Privacy Policy

Privacy Notice for users of the PIC Presenze in Cloud web portal and app

Dear User, below you will find information about the processing of your data carried out through the PIC Presenze in Cloud web portal and app.

1. DATA CONTROLLER

The Data Controller for your personal data is your employer or the contracting party who provided you with the credentials to use the web portal and the app. You may contact the Data Controller to obtain further information and clarification on the processing of your data.

The app is developed and managed by Ashnet Consulting (VAT no.: IT02979920242, Strada Casale 129, 36100 Vicenza, Italy), which processes your data as Data Processor under a specific agreement with the Data Controller.

To contact Ashnet Consulting: info@ashnet.it

2. PERSONAL DATA PROCESSED

The PIC Presenze in Cloud app and web portal process the following personal data of users:

  • Personal details (first name, last name);
  • Tax code;
  • Authentication credentials (username and password);
  • Employment relationship data;
  • Email address;
  • Phone number (optional);
  • Time and attendance records made via the web portal or app;
  • Mobile device information (UUID, model, platform, manufacturer);
  • Push notification token (FCM).

Depending on the features enabled by the Data Controller, the app may also detect your geographical location at the time of clocking in. However, only your distance from the workplace is shared with the employer–Data Controller, not your exact location.

DATA NOT COLLECTED – Health Data: This app does NOT collect, access, or use health data (Health Data). In particular, the app does not collect medical data, health information, fitness or physical activity data, and does not use the Android Health API or similar APIs.

3. PURPOSE OF PROCESSING

The purpose of processing is determined by the Data Controller. In any case, the function of the app is to manage employee time and attendance records, as well as to track the hours (and, where applicable, the locations) of work performance. The app and web portal may also be used to manage other aspects of the employment relationship (type of activity performed, leave/holiday requests, illness notifications, document management, etc.).

4. LEGAL BASIS FOR PROCESSING AND DATA RETENTION PERIOD

The legal basis for processing and the data retention periods are determined by the Data Controller, who you may contact for further information.

As a general guideline, data is retained for the following periods:

  • User account data: until deletion is requested by the user or the Data Controller;
  • Time and attendance records: for the period established by the Data Controller, in compliance with legal obligations;
  • Technical activity logs: 90 days for security purposes;
  • Session tokens: for the duration of the session or up to 30 days for refresh tokens;
  • Billing data: 10 years for tax obligations.

Data Deletion Policy

To request deletion of your data:

  • Through the App: Go to Settings > Deactivate Account;
  • Via email: Send a request to info@ashnet.it.

Personal data deletion is completed within 30 days from the request. Historical attendance records and billing data may be retained for legal obligations but will no longer be linked to your identity.

5. DATA PROCESSING METHODS

Your data is usually processed in an automated manner through the PIC Presenze in Cloud app and web portal. Processing is carried out by personnel authorised by Ashnet Consulting.

Data is stored on servers located within the European Union (Italy). Data transfer is secured using the HTTPS protocol. Data is not transferred outside the European Economic Area (EEA).

Your data is not sold or transferred to third parties for commercial or marketing purposes. Data may only be shared with:

  • Technical service providers: hosting providers located within the European Union;
  • Firebase/Google: for push notification delivery (subject to Google's privacy policy);
  • Competent authorities: when required by law.

We implement appropriate technical and organisational security measures: password encryption, HTTPS connections, limited data access, regular security monitoring.

6. DATA SUBJECT RIGHTS

Under data protection legislation (Articles 12–22 of EU Regulation 679/2016), you have the right to be informed about the processing of your data and to access your data at any time, requesting its update, integration, and rectification. Where the conditions established by law are met, you may also exercise the right to erasure of data, restriction of processing, data portability, objection to processing, and the right not to be subject to decisions based solely on automated processing. Where processing is based on consent, you have the right to withdraw it at any time.

To exercise your rights, you may contact the Data Controller. Any requests submitted to Ashnet Consulting will be forwarded to the Data Controller as required by law. If you believe your rights have been infringed, you may lodge a complaint with the Data Protection Authority (Garante per la protezione dei dati personali).

To contact Ashnet Consulting: info@ashnet.it