Netmon - Privacy Policy on the processing of personal data pursuant to Arts. 13-14 of Regulation (EU) 2016/679

 

Data Subjects: Netmon service users

This Privacy Policy relates to the processing of personal data carried out by the Netmon portal, which allows for the monitoring and application of dispositive policies on the data/voice traffic of corporate SIMs cards.

Data controller

The company using the Netmon portal, which establishes the data processing purposes and means.

Data processor

The Data Processor on behalf of the telecommunication provider is TECHNACY S.R.L., with registered office and operational headquarters in Via Molveno 5, 48015 Cervia (RA), Italy, tax code and VAT registration number 02399920392. Further information on the privacy policies applied is available on the website www.technacy.it

Purposes of processing

•    Monitoring and application of dispositive policies on the data traffic of corporate SIMs that navigate through the Netmon’s APN (Access Point Name)        set in the device;
•    Monitoring and application of dispositive policies on the voice traffic of corporate SIMs carried out through the Netmon Voce app installed on the            device containing the SIM.

Available features and data processing

Through authorized users, the Netmon portal allows the data controller to:

•    enter the data of the SIMs to be monitored (telephone number);
•    set navigation policies for the SIMs: notifications, traffic blocking, traffic slowdown (only for data traffic), navigation filters (only for data traffic);
•    view in real time the amount of data traffic (in megabyte) and voice traffic (minutes/SMS messages) carried out by the SIMs. The Netmon service            does not identify the exact location of the SIM but only the country where the SIM is carrying out the traffic;
•    view the history of the amount of data traffic (in megabyte) and voice traffic (minutes/SMS messages) carried out by the SIMs according to the                settings set by the data controller and the use of the SIM by the user (e.g. employee and/or collaborator).

In order to simplify the data controller’s activities, the Data Controller can enter the following optional data:

•    name, surname, email address of SIMs users.

The Data Controller shall be responsible for setting the Netmon service, issuing the information access authorizations to the relevant persons in charge, drawing up the instructions for the correct processing of data and establishing the information obligations towards service users.

Specifications on the data collected by the Netmon portal 

The Netmon portal shows the amount of data traffic carried out by the corporate SIMs through the Netmon’s APN (Access Point Name) set in the service users’ devices. It also shows the amount of voice traffic (minutes/SMS messages) carried out by the corporate SIMs through the Netmon Voce app installed on the service users’ devices.
In addition to the quantitative data of the traffic carried out by the SIMs, the Netmon portal allows for the optional collection of the data (name, surname, email address) of service users (e.g. employees and/or collaborators) in order to simplify the Data Controller’s activities.

Ancillary purposes

The information collected shall be also used for ancillary purposes required to ensure the correct operation of the service, such as maintenance, assistance, and data transmission security.

Method and security of processing

Personal data shall be processed using electronic and telematic means in compliance with the provisions under art. 5 and 32 of the GDPR, adopting appropriate security measures.

Recipients

The personal data resulting from the use of the Netmon network shall only be processed by duly appointed competent subjects or subjects appointed as data processors for the correct management of the service, ensuring the protection of the data subject’s rights. Such subjects include:

Data processors: telecommunication provider, Technacy, any other IT service providers.

Recipients inside the company: the data shall be processed by personnel expressly authorized by the Data Controller.

Transfer of personal data to third countries

The Netmon service shall not transfer any personal data to non-EU countries.

Disclosure

The data subject’s personal data shall not be disclosed in any way.

Storage period

Personal data shall be stored at least up to the end of the contractual relationships as well as for any additional period provided for in the contracts.

Rights of the Data Subject that may be exercised against the Data Controller - if applicable - pursuant to Regulation (EU) 2016/679 Arts. 15, 16, 17, 18, 19, 20, 21, 22

1. The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her do exist, even if not yet                    registered, and to be provided such data in an intelligible form .

2. The data subject shall have the right to be informed of:

a.  the source of personal data;
b.  the purposes and methods of processing;
c.  the logic involved in the event of data processed using electronic means;
d.  the identification data of data controller, data processors and designated representative pursuant to art. 5, par. 2;
e.  the entities or categories of entities to which the personal data may be disclosed or which may acquire the personal data as designated                   representative in the country’s territory or as data processors or as entities in charge of data processing.

3. The interested party shall have right to obtain:

a.  the update or rectification of personal data as well as to have incomplete personal data completed, if he or she wishes;
b.  the erasure, anonymisation or blockage of personal data being processed in violation of the law, including data which do not need to be stored       in relation to the purposes for which they have been collected or subsequently processed;
c.  the confirmation that the entities to which data have been disclosed have been informed of the operations under letters a) and b), including             their content, except where the fulfilment of this obligation proves to be impossible or would involve a disproportionate effort with respect to           the right being protected;
d.  the data portability.

4. The data subject shall have the right to object, in whole or in part:

a. to the processing of personal data concerning him or her for legitimate grounds, even if such data are in line with the purposes for which data are collected;
b. to the processing of personal data concerning him or her for direct marketing purposes, for receiving advertising materials or marketing communications or for market researches.

Right to lodge a complaint

Moreover, the Data Subject shall have the right, for valid and legitimate grounds, to lodge a complaint with the Italian data protection supervisor, called “Garante per la protezione dei dati personali”, as supervisory authority in compliance with the established procedures. For further information as well as to exercise his or her rights under the EU Regulation, the data subject may contact the Data Controller using the above contact details .

 

 

 

Netmon Policy Rev. 1/2023