INFORMATION FOR THE PROCESSING OF PERSONAL DATA
(EU REGULATION No. 2016/679 - General Data Protection Regulation)
SOFTAGILE S.r.l., with registered office in via G.Pezzotti, 2 – 20141 Milan (MI), Italy, Tax Code and VAT No. IT 13425590158 (hereinafter, the "Controller" or "SoftAgile"), as data controller, informs you pursuant to arts. 13 and 14 of Regulation (EU) 2016/679 (hereinafter, "GDPR") and Italian Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter, the "Italian Privacy Code"), that your data will be processed in the manner and for the purposes described below. This notice applies to the websites ecosagile.com and store.ecosagile.com - Version 2.0 of 12/06/2026. This English version is provided for the convenience of international users; in the event of any discrepancy, the Italian version shall prevail.
1. Subject of the processing
The Controller processes the identification and contact personal data (in particular: first name, surname, company name, address, e-mail, telephone number, company role – hereinafter, "personal data" or "data") provided by you when submitting a contact or demo request, activating apps and Trial/Freemium versions from the Controller's website and app stores, subscribing to the newsletter service offered by the Controller, as well as, in the case of purchases through the e-commerce store (store.ecosagile.com), the company and billing data, the data of the contact person placing the order and the data relating to orders and subscriptions. Payment data (payment card) are collected and processed directly by the payment service providers referred to in section 5 and are not stored by the Controller in full form.
2. Data processed on behalf of Customers (SoftAgile as Data Processor)
This notice does NOT apply to the personal data uploaded and processed by Customers within the EcosAgile products (by way of example: personal details, employment, remuneration, health and attendance data of the Customers' employees and collaborators). In relation to such data, the Customer acts as Data Controller and SoftAgile as Data Processor pursuant to art. 28 GDPR, on the basis of the data processing agreement (DPA) entered into with the Customer. Data subjects (employees, collaborators, candidates of the Customers) are invited to contact their employer or reference company, as Data Controller, to receive the relevant privacy notice and to exercise their rights; any requests received directly by SoftAgile will be forwarded to the competent Customer Controller.
3. Purposes of the processing and legal bases
Your personal data are processed:
A) without your express consent, for the following Service Purposes:
- to respond to contact and demo requests and to activation requests for Services (apps, Trial and Freemium) made by you, and to allow subscription to the newsletter service (art. 6(1)(b) GDPR - pre-contractual measures and performance of the contract);
- to conclude and perform the contracts for the Controller's services, including purchases and subscriptions made through the store, the related invoicing and the management of recurring payments (art. 6(1)(b) GDPR);
- to provide technical support to the Customer for the analysis of issues, help desk, service monitoring, etc., and to process the data for the various services and processes provided to the Customer such as reporting, research, transmission, integrations with external sources where requested (art. 6(1)(b) GDPR);
- to comply with the obligations laid down by law, regulations, EU legislation or an order of the Authorities, including tax and accounting obligations (art. 6(1)(c) GDPR);
- to prevent or detect fraudulent activities or abuses harmful to the website, the store and the app stores, and to ensure the security of the systems (art. 6(1)(f) GDPR - legitimate interest of the Controller in protecting its systems and business);
- to exercise the Controller's rights, for example the right of defence in legal proceedings and credit protection (art. 6(1)(f) GDPR - legitimate interest).
B) Only with your specific and separate consent (art. 6(1)(a) GDPR and art. 130 of the Italian Privacy Code), for the following Marketing Purposes:
- to send by e-mail newsletters, commercial communications and/or advertising material on products or services offered by the Controller.
Please note that if you are already our customer, we may send you commercial communications relating to services and products of the Controller similar to those you have already used, unless you object (art. 130(4) of the Italian Privacy Code), which you may do at any time.
The Controller does not carry out processing involving decisions based solely on automated processing, including profiling, which produce legal effects concerning you (art. 22 GDPR).
4. Processing methods and retention periods
The processing of your personal data is carried out by means of the operations indicated in art. 4(2) GDPR, namely: collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, restriction, communication, erasure and destruction of data. Your personal data are processed both on paper and electronically and/or by automated means, with the adoption of appropriate technical and organisational security measures pursuant to art. 32 GDPR.
The Controller will process the personal data for the time necessary to fulfil the above purposes and in any case: for the Service Purposes, for the duration of the relationship and for no longer than 10 years after its termination, in accordance with the legal obligations under civil and tax law; for the Marketing Purposes, for no longer than 3 years from the collection of the data or from the last relevant contact. Data relating to discontinued Trial/Freemium versions are deleted as provided for in the General Terms.
With regard to the data recorded in the Cloud service under active contracts, SoftAgile will delete such data within 90 days from the end of the contract; the data will be deleted from the backups 30 days after the online deletion.
5. Recipients of the data
Your data may be made accessible for the purposes referred to in sections 3.A) and 3.B):
- to employees and collaborators of the Controller, in their capacity as persons authorised to process the data pursuant to art. 29 GDPR and art. 2-quaterdecies of the Italian Privacy Code and/or system administrators;
- to parties providing services instrumental to the above purposes (for example: hosting and data center services, technical services for data processing and for the management of information systems, marketing and newsletter services, storage of personal data, etc.) or to third parties (for example: suppliers, credit institutions, professional firms, consultants, etc.) carrying out outsourced activities on behalf of the Controller, in their capacity as data processors pursuant to art. 28 GDPR;
- for purchases made through the store, to the payment service providers (currently Stripe and PayPal), compliant with PCI-DSS standards, which process the payment data as independent data controllers for the matters within their respective competence; please refer to their respective privacy notices;
- to supervisory bodies, judicial authorities and all other parties to whom communication is mandatory by law (art. 6(1)(c) GDPR).
Your data will not be disseminated. The updated list of data processors is available from the Controller, by writing to softagile@pec.collabra.it or info@ecosagile.com.
6. Data transfers
The management and storage of personal data will take place on servers located within the European Union belonging to the Controller and/or to third-party companies duly appointed as Data Processors. The servers are currently located in Italy. The data processed by the Controller will not be transferred outside the European Union, except as follows: the payment service providers (Stripe, PayPal) may transfer payment data to non-EU countries (in particular the United States) within the scope of their own processing, on the basis of adequacy decisions of the European Commission (including the EU-U.S. Data Privacy Framework, where applicable) or of the standard contractual clauses. It is in any case understood that, should it become necessary to relocate the servers, the Controller hereby ensures that any transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the conclusion of the standard contractual clauses provided for by the European Commission or on the basis of other appropriate safeguards pursuant to arts. 44 et seq. GDPR.
The data are transmitted in encrypted form between the Cloud system and the user.
Any interface files, where requested, are made accessible via encrypted protocols (SFTP) with NON-encrypted files (txt, csv, etc.) and it is the Customer's responsibility to delete such files once no longer of interest.
7. Nature of the provision of data and consequences of refusal
The provision of data for the purposes referred to in section 3.A) is necessary. In its absence, we will not be able to guarantee your registration on the website, the activation of the Services or the completion of purchases through the store.
The provision of data for the purposes referred to in section 3.B) is instead optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Controller. In any case, you will continue to be entitled to the Services referred to in section 3.A).
8. Rights of the data subject
As a data subject, you have the rights set out in arts. 15-22 GDPR, namely the rights:
i. of access (art. 15): to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to the data and to information relating to the processing (purposes, categories of data, recipients, retention period, source of the data);
ii. to rectification (art. 16): to obtain the rectification of inaccurate data and the completion of incomplete data;
iii. to erasure (art. 17): to obtain the erasure of the data in the cases provided for, for example where the data are no longer necessary for the purposes or where consent has been withdrawn;
iv. to restriction (art. 18): to obtain the restriction of processing in the cases provided for;
v. to data portability (art. 20): to receive the data provided in a structured, commonly used and machine-readable format and to transmit them to another controller, in the cases provided for;
vi. to object (art. 21): to object at any time, on grounds relating to your particular situation, to processing based on legitimate interest, and to object at any time and without any justification to processing for direct marketing purposes, including by traditional means (telephone, postal mail); the objection may also be exercised in part only, choosing to receive only communications by traditional means or only automated communications or neither;
vii. to withdraw consent (art. 7): to withdraw at any time the consent given for the Marketing Purposes, without prejudice to the lawfulness of the processing carried out before the withdrawal, including via the unsubscribe link present in each communication;
viii. to lodge a complaint (art. 77): to lodge a complaint with the Italian supervisory authority (Garante per la protezione dei dati personali, www.garanteprivacy.it) or, if you reside or work in another EEA Member State, with the supervisory authority of that State.
Where the data protection laws of other jurisdictions apply to you (for example, the UK GDPR, the Swiss FADP, US state privacy laws or Latin American data protection laws), you may also have additional rights under such laws, which you may exercise using the contact details set out in section 9.
9. How to exercise your rights
You may exercise your rights at any time by sending:
- an e-mail to info@ecosagile.com;
- a certified e-mail (PEC) to softagile@pec.collabra.it;
- a registered letter with return receipt to SOFTAGILE S.r.l., Via Giovanni Pezzotti, 2 – 20141 Milan, Italy.
The Controller will respond within one month of the request, which may be extended by two months in cases of particular complexity pursuant to art. 12 GDPR.
10. Minors
This website, the store and the Controller's Services are intended exclusively for business users and are not intended for minors under the age of 18; the Controller does not knowingly collect personal information relating to minors. In the event that information on minors is unintentionally recorded, the Controller will delete it promptly, at the request of the users.
11. Cookies
For information on the use of cookies and other tracking tools by the website and the store, please refer to the Cookie Policy, available on each website, drawn up in accordance with the Guidelines of the Italian data protection authority (Garante).
12. Data Controller
The Data Controller is SOFTAGILE S.r.l., with registered office in Via G.Pezzotti, 2 – 20141 Milan (MI), Italy, and operational office in Via Giovanni Pezzotti, 2 – 20141 Milan, e-mail info@ecosagile.com, certified e-mail (PEC) softagile@pec.collabra.it.
The updated list of data processors and of the categories of authorised persons is kept at the registered office of the Data Controller.
13. Changes to this Privacy Notice
This Notice may be subject to changes, including as a result of regulatory developments. We therefore recommend that you check this Notice regularly and refer to the most up-to-date version, identified by the version number and date indicated at the top.
1. Subject of the processing
The Controller processes the identification and contact personal data (in particular: first name, surname, company name, address, e-mail, telephone number, company role – hereinafter, "personal data" or "data") provided by you when submitting a contact or demo request, activating apps and Trial/Freemium versions from the Controller's website and app stores, subscribing to the newsletter service offered by the Controller, as well as, in the case of purchases through the e-commerce store (store.ecosagile.com), the company and billing data, the data of the contact person placing the order and the data relating to orders and subscriptions. Payment data (payment card) are collected and processed directly by the payment service providers referred to in section 5 and are not stored by the Controller in full form.
2. Data processed on behalf of Customers (SoftAgile as Data Processor)
This notice does NOT apply to the personal data uploaded and processed by Customers within the EcosAgile products (by way of example: personal details, employment, remuneration, health and attendance data of the Customers' employees and collaborators). In relation to such data, the Customer acts as Data Controller and SoftAgile as Data Processor pursuant to art. 28 GDPR, on the basis of the data processing agreement (DPA) entered into with the Customer. Data subjects (employees, collaborators, candidates of the Customers) are invited to contact their employer or reference company, as Data Controller, to receive the relevant privacy notice and to exercise their rights; any requests received directly by SoftAgile will be forwarded to the competent Customer Controller.
3. Purposes of the processing and legal bases
Your personal data are processed:
A) without your express consent, for the following Service Purposes:
- to respond to contact and demo requests and to activation requests for Services (apps, Trial and Freemium) made by you, and to allow subscription to the newsletter service (art. 6(1)(b) GDPR - pre-contractual measures and performance of the contract);
- to conclude and perform the contracts for the Controller's services, including purchases and subscriptions made through the store, the related invoicing and the management of recurring payments (art. 6(1)(b) GDPR);
- to provide technical support to the Customer for the analysis of issues, help desk, service monitoring, etc., and to process the data for the various services and processes provided to the Customer such as reporting, research, transmission, integrations with external sources where requested (art. 6(1)(b) GDPR);
- to comply with the obligations laid down by law, regulations, EU legislation or an order of the Authorities, including tax and accounting obligations (art. 6(1)(c) GDPR);
- to prevent or detect fraudulent activities or abuses harmful to the website, the store and the app stores, and to ensure the security of the systems (art. 6(1)(f) GDPR - legitimate interest of the Controller in protecting its systems and business);
- to exercise the Controller's rights, for example the right of defence in legal proceedings and credit protection (art. 6(1)(f) GDPR - legitimate interest).
B) Only with your specific and separate consent (art. 6(1)(a) GDPR and art. 130 of the Italian Privacy Code), for the following Marketing Purposes:
- to send by e-mail newsletters, commercial communications and/or advertising material on products or services offered by the Controller.
Please note that if you are already our customer, we may send you commercial communications relating to services and products of the Controller similar to those you have already used, unless you object (art. 130(4) of the Italian Privacy Code), which you may do at any time.
The Controller does not carry out processing involving decisions based solely on automated processing, including profiling, which produce legal effects concerning you (art. 22 GDPR).
4. Processing methods and retention periods
The processing of your personal data is carried out by means of the operations indicated in art. 4(2) GDPR, namely: collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, restriction, communication, erasure and destruction of data. Your personal data are processed both on paper and electronically and/or by automated means, with the adoption of appropriate technical and organisational security measures pursuant to art. 32 GDPR.
The Controller will process the personal data for the time necessary to fulfil the above purposes and in any case: for the Service Purposes, for the duration of the relationship and for no longer than 10 years after its termination, in accordance with the legal obligations under civil and tax law; for the Marketing Purposes, for no longer than 3 years from the collection of the data or from the last relevant contact. Data relating to discontinued Trial/Freemium versions are deleted as provided for in the General Terms.
With regard to the data recorded in the Cloud service under active contracts, SoftAgile will delete such data within 90 days from the end of the contract; the data will be deleted from the backups 30 days after the online deletion.
5. Recipients of the data
Your data may be made accessible for the purposes referred to in sections 3.A) and 3.B):
- to employees and collaborators of the Controller, in their capacity as persons authorised to process the data pursuant to art. 29 GDPR and art. 2-quaterdecies of the Italian Privacy Code and/or system administrators;
- to parties providing services instrumental to the above purposes (for example: hosting and data center services, technical services for data processing and for the management of information systems, marketing and newsletter services, storage of personal data, etc.) or to third parties (for example: suppliers, credit institutions, professional firms, consultants, etc.) carrying out outsourced activities on behalf of the Controller, in their capacity as data processors pursuant to art. 28 GDPR;
- for purchases made through the store, to the payment service providers (currently Stripe and PayPal), compliant with PCI-DSS standards, which process the payment data as independent data controllers for the matters within their respective competence; please refer to their respective privacy notices;
- to supervisory bodies, judicial authorities and all other parties to whom communication is mandatory by law (art. 6(1)(c) GDPR).
Your data will not be disseminated. The updated list of data processors is available from the Controller, by writing to softagile@pec.collabra.it or info@ecosagile.com.
6. Data transfers
The management and storage of personal data will take place on servers located within the European Union belonging to the Controller and/or to third-party companies duly appointed as Data Processors. The servers are currently located in Italy. The data processed by the Controller will not be transferred outside the European Union, except as follows: the payment service providers (Stripe, PayPal) may transfer payment data to non-EU countries (in particular the United States) within the scope of their own processing, on the basis of adequacy decisions of the European Commission (including the EU-U.S. Data Privacy Framework, where applicable) or of the standard contractual clauses. It is in any case understood that, should it become necessary to relocate the servers, the Controller hereby ensures that any transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the conclusion of the standard contractual clauses provided for by the European Commission or on the basis of other appropriate safeguards pursuant to arts. 44 et seq. GDPR.
The data are transmitted in encrypted form between the Cloud system and the user.
Any interface files, where requested, are made accessible via encrypted protocols (SFTP) with NON-encrypted files (txt, csv, etc.) and it is the Customer's responsibility to delete such files once no longer of interest.
7. Nature of the provision of data and consequences of refusal
The provision of data for the purposes referred to in section 3.A) is necessary. In its absence, we will not be able to guarantee your registration on the website, the activation of the Services or the completion of purchases through the store.
The provision of data for the purposes referred to in section 3.B) is instead optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Controller. In any case, you will continue to be entitled to the Services referred to in section 3.A).
8. Rights of the data subject
As a data subject, you have the rights set out in arts. 15-22 GDPR, namely the rights:
i. of access (art. 15): to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to the data and to information relating to the processing (purposes, categories of data, recipients, retention period, source of the data);
ii. to rectification (art. 16): to obtain the rectification of inaccurate data and the completion of incomplete data;
iii. to erasure (art. 17): to obtain the erasure of the data in the cases provided for, for example where the data are no longer necessary for the purposes or where consent has been withdrawn;
iv. to restriction (art. 18): to obtain the restriction of processing in the cases provided for;
v. to data portability (art. 20): to receive the data provided in a structured, commonly used and machine-readable format and to transmit them to another controller, in the cases provided for;
vi. to object (art. 21): to object at any time, on grounds relating to your particular situation, to processing based on legitimate interest, and to object at any time and without any justification to processing for direct marketing purposes, including by traditional means (telephone, postal mail); the objection may also be exercised in part only, choosing to receive only communications by traditional means or only automated communications or neither;
vii. to withdraw consent (art. 7): to withdraw at any time the consent given for the Marketing Purposes, without prejudice to the lawfulness of the processing carried out before the withdrawal, including via the unsubscribe link present in each communication;
viii. to lodge a complaint (art. 77): to lodge a complaint with the Italian supervisory authority (Garante per la protezione dei dati personali, www.garanteprivacy.it) or, if you reside or work in another EEA Member State, with the supervisory authority of that State.
Where the data protection laws of other jurisdictions apply to you (for example, the UK GDPR, the Swiss FADP, US state privacy laws or Latin American data protection laws), you may also have additional rights under such laws, which you may exercise using the contact details set out in section 9.
9. How to exercise your rights
You may exercise your rights at any time by sending:
- an e-mail to info@ecosagile.com;
- a certified e-mail (PEC) to softagile@pec.collabra.it;
- a registered letter with return receipt to SOFTAGILE S.r.l., Via Giovanni Pezzotti, 2 – 20141 Milan, Italy.
The Controller will respond within one month of the request, which may be extended by two months in cases of particular complexity pursuant to art. 12 GDPR.
10. Minors
This website, the store and the Controller's Services are intended exclusively for business users and are not intended for minors under the age of 18; the Controller does not knowingly collect personal information relating to minors. In the event that information on minors is unintentionally recorded, the Controller will delete it promptly, at the request of the users.
11. Cookies
For information on the use of cookies and other tracking tools by the website and the store, please refer to the Cookie Policy, available on each website, drawn up in accordance with the Guidelines of the Italian data protection authority (Garante).
12. Data Controller
The Data Controller is SOFTAGILE S.r.l., with registered office in Via G.Pezzotti, 2 – 20141 Milan (MI), Italy, and operational office in Via Giovanni Pezzotti, 2 – 20141 Milan, e-mail info@ecosagile.com, certified e-mail (PEC) softagile@pec.collabra.it.
The updated list of data processors and of the categories of authorised persons is kept at the registered office of the Data Controller.
13. Changes to this Privacy Notice
This Notice may be subject to changes, including as a result of regulatory developments. We therefore recommend that you check this Notice regularly and refer to the most up-to-date version, identified by the version number and date indicated at the top.