Privacy Policy of Softinstigate Srl Società Benefit

This privacy policy governs all RESTHeart services provided by SoftInstigate Srl Società Benefit. The original privacy policy is written in Italian under Italian and EU law. In case of any discrepancy between the Italian and English versions, the Italian version shall apply and prevail.

Information on the processing of personal data pursuant to Articles 12 and following of the General Data Protection Regulation (GDPR)

Last updated: 23/4/2025

Regulation (EU) 2016/679 ("General Data Protection Regulation"), hereinafter GDPR, provides for the protection of natural persons with regard to personal data.
SoftInstigate is committed to ensuring that the processing of data relating to a natural person (hereinafter "data subject") is based on the principles of fairness, lawfulness and transparency, as well as protection of confidentiality and the rights of the data subject.
SoftInstigate will process your personal data in compliance with regulations, with the utmost care, implementing effective management procedures and processes to ensure protection of processing, committing to protect communicated information in such a way as to avoid unauthorized access or disclosure as well as to maintain data accuracy and to ensure its appropriate use.
We provide you pursuant to Article 13 of the GDPR (EU regulation 2016/679) and in accordance with the principle of transparency, the following information in order to make you aware of the characteristics and methods of data processing:

1. Identity and contact details

The Data Controller is SoftInstigate S.R.L. Società Benefit

• Legal representative: Andrea Di Cesare
• Registered office: Via del Beato Cesidio 49, 67100, L'Aquila, Italy
• Mail: info@softinstigate.com
• Certified email (PEC): softinstigate@legalmail.it

2. Contact details of the Data Protection Officer (DPO)

Since Softinstigate does not fall within the cases provided for in Article 37, paragraph 1, of the GDPR, the Data Protection Officer has not been appointed.

3. Type of data processed, purpose of processing, legal basis and legitimate interest

Softinstigate collects and/or receives independently or through third parties the personal data indicated below which will be processed for the purposes described below.

3.1. Type of data processed

The information concerning you as a Data Subject are:

• personal data (e.g. name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile phone, tax code, email address/es);
• data necessary for invoicing for products and services purchased directly from SoftInstigate and data necessary for the provision and invoicing of products and services purchased through SoftInstigate-owned websites.
• web traffic data processed in aggregated and automated form through Plausible Analytics. Plausible does not use any cookies and is a service specifically designed to respect privacy. Data is collected only for statistical purposes in completely anonymous form and is never used for user identification or profiling. For more details, please refer to Plausible's privacy policy.

Softinstigate does not collect or receive so-called special categories of data as defined in Article 9 of the GDPR.

Purpose of processing

The processing of your personal data is carried out:

• to allow you to request information or services;
• for purposes connected and instrumental to the management of your information and contact requests, as well as the fulfillment of any other consequent obligation;
• for purposes connected and instrumental to the activation and operation of services and/or products provided by the company based on your request;
• for legitimate interest purposes of SoftInstigate; for example: for the analysis and improvement of its services; for carrying out statistical activities and/or market research and development, including through analysis of data collected in the use of services and products or from analysis of consumption behaviors; to defend its rights during the course of judicial, administrative or extrajudicial proceedings, and in the context of disputes arising in relation to the services offered; in the case of extraordinary company operations;
• to comply with legal obligations to which Softinstigate is subject as a function of the activity carried out;
• to allow you to consult the Softinstigate-owned websites listed below:
  • softinstigate.com
  • softinstigate.it
  • restheart.org

SoftInstigate informs you that it does not commercialize your personal data nor uses it for undeclared purposes.
If the data controller intends to process personal data for a purpose other than that for which it was collected, before such further processing, the controller will provide the data subject with information regarding such different purpose and any further relevant information.
You can obtain detailed information on data collected through interaction with external systems in Article 8 of this policy.

3.3. Legal basis of processing and legitimate interest

SoftInstigate processes data based on consent.
Therefore, Personal Data can be provided by you freely subject to what is specified below or, in the case of web traffic data, collected automatically and in an anonymized manner as indicated above in this article.
PLEASE NOTE: By using or consulting SoftInstigate-owned websites, you explicitly approve as a data subject this privacy policy and consent to the processing of your personal data in relation to the methods and purposes described, including any disclosure to third parties if necessary for the provision of a service.
The communication of data constitutes an essential requirement for the fulfillment of pre-contractual and/or contractual obligations. Failure to communicate personal data could result in the inability to provide the requested services, and website navigation itself may be compromised.
It is always possible to request the Controller to clarify the concrete legal basis of each processing indifferently and, in particular, to specify whether the processing is based on law, provided for by a contract or necessary to conclude a contract or other legitimate interest.

4. Recipients and any categories of recipients of personal data

Data is processed within the company by subjects authorized to process data under the responsibility of the Controller for the purposes indicated above.
Data may be communicated to any external Data Processors who have entered into specific agreements with the Data Controller.
Data may be communicated to the following categories of recipients: employees, external consultants of SoftInstigate Srl Società Benefit (by way of example and not exhaustive: legal consultants, labor consultants, commercial firms, etc.); companies that own systems for data management, updating and storage, third-party technical service providers, postal couriers, hosting providers, etc.
Without the need for express consent (Article 6 letter b, GDPR), the Controller may communicate your data to Supervisory Bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the purposes stated above. These subjects will process the data in their capacity as independent data controllers.

5. Data retention period

Personal data is processed and stored for the time required by the purposes for which it was collected. Therefore:

• Personal Data collected for purposes related to the execution of a contract that binds us as Controller and Data Subject or following your request will be retained until the execution of such contract is completed and/or your request is satisfied.
• Personal Data collected for purposes related to the legitimate interest of the Controller will be retained until such interest is satisfied. The Data Subject can obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this policy or by contacting the Controller.

When processing is based on the Data Subject's consent, the Controller may retain Personal Data longer until such consent is revoked. Furthermore, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon expiration of this term, the right of access, deletion, rectification and the right to data portability can no longer be exercised.

6. Data rights

It is specified that, in reference to your personal data, you can exercise the following rights:

1. Right of access to your personal data: the right to obtain rectification or deletion of the same or limitation of processing concerning them; if the data is not provided directly by you as a data subject, you have the right to know all available information about their origin;
2. Right to object to processing;
3. Right to data portability: right applicable only to data in electronic format, as regulated by Article 20 of the GDPR.

If data processing is based on Article 6, paragraph 1, letter a) of regulation EU 2016/679, you have the right to withdraw consent at any time without prejudice to the lawfulness of processing based on consent before withdrawal. Regarding the methods of exercising the aforementioned rights, as a data subject you can write to info@softinstigate.com; furthermore, you have the right to lodge a complaint with the supervisory authority and to contact the Privacy Guarantor (for further information, consult the institutional website of the Privacy Guarantor www.garanteprivacy.it).

7. Methods and place of processing

The processing of your personal data may consist of any operation or set of operations among those indicated in Article 4 of the GDPR.
Communicated personal data will be stored in our paper and/or electronic archives with logic strictly related to the indicated purposes, adopting adequate technical and organizational measures aimed at protecting the data itself. The processing of personal data will take place through the use of tools and procedures suitable to guarantee its security and confidentiality and may be carried out, directly and/or through authorized third parties with whom the Controller has entered into specific agreements, through the use of computer means or electronic tools.
Personal data provided by you will be processed at the Controller's premises and in any other place where parties involved in processing are located.
The Controller reserves the right to transfer such data to a third country or to an international organization for which there exists:

• an adequacy decision by the European Commission;
• reference to appropriate or suitable safeguards and the means to obtain a copy of such data and the place where they have been made available (in the case of transfers referred to in Article 46 or 47, or Article 49, second paragraph GDPR).

In this case you will be given prompt notification of the transfer.

8. Cookies

Our main website does not set any cookies on your device. No tracking or data collection occurs through cookies.
We use Plausible Analytics to collect aggregated statistics about website traffic, but this service does not use cookies and does not track individual users. All collected data is completely anonymous and aggregated, in full compliance with GDPR and CCPA.
For more details, please refer to our Cookie Policy.

9. Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, where technically and legally feasible, by sending a notification to Users through one of the contact details in its possession. We therefore recommend that you regularly consult this page, referring to the date of last modification. If the changes concern processing whose legal basis is consent, the Controller will collect the User's consent again, if necessary.