you will share some personal information. For this reason, we want to make sure that is understood the way in which we collect this information, the subjects with whom we share it is understood, as well as the ways in which you can check, modify and update this information.
The objective of this information is therefore:
- explain what data N&T collects;
- explain how N&T uses, manages and shares this data;
- explain what options are available to the user.
This information is provided in accordance with the EU General Data Protection Regulation (hereinafter “GDPR”) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018. By using our application, you accept and consent to the practices described in this Policy. If you do not accept the provisions set out here, you are advised not to use the application.
For these reasons, we invite you to carefully read the following information on the protection of personal data and to ask us for any clarifications in case of doubts.
Holder of the treatment
The owner of the processing of your personal data is Networking & Trust S.r.l., C.F./P.IVA 03988250134, with registered office in Milan, 20146, Via Arzaga n. 24.
The interested party is the person to whom the personal data refer.
Data Protection Officer
The Data Protection Officer (DPO) is Avv. Antonio Nenzioni and will be reachable at the following email address: firstname.lastname@example.org
Type of personal data collected
To use the HIPPO software, you will need to provide some information such as name, surname, email address, month and year of birth.
You can also link your own photo to your profile. In this case, the consent is considered implicit, however, you will be able, at any time, to stop sharing the profile photo (by deleting/removing it).
HIPPO is designed to measure, valorise and improve trust and it allow users personal growth and their performance. Therefore we will memorize all the interactions: the Coins (recognition of a virtuous behaviour and/or improvement found) and the hNudge (suggestion to help and/or stimulate an improvement) sent and received for this purpose.
The information we collect generates indicators such as the Dynamic Trust Index (H shaped) and others that are and will eventually be highlighted in the personal and protected Dashboard, where you can observe your impact on others and receive suggestions on how to improve it.
Furthermore, through the interactions (Coin and hNudge), we will create reports (also in aggregate form) and indicators to summarize the methods of use of the App and the results of the interactions that have taken place so that everyone can be constantly updated on the progress of their activities and how the same are recognise by others.
Other information we collect is obviously what you choose to provide when you contact customer support or communicate with us in any other way.
All the Coins and hNudge that you decide to exchange with others will only be visible to the user to whom you are sending them as well as for those you will receive. The Coins and hNudge that you send will always be traceable to you for a principle of maximum transparency, unless you decide to send them in “Anonymous” mode, in which case they will be readable to the recipient but not associated with you.
In order to ensure maximum transparency and effectiveness in the use of HIPPO, the personal data, the photo you may decide to insert, the badges, the levels and the Dynamic Trust Index (H shaped), if you choose to make public the H, will be visible to all users with whom you come into contact and will be part of your network.
In any case, the users, using the appropriate option in the settings, can always choose whether to make the H visible or hidden and, in case of H hidden, prevent other users and third parties, to whom the data processed are transmitted, from viewing their Dynamic Trust Index (H shaped). In this case, the Dynamic Trust Index (H shaped) will be visible only to the user and to N&T who will be able to use such data: 1) for the purposes referred to in the following point “Purpose of the treatment” and 2) in the case of a business users, to draw up the monitoring documents to be sent to the employer using such data exclusively in anonymized and aggregated form.
We believe that using HIPPO should also be fun and, for this reason, we have imagined that as activities and interactions increase, the role and weight that everyone will have within their network increases. This is why, at the progress in activities and interactions, will be recognized Badges and Levels of witch all members will be aware.
It is important and necessary to adopt a correct and diligent behaviour and, above all, aimed at a constructive comparison with others. The goal of HIPPO is to improve oneself and others with the power of trust, to be proactive and to give suggestions for constant personal and professional growth.
In particular, N&T, with automated and non-automated tools, collects and processes the following personal data:
- personal data;
- contact details;
- membership area and geographical area;
- Coin and hNudge sent and received;
- inferential data, i.e. data derived from the analysis of the above information and from the analysis of observable behaviours derived from the use of the App;
- the IP addresses or domain names of the computers and terminals used;
- the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources;
- the date and time of access to our services;
- more generally, all those personal data whose transmission is implicit in the use of Internet communication protocols (navigation data).
Purpose of the treatment
The processing of the personal data of the interested party, carried out by N&T, has the following purposes:
- measure, valorise and increase trust through the H shaped and the Dynamic Trust Index;
- observe and improve the quantity and quality of relationships, helping to improve individual and professional performance;
- recognize areas for improvement;
- create a personal profile so that you can check your progress;
- foster harmony between colleagues and reduce conflict in the workplace;
- facilitate the creation of work or research teams;
- create a network of people;
- send communications;
- accomplish the requested performance/service correctly;
- fulfil legal obligations;
- carry out statistical analysis and classifications by processing aggregate data, previously anonymized so that they are in no way attributable to the person;
- check, improve and implement the services offered;
- prevent unlawfulness or abuse and ascertain any liability in the case of computer crimes and / or incorrect and illegal use of the App.
Lawfulness of processing
The processing of personal data is based on the following legal bases:
- the informed consent freely given to the processing of the data of the interested party, for the purposes from a) to g) ;
- the execution of the contract concluded with N&T or the execution of pre-contractual measures adopted at the request of the interested party, for the purposes from h) to i);
- the fulfilment of legal obligations incumbent on the data controller, for the purpose j);
- the execution of a legitimate overriding interest of the data controller for the purposes from k) to m) .
Nature of the contribution of the data
Data release is mandatory if you intend to download the HIPPO APP and access the related Dashboard. In such case, the processing is necessary to allow access to all the services and features offered by the App and the site as well as for the stipulation, management of the contract and the fulfilment of contractual and legal obligations by the Owner.
Methods of data processing
Personal data will be processed with automated tools, and in any case with the use of suitable measures to ensure the security and confidentiality of the data. The personal data provided by the interested party may be subjected to an automated decision-making process, including profiling, for the creation of a personal and professional profile based on dynamic trust index by the interested party and on his ability to relate with other. In this case, the profiling process will be based on the analysis of derivative data. However, when profiling can produce significant effects on people, it is without prejudice to the possibility for the interested party to request human intervention, to express their opinion and to contest the results of this automated process.
Communication and diffusion of data
Personal data will not be disclosed in any way, except for those shared by the user within the HIPPO community (see below).
When using of HIPPO or when browsing the Dashboard, the navigation data collected may be communicated to the Data Processor, designated by N&T to manage the development, delivery or maintenance of the platforms.
The common data provided (personal data, contact details), for the purposes of the data controller compliance and related contractual and legal obligations, including all administrative and accounting formalities, may also be disclosed to other subjects contractually linked to N&T, such as for example legal consultants, tax consultants, authorities or public administrations.
In any case, all the data processed, in addition to being kept and stored by the server provider designated by the data controller or accessible to the infrastructure maintainer, will also be processed by third party partners, even possibly only in aggregate form, who provide a specific product or service (including the cloud provider and the operating software provider) or by the licensees of the HIPPO App, including the possible employer where the user carries out his work.
All personal data collected will also be processed by N&T staff, specifically authorized and trained, as well as by any data processors or persons in charge of processing designated by the other subjects mentioned above.
The party who has decided to participate in the HIPPO community must remember that the content and personal data published on their profile may be visible to other users of the community. To prevent some of the data from being visible, you can always withdraw your consent by uninstalling the App and unsubscribing from the site, or prevent other users and third parties from viewing your Dynamic Trust Index (H shaped), by deselecting the tag “Do you want to make your H visible?” in the App environment, accessible from the “Settings” page in the “Profile” section.
We use market standard physical, technical and administrative controls and procedures to safeguard Personal Data provided to N&T and protect it from loss, misuse, unauthorized access, disclosure, alteration or destruction.
However, no Internet or email transmission is ever completely secure, guaranteed, or error-free. In particular, emails sent to/from N&T may not be secure, for reasons not attributable to it. Therefore, care should be taken in deciding what information and what personal data is sent by email. Users of the services provided by N&T are responsible for maintaining the security of their passwords, username or ID or other form of authentication necessary to access secure areas or services. N&T therefore reserves the right to suspend user access to the services provided without notice and pending investigations, in the event of a suspected breach of security.
Data transfers outside the European Union
The personal data of the interested party will be processed within the European Union and stored on servers located within the European Union. If personal data should also be transferred to non-EU countries, this transfer will take place in compliance with the provisions of the law by stipulating, if necessary, agreements and/or adopting the standard contractual clauses envisaged by the European Commission which guarantee an adequate level of protection.
Data retention period
N&T stores data as long as it is necessary to provide its services.
The data retention time varies based on elements such as: nature of the data, the reason for which they are collected/processed and related legal requirements.
In any case, the criterion used to determine the retention period is based on compliance with the terms permitted by applicable laws and the principles of minimization of processing and rational management of archives.
Therefore, the personal data provided will be processed and stored until the account is closed and/or the consent of the interested party is revoked.
However, even after this time, the data of the interested party may still be stored in the archives of the data controller for the duration necessary for the extinction of the obligations contractually assumed, for the execution of legal obligations, for the management of any disputes up to their definitive conclusion resolution or also in aggregate and anonymized form for statistical purposes or systems improvement.
Rights of the interested party
In particular, the interested party:
Art. 7 (Right to withdraw consent): you can withdraw the consent given at any time by deleting the account and uninstalling the App, or by withdraw the consent in relation only to certain specific services. In all these cases, however, the withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal. To withdraw your consent, the User will have to cancel the account by clicking the “Delete account” button in the App environment, accessible from the “Settings” page in the “Profile” section.
Art. 15 (Right of access): you will be able in any moment to obtain confirmation that your data have being processed, access to them and to all the information here contained. In particular, the data controller will provide a copy of the personal data being processed upon specific request;
Art. 16 (Right of rectification): you can obtain, without undue delay, the rectification and/or integration, respectively, of your personal inaccurate and/or incomplete data, also by providing an additional communication;
Art. 17 (Right to erasure): you will be able to obtain, without undue delay, the erasure of your personal data if no longer necessary with respect to the purposes, if they have been unlawfully processed, if their erasure is required by law, if the interested party has withdrawn the consent or if he has opposed the processing;
Art. 18 (Right of restriction of processing): you can obtain the restriction of treatment when one of the following occurs:
- if the accuracy of personal data is contested, for the period necessary for the data controller to verify its correctness;
- if the treatment is unlawful and the interested party opposes the erasure of personal data and requests that its use be restricted;
- if necessary for the assessment, exercise or defence of a right in court;
- if the interested party has opposed the treatment, pending verification of the possible prevalence of the legitimate reasons of the data controller;
Art. 20 (Right to data portability): you will be able to receive your personal data in a structured format, commonly used and readable by an automatic device, Transmit such data to another data controller without impediments by the data controller from whom they were provided, if the treatment is based on consent or on a contract and the treatment is carried out by automated means;
Art. 21 (Right to object): you may object, in whole or in part, to the processing, for reasons connected with your particular situation, when the treatment is carried out on the basis of a public interest or a legitimate interest of the owner or of a third. In such cases, the data controller will refrain from further processing the data of the interested party, unless it demonstrates the existence of compelling legitimate reasons for proceeding with the treatment that prevail over interests, rights and freedoms, or for the assessment, exercise or defence of a right of the interested party in court. If personal data are processed for marketing purposes, the interested party has the right to object at any time to the treatment of personal data concerning him for these purposes, including profiling, to the extent that it is connected to such marketing. If their personal data are processed for scientific or historical research purposes or for statistical purposes, the interested party, for reasons connected with their particular situation, has the right to object to the treatment, except if the treatment is necessary for the execution of a task of public interest.
Art. 22 (rights of the interested party in case of automated individual decision-making, including profiling): if the personal data provided by the interested party are subjected to an automated decision-making process, including profiling, for the creation of a personal and professional profile based on his trust index and on his ability to relate to others, the interested party can always contest the results of this automated process, express his opinion and request human intervention by the data controller.
These requests must be sent in writing to the data controller or alternatively to the Data Protection Officer at the respective addresses indicated above.
Right to lodge a complaint with a supervisory authority
The interested party has the right to lodge a complaint with the supervisory authority – “Garante per la Protezione dei Dati Personali”, Piazza Venezia n. 11, Roma; email: email@example.com, PEC: firstname.lastname@example.org, tel. +39 06.696771, or to take the appropriate judicial seats.
However, the data controller invites its users to regularly visit this section in order to be always updated on the data collected and on the use made of it by the data controller.
Last updated July 7, 2022