Privacy Policy

Cookies & Privacy Policy

The protection of personal data is a core value of our business. Starting on this page, we provide you with information that can help you understand how we protect your privacy and monitor how your data are used.

This policy covers the processing of your personal data performed through our website www.mailup.com (the “Website”):

  • in connection with the purchase of our products and services, or when you contact us to request information (including as part of promotions, demos, and trials)

We process your data in accordance with Regulation (EU) No. 2016/679 (General Data Protection Regulation, “GDPR”) and provide you with this information in accordance with Articles 13 and 14 of the GDPR.
In this information sheet, we tell you in a simple and detailed manner:

1. About us and how to contact us

In this section we point you to the individuals to whom you can refer to exercise your rights:

  • Data Controller
  • Data Protection Officer

Data Controller
The entity that decides why and how your personal information is processed and sets up the organizational security measures to protect your privacy.

The data controller is TeamSystem SpA, which can be contacted at:
TeamSystem S.p.A. – Via Sandro Pertini, 88 Pesaro – privacy@mailup.com

Remember to include your name, email/postal address, and/or phone number(s) so that your request can be properly handled.

Data Protection Officer

The TeamSystem Group has appointed a Data Protection Officer (DPO): this is the person in charge of overseeing that the regulations regarding the processing of personal data are observed and of responding to your requests for clarification on how we process your data.
The DPO is also the person appointed by the group to respond to your requests to exercise your right of access and other rights under the GDPR. You can contact him/her by writing to the TeamSystem office or at the email address provided here:

TeamSystem S.p.A. – Via Sandro Pertini, 88 Pesaro – dpo@teamsystem.com

Remember to include your name, email/postal address, and/or phone number(s) so that your request can be properly handled.

2. What Personal Data We Process

Personal data is any information by which you can be identified, directly or indirectly.
We collect and use your personal information in order to enter into and perform your contract with TeamSystem and when you visit, consult, request, or use TeamSystem’s services and/or products (including those available on this Website).
In some cases, we may also collect your personal data from other TeamSystem Group companies or public databases.

Types of data we collect:

  • Contact and access identification data
    Such as first name, last name, username, email address, mailing address, phone number, TeamSystem ID and password, any profile picture you have set up.
    Billing and payment information
    Such as any VAT number, tax identification number, address, and possibly the company name.
  • Browsing Data
    Such as connection data, IP address, domain names and other browser-related parameters and the operating system you use.

3. For what purposes we collect your data and for how long

In this section we explain the purposes for which we use your data, that is, the purposes of processing data. We also tell you whether you have an obligation to provide the data to us, what happens if you do not intend to provide the data, and how long we keep the data.

These are the purposes for which we process your data:

  1. Contractual and legal purposes
  2. Service improvement and other non-consent-based purposes
  3. Marketing Purposes
1. Contractual and legal purposes

Here we describe in more detail the different contractual and statutory purposes:

THE PURPOSE IN BRIEF:

  • Do you have an obligation to provide us with your data?
    Yes, without them we cannot provide you with our services/products.
  • What happens if you do not provide the data?
    We will not be able to perform the contractual relationship and provide you with the services or products you have requested.
  • Is your consent needed to process your data?
    Your consent is not required.
  • On what legal grounds do we process your data?
    The processing is necessary to perform the contract you have entered into with us, to handle your requests or to carry out the activities necessary to enter into a contract with us and to fulfill an obligation imposed on us by law.
  • How long do we keep your data?
    For a period, equal to the duration of the provision of the services you have requested and for 10 years thereafter (the period in which the statute of limitations for any contractual liability accrues).
    This is without prejudice to cases in which storage for a later period is necessary for any litigation, requests by the competent authorities, or pursuant to applicable regulations
  1. Allowing you to browse the Website
  2. Registering and managing the account (including any account verification and credential retrieval) and using account-related features.
  3. Performing activities necessary for entering into and performing the contract so as to provide the service/product you requested or purchased, including through the Website.
  4. Managing registration requests for webinars, eventi, newsletters, requests for quotes, and order processing.
  5. Managing any complaints and requests to send service communications and product updates, both through traditional communication tools such as paper mail, and through remote communication tools such as email, chat, telephone, SMS, chatbots ,banners, notification systems, and other remote communication tools.
  6. Complying with obligations arising from national or EU regulations or legislation (e.g., tax and accountingobligations) or managing or responding to requests from judicial authorities or administrative and tax authorities.
2. Other purposes not based on consent

Here we describe in more detail the other non-consent-based purposes:

THE PURPOSE IN BRIEF:

  • Is your consent needed to process your data?
    Your consent is not required.
  • Can you object to processing?
    You can object to the processing carried out for reasons related to your particular situation in the ways indicated in the section “What are your rights and how you can exercise them”. In this case, we will not process your data for such purposes unless we can demonstrate legitimate overriding reasons or the exercise or defense of a right under Article 21 of the GDPR.
  • On what legal grounds do we process your data?
    The processing is based on the legitimate interest of the Data Controller, provided for in Article 6(1)(f) of the GDPR. In accordance with the GDPR, we have carried out a thorough balancing of interests with the aim of protecting and ensuring your privacy and fundamental rights.
  • How long do we keep your data?
    For a period, equal to the duration of the provision of the services you have requested and in compliance with the minimization principle. Except in cases where:

    • Following disputes and/or complaints, TeamSystem needs to retain your personal data for defense purposes (letter j) for the following 10 years (period in which the statute of limitations for TeamSystem’s contractual liability, if any, expires);
    • or, if there is litigation, the further retention has depended on the very duration of the litigation or specific requests by the proceeding authority.
  1. Asserting and defending the rights of TeamSystem, assessing the status and reliability of the customer, and conducting audits for the purpose of preventing and/or suppressing fraudulent or harmful actions.
  2. Completing a potential merger,, asset sale, business sale, business unit sale, or financial transaction by disclosing and transferring data to the third parties involved.
  3. Performing customer segmentation activities based on non-intrusive categories, such as, among others, the professional category you belong to, the city/province/region in which you are based, the type of product or service you purchased or for which you requested information through the Website. This segmentation activity could also be done on third-party vendor platforms via interconnection activities with the third-party platform’s own data. In any case, communications for Marketing Purposes will be sent in compliance with the consents you have given and in accordance with what is stated in this policy. In this context, data could also be used to detect similar customer profiles.
  4. Managing TeamSystem’s IT resources, including infrastructure, websites, and technology equipment, to ensure service continuity and IT security (e.g., to prevent cyber-attacks or perform audits in case of attacks).
3. Marketing Purposes

Here we describe the different Marketing Purposes in more detail:

THE PURPOSE IN BRIEF:

  • Do you have an obligation to provide us with your data?
    No, you don’t have any such obligation.
  • Can you object to the processing?
    You can object at any time to the processing of your data for direct marketing purposes, including profiling, if related to such direct marketing.
  • What happens if you do not provide the data?
    We will not process your data for these purposes without any consequences with respect to your contractual relationship with us and the use of our services
  • Is your consent needed to process your data?
    Yes, your consent is required, except for the purpose stated under letter p.
  • On what legal grounds do we process your data?
    We process data based on your prior consent. The only exception relates to the purpose indicated under letter p: in this case the processing is carried out in accordance with Article 130, paragraph 4 of Legislative Decree No. 196/2003 (“Privacy Code”), without prejudice to your right to object to the processing.
  • Modification of choices and withdrawal of consent
    If you change your mind, you can change your consent given for marketing purposes at any time in the manner indicated in the section “What are your rights and how can you exercise them.”. In any case, if you no longer wish to receive our commercial communications, you can use the unsubscribe link available at the bottom of our commercial communications received via email. In these cases, we will retain the minimum personal information necessary to record your opt-out and avoid contacting you again.
  • How long do we keep your data?
    For a period, equal to 24 months from the date consent is given or renewed when purchasing a new TeamSystem-branded product or service or from the date of the last contact with you. By last contact we mean, for example, attending a TeamSystem event, using a product or service provided by TeamSystem, or opening a newsletter.
  1. To send you updates on news and commercial offers of TeamSystem products and services, including after interconnecting your Usage and Browsing Data and analyzing your behavior with respect to both browsing the Website and, more generally, your use of TeamSystem services and products (subject to the consents you have given to acquire these data); Or to invite you to participate in events, conduct market research, or other commercial initiatives. All of this may be done either through traditional communication channels such as paper mail or a phone call from an operator or through automated communication tools such as email, chat, messaging (texting and other instant messages), chatbots, and other remote communication tools.
  2. Disclose your personal information to other TeamSystem Group companies and/or its network of business partners, for the purpose of sending you marketing communications and other promotional initiatives in accordance with the methods of communication and the purposes set forth in letter l) above.
  3. Send marketing communications via email about services or products similar to those covered by the contract concluded with TeamSystem. You will have the opportunity to object to the sending of these communications at any time.

4. With Whom We Share Your Data

We may disclose your information to other parties that carry out activities that are functional to those of our products or services. In sharing your data, we respect the principle of purpose and minimization established by the GDPR. The person to whom we disclose your data process them, as applicable, as autonomous data controllers or data processors. To obtain a complete list of those who process data as data controllers, write to us at privacy@mailup.com.

These are the parties to whom we disclose your data:

    1. Third-party providers of support and advisory services with reference to activities in the technology, accounting, administrative, legal, and insurance sectors (by way of example only).
    2. TeamSystem Group company.
    3. In cases where the contractual relationship involves business partners, we may share some of your personal data with their distributors, resellers and partners who are part of the distribution chain of TeamSystem Group products and services.
    4. Banks and lending institutions.
    5. Debt collection companies.
    6. Subjects and public authorities whose right of access to your personal data is expressly recognized by law, regulations or measures issued by the competent authorities.
    7. Potential purchasers and entities resulting from merger or any other form of corporate transformation.
    8. Public databases and credit information systems.

For Marketing Purposes, and with your specific consent, we may also communicate your data to other third parties and business partners in charge of marketing campaigns carried out on our behalf.

Do we transfer your data abroad?

Your personal data may be freely transferred within the European Union.
If, for the purposes stated, TeamSystem needs to transfer your personal data outside the European Union, to countries not considered appropriate by the European Commission (e.g., the United States), TeamSystem will take the necessary measures to protect your personal data. We will do this in compliance with the guarantees of the law, in accordance with the applicable legislation and in particular Articles 45 and 46 of the GDPR. In case you would like to receive further information regarding the guarantees in place and would like to request a copy of them, you can contact the Data Protection Officer at dpo@teamsystem.com.

5. How we handle your data

Your personal data are processed by TeamSystem with electronic and manual systems according to the principles of fairness, loyalty and transparency and protecting your confidentiality through technical and organizational security measures to ensure an adequate level of security.

These processing operations take place at TeamSystem’s headquarters and/or at the offices of external data processors who perform processing on behalf of TeamSystem.

With regard to Usage and Browsing Data, in compliance with the purposes described and, where necessary, with your express consent, analysis activities may be done, including by interconnecting your data related to the different products and services purchased by you from TeamSystem Group companies, with the acquisition of Usage and Browsing Data, both with regard to products installed at customer machines ( on premises), as well as for those “in the cloud,” that is, during online use of the services themselves.
For usage statistics, we make use of tools that enable the collection of Usage Data.
These tools may involve the collection of locally generated information in the product you use through communication with or access to your systems.
With specific reference to the “cloud-based” collection of Usage Data, among others, TeamSystem uses analytical tools to collect, measure, and analyze Usage Data and Navigational Data for the purpose of understanding, optimizing, and improving the use of the Website and our products (e.g., Web and customer analytics tools, querying, and dashboarding).
In addition, for the purposes described above, again subject to the consents you have given, we may interconnect data about your browsing on the Website with data that you have provided to us by filling out a form on the Website.
For more information about cookies and tracking tools used on the Website and the processing of your Browsing data, you can consult our cookie policy at this address: https://www.teamsystem.com/gestione_cookie.

The CRM in the Cloud application uses and shares with other user-selected applications information received from the Google API in compliance with the Google API Services User Data Policy (Google API Services User Data Policy) including Limited Use requirements.

6. Your rights and how can you exercise them

You have control over your data. Here we list the rights you have with respect to the processing of your personal data:

  • Right of access
    You may receive confirmation of the existence of your personal data and to access their content.
  • Right of rectification
    You may update, amend and/or correct your personal data.
  • Right to be forgotten and right to limitation
    You may to request the erasure or the limitation of your personal data processed in violation of law, including data whose retention is unnecessary given the purposes for which they were originally collected or otherwise processed.This is subject to an overriding public interest or our legal obligation to retain the data.
  • Right of opposition
    You can object to processing, including profiling. This is the case unless there is an overriding legitimate reason for TeamSystem to continue processing.
  • Right to withdraw consent
    You can withdraw your consent to marketing activities if you have previously given it.
  • Right to complain
    You can file a complaint with a supervisory authority, either in the member state where you usually reside, work, or of the place where the alleged violation occurred. In Italy, the supervisory authority is the Garante per la protezione dei dati personali. This is without prejudice to any other administrative or judicial recourse.
  • Right to data portability
    You can receive an electronic copy of personal data about you. You have the right to transmit this data to a different service provider if TeamSystem processes the data on the basis of your consent or on the basis that the processing is necessary to provide you with the requested services and if the data is processed by automated means.

To exercise your data protection rights stated above at any time and free of charge you can contact the Data Protection Officer, who can be contacted by sending a request to dpo@teamsystem.com.

When contacting us, be sure to include your name, email, mailing address and/or phone number to be sure your request can be handled properly.

What happens in the event of your death?

In the event of your death, Article 2-terdecies of the Privacy Code applies: the rights referring to your personal data may be exercised by those who have an interest of their own, or are acting on your behalf as an agent, or for family reasons deserving protection.
You may expressly prohibit some of these rights from being exercised by these individuals by sending a written statement to the Data Controller, at the contact information you can locate in the “Who we are and how you can contact us“ section. You may revoke or change this statement later in the same way.

7. Cookies

Definitions, characteristics, and implementation of regulations

Cookies are small text files that sites you visit send and store on your computer or mobile device, only to be transmitted back to the same sites on your next visit. It is precisely because of cookies that a website remembers a user’s actions and preferences (such as, for example, login data, language choice, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to said Website or navigates from one page to another of it. Cookies, therefore, are used to perform computer authentication, session tracking, and storage of information regarding the activities of users accessing a website and may also contain a unique identifier code that allows tracking of the user’s browsing within the Website for statistical or advertising purposes. When browsing a website, you may also receive cookies on your computer from sites or web servers other than the one you are visiting (so-called “third-party” cookies).

Some operations could not be accomplished without the use of cookies, which in some cases are therefore technically necessary for the very operation of the Website.
There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user’s equipment until a predetermined expiration date.

Under applicable law, express user consent is not always required for the use of cookies. In particular, “technical cookies,” i.e., those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user, usually do not require such consent. These are, in other words, cookies that are essential for the operation of the Website or necessary to perform activities requested by the user.

For “profiling cookies“, vice versa, i.e., those aimed at creating profiles related to the user and used for the purpose of sending advertising messages in line with the preferences expressed by the user in the context of web browsing, prior consent of the user is usually required, as far as it depends on the applicable legislation.

Types of cookies used by the Website and options for (de-)selection

The Website uses the following cookies, which can be de-selected, except for third-party cookies for which you should refer directly to the respective cookie selection and de-selection methods, indicated by links:

  • Navigation or session technical cookies, strictly necessary for the operation of the Website or to enable you to take advantage of the content and services requested.
  • Analytical cookies, which allow you to understand how the Website is used. No information about your identity or any personal data is collected with these cookies. Information is processed in aggregate and anonymous form.
  • Functionality cookies, i.e., used to enable specific Website features and a selected set of criteria (e.g., language) in order to improve the service rendered.
  • Profiling cookies, used for the purpose of sending advertising messages in line with the preferences you expressed as part of your web browsing.

TeamSystem also forwards third-party cookies, that is, cookies from sites or web servers other than TeamSystem’s for purposes specific to those third parties, including profiling cookies. Please note that these third parties, listed below with links to their privacy policies, are typically either autonomous data controllers of the data collected through the cookies they provide, or they act as Data Processors for TeamSystem (i.e. they process personal data on behalf of TeamSystem).

In detail, the cookies sent by TeamSystem through the Website can be viewed here.

Cookie settings
Cookie-related settings

You can block or delete (in whole or in part) technical and functionality cookies through the specific features of your Browser. Please be advised, however, that not authorizing technical cookies may result in your inability to use the Website, view its contents, and take advantage of its services. Inhibiting functionality cookies may result in some services or certain features of the Website not being available or not working properly, and you may have to change or manually enter certain information or preferences each time you visit the Website.

The choices made in reference to the Website’s cookies will in turn be recorded in a specific cookie. Such a cookie may, however, not work properly in some circumstances: in such cases, we recommend that you delete unwelcome cookies and inhibit their use through the functionality of your Browsers as well.

Your cookie preferences will need to be reset if you use different devices or Browsers to access the Website.

How to view and change cookies through the Browser

You can authorize, block, or delete (all or part of) cookies through specific features in your Browser. For more information on how to set preferences on the use of cookies through the Browser, you can consult the relevant instructions:

If you do not use any of the Browsers listed above, select “cookies” in the relevant section of the guide to find out where your cookie folder is located.

You can also manage your choices with respect to third-party cookies using online platforms such as AdChoice or All about cookies.

WARNING: Disabling technical and/or functionality cookies may result in the Website being unavailable or certain services or features of the Website not working properly, and you may have to change or manually enter certain information or preferences each time you visit the Website

Deleting Flash cookies

Click the link below to change your Flash cookie settings.

Disabling Flash cookies

Third-party Websites

The Website contains links to other Websites that have their own privacy policies. These privacy policies may differ from that adopted by TeamSystem, which is therefore not liable for third-party sites.

8. Modifications and updates

We may also change this policy as a result of regulatory changes. We will notify you in advance of any changes in the policy. The updated policy text will be available on the Website at the following address: https://www.teamsystem.com/privacy-policy. You can consult all previous versions of privacy policies at this link: https://www.teamsystem.com/privacy-policy-revs

9. Privacy contacts

For all inquiries regarding this privacy policy, you may contact the Data Controller at the following contact details:
Data Controller: TeamSystem S.p.A. – Via Sandro Pertini, 88 Pesaro – privacy@mailup.com

Remember to include your name, email/postal address, and/or phone number(s) so that your request can be properly handled.

10. Glossary articles cited

Below you can find the articles mentioned in the document with their simplification:

  • Art.2 terdieces Privacy Code | Right of access concerning deceased persons
    Establishes who has the right to request access to a deceased person’s data and defines all the information that can be shared, along with costs, limits, and exceptions.
  • Art. 6(1)(f) GDPR | Lawfulness of processing based on legitimate interest
    The processing of personal data is lawful if it is necessary for the pursuit of the legitimate interest of the data controller or a third party, provided that this interest is not overridden by the interests or fundamental rights and freedoms of the data subject.
  • Art. 13 GDPR | Information to be provided to the data subject
    Establishes the information that the data controller must provide to the data subject, i.e., the person to whom the data relate, when obtaining his or her data
  • Art. 14 GDPR | Information to be provided to the data subject
    Establishes the information that the data controller must provide to the data subject, that is, the person to whom the data relate, if the data controller has obtained these data from a source other than the data subject.
  • Art. 21 GDPR | Right to object
    The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data when it is based on the pursuit of a legitimate interest. In the event of an objection, the data controller must refrain from further processing of personal data unless it can demonstrate compelling legitimate grounds that override the interests, rights, and freedoms of the data subject or for the exercise or defense of a legal claim.
  • Art. 45 GDPR | Transfer on the basis of an adequacy decision
    Establishes that personal data can be transferred to foreign states or international organizations if there is an adequate level of data protection, as decided by the European Commission. This article also defines the requirements under which this decision is made.
  • Art. 46 GDPR | Transfer subject to adequate safeguards
    Personal data may be transferred to foreign states or international organizations if the data controller has established certain appropriate safeguards to protect the data.
  • Art.130 paragraph 4 Italian Law Decree 196/2003 (“Privacy Code”) | Promotional communications without the consent of the data subject.
    If the data subject has provided the holder with his or her email address as part of the sale of a service or product, then the holder may send promotional or market research communications to the data subject even without his or her consent. Communications must relate to products or services similar to those sold, and the data subject always has the right to object to these communications.

Demos and trials are trial versions created specifically to test certain features or digital productsi
A webinar is an educational or informational session participation in which occurs remotely via an Internet connection
The IP address is the equivalent of the postal address of your device (pc, cell phone, tablet). Thus, a unique address that identifies a unique device.
A chatbot is an instant electronic conversation (chat) that occurs between you and artificial intelligence (bot)
The minimization principle requires that personal data be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed
The purpose principle requires that personal data be processed for specified, explicit and legitimate purposes.
Anonymization is a technique by which a piece of personal data can no longer be traced back to a specific person.
Interconnection entails using multiple databases in connection with each other. For example, data contained in one database can be updated automatically if there are changes in the data contained in a second database.
APIs are sets of definitions and protocols with which application software is built and integrated.
The website of the Garante per la protezione dei dati personali is www.garanteprivacy.it