Privacy policy

Definitions

• Company: a VAT-registered company that produces goods and services consisting of one or more people operating in one or more industrial, commercial or service sectors.
• Organization (or Tenant): refers to a logical entity within the HEI solution and database in which multiple users may be grouped. Each organization in HEI has one or more administrator users. When a company subscribes to an HEI license, a separate organization is created and company administrators are defined as administrator users for that organization.
• User: a HEI user is an individual who has registered in the application and consents to this Privacy Policy. The individual, through their individual account, can use the non-administrative services provided by the solution.
• Administrator User: the administrator user has visibility over personal data of users or a subset of them within the specific organization.
• What we mean by "Personal Data": as referred to in this Privacy Notice regarding data or personal information. Personal data are information relating to a living individual (a "Data Subject") who is, or can reasonably be, identified from that information or from that information together with other information.

Types of services

The software solution called HEI is designed to support human resources within an organization by analyzing and monitoring interactions between people, entities and processes, taking into account different business units and related information flows. For example, the solution provides registered users with the following services:

• facilitating the exchange of feedback and evaluations between colleagues, groups of colleagues, and collaborators or external candidates;
• collecting data related to attitudinal characteristics of individuals, groups of individuals, interactions in events and organizational processes, via voluntary quantitative and/or qualitative questionnaires;
• the ability to participate in live chats to exchange real-time messages during organized events;
• management of the data collected as referred to above;
• processing of such collected data, through proprietary and/or third-party algorithms;
• storage of collected data and their processing results;

The software solution is provided as SaaS (Software as a Service), using a cloud-based architecture accessible online via browser on PC and smartphone; therefore no local installation on your PC or smartphone is required or expected.

The solution provides two main types of licenses: B2B (Business to Business), i.e., corporate licenses subscribed by a company on behalf of its users (internal or external) typically managed by HR; and B2C (Business to Consumer) licenses for users who sign up personally and whose license is not associated with a licensing company (for example candidates or students).

For both license types, after registration our users ("Users") share their identity and may additionally share their aptitudes, professional inclinations, and psychometric information. Also, users registered under a B2B license interact with their Company, exchanging professional knowledge and information, discussing competencies and career objectives, and evaluating opportunities for greater job satisfaction and career progression.

The Privacy Notice includes our Cookie Notice and applies to your use of our HEI Services.

Data controllers and contracting parties

Negentro will be the data controller of your personal data provided to the company that has subscribed the B2B license or collected by or for, or processed in connection with our Services, where the data controller will be the Company.

In the case of B2C licenses, Negentro will be the data controller of your personal data provided to the Consultant or Coach who has subscribed the B2B license or collected by or for, or processed in connection with our Services, where the data controller will be the Consultant or Coach.

As a User of our Services, the collection, use and sharing of your personal data is governed by this Privacy Notice and other referenced documents, as well as their updates.

Changes

Changes to the Privacy Notice apply to your use of our Services after the "effective date".

Negentro may change this Privacy Notice and, if material changes are made, you will be notified through our Services, or other means, to give you the opportunity to review the changes before they take effect. If you do not agree with the changes, you may close your account by emailing Negentro privacy.

If after publication or notice of changes to the Privacy Notice you continue to use our Services, the collection, use and sharing of your personal data will be governed by the updated Privacy Notice as of the effective date.

What data we collect

1. Registration data. Registration is required to create an account necessary to use HEI services. During Registration, the User must provide some mandatory data including: full name, email address and access password. In addition, the User may optionally upload a custom profile image and specify their professional role.
   1. In the case of B2B licenses, the email will be a corporate email provided by your Company. The Company may associate additional information it holds with your account, such as your manager's identity.
2. Account configuration data. The User can at any time customize some account settings, such as a selection of events for which to receive email notifications, and the interface language.
3. Cookies. The HEI solution uses only technical cookies (necessary to manage authentication sessions) and functional cookies (interface color and language). These cookies are strictly necessary for proper service usage.
4. Usage data. For monitoring the solution's features, HEI collects usage data in the form of:
   1. Server request logs, including origin IP, access date, resources or files viewed, operating system and browser version, device details and time zone.
   2. Performance logs, i.e., aggregated statistics on access times to various sections of the solution, useful for diagnosing potential slowdowns.
   3. Crash or error logs, i.e., automatic reports caused by technical issues in the solution.
5. Content created using the solution. HEI records data created by the User during normal use of the solution, such as feedback sent/received, self-assessments, questionnaire responses, live chat messages, attitudinal information related to psychometric models (e.g., MASPI). HEI provides tools to view and analyze such data. If you have difficulty answering any questionnaires, please contact your company representative, Consultant or Coach.

Our Services are dynamic and we often introduce new features that may require collecting new information. If we collect substantially different personal data or significantly change how we collect, use, or share your data, we will inform you and may also amend this Privacy Notice.

How we use your data

We use your data to authorize access to our Services and respect your settings.

We use your data to provide, support, personalize and develop our Services.

How we use your personal data depends on the Services you use, how you use them, and your choices in settings.

Services, purposes of processing, legal basis and whether provision is mandatory or optional

The processing we intend to carry out, upon your specific consent where necessary, has the following purposes:

• to enable the delivery of the requested HEI Services and their subsequent autonomous management (e.g., personal area, access to reports), which you will access by registering and creating your user profile at the time of service provision, including collection, storage and processing of data for the establishment and subsequent operational, technical and administrative management of the relationship related to the provision of the Services and for communications regarding the relationship;
• to allow collection (via questionnaire completion), storage and processing of information and data in the context of human resources (e.g., skills, aptitudes, psychometric data), completed directly by you and, in some cases, by third parties you interact with (e.g., 360 Feedback);
• to allow collection, storage and processing of feedback and suggestions sent and/or received from colleagues or external collaborators;
• to analyze usage statistics of the various modules available within the HEI solution to improve the services;
• to respond to support or information requests received by email at Negentro support. Such requests and responses will be retained for the time necessary to ensure proper handling, and subsequently to allow Negentro to defend itself in court if necessary. The legal basis for processing Personal Data for the purposes referred to in letters (a), (b) and (c) above is Article 6(1)(b) of the Regulation as processing is necessary for the provision of contracted services. Provision of Personal Data for these purposes is optional but failure to provide it would make it impossible to activate the requested Services;
• to comply with legal, accounting and tax obligations: this processing is lawful pursuant to Article 6(1)(c) of the Regulation. Once Personal Data is provided, processing may be necessary to comply with legal obligations to which Negentro is subject; it is not possible to oppose this processing as it derives from legal obligations. For the sole purposes of security and prevention of fraudulent conduct, based on Negentro's legitimate interest in preventing fraud and scams to its detriment or to the detriment of its customers, pursuant to Article 6(1)(f) of the Regulation and based also on Recital 47 of the Regulation, which expressly provides that it is a legitimate interest of the data controller to process personal data strictly necessary for fraud prevention, and based on various legitimate interest balancing performed by the controller which do not indicate that the processing in question would harm your rights and fundamental freedoms. In particular, such activities include an automated monitoring system that detects and analyzes certain user behaviors on the Site, associated with their IP addresses and other Personal Data linked to navigation. The consequence of such processing is that if a subject attempts to commit fraudulent acts on the Site, Negentro reserves the right to exclude that subject from using the Service or to take any other appropriate measures to protect itself.

Recipients of personal data

I Suoi Dati Personali potranno essere condivisi, per le finalità di cui più sopra, con soggetti (di cui alcuni agiscono tipicamente in qualità di responsabili del trattamento) ossia:

• persons, companies or professional firms that provide assistance and consulting services to Negentro in accounting, administrative, legal, tax, financial, technical and debt recovery matters in connection with the provision of the Services;
• for corporate contracts (B2B), questionnaire data will be shared with company administrators, typically within the company's HR team. In cases where the company has engaged external coaches or consultants, questionnaire results will also be shared with these professionals, whose access will be managed by company administrators;
• for B2C contracts arranged through an external coach or specialist consultant affiliated with HEI, questionnaire data will be shared with such consultants;
• subjects necessary to interact with for the provision of the Services, i.e., parties delegated to perform technical maintenance activities (including maintenance of network devices and communication networks);
• subjects, entities or Authorities to which it is mandatory to disclose your personal data under legal provisions or court orders (for example, during criminal investigations Negentro may receive requests from the judiciary to provide logs regarding the use of the Services); persons authorized by Negentro to process Personal Data necessary to carry out activities strictly related to the provision of the Services, who have committed to confidentiality or are under an adequate legal duty of confidentiality, such as Negentro employees;
• commercial partners, for their independent and distinct purposes, only if you have given specific consent. The complete list of data processors is available by sending a request to Negentro privacy.

Transfers of personal data

Negentro ensures that the processing of your Personal Data by Recipients complies with the EU Regulation. Transfers may be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. More information is available by writing to Negentro privacy.

How we share information

Changes of corporate control or sale of the company

We may share your data if our business is sold to third parties, but it must continue to be used in accordance with this Privacy Notice.

Any other entity that acquires our company or part of it will have the right to continue using your data only as provided in this Privacy Notice, unless you consent otherwise.

Rights of access and control over your personal data

You have the right to access your personal data and may request deletion. Regarding the data we hold about you, you may:

• Delete data: you can request that we erase or delete all or most of your personal data (e.g., if you no longer wish to use our Services).
• Modify or correct data: you can change some of your personal data via your account. You may also request changes, updates and corrections to data in certain areas, particularly if they are inaccurate.
• Object to or limit use of data: you can ask us to stop using all or part of your personal data.
• Right to access and/or obtain your data: you can request a copy of your personal data and a copy of the personal data you provided to us in a computer-readable format.

Account closure

We retain some of your data even after your account is closed.

If you choose to close your account, your personal data will generally no longer be visible to third parties in our Services within 48 hours. Normally, we delete closed account information within 30 days of closure, except as noted below.

We retain your personal data after account closure where reasonably necessary to comply with legal obligations, meet regulatory requirements, resolve disputes, maintain security, and prevent fraud and abuse of rights.

We will retain anonymized information once your account has been closed.

Data entered by the user involving third parties is retained as present in third parties' accounts.

In case of termination for any reason of the employment relationship with the company, the account will be closed. The user may request before closure that their data and profile be retained within the HEI solution. It is understood that third-party data, such as feedback or 360 feedback, will be anonymized.

Other important information