Privacy Policy – TyMT Consulting

TyMT Consulting (“TyMT”) is a consulting partnership run by Irune Medina and Graziano Terenzi.

At TyMT Consulting we care about data protection and user privacy. This privacy policy serves to inform our customers communicating with TyMT Consulting, in compliance with the General Data Protection Regulation (GDPR) about which data we collect, why we collect it, and what we do with it. Wherever we refer to consent as a justification for data processing, this presupposes that you have effectively given us such consent; if you have not provided us with the respective consent we will not process your personal data for purposes that require your consent. Below you will find detailed information about

who we are and how you can contact us;
to which products and services this privacy policy refers;
which categories of personal data we process, the sources from which we obtain personal data, the purposes for which we process personal data and on which legal basis we conduct such processing;
to whom we transfer personal data;
for how long we store personal data; and
your data subject rights in relation to the personal data we process.

1. Contact Information

Who we are and how to contact us

Responsible for this privacy policy and for any processing of personal data in relation to our products and services is

TyMT Consulting
Via Giacomo Matteotti 103
03023, Ceccano, Italy

You can contact us by E-Mail: gdpr@tymt.consulting

2. Scope of Application

The products and services to which this privacy policy applies

This privacy policy applies to the following products and services offered by the website:

2.1 E-mail and newsletter services

From time to time we send information about our own products to our partners and customers. Additionally, we offer subscription to our newsletter service – our newsletter covers emerging technologies news, product updates and offers, including offers of our partners.

3. Data categories and purpose

Which data categories we process for which purpose

3.1 Data we do NOT process

3.1.1 Sensitive (“special”) data categories

We do not process sensitive (“special”) data categories of our customers and service users. Sensitive (“special”) data categories not processed by us include data that reveal racial and ethnic origin, political opinions, religious or philosophical beliefs, as well as genetic data, biometric data to uniquely identify a natural person, health information or data to the sexual life or the sexual orientation of a natural person. Of course, we also do not process any data on criminal convictions or offenses. If you provide unsolicited information containing sensitive (“special”) data categories to us (e.g. by entering an e-mail revealing sensitive data such as a function within a church or a trade union in a registration form), such data will only be processed as part of the fulfillment of the contract (or the contract initiation), as requested and entered by you.

3.1.2 User behavior data

We do not process any information about individual users’ usage of our services except where, and to the extent that, it is technically necessary for the performance of such services.

3.2 The categories of personal data we process, the respective purpose(s) and legal basis and the sources from which we obtain personal data

3.2.1 Information we process with our e-mail and contact form/newsletter services

(a) Service information e-mails

Data category: E-mail address

Purpose of processing: Source Information about our own services, including advertising for our own services.

Legal basis: Our legitimate interest in advertising (Art. 6 no. 1 c GDPR)

Source: E-mail address(es) you entered during registration on our website.

(b) Contact Form / Newsletter services

Data category: E-mail-address

Purpose of processing: Provide you with emerging technologies news, service updates and offers – including advertising for our own services as well as for products of our partners.

Legal basis: Your request and your consent to receive our newsletter (Art. 6 no. 1 a, b GDPR).

Source: E-mail address(es) you entered when you subscribed for our newsletter.

4. Data recipients

Information about when we share personal data with others

We will not share your personal data with any third party companies, organizations or individuals for their own purposes as an independent company unless we do have your active (meaning: opt-in) consent. In addition, we will share your personal data only if one of the subsequent circumstances applies.

4.1 Transmission to internal processors

No personal data regarding customers of TyMT Consulting are transmitted by TyMT Consulting to other entities controlled by the partners, unless we do have your active (meaning: opt-in) consent.

4.2 Transmission to external processors

We only transfer personal data to external processors if we have concluded a data processing agreement with them that meets the legal requirements under art. 28 GDPR. This means TyMT Consulting may transfer or disclose personal data to a third party that agrees to process personal data strictly limited to our respective instructions and to provide appropriate technical and organizational data security measures. We primarily cooperate with processors located in the European Union and will only transfer personal data to processors outside the European Union if an appropriate level of data protection is guaranteed. The processors we cooperate with include:

4.2.1 Google Analytics

We only process non-personal (anonymized) data on a regular basis for analytics purposes to Google Analytics. Google Analytics is a service by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA.

5. Storage period

How long we store collected data

5.1 General storage period

Our storage of personal data is always limited to the period necessary to achieve the purpose of the storage. Where a storage period prescribed by European regulations and directives and/or any other relevant legislation has expired, the personal data will be routinely blocked or deleted in accordance with the statutory provisions. If you have purchased a product or service from TyMT Consulting, your data will be stored for as long as their use is required for the execution of the contract (e.g. for payment and contract handling) and, moreover, for the fulfillment of legal obligations (retention or accounting obligation). Your data will be deleted as soon as they are no longer needed to fulfill the contract and, moreover, all legal obligations for storage have expired.

5.2 Personal data from contact form

Your personal data will be stored at least for as long as necessary for you to access the website and services. During this period we may send you emails about our services. If you do not react to any of our follow-up emails within two years from when you have become a non-active user, we will delete all personal data related to your trial license (unless the same data is required for fulfillment regarding another service we have granted to you.

6. Rights of the Data Subject

Your rights under the applicable data protection law

TyMT Consulting is a company located in the European Union. Under the GDPR and ancillary data protection law, as a person affected by data processing you have the following rights:

• Right of access: Upon request, we will inform you about the scope, the origin and the recipients of your personal data processed by us as well as of the purpose(s) of such processing. In case of excessive Requests for Access (more often than 4 times a year), we reserve the right to charge an expense reimbursement.

• Right to rectification: Should any personal data related to you as processed by us be incorrect or incomplete despite our efforts to ensure that the data is accurate and up to date, we will correct it at your request.

• Erasure: Under certain circumstances, you have a right to erase, for example, in connection with a contradiction or when data was collected illegally. If the legal prerequisites for an erasure are present (meaning that there are no legal obligations or predominant interests against the request), we will carry out the requested erasure immediately.

• Restriction: You may also request a restriction of the data processing for the same reasons that justify an erasure. In that case, the stored data must remain stored (i.e. for evidence purposes) but may no longer be used otherwise by us.

• Right to object and withdrawal of consent: You are entitled to object against any data processing conducted by us based on a legitimate interest. Upon objection we will cease to process the respective personal data except for exceptional cases where we hae compelling legitimate grounds for the processing which override your interests; as regards data processing for direct advertising purposes, this right of objection has an absolute nature, we will thus never invoke compelling legitimate grounds overriding your legitimate interests if you object to use of your data for advertising purposes; Any consent you have given to processing of your personal data can be revoked at any time in writing and free of charge (for contact see sec. 1 above).

• Data portability: If you wish to transfer provided data to another controller, we will provide the data in an electronically transferable format.

• Right of appeal to the Data Protection Authority: We also remind you of your right of appeal to the Data Protection Authority. You have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if the data subject considers that the processing of the personal data is in breach of this Regulation. You may also contact us directly at any time.

To exercise these rights, please use the contact information under point 1. Please note that we will request submission of documents and/or information to verify your identity when treating your request. We do so in order to make sure that your personal data is never disclosed to a third party not entitled to receive your personal data.

7. Modification of this privacy policy

We may revise this privacy policy from time to time as appropriate. The use of your data is subject to the latest version, which can be accessed under https://www.tymt.consulting/privacy-policy. We will post changes to this privacy policy via https://www.tymt.consulting/privacy-policy, as part of our business relationship with you, via E-Mail to an E-Mail address associated with your account. We will also keep prior versions of this Privacy Policy in an archive for your review.

Valid from: 21th September 2022

Who we are

Suggested text: Our website address is: https://www.tymt.consulting.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.