PRIVACY NOTICE AWARE ASSET MANAGEMENT

Pursuant to Articles 13 of the EU Regulation 679/2016 as amended and integrated from time to time (the “GDPR”) and to the international laws - European and Italian – complementing it as amended and integrated from time to time (collectively, together with the GDPR, the “Applicable Privacy Law”), this document describes the purposes and means for the users (“Users” or “Data Subjects”) that use the application Aware Assett Management (“App”). Any information indicated in the present document do not refer to third party web sites, landing pages or online services that might be reached through hyper textual links eventually presented in the APP, which refer to external domains of the APP.

1. DATA CONTROLLER IDENTITY AND CONTACT DATA

The Data Controller (“Controller”) is e-Geos S.p.A. (“e-Geos”), with registered office in Località Terlecchie snc – 75100 Matera, in the person of its legal representative pro tempore, in its capacity of Controller, available by e-mail at: titolare.data.protection@e-geos.com.

2. DATA PROTECTION OFFICER CONTACT DATA

The Controller employs a Data Protection Officer (“DPO”), available by e-mail at: data.protection.officer@e-geos.it.

3. CATEGORY OF PERSONAL DATA

Internet browsing data/APP functioning

The informative systems and the software procedures used for the proper functioning of the APP acquire personal data whose transmission is implicit and necessary for the functioning of the service. This category of data includes IP addresses or domain names of the devices used by Users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, time of the request, methods used to submit the request to the server, size of the file obtained in response, numerical codes indicating the status of the response given by the server (successful, error, etc.) as well as other parameters relating to the User's operating system and computer environment, including time stamps and online identifiers such as cookies. For further details on the cookies used in the Application, please refer to the Cookie Policy. With regard to the services provided through the mobile App, data related to the mobile device on which the App is installed may be processed, as well as other parameters related to the operating system in use (Android or iOS).

Personal and contact data

The Aware service, released in web or mobile version, provides for the processing of personal data (e.g. name, surname) and contact data (e.g. e-mail address) for user provisioning purposes, or to respond to requests related to their cancellation.

Location data

[specific for services provided through the mobile app]
Users’ location data are collected only in case of an explicit authorization provided by Users themselves at the moment of its first login in the Mobile App. Location data are exclusively processed during the use of the APP and they are collected through Google Maps functionalities (in case an Android operating systems is used) and Apple Map Framework functionalities (in case of an IOS device). The provision of such personal data is optional; in the event that the User does not wish to share his geographical location through his mobile device, the app will in any case be usable, with the only difference that the AWARE map will not be automatically set on the current location of the user. It is specified that, even in the case of a first positive consent, the user will be able at any time to modify the permissions of the APP from his device through the "Settings" section present in the app itself.

4. PURPOSES, RETENTION PERIOD AND PROCESSING LEGAL BASIS

The Controller processes personal data of the Users for the pursuit of specific purposes and only where a specific legal basis provided for by the applicable Data protection law protection applies. The list below covers all processing performed by the Controller to allow the access of the Users to the APP and ensure its proper functioning. In particular, the Data Controller processes Users' personal data for the following purposes, adopting the legal bases indicated below and in compliance with the following retention times:

  1. Users creation, APP functioning, provision of the relative services and monitoring activities on the proper functioning of the same services: the legal basis for these processing activities is the execution of a contract to which the User is party (art. 6, par. 1, letter b), GDPR). Personal data are stored for the time necessary to provide the functioning services of the App, and then deleted or anonymized. Specifically, personal data will be stored for a maximum period of 10 years after the termination of the contract.
  2. Mobile device location data: the legal basis for this processing activity is the consent provided by the User, at the moment of its first login on the APP (art. 6, par. 1, letter a) GDPR). Please note that location data related to the User is not stored.
  3. Customer Support: the legal basis for these processing activities is the execution of a contract to which the User is party (art. 6, par. 1, letter b), GDPR). Personal data will be stored for a maximum period of 10 years after the termination of contract.
  4. Prevention and repression of frauds/abuses/fraudulent activities performed through the APP e ascertainment, exercise or defense of a Data Controller right in court: the legal bases for these processing activities is the legitimate interest of the Controller (art. 6, par. 1, letter f) GDPR). Personal data will be stored for a maximum period of 10 years after the termination of contract and, in any case, for the whole duration of the investigation, of the judicial claim, and/or the out-of-court complaint or proceedings, until the course of the terms provided for by the law for the exercise of judicial protection and/or possible appeals. Once the above-mentioned retention periods have elapsed, personal data will be irreversibly deleted or irreversibly anonymized.

5. NATURE OF DATA PROVISIONING

The submission of personal data is compulsory for all processing activities whose legal basis consist in the fulfillment of a legal obligations or the execution of a contract: any refusal by the User to provide the necessary information makes it impossible for the Controller to perform the services requested by the User. The provision of personal data is optional for all processing activities whose legal basis is represented by a specific, informed and unequivocal consent of the User: any refusal to provide this data, determines the impossibility for the User to benefit from additional services (e.g. geolocation) provided through mobile APP, without prejudice to all the features provided for web services. The consent may be revoked at any time, without affecting the lawfulness of the processing previously carried out, through the features provided in the "settings" section of the mobile app. The processing based on legitimate interest are not compulsory and the interested party may object to such treatments in the manner indicated in the paragraph "Rights of the interested party" of this information; if the interested party opposes these treatments, his data cannot be further processed for that purpose, unless the Controller demonstrates the presence of compelling legitimate reasons or exercise or defense of a right under Article 21 of the Regulation.

6. COMMUNICATION AND DIFFUSION

For the pursuit of the purposes mentioned, the Controller retains any right to communicate personal data collected through the APP to the following categories of third parties: a) Public authorities and/or Supervisory agencies (e.g. judicial authorities); The subjects belonging to the categories listed above operate independently as autonomous Data Controllers. For an updated and detailed list of third parties to which personal data might be transferred can be obtained submitting a request to: data.protection.officer@e-geos.it. Personal data might also be processed by the persons acting on behalf of the Data Controller, exclusively for the execution of their specific duties, and under a specific authorization provided by the Data Controller itself. In any case, Users’ Personal Data will not be disclosed or disseminated to the general public.

7. DATA TRANSFER OUTSIDE THE EUROPEAN UNION

The Data Controller ensures that, for the pursuit of the above mentioned purposes, personal data of the Users will not be disclosed to third parties not established in the European Union. In case of possible changes and/or modifications to the functionalities of the app that might determine the need to use services provided by suppliers not established in the EU, the Controller undertakes to inform the Users of this circumstance by suitable means and will ensure that the recipient complies with the same standards laid down by European Union regulations, for example by signing the clauses adopted for this purpose by the European Commission pursuant to Article 46, paragraph 2, letters c) and d) of the GDPR.

8. DATA SUBJECT RIGHTS

Pursuant to Articles 15 to 22 of the GDPR, the Data Subject has the right to obtain, from the Data Controller, confirmation as to whether or not personal data concerning him or her is being processed and, if so, to obtain access to his or her Data. Furthermore, the Data Subject has the right to:

  1. know the purposes of the processing;
  2. to know the categories of processed Data in question
  3. know the recipients or categories of recipients to whom the Data have been or will be communicated, in particular if recipients are established in third countries or are representatives of international organizations;
  4. to know, when possible, the expected period of retention of the Data or, if this is not possible, criteria used to determine this period;1
  5. to request from the Data Controller the rectification or erasure of his or her Data or the limitation of the processing of the Data concerning him or her, or to object to their processing, without prejudice to the right of the Data Controller to highlight the impact, if any, of such requests on the treatments
  6. to lodge a complaint with the Control Authority for the Protection of Personal Data, following the procedures and indications published on its official website (www.garanteprivacy.it);
  7. if the Data are not collected from the Data Subject, to receive all available information on their source;
  8. to be made aware of the existence of an automated decision-making process, including the profiling referred to in art. 22 pars. 1 and 4, and, at least in such cases, to obtain significant information on the logic used, as well as the importance and consequences of such processing, foreseen for the Data Subject;
  9. in the cases and with the limits provided for by the GDPR and the Applicable Privacy Regulations, obtain the portability of the Data, i.e. receive them from the Data Controller, in a structured, commonly used and machine- readable format, and transmit them to another data controller without impediment.

For the purposes of exercising the above rights, as well as for any clarifications, the Data Subject may directly contact the DPO designated by the Data Controller by sending an e-mail to the following address: titolare.data.protection@e-geos.com.

9. UPDATE OF THE PRESENT PRIVACY NOTICE

In order to become aware of any changes or amendments to the present privacy policy applied by the Data Controller, mainly resulting from regulatory developments, please consult this document on a regular basis.