This notice describes how personal data is processed through this application (“App”). The App is a software service (SaaS) provided by a development company and licensed to multiple companies (“Licensee Companies”). Access to the App is restricted exclusively to authorized users by their respective Licensee Companies. Free registration is not allowed.
Data Controller: The Licensee Company that provides access credentials to users and determines the purposes and methods of processing data viewed in the App.
App Provider (Data Processor): The App is developed and managed by Stand Up NEXT srls, located in Ptato, Italy, acting as Data Processor under art. 28 GDPR. The Provider handles data for technical and security purposes only on behalf of the Licensee Companies.
For requests related to technical or security data management, you can contact the Provider at: hello@nextcods.com.
The App may view and store data from external systems (e.g., ERP, CRM) via APIs or export files provided by the Licensee Companies. Such data is stored on the Provider's servers in a multi-tenant database designed to ensure logical separation and confidentiality for each Company. The App does not collect or use personal data for purposes other than the functional operation of the service.
The legal basis for processing is the execution of a contract or the legitimate interest of the Controller and Provider to guarantee system security and integrity.
Data is processed electronically and digitally, in compliance with the principles of lawfulness, fairness, transparency, minimization, and security as required by GDPR. The App does not perform profiling, tracking, or advertising activities. Data access is protected by authentication and adequate security protocols (e.g., HTTPS, encryption, access control).
Data from external systems is stored on the Provider's servers for the time necessary to deliver the service or according to the Licensee Companies’ instructions. Technical logs may be retained for security and diagnostics for a limited period. Data is deleted or anonymized at the end of the contractual relationship with the Licensee Company.
Data access is strictly limited to:
Data is not shared or disclosed to unauthorized third parties.
The Provider implements adequate technical and organizational measures to ensure data security and confidentiality, including:
Users may exercise their rights under articles 15–22 GDPR towards the Licensee Company (Data Controller):
Requests must be sent directly to the Company that provided the access credentials.
This Privacy Policy may be updated at any time. Any changes will be published on this page and take effect from the moment of publication.