- Personal data collected by the Application
The Data Controller collects the following types of Personal Data:
- Content and information provided voluntarily by the User
- Contact and content data: this is the Personal Data that the User voluntarily provides to the Application during its use, such as personal details, contact details, access credentials for the services and/or products provided, personal interests and preferences and other personal content, etc.
- Sensitive data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning the health or sex life or sexual orientation of the person.
Failure by the User to provide Personal Data, for which there is a legal or contractual obligation or if they are a necessary requirement for the use of the service or for the conclusion of the contract, will make it impossible for the Controller to provide all or part of its services.
The User who communicates to the Data Controller the Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
- Data and content acquired automatically when using the Application:
- Technical Data: The computer systems and software procedures used to operate this Application may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified Users, but by its very nature could, through processing and association with Data held by third parties, allow Users to be identified. This category includes IP addresses or domain names used by Users connecting to the Application, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained, etc.
- Usage Data: Personal Data relating to the use of the Application by the User may also be collected, such as the pages visited, the actions performed, the functions and services used.
- Geolocation data: the Application may collect Personal Data about the User’s location, which may be GNSS (Global Navigation Satellite System) data, such as GPS data, as well as data identifying the nearest cell tower, Wi-Fi and Bluetooth hotspots, communicated when enabling location-based products or features.
- Personal data collected through cookies or similar technologies:
The Personal Data collected may be used for the performance of contractual and pre-contractual obligations and for legal obligations as well as for the following purposes:
- User registration and authentication: to allow the User to register on the Application in order to access and be identified.
- Support and contact with the User: to respond to the User’s requests and help him in case of problems.
- External processing of payments by credit card, bank transfer or other means: to process Users’ payments via external platforms that acquire payment data without the Application owner having access.
Personal Data is disclosed to Stripe https://stripe.com/privacy, PayPal https://www.paypal.com/en/webapps/mpp/ua/privacy-full.
- Statistics with anonymous data only: to carry out statistical analyses based on aggregated data or data that do not allow the User to be identified.
The Personal Data are communicated to Google Inc.
- User profiling: to group and analyse in an automated way the User’s characteristics or behaviour and provide him with personalised services or messages.
Personal Data are disclosed to Facebook Inc, https://www.facebook.com/policy.php Google Inc www.google.com/privacy
- Sending emails or newsletters and managing mailing lists: to contact the User with emails containing commercial and promotional information relating to the Application.
Personal Data is disclosed to SendInBlue, https://sendinblue.com/legal/privacy/.
- Advertising targeting and remarketing: to show more relevant advertisements to the User based on his browsing behaviour and preferences.
Personal Data is disclosed to SendInBlue, https://sendinblue.com/legal/privacy/, Facebook Inc, https://www.facebook.com/policy.php Google Inc www.google.com/privacy
- Treatment modes
The processing of Personal Data is carried out by means of computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated.
In some cases, subjects involved in the organization of the Data Controller (such as, for example, personnel management personnel, sales staff, system administrators, etc.) or external subjects (such as IT companies, service providers, postal couriers, hosting providers, etc.) may also have access to Personal Data. These subjects, if necessary, may be appointed as Data Processors by the Data Controller, as well as have access to the Personal Data of the Users whenever necessary and will be contractually obliged to keep the Personal Data confidential.
An up-to-date list of Responsible Persons can be obtained by emailing [email protected]
- Legal basis of processing
The processing of Personal Data relating to the User is based on the following legal bases:
- the consent given by the User for one or more specific purposes;
- processing is necessary for the performance of a contract with the User and/or the implementation of pre-contractual measures
- the processing is necessary to comply with a legal obligation to which the Controller is subject
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller
- the processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties
- the processing is necessary for the pursuit of a vital interest of the Controller or of a third party.
However, it is always possible to ask the Controller to clarify the legal basis of each processing operation at [email protected]
Personal Data are processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller at the following email address [email protected] or at the following postal address Viale dei Mille 9, 50125 Firenze (FI).
- Security measures
The Processing is carried out according to methods and with tools suitable to guarantee the security and confidentiality of Personal Data, the Data Controller having adopted adequate technical and organisational measures that guarantee, and allow to demonstrate, that the Processing is carried out in compliance with the reference legislation.
- Period of Data Retention
Personal Data will be kept for the period of time necessary to fulfil the purposes for which they were collected.
In particular, Personal Data will be retained for the entire duration of the contractual relationship, for the performance of the inherent and consequent fulfilments thereof, for compliance with applicable legal and regulatory obligations, as well as for own or third party defence purposes.
Where the processing of Personal Data is based on the User’s consent, the Controller may retain the Personal Data until the consent is revoked.
Personal Data may be kept for a longer period if necessary to fulfil a legal obligation or by order of an authority.
All Personal Data will be deleted or stored in a form that does not allow the User to be identified within 30 days of the end of the storage period. Upon expiry of this period, the right of access, cancellation, rectification and the right to portability of Personal Data may no longer be exercised.
- Automated decision-making processes
All Personal Data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects for the individual or which may significantly affect the individual.
- User rights
Users may exercise certain rights with regard to Personal Data processed by the Data Controller. In particular, the User has the right to:
- withdraw consent at any time;
- oppose the processing of their Personal Data;
- access their Personal Data;
- verify and request rectification;
- obtain the limitation of processing;
- obtain the deletion of their Personal Data;
- receive their Personal Data or have them transferred to another data controller;
- file a complaint with the data protection supervisory authority and/or take legal action.
In order to exercise their rights, Users may address a request to the contact details of the Controller indicated in this document. Requests are made free of charge and processed by the Controller as quickly as possible, in any case within 30 days.
- Data Controller
The Data Controller is Sellinnate S.R.L.S., with registered office in Viale dei Mille 9, 50125 Firenze (FI), Tax Code/VAT Number IT07104820480, e-mail address [email protected], PEC address [email protected]
Last updated: 07/09/2022