Privacy Policy

Effective Date: May 25, 2018

1. Scope of this document

1.1 This document applies to the website www.herogami.com (the “Site”) and the Herogami On-Demand Service on the Site (“Service”) (“Site” and “Service” collectively defined as “Herogami”), owned and operated by Venticento Studio Srls (“Venticento”) and describes how Venticento collects and uses the personal information you provide us and it also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

1.2 This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. This updated version of our Privacy Policy reflects changes in data protection law. In addition, we have worked to make the Privacy Policy more coherent and understandable by reorganizing its sections (listed in the Table of Contents below), providing additional important details, and defining a few terms.

1.3 This privacy statement has been prepared based on provisions of multiple legislations, including Regulation (EU) 2016/679 (General Data Protection Regulation). This privacy policy relates solely to Herogami, if not stated otherwise within this document

1.4 Please, take the time to read our Privacy Policy carefully. We want to be clear on how we’re using information, and the ways in which you can protect your privacy.

1.5 We respect your right to privacy and feel it is important for you to know how we handle the information we receive from you via the Site, from our support channels, and from tools and services offered on the Service owned and managed by Venticento acting as the entity that acts as the Controller or Processor of your information, as explained in more detail below. If you have any questions, please feel free to contact us at: info@venticentostudio.it

2. Explanation of Terms

2.1 Terms of contractual nature used in this document are explained below in alphabetical order.

“Cookies” are small text files that are stored locally on the visitor’s device (e.g. PC, smartphone, tablet PC) when a website is visited. They can contain various information about the device used and the usage behavior and are sent back to the web server setting the cookie for the purpose of recognizing the user and his or her settings when reconnecting.

“Customer” is the individual, company, organization or entity that subscribed to the Service and created a dedicated Herogami account by filling the Sign-up forms located at www.herogami.com/signup.

“Customer Data” means any data that Venticento and/or its sub-processors processes on behalf of Customer in the course of providing the Services under the Agreement.

“Data Controller” means an entity that determines the purposes and means of the processing of Personal Data.

“Data Processing Agreement” is a contractual addendum to the Terms Of Service agreement between Venticento and the Customer.

“Data Processor” means an entity that processes Personal Data on behalf of the Data Controller.

“Data Protection Officer” (“DPO”) is an appointed security role required by the GDPR. Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Sub-processor” means any Data Processor engaged by Venticento to assist in fulfilling its obligations with respect to providing the Service. Sub-processors may include third parties.

2.2 With regards to the features of the Service mentioned in this document, the explanation is reported below in alphabetical order.

“Admin Menu” is the application menu located in the top-right corner of the Herogami application workspace.

“Customer Account Area” is a page of the Service reporting details and contact information of a Customer.

“Customer Administrator” is a person within a company or organization that has subscribed to the Service and that controls the organization’s Herogami account and accesses to administrative features such as adding or deleting users, upgrading of the subscription across the available paid plans, provisioning of financial-related information for processing payments.

“Customer Member” is a person within a company or organization that, following invitation from a Customer Administrator to join the Herogami account held in name of a company or organization, operates the Service within the context of its operational, non-administrative features related to the task-management capabilities of Herogami.

“Delete User Button” is a feature of Herogami that allows Customer Administrators to de-activate a Herogami user account.

“Subscription” is a term used in the SaaS provisioning model indicating an order granting the Customer unlicensed use of software applications and services hosted on remote computers and accessed by Customer appointed staff through the use of thin-clients, a web-browser in the case of Herogami. Herogami provides recurring subscriptions governed by the Terms of Service (“TOS”).

“Unsubscribe Link“ is a feature of Herogami that allows Customer Administrators to delete the account associated with the company or organization they refer to.

3. Applicability

3.1 This Privacy Policy applies to your Personal Data when you use Herogami website and on-demand Service. It also applies to other interactions (e.g. customer support inquiries, webinars, user conferences, feedback sharing, etc.) you may have with Venticento. The scope of the data processing will differ for the services and websites mentioned above, but this document covers the most comprehensive examples.

3.2 If you do not agree with the terms, you should not access or use the Services, websites, or any other aspect of Herogami and its related services.

3.3 This Privacy Policy does not apply to any third party applications or software that integrate with the Services through plugins, mashups or external tools. The organization (e.g., your employer or another entity) that entered into the Service Agreement (“Customer”) controls their instance of the Services (their “Instance”) and any associated Customer Data. If you have any questions about specific Instance settings and privacy practices, please contact the Administrator of the Customer whose Instance you use. If you have a user, you can check the "People" or "Users" view in your Account (https://YOUR-INSTANCE.tpondemand.com/) for contact information of your Instance Administrator(s). If you have received an invitation to join Instance but have not yet created an user account, you should request assistance from the Customer that sent the invitation.

4. Information you provide through the use of Herogami

4.1 By using the Service you enter some data and information which is relevant to the activities you carry out on the Service as well as to granting the correctness of your user account. Find below the information you provide through the use of the Service.

a. Account and Profile Information:  We collect information about you and your company as you register for an Instance, create or modify your user account, make purchases, as well as use, access, or interact with the Services and websites (including but not limited to when you upload, download, collaborate on, or share Content). Information we collect includes:

- Contact information such as full name, email address, mailing address, and phone number
- Billing information such as billing address (note: credit card information is processed by a third party, our Payment Processor)
- Profile information such as your login, profile picture, and job title
- Preferences information such as notification and marketing preferences

b. You may provide this information directly when you enter it in Services. In some cases, another user (such as a system Administrator) may create a user account on your behalf and may provide your information, including Personal Data (most commonly when your company requests that you use our Services). We collect Information under the direction of our customers, and usually have no direct relationship with the individuals (Data Subjects) whose personal data we process. If you are providing information (including Personal Data) about someone else, you must have the authority to act for them and to consent to the collection and use of their Personal Data as described in this Privacy Policy.

c. Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our Services or websites. Such Content includes any Personal Data that you choose to include.

d. Other submissions: We collect other data that you submit to our websites, or as you participate in any interactive features of our Services, participate in surveys, contests, promotions, activities or events, apply for a job, request customer support, communicate with us via third party social media sites, share feedback or otherwise communicate with us. For example, information regarding a problem you are experiencing with a Venticento product could be submitted to our Support Services or posted in our public forums.

e. Usage Logs: As with any website and Service delivered over the Internet, every time you access our website, we automatically process the following information:

- the IP-address of your computer or other device (e.g. tablet-PC or smartphone) and the request(s) of your browser (including dates and times)
- the amount of data transferred, the browser type and version, the screen resolution and the operating system used.

f. The IP-address and the information on your Internet browser’s enquiry(s) are technically necessary for accessing and using the website; without processing of this data, access to the Internet site cannot take place and Internet sites cannot be displayed.

h. Usage Logs have a temporary scope and are deleted after they are no longer technically necessary for monitoring usage load of the Service and assuring its security.

i. Any information on the transferred data volume, the browser type and browser version, the screen resolution and the operating system used are collected and processed in order to optimize the presentation of the contents, determine system utilization and make future adjustments and improvements to the Internet presence, possibly on the basis of statistical evaluations. Legal Basis for the processing of the full IP-address, the information on your Internet browser’s enquiry(s) and the further information mentioned above is Art. 6 (1) s. 1 lit. (f) GDPR. The legitimate interest in the processing of personal data is to technically enable you to access the website, to optimize the representation of the website’s contents and for the future improvement/optimization of the website.

l. Metadata on your use of the Site and Service: We collect analytics information when you use the Site and Service to help us improve your experience and our products. This analytics information consists of the feature and action of the Service being used, the associated account name, the user ID and IP address of the individual who is using the feature or function, as well as additional information required to detail the operation of the function and which parts of the Service are being used. Occasionally, we connect Personal Data to information gathered in our log files and analytics as necessary to improve the Service for individual customers or resolve issues when requested by users. This combined Information is then treated in accordance with this Privacy Policy.

m. Analytics information via Google Analytics: Herogami uses Google Analytics, a web analysis service of Google Inc. which on our behalf, Google collects certain user and usage information in order to evaluate the use of the Site and Service such as the frequency of page views, entry and exit pages, click paths, time spent on individual pages, etc. This is done to evaluate the use of the Service, to generate reports about the Site activities and to provide further internet services which are connected with the use of our website, for market research purposes and for the demand-oriented design of our internet pages. In this context, Google is creating pseudonymized user profiles as well as cookies. Further information on Google’s terms of use and data protection can be found under the following links:
http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/.

n. Analytics Information Derived from Customer Data: analytics information also consists of data we collect as a result of running queries against Data across our user base for the purposes of generating Usage Data. "Usage Data" is aggregated data about a group or category of features or users that does not contain Personal Data or any Confidential Information submitted to the Service. For example, we may query Customer Data to determine the number of Projects created in Accounts or the number of Processes created in the Account.

4.2. Herogami employs various technologies to collect the information you provide through the use of the Site and Service. Please find the list below.

a. Cookies and Other Tracking Technologies: Herogami and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies. Cookies are small data files stored on your hard drive or in device memory. We use cookies to allow you to access and use the Websites or SaaS Products without re-entering your username or password (authentication), improve and customize Services and your User Experience, to count visits, and understand which areas and features of the Websites and Services are most popular. You can instruct your browser by changing its options to stop accepting cookies, or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, you may not be able to use all aspects of the Site or Service.

b. Web Beacons and Tracking Pixels: Herogami and Venticento may also collects information using web beacons (also known as "tracking pixels"). Web beacons are electronic images that may be used in our Websites or in emails that help us to deliver cookies and count visits, to understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.

c. HTML5 Local Storage: Herogami also use javascript, e-tags, and HTML5 local storage to collect information about your online activities over time on the Site and Service. Herogami does not use cookies, javascript and HTML5-related technologies to collect information across different websites or online services other than our Services. Many browsers include their own management tools for removing HTML5 local storage objects.

d. Javascript fragments provided by Third Parties such as provided by Google Inc. and Hotjar Ltd. which are embedded in specific pages of Herogami that allow session tracking for analyzing Your navigation and use of the Site.

4.3 As of the date this policy went into effect, Venticento and Herogami may obtain information from third parties like social media websites: Herogami and Venticento also obtain information from third parties and combine that with Information we collect through social media websites. For example, we may have access to certain information from a third party social media or authentication service if you browse our Websites. Any access that we may have to such Information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. You should check your privacy settings on these third party services to understand and change the information sent to us through these services. On our website we provide links to our company pages on some social media platforms of the following companies:

- Facebook: Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA. Privacy policy: https://de-de.facebook.com/policy.php
- LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Twitter: Twitter Inc., 1355 Market Street, Suite 900 , San Francisco, CA 94103, USA. Privacy policy: https://twitter.com/privacy

4.4. In the event that you visit sites 5.7.a, 5.7.b, 5.7.c information may be collected and processed by the respective platform provider, which may also be assigned to your respective user account and stored and used in accordance with the data protection information of the respective platform operator. Therefore, please inform yourself about how the respective platform is processing your personal data before visiting the linked pages.

5. How we use information we collect

5.1 Customer Data will be used by Venticento in accordance with Customer instructions, as required by applicable law. Venticento is a Processor of Customer Data, and the Customer is the Controller. Customer may, for example, use the Services to grant and remove access to an Instance, assign roles and configure settings, access, modify, export, share, and remove Customer Data, and otherwise use the Services.

5.2 We use the Information we collect about you (including Personal Data to the extent applicable) for multiple purposes, including:

a. Provide, operate, maintain, improve, prevent, or address service errors, security, or technical issues in Services.

b. Enable you to access and use Services, including uploading, downloading, collaborating on, and sharing Content.

c. Process and complete transactions, as well as send you related information, including purchase confirmations and invoices, as required by applicable law, legal process, or regulation.

d. To send emails and other communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Service, our Service offerings, and important Service-related notices, such as security and payment notices. These communications are considered part of the Service, and you may not opt out of them unless you cancel the service completely.

e. In addition, we sometimes send emails about new product features, promotional communications, or other news about Venticento Services and products. These are marketing messages so you can control whether you receive them. You have the ability to opt out of receiving any of these communications.

f. Investigate and prevent fraudulent transactions, unauthorized access to Services, and other illegal activities.

g. Personalize the Service and the Site, including by providing content, features, or advertisements that match your interests and preferences.

h. Enable you to collaborate, and share Data with users you designate.

i. For other purposes for which we specifically obtain your consent.

5.3 Notwithstanding the foregoing, we will not use the Personal Data that appears in our Analytics Data or Web logs for any purpose. The use of Information collected through our Services and websites shall be limited to the purposes disclosed in this policy.

5.4 If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Venticento may use it for other purposes such as sharing usage statistics in our blogposts. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

6. Information sharing and disclosure

6.1 We will not share or disclose any of your Personal Data or Other Data with third parties except as described in this Policy. We do not sell your Personal Data or other Data and, generally, Venticento is not under a statutory or contractual obligation to provide any Customer Data, Personal Data or other Data (collectively, “Data”). However, certain Information is collected automatically and, if some Information is not provided, we may be unable to provide the Service.

6.2 Below you find the conditions under which we share your Personal Data in order to provide the Service:

a. Your normal of the Service: When you use the Service, Data you have provided will be displayed back to you.

b. Third Party Service Providers and Partners (“Sub-Processors”): We may engage third party companies or individuals as service providers or business partners to process Data and support our business. These third parties may, for example, provide server hosting and storage services.

c. Third Party Services connecting to Herogami through Web-APIs, Plugins, Mashups or other tools to their instance. Typically, Third Party Services are software that integrate with Herogami, and Customer can permit its Instance Users and/or Administrators to enable and disable these integrations for their Instance. Once enabled, the provider of a Third Party Service may share certain information with Venticento. For example, Herogami provides a plug-in that allows to connect to third-party source code management (SCM) repositories and applications. When this connection is enabled, the Service will receive repository access credentials and source code along with additional information that the third-party application has made available to Herogami. Administrators and Users should check the settings and additional details for these Third Party Services to understand what data may be disclosed to Herogami and Venticento. When a Third Party Service is enabled, Herogami is authorized to connect and access data made available to the Service.

d. Corporate Affiliates: Venticento may share Other Information with its corporate affiliates, parents, and/or subsidiaries with such access governed by this Policy in any case.

e. During a change to Venticento business: if Venticento engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Venticento’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some Data may be shared or transferred, subject to standard confidentiality arrangements and this Policy’s provisions.

f. Aggregated or obfuscated Data: We may disclose or use aggregated and/or obfuscated  Data for any purpose. For example, we may share aggregated or de-identified or other Information with prospects or partners for business or research purposes, such as telling a prospective Venticento customer the average size of the Instance database.

g. To comply with Law: if we receive a request for information from a Law Enforcement Agency, we may disclose Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. We will notify you about such a request immediately upon receiving it.

h. With Consent: Venticento may share Data with third parties when we have consent to do so.

7. Age Limitations

7.1 To the extent prohibited by applicable law, Venticento does not allow use of our Services and websites by anyone younger than 16 years old unless there is a custom agreement in place. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us via info@venticentostudio.it, and we will take the necessary steps to delete such information.

8. Data Retention

8.1 Venticento will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Terms of Service and as required by applicable law. Venticento may retain Personal Information for Instance Administrators and Owners after you have deactivated your account for the period of time needed for Venticento to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements — usually for no longer than 5 years. Other Instance Data submitted to the Service will be removed or obfuscated within 6 months after the Service License expiration, unless we're explicitly instructed by the Customer to remove data immediately. To deactivate an organization account, please contact us through the official support channel reported in the Terms of Service.

9. Your choices on our marketing communications and use of Hotjar

9.1 You may opt out of receiving marketing communications from Venticento by using the unsubscribe link within each email or emailing us to have your contact information removed from our email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving any promotional or supporting messages from us, you will continue to receive important technical transactional messages from us regarding the Service until your Instance is deactivated or removed.

9.2 We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor Venticento will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy. You can opt-out to Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies with the instructions provided at https://www.hotjar.com/legal/compliance/opt-out.

10. Security

10.1 Venticento takes security of data very seriously and works hard to protect Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Information we collect, process and store, and the current state of technology and aim at providing “appropriate security and confidentiality” with particular regard (but not limited to) to the compliance with GDPR recital notes R74-78, R81, R83, R90, A5, A24-25, A28, A32, A35.

10.2 The list of major security measures adopted when providing the Services is detailed in our Security Policy

10.3. In addition to the list of security measures above, additional security practices are adopted by the Service and our staff to manage our code base, secure off-line backups and more. You are welcome to request additional information about our security practices and SSL certificates via e-mail at into@venticentostudio.it. Given the nature of communications and information processing technologies, Venticento cannot guarantee that Information, during transmission through the Internet or while stored on our systems and services, will be absolutely safe from any intrusion by others.

11. List of Sub-Processors

11.1 As reported in section 7 of this Privacy Policy, Venticento may engage third party companies or individuals as service providers or business partners to process Data and support our business. These third parties may, for example, provide server hosting and storage services. The list of sub-processors is reported below:

Linode LLC
249 Arch St.
Philadelphia, PA 19106
https://www.linode.com

Braintree Payments Services is the credit card and payment processor handing the financial transactions applied to the paid plans of the Service. Braintree is a service of Paypal.
Paypal (Europe) Sarl
Boulevard Royal 22-24
2449 Luxemburg
https://www.braintreepayments.com
https://www.paypal.com

Google Analytics, a web analysis service of Google Inc.
Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
USA
https://analytics.google.com

Hotjar provides technologies that helps us better understand our users experience.
Hotjar Ltd
Level 2, St Julian’s Business Centre
3 Elia Zammit Street
St Julian’s STJ 1000
Malta
https://www.hotjar.com

12. Your rights under GDPR

12.1. Herogami privacy policy and Venticento data protection and processing practices implement “privacy and security by design” and aim fully comply with GDPR. Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to access, update, delete, or correct this Information.

12.2. Regardless of your country of residence, you can accomplish this using the settings and tools provided in your Herogami user account. If you cannot use the settings and tools, contact your Herogami Administrator as mentioned above or our Customer Support via support@herogami.com for additional access and assistance which will be offered with the highest priority.

12.3. If your account on the Service is managed by a Customer Administrator, that account administrator may have control with regards to how your account information is retained and deleted.

12.4. Processing of your Personal Data by Venticento and its Services is subject to the GDPR, Venticento relies on its legitimate interests, described above, to process your data. Venticento may also process other Information that constitutes your Personal Data for direct marketing purposes. You have a right to object to Venticento use of your Personal Data for this purpose at any time by opting out; do this by contacting us via info@venticentostudio.it.

12.5. In full compliance with the GDPR, Venticento provides you with the following rights:

a. Notification of Data Breach

Herogami implements data breach notifications such as repeatedly failed attempts to login using existing users credentials as well as malicious network traffic. Herogami reports breaches to the offended Data Subject and Data Controller within 72 hours of first becoming aware of a breach.

b. Right to Access

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 (1) GDPR, unless there are no legal exceptions limiting this right. Upon request, Venticento will provide a copy of your Personal Data, free of charge, within 30 days from receiving your request.

You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, to have incomplete personal data completed (Art. 16 GDPR). Rectification of your Personal Data can be carried out by you in Herogami by entering your User Dashboard under the Admin menu and editing your records. You can also ask your Customer Administrator to perform such operation up to a certain extent, with limitations to changing your Herogami account password which is an operation exclusively reserved to You.

c. Right to be Forgotten

Where one of the grounds set forth in Art. 17 (1) GDPR applies, you have the right to obtain from us the erasure of personal data concerning you, unless none of the exceptions specified in Art. 17 (3) GDPR applies. If you are a Customer Member you can exercise you rights by asking your Herogami Customer Administrator to delete your Herogami user by entering the Users section from the Admin Menu and clicking the Delete User Button. This operation will remove your user account and Personal Data with the exception of any data that must be maintained for the legitimate operation of the Service and that will be pseudonymized to remove any reference to your previous use of the Service as well as any collected Personal Data.

d. Data Portability

In the cases which are set forth in Art. 18 (1) GDPR, you have a right to obtain from us the restriction of processing, and where Art. 20 Abs. 1 GDPR applies, a right to data portability. Herogami implements data portability features by design since every major feature of the Service provides an export link that will download a file with the copy of your data in CSV format. Your Data is not deleted as a consequence of the export. It is your responsibility, or your Customer Administrator’s responsibility if you use the Service as Customer Member, to delete your Herogami account.

e. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based Art. 6 (1) s. 1 lit (f) or (e) GDPR, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

f. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating you infringes your rights under the GDPR regulatory statements.

12.6. Obtaining a Data Processing Agreement (DPA): if you would like to sign a Data Processing Agreement with Venticento, please contact info@venticentostudio.it with proof of identity, full name, address and telephone number or the person in your organization authorized to sign.

12.7. Contacting the Data Protection Officer: contact Venticento if you have any questions about this Privacy Policy or our practices, or if you are seeking to exercise any of your statutory rights writing to Venticento DPO (“Data Protection Officer”, “Responsabile della Protezione dei Dati”) at info@venticentostudio.it or at our mailing address below:

Venticento Studio Srls
Via Piave 54
I-31100 Treviso
Italy
Attn: Data Protection Officer

12.8. When contacting the DPO, you agree to provide your full name, a valid e-mail address, mailing address and telephone number to allow the correct processing of your enquiry.

13. Changes to this Privacy Policy

13.1. Venticento may update or modify this Privacy Policy from time to time, including any referenced policies and other documents. If a revision meaningfully reduces your rights, Venticento will use reasonable efforts to notify you (for example, by sending an email to the billing or technical contact you designate in your Customer Account Area), posting on the Herogami blog or through notifications and popups issued on the Site and Service). You may be required to click through the updated Privacy Policy to show your acceptance. If you do not agree to the updated Privacy Policy after it becomes effective, you will no longer have a right to use the Service and you agree to delete your user account and, if operating as Customer Administrator to unsubscribe your Customer entity from the Service. For the avoidance of doubt, any Subscription is subject to the version of the Privacy Policy in effect at the time such Subscription is active.