Brokers : Enter iNavis WEB

Navis.net - GDPR compliance

Digibusiness Srl is located in Collecchio (PR – Italy), Strada Consortile 2, REA PR-217228 number and VAT number IT02184210348, date of incorporation July 10, 2001.

Social object: the design and development of IT systems and applications and the provision of services, which originate from the same to benefit customers in the pursuit of their business objectives.

Navis.net: a CRM (Customer Relations Management) Management Application is provided to the Marine Companies.

Summary

This document describes the Processing of Personal Data carried out by Digibusiness, compliance with the GDPR and fulfilments as well as the organizational, physical and practical security measures that Digibusiness has decided to adopt in order to minimize the risks to the data of destruction or loss, even if accidental, unauthorized access or processing or non-compliance with its original purpose, and to comply with the obligations under current legislation on the protection of personal data (EU Regulation 2016/679). Further information about this topic is contained in the DPIA (Data Protection Impact Analysis) Digibusiness, available to those who request it.

In particular, with regard to the data processed by the CRM-Managing Application called Navis.net, the document describes:

  1. the type of personal data to be processed and the purposes for which it is to be used
  2. the security and protection measures provided (organisational, physical and practical)
  3. the tools that Navis.net makes available to safeguard Information and obtain Consents
  4. security measures with regard to other information owned by the Company and which is not subject to the Law, but which is critical to the Company's business.
  5. risk assessment

The provisions of the document apply to all the processing operations of which the company is the Owner and to those for which the Company is appointed Manager by the Companies that use Navis.net for their commercial activities and for this purpose hold within this System the personal data of their Clients and potential Clients.

Hereafter the terms Owner, Manager, Distributor, Processing, Personal Data and Sensitive Data are used in accordance with the definitions of the Code. Periodic checks are carried out on the application of the provisions contained in this document or relating to it. The result of these checks is documented in a report the details of which and any references to the documentation produced will be included in the review of this document.

Preliminary considerations

Digibusiness srl is a company that provides Consultancy Services, Application Service Services (ASP) and Hosting Services. In the performance of its functions, the Company is the owner of personal data relating to its Employees, Customers and Suppliers, while it is responsible for the processing of data that its Customers (hereinafter also referred to as System Users) enter into the Systems and/or Information Environments that the Company manages.

Digibusiness SRL has its own systems, located at its headquarters for design and development activities, and computer resources provided by third parties for the management of the Company and the supply to its customers of ASP and Hosting Services. In particular, except for the activities of design and development software, the Servers and Archiving Systems are provided by external providers: Microsoft’s AZURE and GOOGLE, companies with which Digibusiness has service contracts that define the service parameters and the criteria of security and data protection.

The Company also makes use of third parties, both for the management of administrative and accounting data and for the management of personnel data.

Processes carried out by Digibusiness SRL

This section describes the processes carried out by the Owner on the data managed directly (1), but also the processes carried out by the Owner as Manager appointed by third parties (2), with an indication of the nature of the data and the designated internal or external resources (site, function, etc..), as well as the digital systems used.

1. Organisation

Digibusiness SRL, on the date of updating this document, has assigned to its Director, Mr. Gabriele Mendi, the role of Data Controller of the personal data of which the Company is the Data Controller. The Data Controller is responsible for making decisions regarding the purposes and methods of processing personal data, and also has the task of monitoring, including through periodic checks, compliance by the Data Processor with his instructions, as well as compliance with current regulations on processing, including the security profile. The role of Manager of all personal data processing is attributed equally to the active members of the Company, Mr. Vincenzo Campanini and Fausto Aimi, the latter simultaneously fulfilling the role of System Administrator. All employees, who, to varying degrees and with specific authorizations, have to be able to process, even occasionally, the personal data of Digibusiness and its Users, have been allocated a specific task according their specific skills and with certain limitations. The list of roles and tasks to be performed is included in the DPIA Digibusiness, which is available on request.

2. Customer Data for which Digibusiness is the Data Controller

The processing involves contracts and invoicing and refers exclusively to shared data; no sensitive or legal data is present.

The personal data of the Users (Clients of Digibusiness SRL) is kept on the premises, while an external company (Studio Vignetti, Vicolo Politi 7 - 43121 Parma-Italia) is responsible for the administrative accounting summaries, which provides its own resourcing. The purpose of the processing is to manage the relationship between Supplier and Customer from a contractual and fiscal point of view and with regard to the services provided and work in progress. In some cases, this data may also be provided to the employees and/or partners of these companies with whom we wish to develop a supply relationship, but they are limited to telephone and/or correspondence numbers.

The Information on the processing of Users' data is contained in the Service Charter, which is an integral part of the Contract signed by Customers who give their implicit consent to process their data. Digibusiness does not carry out automatic processing of the data of its customers and potential customers and does not transfer to third parties the same except for administrative and accounting information.

Particular reference should be made to the data that Digibusiness obtains from public sources, to identify the companies to which it offers its services (Potential Users) with the aim of expanding its customer base. In this case, the information and acquisition of consent to the processing is managed during the first contact.

3. Data of the Companies which are Users of Navis.net, which have appointed Digibusiness as Data Processor

Navis.net is a Management Application that Digibusiness owns but it is also a platform of services provided to companies (Users) that sell pleasure boats.

The services of the Navis.net platform include all the features that enable users to best manage commercial activities and in particular: the management of Boats for Sale, the management of Advertising, relations with customers and yachtsmen, relations with other companies in the industry and with their suppliers.

Navis.net services are provided to Users in Application Service Provider (ASP) mode.

  1. Processing and purposes
    • Users Companies (typically Shipyards, Dealers, Brokers), as Owners of the data of their Customers, enter into the Information System, concerning individuals or companies in order to enter into and develop business relationships. Digibusiness does not make any judgement on the merits of the data but ensures the availability of the service and the protection of the data itself; the service levels and the ability to provide copies of the data are described in the Service Charter which is an integral part of each Service Contract. With the Navis.net Service Agreement, the Data Controller gives Digibusiness the responsibility for Data Processing (external Data Processing Manager).
    • The data is used to identify Customers and to define a profile in terms of nautical interests in order to assist the Seller (Navis.net User) with promotional activities and to enable the seller to submit recommendations relating to the customer’s profile. Navis.net allows manual profiling but also provides an automatic profiling feature (La Brokerage Intelligence).
  2. Protection and Security Measures
    • The Owner has one or more access credentials, consisting of User ID and Password, that can be used by the persons responsible for Data Processing. Access credentials restrict and confine processing to data entered into the System by the Data Controller rather than by automatic and/or bulk entry operations authorised by the Data Controller. The Password is formulated in such a way that it minimizes the chances of identification and the system intercepts and blocks attempts to access the system.
    • The management of access credentials is the responsibility of the Digibusiness System Administrator while the maintenance of the application and the database are the responsibility of Digibusiness employees specifically in charge of data processing and as such are responsible for safeguarding users’ confidentiality.
    • The servers and databases, which control the Navis.net system functions, are provided by Microsoft’s AZURE and are included in Data Centres, located in Europe, with a high level of physical and practical protection. Data is backed up on a daily basis. A detailed description of the protection and security measures can be provided upon request.
  3. The GDPR Compliance Tools - Navis.net provides Users with the necessary information:
    • to check, at any time, whether all the requirements have been fulfilled, with regard to the persons whose personal data is held,
    • arrange for the delivery or sending of the Information to the interested parties, every time the data of a new person is entered manually, and request Consent(s) for the processing of personal data, specifying the purposes it is to be used for,
    • set up the necessary procedures to comply with the requirements (Information/Consent) as well as for personal data obtained automatically following the processing of Requests received via Mail, for which Navis.net may carry out an initial automatic profiling,
    • automatically process, and store, the delivery of the Information and having obtained the Consents,
    • be able to restrict bulk mailings to persons who have given their consent,
    • classify persons on the basis of the Consents they have given,
    • correspond to Requests for documentation of personal data held,
    • delete personal data and/or modify consent if requested.
    • Navis.net also facilitates:
    • the management of the content of the Information, through customizable templates to be tailored to specific cases,
    • the presentation of GDPR Compliance on the User's Website.
  4. Digibusiness’s Guarantees
    • Digibusiness also implements organizational and technological measures as well as safeguards to ensure the security and continuity of operation of its resources and information, which are not subject to regulations reported as GDPR, but which are critical to the activity of Digibusiness and consequently of User Companies.
  5. Risk Assessment
    • Given the nature and specificity of the data processed and the protection and security measures taken, the processing of personal data with Navis.net has a LOW Risk level. However, Digibusiness puts in place surveillance measures to check that there are no flaws in the system and we intend to adopt technological measures that can further increase the level of security.

Navis.net GDPR compliance - update 15 May 2018

back to top