This Privacy Policy describes how we collect, use and protect the personal data of users who visit and use the PM SiteFlow website and platform, in compliance with Regulation (EU) 2016/679 (GDPR) and current Italian legislation on personal data protection.
1. Data controller
The Data Controller for personal data processing is:
PM SiteFlow
For any information regarding personal data processing, you can contact the Controller through the Contact.
2. Types of data collected
PM SiteFlow collects the following categories of personal data:
Identification data
Name, surname, company name, tax code, VAT number
Contact data
Email address, phone number, postal address
Professional data
Job role, business sector, professional qualifications, managed projects
Technical data
IP address, browser type, operating system, browsing data (via technical cookies)
3. Purposes of processing
Personal data is processed for the following purposes:
- Service provision: registration, authentication, access to platform features
- Communications: sending notifications, updates, responses to requests
- Project management: organization of teams, tasks, events, documents and project communications
- Customer support: response to support requests and information
- Legal compliance: compliance with legal obligations, judicial authority requests
- Service improvement: aggregate and anonymous analysis on platform usage (with consent)
4. Legal basis for processing
Personal data processing is based on the following legal bases:
- Contract execution: for providing services requested by the user
- Consent: for sending promotional communications and using non-technical cookies
- Legal obligation: to fulfill legal requirements
- Legitimate interest: for service security and fraud prevention
5. Data retention
Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected, in compliance with the principles of minimization and storage limitation.
In particular:
- Account data: for the duration of the contractual relationship and for the following 10 years
- Project data: for the duration of the project and for the following 10 years
- Navigation data: maximum 12 months
- Cookie consent logs: 24 months from the date of consent registration, after which they are automatically deleted
6. Data subject rights
In accordance with GDPR, the user has the right to:
Access
Obtain confirmation of processing and access to their data
Rectification
Correct inaccurate or incomplete data
Erasure
Request deletion of their data (right to be forgotten)
Restriction
Limit processing in certain cases
Portability
Receive their data in a structured format
Objection
Object to processing based on legitimate interest
To exercise these rights, please contact us at: Contact.
The user also has the right to lodge a complaint with the competent Data Protection Authority.
7. Data security
PM SiteFlow adopts appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction or disclosure, including:
- Data encryption in transit (HTTPS/TLS)
- Password encryption (bcrypt)
- Role-based access control
- Activity monitoring and logging
- Regular data backups
8. Policy updates
This Privacy Policy may be updated to reflect changes in services or regulations. Cookie Policy.
9. Changes to the Privacy Policy
This Privacy Policy may be subject to changes or updates. Any substantial changes will be communicated to users through appropriate means.
The updated version is always available on this page.
