Legal notice

Customer Data Processing Agreement (in accordance with the new GDPR)

The new European General Data Protection Regulation (GDPR) 2016/679 (or "GDPR") became fully effective on May 25, 2018. The GDPR introduces significant changes for citizens and businesses, with the stated aim of raising the level of data protection and supporting the growth of the digital economy.

Pursuant to the GDPR (Article 28), anyone who processes personal data on behalf of another controller is deemed to be a "Data Processor." The Data Processor must implement appropriate technical and organizational measures to ensure and demonstrate that data processing is performed in compliance with the GDPR. The GDPR also requires that the activities performed by the Data Processor be governed by a contract or other legal document that defines, among other things, the nature and purposes of the processing, the security measures adopted, and the rights and obligations of the parties.

In compliance with the GDPR, whenever Nexya (the company that owns the 4em.it marketplace) not only provides a technological solution but also performs data processing operations on behalf of the customer (e.g., provision of cloud services, payroll processing), it assumes the role of data processor and, as such, is required to ensure that customer data is processed in compliance with the security measures required by the GDPR.

For these reasons, we have updated our contractual terms and conditions to specifically regulate the rights and obligations of Nexya and the customer regarding the protection of personal data, in order to comply with the provisions of the GDPR. Furthermore, we have strengthened security measures, both technically and organizationally, to ensure data protection in the services provided to customers, with the aim of reducing the risk of non-compliant processing and meeting GDPR requirements.

On this page, you can consult our Master Data Processing Agreement (MDPA), which describes the terms and conditions of personal data processing performed by Nexya srl and the responsibilities associated with the processing activities, including the commitment undertaken as Data Controller pursuant to Article 28 of the GDPR.