Document number: LEG0003EN rev. 9 of July 1^st, 2020

Quipu s.r.l. is committed to safeguarding the privacy of our customers and website visitors; this policy sets out how we will treat your personal information.

Our website uses cookies. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

1. What information do we collect?
   

   We may collect, store, and use the following kinds of personal information:

   1. information that you provide to us when you purchase one of our products (including Name, Company, Address, Email, Phone number).
   2. information relating to any transactions carried out between you and us, including information relating to any purchases you make of our goods or services.
   3. information that you provide to us for the purpose of using our free trial software (including Name, Company, Address, Email, Phone number, City, State, Country).
   4. information that you provide to us for the purpose of get an evaluation license (including First Name, Last Name, Company, Address, Email, Phone number, City, State, Country).
   5. information that you provide to us for the purpose of activate license (including First Name, Last Name, Company, Address, Email, Phone number, City, State, Country).
   6.  information about your computer and about your visits to and use of our website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation).
   7. information  that you provide to us when you visit the "Contact us" section on the website to have further information (including Name, Email and Phone number)
   8.  any other information that you choose to send to us.

   Before you disclose to us the personal information of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with the terms of this privacy policy.
   
   

2. Why we collect your personal data
   

   We ask you to share your personal data with us for purposes that include, but are not limited to:

   • Activating or registering licenses for QUIPU's product or enabling functionalities.
   • Receiving information about QUIPU's product and services.
   • Participating in QUIPU online communities, including our social media channels/pages and blogs.
     
   • Helping us to improve the product and services, and allowing QUIPU to keep you informed of new versions of the software.
   • Resolving consumer and/or product and services issues.
   • Managing customer relationships.
   • Facilitating information access.
   • Enhancing communications.
   • Traceability of medical device.

   We generally process your personal data only for those purposes that we have communicated to you. If we use it for other (closely related) purposes, additional data protection measures will be implemented if required by law.
   
   

3. Definitions for personal data processing
   

   User
   The individual using this Application, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer.
   Data Subject
   The legal or natural person to whom the Personal Data refers.
   Data Processor (or Data Supervisor)
   The natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data in compliance with this privacy policy.
   Data Controller (or Owner)
   The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
   Referring Person of Personal  Data Processing
   The natural person that the CEO of the Company nominates as a person who acts as an Internal Referring Person for processing personal data. This person is nominated after a verification of his/her competencies and abilities in Personal Data Processing and related legal issues.

   This Application
   The hardware or software tool by which the Personal Data of the User is collected.
   Legal information
   Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under Art. 10 of EC Directive n. 95/46/EC, and under the provisions of Directive 2002/58/EC, as revised by Directive 2009/136/EC, on the subject of Cookies. It has also been prepared in fulfillment of the obligations of the General Data Protection Regulation (GDPR) (EU) 2016/679. 
   This privacy policy relates solely to this Application.
   
   

4. Contact data
   

   Data controller's personal data:

   • Name: Vincenzo Gemignani
   • Address: Via Verdi 3/b, Torre del Lago (LU)
   • Email: gemignani@quipu.eu
   • PEC: vincenzo.gemignani@pec.it
   • Phone number: 0039/050-3152612

   
   Referring Person of Personal Data Processing's personal data:

   • Name: Elisabetta Bianchini
   • Address: via Nottolini 466, San Concordio (LU)
   • Email: bianchini@quipu.eu
   • PEC: elisabettabianchini@pec.it
   • Phone number: 0039/050-3152630
   
   
5. Methods of processing
   The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
 The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
   
6. Place
   Personal data are processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller at privacy@quipu.eu.
   
   
7. Retention time
   Personal data are kept for the time necessary to provide the service requested by the User that is estimated to be 10 years; the User can always request that the Data Controller suspend or remove the data, sending an email at privacy@quipu.eu.
   
   
8. Cookies
   

   A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

   We may use both "session" cookies and "persistent" cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

   While browsing our website you may also receive cookies from third parties such as those used for Google Analytics, a web analysis service supplied by Google, Inc. ("Google"). We use Google Analytics to analyze the use of our website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at: http://www.google.com/privacypolicy.html.

   Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer (version 9) you can refuse all cookies by clicking "Tools", "Internet options", "Privacy", and selecting "Block All Cookies" using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites.

   There are a number of different ways of managing cookies; please refer to the instruction manual or help screen of your browser to determine how to control and adjust settings. Users may change the predefined configuration and disable cookies (block them permanently) by setting the highest level of protection.

   Below are the paths to follow to manage cookies on the following browsers:

   Explorer:
   https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

   Safari:
   https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US

   Chrome:
   https://support.google.com/chrome/answer/95647?hl=it-IT&hlrm=fr&hlrm=en

   Firefox:
   http://support.mozilla.org/it-IT/kb/enable-and-disable-cookies-website-preferences

   How to disable third party services' cookies:

   Google Analytics services:

   http://www.google.it/analytics/learn/privacy.html
   https://tools.google.com/dlpage/gaoptout

   Third party cookies are not controlled directly by the Data Controller, and so if you wish to revoke your consent to use of these cookies you must contact the third parties' internet sites or go to the website www.youronlinechoices.com to obtain information on how to delete or manage cookies on the basis of the browser you use and to manage your preferences regarding third-party profiling cookies.

   In accordance with section 122 paragraph two of Legislative Decree 196/2003 and following simplified methods for notification and acquisition of consent to use of cookies published in Gazzetta Ufficiale no. 126 on June 3 2014 and the corresponding register of measures no. 229 dated May 8 2014, at the foot of each page of QUIPU website it is possible to find the link to cookies in the Privacy Policy document.

9. Using your personal information
   

   Personal information submitted to us will be used for the purposes specified in this privacy policy or in relevant parts of the website.

    We may use your personal information to:

   1. medical device traceability;
      
   2. send you e-mail invitation in product usability surveys.
   3. keep you posted on last products’ updates.
   4. send statements and invoices to you, and collect payments from you.
   5. send you general commercial communications.
   6. send you email notifications which you have specifically requested.
   7. administer the website.
   8. improve your browsing experience by personalizing our website.
   9. enable your use of the services available on our website.
   10. send you goods purchased via the website, and supply to you services purchased via the website.
   11. deal with enquiries and complaints made by or about you relating to our website.
   12. keep the website secure and prevent fraud.
   13. set up your free trial software license.
   14. set up your license activation.
       
       

   We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.

10. Duration of Data Processing
    The duration of data processing is balanced with the scope of the processing itself. It is limited to the services required by the customers. You can request for restriction or suspension of the processing by sending an email at privacy@quipu.eu.
    
11. Personal data provision
    Your consent to processing of personal data is mandatory for the Company for the reasons listed in section 2, especially for the traceability of the medical device sold by the Company. If you do not agree with this consent, it will not be possible to download Company's product or activate any evaluation/activation license.
    
    
12. How to propose requests for Personal Data
    If you desire to modify, get access, ask for erasure or rectification, or any other request related to your personal data provided, it is necessary to send an email toprivacy@quipu.euspecifying your request. The Data protection Officer or the controller will perform your request and reply to your mail.
    
    
13. Disclosures
    We may disclose your personal information to any of our employees, officers, agents, suppliers, or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy. In addition, we may disclose your personal information:
    1.  to the extent that we are required to do so by law.
    2.  in connection with any ongoing or prospective legal proceedings.
    3. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
    Except as provided in this privacy policy, we will not provide your information to third parties.
    
    
14. International data transfer
    

    Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

    Information which you provide may be transferred to countries (including the United States and Canada) which do not have data protection laws equivalent to those in force in the European Economic Area.

    You expressly agree to such transfers of personal information.
    
    

15. Security of your personal information
    

    We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information.

    We will store all the personal information you provide on our secure (password- and firewall-protected) servers.

    All electronic transactions entered into via the website will be protected by encryption technology.

    You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

    QUIPU's activities also include ultrasound images analysis for third parties. Images provided by the customer to Quipu should be in an anonymous form. Quipu, if required by the customer, can provide a cryptographic process to ensure data security.

16. Personal data breach
    

    In case of a personal data breach, QUIPU carries out specific actions in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation). QUIPU shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 of GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

    Article 32 of GDPR indicates that QUIPU shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
    

17. Policy amendments
    We may update this privacy policy from time to time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.
    
18. Your rights
    

    A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist and to know their content and origin, to check their accuracy and to request integration or updating, or rectification (section 7 of Legislative Decree no. 196/2003) or objection to data processing, as stated in Article 21 of GDPR. Your rights are listed here:

    • Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
    • Article 13: Information to be provided where personal data are collected from the data subject
    • Article 14: Information to be provided where personal data have not been obtained from the data subject
    • Article 15: Right of access by the data subject
    • Article 16: Right to rectification
    • Article 17: Right to erasure (‘right to be forgotten’)
    • Article 18: Right to restriction of processing
    • Article 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
    • Article 20: Right to data portability
    • Article 21: Right to object
    • Article 22: Automated individual decision-making, including profiling

    Under the same section, data subjects are entitled to request erasure, anonymization or blocking of data that have been processed unlawfully, and in all cases to object to their treatment on legitimate grounds.

    Requests in this regard should be sent to the Data Controller, sending an email at privacy@quipu.eu.

    We may withhold such personal information to the extent permitted by law.

    You can expressly agree to our use of your personal information for marketing purposes; you can opt out of the use of your personal information for marketing purposes by sending an email to us at privacy@quipu.eu.
    

19. Third party websites
    The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites. 

    We may provide only your email address to third party websites in order to set up a survey about our services and products. The email address will be used only to send the invitation to our surveys. Every kind of sensitive information given to the survey provider are treated as an aggregate variable so both Quipu and any eventual third part involved in surveys don’t retain anything except of what explained in section Cookies.

    It is in count that joining any kind of survey powered by a third part you also accept the private policy of the third part.

    We are not responsible of the eventual wrongs belonging to the third part.
    

    
    
20. Updating information
    Please let us know if the personal information which we hold about you needs to be corrected or updated. You can send an email to privacy@quipu.eu specifying your request.
    
    
21. Changes to this Privacy Policy
    The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on the website. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller removes the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.
    
22. Contacts
    If you have any questions about this privacy policy or our treatment of your personal information, please write to us by email to privacy@quipu.eu or by post to Quipu s.r.l., via Moruzzi 1, Pisa I-56124, Italy. 
    
23. Data controller
    The data controller responsible in respect of the information collected on this website is Vincenzo Gemignani, Via Verdi 3/b, Torre del Lago (LU), Italy.