This privacy policy aims to provide all the
information regarding the processing of personal data carried out by Iumob
S.r.l. when the user contacts Yooppe.com (as better specified
below).
1. INTRODUCTION
– WHO ARE WE?
Iumob S.r.l.,
with registered offices in Via Comelico, No. 3, 20135 Milano, Tax
Code/VAT No. 07048770965, enrolled in the Company Register of Milan with the
No. MI-1931950 (hereinafter the “Data Controller”), owner of the website
www.yooppe.com (hereinafter
the “Website” or the “Site”)
and the application Yooppe (hereinafter the “App”), as the controller of
personal data of the users who browse and are registered on the Website and the
App (hereinafter the “Users”)
provides the following privacy policy according to Article 13 of EU Regulation
2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).
2. HOW
TO CONTACT US?
The Data Controller takes the utmost account of its
Users’ right to privacy and protection of personal data. For any information
related to this privacy policy, Users may contact
the Data Controller at any time, using the following methods.
Online:
- Contacting customer service through the dedicated
Contact form;
By Mail:
- Sending a registered
letter with return receipt to the registered offices of the Data
Controller (Via Comelico, 3, 20135 Milano);
For specific requests to be sent to our Data
Protection Officer:
- Users may also contact the Data Protection Officer (DPO)
of the Data Controller, the contact data of which is reported below: Italian
company Shibumi S.r.l. in the designated person of Avv. Lapo Curini
Galletti - e-mail: dpo@iumob.it.
3. WHAT
DO WE DO? – PROCESSING PURPOSES
The
User may contact the Data Controller through the appropriate form by browsing
the Site or App, by e-mail or by any other method indicated by the Data
Controller. In relation to these
activities, the Data Controller collects personal data relating to the Users.
This Site/App and any services offered through the
Site/App are reserved for individuals who are 18 years and over. Therefore, the
Data Controller does not collect personal data relating to individuals under 18
years of age. Upon request of the Users, the Data Controller will promptly
delete all personal data that has been involuntarily collected and related to
subjects under the age of 18.
The personal data of the Users will be processed
lawfully by the Data Controller pursuant to Article 6 of the Regulation for the
following processing purposes:
a) executing the User’s request: the
personal data of the Users are collected and processed by the Data Controller
with the only purpose to reply to their query. The Data Controller will collect
the following personal data in order to be able to reply to the User’s request:
name, surname, email address, and any other information relating to the User possibly
and voluntary given by the User to the Data Controller. No other processing
will be carried out by the Data Controller in relation to the Users’ personal
data. Without prejudice to what is stipulated elsewhere in this privacy policy,
under no circumstances the Controller will make the personal data accessible to
other Users and/or third parties;
b) accounting-administrative
purposes, or in order to carry out organisational,
administrative, financial and accounting activities, as internal organisational
activities and activities aimed at fulfilling contractual and precontractual
obligations;
c) legal obligations, or in order to
fulfil obligations provided by the law or the European laws and regulations.
The provision of personal data for the processing
purposes indicated above is optional but necessary, since failure to provide
such data will make it impossible for the User to make a request
to the Controller.
4. LEGAL
BASIS
Execution
of the User’s request (as described in paragraph
3, letter a) above): the legal basis is Article 6, paragraph 1, letter b) of
the Regulation, since the processing is necessary for the performance of a
contract to which the User is party or in order to take steps at the request of
the User prior to entering into a contract.
Accounting-administrative
purposes (as described in paragraph
3, letter b) above): the legal basis is Article 6, paragraph 1, letter b) of
the Regulation, since the processing is necessary for the performance of a
contract to which the User is party or in order to take steps at the request of
the User prior to entering into a contract.
Legal
obligations (as described in
paragraph 3, letter c) above): the legal basis is Article 6, paragraph 1,
letter c) of the Regulation, since the processing is necessary for compliance
with a legal obligation to which the controller is subject.
5. PROCESSING
METHODS AND DATA RETENTION PERIOD
The Data Controller will process the personal data of
Users using manual and IT tools, with logic strictly related to the purposes
themselves and, in any case, in order to guarantee the security and
confidentiality of the data.
The personal data of the Users will be retained for
the time strictly necessary to carry out the main purposes explained in
paragraph 3 above or, in any case, as necessary for the protection in civil law
of the interests of both the Users and the Data Controller.
6. TRANSMISSION
AND DISSEMINATION OF DATA
The User’s personal data may be transferred outside
the European Union and, in this case, the Data Controller will ensure that the
transfer is carried out in accordance with the Applicable Law and, in
particular, in accordance with Articles 45 (Transfer on the basis of an
adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the
Regulation.
The employees and/or collaborators of the Data
Controller who are in charge of carrying out Website/App maintenance may become
aware of the personal data of the Users. These subjects, who have been
instructed by the Data Controller accordingly to article 29 of the Regulation,
will process the User's data exclusively for the purposes indicated in this
policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed
to third parties who may process personal data on behalf of the Data Controller
as “Data Processors”, such
as, for example, IT and logistic service providers functional to the operation
of the Website/App, outsourcing or
cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors
appointed by the Data Controller, making a request to the Data Controller in
the manner indicated in paragraph 7 below.
7. RIGHTS
OF THE DATA SUBJECTS
Users may exercise their rights granted by the
Applicable Law by contacting the Data Controller as follows:
Online:
- Contacting customer service through the dedicated Contact form;
By Mail:
- Sending a registered letter with return receipt to the registered offices of the Data Controller (Via Comelico, 3, 20135 Milano);
For specific requests to be sent to our Data Protection Officer:
- Users may also contact the Data Protection Officer (DPO) of the Data Controller, the contact data of which is reported below: Italian company Shibumi S.r.l. in the designated person of Avv. Lapo Curini Galletti - e-mail: dpo@iumob.it.
Pursuant to Applicable Law, the Data Controller
informs that Users have the right to obtain indication (i) of the origin of
personal data; (ii) the purposes and methods of the processing; (iii) the logic
applied in the event of processing carried out with the aid of electronic
instruments; (iv) of the identification details of the data controller and
processors; (v) the subjects or categories of subjects to whom the personal
data may be communicated or who may come to aware of them as processors or agents.
Furthermore, Users have the right to obtain:
a) access, updating, rectification, or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or
the restriction of data processed in
breach of the law, including data that does not need to be stored in relation
to the purposes for which the data was collected or subsequently processed;
c) certification to the effect that notification has
been supplied of operations as per letters a) and b), as also regards their
content, to those to whom the data was communicated or disseminated, except for
the case where notification proves impossible or requires the use of means
clearly disproportionate to the right being protected.
Moreover, the Users have:
a) the right to revoke
consent at any time, if the processing is based on their consent;
b) (where applicable) the right to data portability (the right to receive
all personal data concerning them in a structured format, commonly used and
readable by automatic device);
c) the right to
oppose to:
i) in whole or part, for
legitimate reasons, the processing of personal data relating to him/her for
legitimate reasons even pertinent to the purpose of collection;
ii) in whole or part, the
handling of personal data for the purpose of sending advertising or sales
materials or for the carrying out of market research or for commercial
communication purposes;
iii) if personal data is
processed for direct marketing purposes, at any time, to the processing of data
for this purpose, including profiling to the extent that it is related to such
direct marketing.
d) if it is deemed that the processing concerning his/her
personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member
State in which he/she usually resides, in the one in which he/she works or in
the one in which the alleged violation has occurred). The Italian Supervisory
Authority is the Data Protection
Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).
The Data Controller is not
responsible for updating all links viewed in this Privacy Policy, therefore,
whenever a link does not work and/or is not updated, the Users acknowledge and accept
that they must always refer to the document and/or section of the websites
referred to by this link.