GDPR: Italy Will’s commitment

• GDPR: Italy Will srl’s commitment
• Data Access, Management and Security
• Application and communications security
• Security in data processing
• Consent
• Temporal validity of consent
• Tools for exercising the rights of interested parties

The GDPR grants new rights to users. Thanks to the compliance of the platforms, Italy Will srl is able to answer questions from users who wish to exercise rights on their data.

• Right of rectification: each User can modify their data at any time.
• Right to be forgotten: if a User wishes to exercise his right to be forgotten, he can do so directly by accessing his Reserved Area.
• Right to portability: any User can export his information contained in the platforms in .xml files.
• Right to access: by accessing the Reserved Area it is possible to view all the information that Italy Will srl is in possession of.

Each Italy Will srl User has the possibility to log in with the email address used to register and for each access a disposable access token is generated and sent by email to the User. All the data that the User uploads to the platform are saved in our systems, allowing the User to have full control over the management, search and access methods.

The Italy Will srl architecture is, like the most modern applications, of the "software as a service" type. However, since the privacy and security of our users has always been our priority, we wanted to keep all the databases encrypted.

This solution allows us to have several advantages including a very high level of flexibility in terms of data recovery.

In the Italy Will srl platforms, some basic rules have been defined which are considered adequate measures in the field of security and data processing:

• Transmission encrypted using SSL, both during access and during use of the platform
• Access token saved in encrypted and non-reversible format (hash). None of the Italy Will srl staff can know it
• The log-in pages adopt controls to prevent unauthorized access and "brute force" attacks
• Access via two-factor authentication system
• We make the detailed access log available to Users

Security is not limited to the use of platforms, but is also a requirement for communications sent. Italy Will srl uses the DKIM (DomainKeys Identified Mail) standard for sending messages. This is an authentication system that allows you to "certify" that the content of the message received by the recipient is the one originally sent by the sender.

In this way, the entire email is encrypted, via TLS protocol, making it impossible to alter or read it without authorization during transport until it reaches its destination.

Furthermore, all links contained in emails, including any redirects, are automatically checked by our systems to prevent spam, malicious use of the platform and theft of data (including personal data).

The data uploaded to the platform are maintained and saved via backup, to be automatically deleted within 20 days of the User's request for deletion.

Italy Will srl has a team dedicated to privacy and compliance, which supervises the organization's security and compliance with current laws. All people who work for Italy Will srl, and in particular those who may have access to User data, have received adequate training in terms of security and privacy and have clear provisions to follow to safeguard the confidentiality, integrity and availability of data.

All access is limited by a system of permissions by role and purpose of use, which allows us to guarantee that only authorized people can have access to the data or servers. In addition, even authorized personnel cannot see the Users' personal data without additional authorization, always linked to a specific and traceable request by the User or with the prior authorization of the compliance team to verify non-compliant behavior. Roles and access are checked regularly.

The Regulation requires that the data controller (Italy Will srl) must be able to demonstrate that the interested party has given their consent to the processing of their personal data. For us, this has always been a priority and for this reason our Users can find all the necessary tools, always updated, to best manage consent:

• Registration confirmation system (double opt-in) implemented as standard on our forms
• Clear User "Account History" page that includes all the elements necessary to demonstrate the interested party's consent

The GDPR requires that the data controller (Italy Will srl) and its managers establish the data retention periods and ensure that this period is limited to the minimum necessary.

The Personal Data processed will be stored by Italy Will srl until the User revokes consent; in any case, the User is automatically asked periodically:

• To renew consent
• To update his/her data

In the event that the User revokes consent, Italy Will srl will no longer use the User's Personal Data.

In order to allow the data subjects to exercise the rights provided (access, cancellation, limitation of processing, portability) we have inserted the functions in a clear and intuitive way within the "Customer Area". Each User/recipient can directly exercise not only the right to cancellation (opt-out) but also to access:

• Know what data is processed through the platform
• Limit its processing
• Request not to be tracked
• Personalize the contents of communications
• Portability: export of personal information

In order to allow data subjects to exercise the right to delete their personal data, the Italy Will srl platform offers the function "Unsubscribe to exercise the right to be forgotten": through this function the data subject will be unsubscribed and all additional data will be deleted with the exception of the email address, the registration date, the registration IP address and the device used for registration, as they may be used to demonstrate consent in the future.