Our mission is to facilitate the exchange and acquisition of contacts between professionals from all over the world, helping them to improve productivity and optimise work time through a network of readily available and constantly updated contacts.
Confidentiality, user data security, and transparency on the data we collect and use are the cornerstones of our mission.
This document is intended to provide information on how Visitas processes the personal data provided by its users in compliance with applicable legislation.
“General Data Protection Regulation”: hereinafter “Regulation (EU) 2016/679” or “GDPR”, i.e. the regulation which governs this policy.
“Data Subject”: hereinafter also “User o “You, i.e. the person using the services provided by Visitas.
“Controller”: he natural or legal person, public authority, service or other entity which, individually or jointly with others, determines the purposes and manner of the processing of personal data. When the purposes and manner of such processing are determined by European Union or Member State law, the Controller or the specific criteria applicable to its designation can be established by European Union or Member State law.
“Processor”: a natural person or legal person, public authority, service or other entity which processes personal data on behalf of the controller.
“Visitas”: hereinafter also “Controller” or “We” or “Ara S.r.l.”.
“Personal Data”: any information concerning an identified or identifiable natural person (“Data Subject”). An identifiable natural person is a person who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, identification number, location, online identifier (i.e. IP address, temporary markers, cookies, or tags) or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
“Site”: includes the website www.visitas.io and the Visitas apps.
“Business Card”: i.e. the digital business card that the User creates in using the services provided by Visitas.
“Visitas Free”: a free service designed for individual professionals. By subscribing to the Free option, the User can create, store and exchange their Business Card, and also interact with personal contacts.
“Visitas Premium”: a paid service designed for individual professionals or small businesses. By subscribing to the Premium option, the User – in addition to the services provided under the Free option – can create statistics on their network, customise and manage one or more personal Business Cards, and share other users’ Business Cards.
“Visitas Business”: a paid service designed for large, structured companies. By subscribing to the Business option, the User – in addition to the services provided under the Visitas Free and Visitas Premium options – can manage an internal company dashboard, integrate the dashboard with CRM systems, carry out network performance analysis, and grant employees access to a personal area.
“Services”: he services provided through the Site and included under the Visitas Free, Visitas Premium and Visitas Business options.
This information is provided in accordance with Articles 13 and 14 of the General Data Protection Regulation and current national legislation and describes the manner and purposes of processing the Personal Data collected by Visitas when the User uses the www.visitas.io website and/or downloads and uses Visitas apps.
3. WHO IS THE CONTROLLER?
The Controller is Ara S.r.l., with registered office in Corso Magenta n. 56 - Milan (MI) - 20123, VAT number and Fiscal Code 10107040965, which can be contacted at the following e-mail address: (indicate an e-mail address on which you intend to receive any communications regarding privacy. Preferably a dedicated alias; do not use certified e-mail [pec] address).
4. WHAT DATA DO WE PROCESS?
We process the Personal Data provided directly by the User and data we automatically collect from your browser or device when you use our Site.
4.1 Personal Data provided directly by the User
To create an account and ensure subsequent access to our Site, you must provide certain Personal Data including your name and surname, e-mail address, employer’s company name, and a password.
To create and customise the Business Card, the User can choose to provide the following Personal Data: employer’s company name, VAT number, position held, personal and/or company website, business address, and e-mail address.
If the User intends to save the business cards of third parties in the contact area, the User can provide, within the limits of the law, the name, surname, telephone number, and e-mail address of said parties. In this regard, the User represents that such processing has an appropriate legal basis in accordance with Article 6 GDPR and undertakes to indemnify and hold harmless Visitas from any dispute, claim, or request for compensation for damage from processing, etc. by third parties whose Personal Data are processed through the use of the Site.
For the Services provided under the Visitas Premium option, the User must provide payment and billing information, including valid credit card information.
We process the Personal Data and information that the User voluntarily provides through our Site, live chat or other communication channels made available by Visitas (e-mail address, certified e-mail [PEC], telephone number and social channels) to, for example, request information, assistance, and support regarding the Services and/or to submit a request for professional collaboration.
It is the User’s responsibility to safeguard their access details to the Services in order to protect the integrity of the Personal Data and information contained on their profile.
4.2 Personal data provided by third parties
In case of registration on the Site through a Facebook, Google or Linkedin account, we collect the User’s Personal Data directly from the relevant platform. We invite you to check the privacy settings and policies of:
If the User does not wish to allow access to the information on the above platforms, the User can register on the Site without using the social login features.
By subscribing to the Visitas Business option, the User can allow Visitas to access the data present on the User’s existing systems (i.e. ERP or CRM) to synchronise contacts. It is henceforth understood that the information shared with Visitas in the manner described depends on the policies, settings and permissions it has defined for the Services provided by third parties.
4.3 Personal data collected automatically
We track certain information relating to User interaction with our Site. This information includes features used, links with which the User interacts, type, size, and file names of attachments uploaded through the Site, frequent search terms, and methods of interaction.
We collect specific information on the device used to access the Site, such as IP address, device type, operating system; and on the browser used, including access times, browser language, and Internet service provider.
We collect information relating to the use of the Site by the User, such as time spent, pages visited, links clicked, language preferences and access pages to Visitas.
5. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
In accordance with GDPR provisions, Visitas processes your Personal Data for the following purposes and insofar as the processing meets the conditions of lawfulness:
|Purpose of processing||Legal basis for data processing|
|To allow registration and subsequent access to the reserved area of the Site.||Performance of a contract or pre-contractual steps|
|To provide the requested Services and allow the use of the Services rendered through the Site.||Performance of a contract or pre-contractual steps|
|To manage activities related to the performance of the contract, including payment management.||Performance of a contract or pre-contractual steps|
|To manage the transmission of commercial and promotional communications.||Consent|
|To transmit newsletters and information and promotional material concerning services similar to previously purchased services (Soft spamming).||Legitimate interest|
|To allow sharing of the Business Card with other registered Users.||Consent|
|To carry out statistical surveys on data in an aggregate form.||Legitimate interest|
|For internal business activity.||Legitimate interest|
|To allow the Controller to carry out a potential merger, sale of assets, sale of a company or business unit by transferring the User’s Personal Data to the third part(y/ies) involved.||Legitimate interest|
|To comply with legal obligations and requests from law enforcement agencies.||Legal obligation Legitimate interest|
|To establish, exercise or defend legal claims or where judicial authorities act in judicial capacity.||Legitimate interest Legal obligation|
|To allow navigation and proper functioning of the Site.||Legitimate Interest|
6. IS THE TRANSFER OF PERSONAL DATA MANDATORY?
Without prejudice to the Personal Data and information collected automatically while browsing the Site, as described under point 5 above, the User is free to decide whether to provide their Personal Data.
Data marked as mandatory in forms on our Site must be provided. Failure to provide this information, or the provision of incomplete or untruthful information, shall render the supply of requested Services impossible. In all other cases, the provision of Personal Data is optional and any abstention shall not affect the supply of Services offered on the Site.
7. HOW AND FOR HOW LONG DO WE PROCESS PERSONAL DATA?
Personal Data are processed using manual, IT, and telematic (including automated) instruments, with logics strictly correlated to the purposes listed above and designed to ensure security and confidentiality. Personal Data processed for the performance of the contractual relationship will be retained for the time strictly necessary to pursue the purposes for which they were collected (i.e. for the time necessary to fulfill the statutory, fiscal and tax obligations in force) and in any case for a period not exceeding 10 years from the last registration. Personal Data may also be processed for a longer period of time if there is an act of interruption and/or suspension of the limitation period that justifies the extension of the extension of data storage. Personal Data collected for commercial and promotional purposes are processed by Visitas until such time as User consent is withdrawn.
The period having expired, the Personal Data processed will be fully or partially deleted automatically or made permanently anonymous.
Personal Data contained in the Business Card and in the User’s personal area will be retained for the entire duration of the contractual relationship. Visitas henceforth undertakes to delete such data following a request for account deletion - made through the appropriate “Delete account” feature - or where the User asserts the right to cancellation referred to under point 10.
8. WITH WHOM DO WE SHARE PERSONAL DATA?
Personal Data provided by the User may be transferred and shared with third parties operating as independent controllers or as processors or sub-processors for the purpose of providing the requested Services
The Processors with whom we share User Personal Data are third-party service providers, including:
- payment service providers: these guarantee the online payment service, including fraud detection;
- IT service providers (including cloud service providers): developers and entities providing tools for data analysis and storage;
- customer support service providers: these provide customer support tools such as live chat.
Where strictly necessary, the User’s Personal Data may be disclosed to third parties such as law enforcement agencies, competent authorities, public bodies, or judicial authorities who request the data in the exercise of their duties.
When the User decides to make their Business Card public through a specific feature, it can be shared by other registered Users. Visitas shall inform you by specific notification when this occurs.
Users may choose to restrict the sharing of their Business Card by selecting the Business Card privacy feature. If the User chooses to make their Business Card private and later decides to share it with unregistered persons, they shall receive a specific notification requesting consent for Business Card transmission.
The Personal Data collected will not be disclosed or communicated without the explicit and prior consent of the User outside the circumstances indicated above.
9. WHERE DO WE PROCESS PERSONAL DATA?
Personal Data shall be processed within the European Economic Area (EEA). Visitas henceforth warrants that, if necessary, the transfer of Personal Data to countries outside the EEA shall occur in accordance with Articles 44 et seq. GDPR. Data shall be transferred to persons residing in countries that guarantee an adequate level of protection for which there is an adequacy decision by the European Commission under Article 45 GDPR, or by implementing the other guarantees provided for by Chapter 5 GDPR. Please be informed that we can transfer your Personal Data relating to the payment platform integrated into the Site and managed by the aforementioned provider to the USA on the basis of adequate guarantees. For more details on the guarantees regarding the transfer of Personal Data to the USA, please visit https://stripe.com/privacy-shield-policy.
10. WHAT RIGHTS CAN THE USER EXERCISE?
With regard to the Personal Data processed by Visitas, as Data Subject the User has the right to:
- withdraw consent at any time: the User can withdraw previous consent to the processing of Personal Data. The withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to withdrawal;
- object to the processing of your data: the User can object to the processing of Personal Data at any time;
- access your data: the User can obtain confirmation from the Controller that the processing of Personal Data concerning the User is in progress and, if so, obtain access to the content and a copy of the same;
- request rectification: the User shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed;
- obtain the restriction of processing: the User shall have the right to request the restriction of the processing of his or her Personal Data where (a) the User contests the accuracy of the Personal Data, for a period enabling the Controller to verify the accuracy of the personal data; (b) the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead; (c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the User. In this case, the Controller may not process the data for any purpose other than their storage;
- obtain the erasure or removal of their personal data: the User shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: (a) the Personal Data are no longer necessary with respect to the purposes for which they have been collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based according the provisions of the Regulation, and where there is no other legal ground for the processing; (c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing; (d) the Personal Data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; (f) Personal Data refer to a child collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.
- receive the data or transmit the data to another controller: within the limits defined by the legislation, the User shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance. This provision is applicable when the processing is carried out by automated means, or when it is based on consent, or on a contract to which the User is a party or on contractual measures connected thereto;
- lodge a complaint: the User shall have the right to lodge a complaint with a supervisory authority (in Italy this is the Italian Data Protection Authority - Garante per la protezione dei dati personali) or to seek a judicial remedy.
The User can exercise their rights by sending a request to Visitas using the contact details indicated in this document. Requests are filed free of charge and processed by the Controller as soon as possible and in any case within one month.
11. NOTE FOR THE PROCESSING OF PERSONAL DATA OF THIRD PARTIES
Limited to the Personal Data of third parties held by User by virtue of their professional activity, the User is understood to be the Controller and therefore subject to the applicable obligations regarding the protection of personal data, with consequent liability in case of violation of the law. For this type of data, the User expressly appoints Visitas as Processor pursuant to Article 28 GDPR regarding the computerised processing of the same, including archiving and storage.
Visitas, as an entity possessing the experience, ability and reliability necessary to provide a suitable guarantee of full compliance with the current provisions on processing, including those relating to security, for the processing of personal data, shall assume the role of Processor according to the indications of the Controller in the appointment referred to in the link below. Visitas warrants that processing shall be carried out in compliance with the provisions of the Regulation using systems, including the cloud, or suitable measures to ensure the level of security appropriate to the applicable legislation, to its organisation, and to the technology available. To this end, Visitas reserves the right to appoint sub-processors.
This information may be updated and when this occurs we shall revise the date of the last update. The changes shall take effect from the revision date. We therefore invite Users to periodically consult this section of the Site.
Last update:: January 2021