Privacy policy Autel / BestStore

At AUTEL we take the security of your data very seriously. We observe all Italian and European laws, in particular those that safeguard personal data, and not just from today.

In relation to the Privacy Code, we have always adopted the protection and protection criteria required by Legislative Decree 196 of 2003.

Today, with the entry into force of the Italian decrees implementing the European regulation 679/2016 for privacy, known as the GDPR or RGPD (General Data Protection Regulation), we are therefore ready to support your business in compliance to the most stringent safety standards, as we have always done.

As a leading cloud retail management platform, we are focused on data security and privacy according to the GDPR regulation and we observe policies and codes of conduct in line with this regulation.

In addition to this, we carefully evaluate the recommendations made by the legislating institutions on the subject, as well as the Article 29 Working Group (European GDPR) on the protection of individuals.

As our platform is available worldwide, we do our best to keep an eye on regulations outside the EU.

We will publish some periodic information to update you on any new rules on data processing.

For us, the new regulations are not an obstacle. We have always seen them as an opportunity to serve you better and we would like to see our customers do the same for their customers' data

Data security and data privacy

Data security or data protection is the practice to protect data from violation and unauthorized access. Data security helps to protect personal data and therefore the privacy of end users. It also ensures that data is 100% accurate and reliable and available whenever necessary for those authorized to access it. Today, data security is particularly topical as it is an important part of the new EU Data Protection Regulation.

The terms security and confidentiality of data have two different meanings. Confidentiality is the appropriate use of data, which means that they must be used in accordance with the agreed purposes for which they were collected and in full compliance with the law.

The measures for the confidentiality of AUTEL data

Below are some of the key measures we are taking to make our data secure so that everyone can rest assured that their data is protected and that we apply the best and latest data protection practices.

AUTEL's responsibilities to comply with the GDPR

To get an idea of the measures we are taking to fully comply with the GDPR, here is a list of some of the principles of GDPR and how these will be translated into practice:

Correctness and transparency: personal data must be processed lawfully, fairly and transparently. We will inform customers about what personal data we collect and how we use them.
In practice: the GDPR does not allow the processing of data without a legal basis, such as the sale to third parties of customer personal data.
Data minimization: the data we collect must be adequate, relevant and limited to what is necessary for their collection.
Owner: is the company that collects and processes data. And therefore the natural or legal person who determines the purposes and means of processing personal data. What makes it possible to identify the data controller is therefore the decision-making power ascribable to him for the processing of personal data.
Data Processor: Person who processes personal data on behalf of the data controller. It must be expressly designated by the owner. If the Data Processor is not designated, this is identified directly in the figure of the Data Controller.
Consent: contextually to the exchange of data with the client, a free (non-obligatory) consent, specific (linked to a specific purpose), informed (brief and clear description) must be requested in writing to the client. This consent must be maintained, updated and transferred also via data exchange interfaces with third-party systems.
In practice: the updated documentation of the privacy statement must refer to the GDPR and contain information on the type of personal data collected, the use and the retention period.
Accuracy: personal data must be accurate and up-to-date.
Right to be forgotten: as a user or a customer, you have the right to obtain the cancellation of your data at any time, even if you have previously consented to process this information.
In practice: you can ask to permanently delete your personal data and you will be able to do it easily even for your customers' data.
Confidentiality: data should be processed in such a way as to ensure adequate security of personal data and protected against unauthorized or unlawful processing and against accidental loss, destruction or damage.
In practice: we have an internal incident management procedure to identify and report security breaches. This procedure also specifies the measures to be taken in case of data breach.

Your responsibilities as an AUTEL user

AUTEL is taking the necessary precautions to allow your compliance with the GDPR. However, it is important to underline that when our users enter personal data (for example, their customers' data) within BESTSTORE, they act as data owners and have sole responsibility for respecting privacy. In this case AUTEL, as editor of the BESTSTORE platform, acts exclusively as a facilitator and "responsible for the processing of personal data". As a result, in our role as data managers we can not provide assistance to our customers under the GDPR.

The exported / printed data are subject to the privacy policy

The data exported / printed are given in all respects and as such must be managed in compliance with the regulation 679/2016. AUTEL has activated specific procedures for the management of data exported / printed and minimizes the risk that the data leave the company also because these operations are kept to a minimum and documents and files are deleted at the end of their use.
It is advisable to use similar procedures at stores or in Headquarter and its branches.

All data is encrypted

DATA CENTER

Safety documentation

AUTEL documents its security measures in line with the GDPR.

The authorization for data processing contains the agreements between AUTEL and its customers regarding the processing of customer data (ie data that are entered into BESTSTORE by our customers) according to the instructions of the customer / data controller.

Rules for passwords

We put in place the best practices for password management:

Customer data is stored on European servers

Web applications, communications, database servers and all customer data of AUTEL are stored and located on servers in Switzerland managed by SWISSCOM, one of the world's largest and safest providers with data security certifications and continuity service (ISO / IEC 27001, ISO / IEC 14001) and are not processed or stored on US servers under any circumstances. Therefore they fall within the scope of European data protection legislation.