RESTHeart Services Privacy Policy

This privacy policy governs all RESTHeart services provided by SoftInstigate Srl Società Benefit. The original privacy policy is written in Italian under Italian and EU law. Please contact us at info@softinstigate.com for any questions.

Information on Personal Data Processing pursuant to Articles 12 and following of the General Data Protection Regulation (GDPR)

Last updated: August 7, 2025

Regulation (EU) 2016/679 ("General Data Protection Regulation"), hereinafter GDPR, provides for the protection of natural persons with regard to personal data.

SoftInstigate is committed to ensuring that the processing of data relating to a natural person (hereinafter "data subject") is based on the principles of correctness, lawfulness and transparency, as well as protection of confidentiality and the rights of the data subject.

SoftInstigate will process your personal data in compliance with regulations, with the utmost care, implementing effective management procedures and processes to ensure the protection of processing, committing to protect the information communicated in such a way as to avoid unauthorized access or disclosure as well as to maintain data accuracy and to ensure appropriate use of the same.

We provide you pursuant to art. 13 of the GDPR (EU regulation 2016/679) and in consistency with the principle of transparency, the following information in order to make you aware of the characteristics and methods of data processing:

1. Identity and Contact Details

The Data Controller is SoftInstigate S.R.L. Società Benefit

• Legal representative: Andrea Di Cesare
• Registered office: Via del Beato Cesidio 49, 67100, L'Aquila, Italy
• Email: info@softinstigate.com
• Certified email (PEC): andrea.dicesare@ingpec.eu

2. Contact Details of the Data Protection Officer (DPO)

As SoftInstigate does not fall within the cases provided for in art. 37, paragraph 1, of the GDPR, a Data Protection Officer has not been appointed.

3. Types of Data Processed, Purpose of Processing, Legal Basis and Legitimate Interest

SoftInstigate collects and/or receives autonomously or through third parties the personal data indicated below which will be processed for the purposes described below.

3.1. Types of Data Processed

The information concerning you as a Data Subject includes:

• Personal data (e.g., name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile phone, tax code, email address/es);
• Billing data necessary for invoicing products and services purchased directly from SoftInstigate;
• Account data for RESTHeart service registration, including username, password hash, service tier selection, and region preferences;
• Service usage data including API calls, database operations, resource consumption, and service performance metrics for billing, monitoring, and service optimization purposes;
• Technical data such as IP addresses, user agent strings, and connection logs necessary for service provision and security;
• Payment data necessary for billing and subscription management. Payment processing for cloud services purchased through our self-provisioning platform may be handled by third-party payment processors (Paddle.com), and you are invited to review their respective privacy policies. For managed services, payment is typically handled through direct wire transfers;
• Web traffic data processed in aggregated and automated form through privacy-focused analytics, collected only for statistical purposes and never used for user identification or profiling;
• Communication data including emails, support tickets, and other communications with SoftInstigate for customer support and service delivery purposes;
• Marketing data with explicit consent, including preferences for receiving information about RESTHeart services, updates, and promotional materials.

3.2. Purpose of Processing and Legal Basis

Personal data is processed for the following purposes:

Service Delivery and Performance (Legal basis: Contract performance)

• Provision of RESTHeart Cloud Services and Managed Services
• Account management and authentication
• Technical support and customer service
• Service monitoring and optimization
• Billing and payment processing

Legal and Regulatory Compliance (Legal basis: Legal obligation)

• Tax and accounting obligations
• Compliance with Italian and EU regulations
• Data retention as required by law

Legitimate Business Interests (Legal basis: Legitimate interest)

• Service improvement and development
• Security monitoring and fraud prevention
• Statistical analysis and reporting
• Business communications related to existing services

Marketing and Communications (Legal basis: Consent)

• Promotional communications (with explicit consent)
• Newsletter and service updates (with explicit consent)
• Market research and surveys (with explicit consent)

4. Data Sharing and Third Parties

SoftInstigate may share personal data with:

• Payment Processors: Paddle.com Market Ltd for cloud service payments
• Cloud Infrastructure Providers: AWS and other cloud providers for service delivery
• Technical Partners: Limited to service delivery requirements
• Legal Authorities: When required by law or legal process

All third-party processors are bound by appropriate data protection agreements and GDPR compliance requirements.

5. Data Retention

Personal data is retained for different periods based on the purpose:

• Account data: Duration of service plus 3 years for legal compliance
• Billing data: 10 years as required by Italian tax law
• Service usage data: Up to 2 years for service optimization
• Marketing data: Until consent is withdrawn
• Communication data: 3 years for customer service purposes

6. Your Rights Under GDPR

As a data subject, you have the following rights:

• Access: Right to obtain confirmation about data processing and access to your data
• Rectification: Right to correct inaccurate or incomplete data
• Erasure: Right to deletion of personal data under certain conditions
• Restriction: Right to restrict processing under certain conditions
• Portability: Right to receive your data in a structured format
• Objection: Right to object to processing based on legitimate interests
• Consent withdrawal: Right to withdraw consent for marketing communications

To exercise these rights, please contact us at info@softinstigate.com.

7. Data Security

SoftInstigate implements appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security audits and monitoring
• Staff training on data protection
• Incident response procedures

8. International Data Transfers

Data may be transferred to countries outside the EU for service delivery purposes. All transfers are conducted with appropriate safeguards, including:

• EU adequacy decisions
• Standard contractual clauses
• Certification mechanisms

9. Cookies and Tracking Technologies

9.1. Analytics

We use privacy-focused analytics to understand how our services are used:

• No tracking cookies: We do not use tracking cookies that identify individual users
• Aggregated data only: All analytics data is processed in aggregated form
• Privacy-first approach: Our analytics solution is designed to respect user privacy
• No personal identification: Analytics data cannot be used to identify individual users

9.2. Essential Cookies

We may use essential cookies necessary for:

• Service authentication and session management
• Security and fraud prevention
• Service delivery and functionality

9.3. Cookie Consent

For non-essential cookies, we will obtain your explicit consent before placing them on your device.

10. Data Processing for Different Services

10.1. RESTHeart Cloud Services

For cloud services, data processing includes:

• Account registration and management through cloud.restheart.com
• Payment processing through Paddle.com Market Ltd
• Service usage monitoring and billing
• Self-service support and documentation access

10.2. RESTHeart Managed Services

For managed services, data processing includes:

• Commercial consultation and proposal development
• Custom service configuration and deployment
• Enterprise support and direct communication
• Wire transfer payment processing and invoicing

10.3. RESTHeart On-Premises Licensing

For on-premises licensing, data processing includes:

• License key generation and management
• Technical support for licensed installations
• Billing and payment processing for licenses
• Compliance monitoring for license terms

11. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify users of material changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending email notifications to registered users for significant changes
• Providing notice through our service interfaces where applicable

Continued use of our services after changes become effective constitutes acceptance of the updated privacy policy.

13. Contact Information

For any questions about this privacy policy or your personal data:

• Email: info@softinstigate.com
• Mail: SoftInstigate Srl Società Benefit, Via del Beato Cesidio 49, 67100, L'Aquila, Italy
• Subject: Please reference "Privacy Policy" or "GDPR Request" in your communication

14. Complaints

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe your data protection rights have been violated:

• Website: https://www.gpdp.it
• Address: Piazza di Monte Citorio, 121, 00186 Roma RM, Italy

15. Legal Framework

This privacy policy is governed by:

• EU General Data Protection Regulation (GDPR) 2016/679
• Italian Legislative Decree 196/2003 as amended
• Italian Civil Code provisions on privacy and data protection
• EU Digital Services Act and related regulations

---

Questions About This Policy?

If you have questions about this privacy policy or how we handle your personal data, please contact us at info@softinstigate.com. We're committed to protecting your privacy and will respond to your inquiry promptly.

View Terms and Conditions | Contact Us