App PrivacyPolicy

Latest Update: 02.02.24

What is this document? Through this privacy policy drafted pursuant to Art. 13 European Reg. no. 679/2016 ("General Data Protection Regulation" or "GDPR") and in compliance with the principles contained therein, Designtech srl intends to inform each user ("the User") of the processing of personal data collected through the Yape app ("App").

Controller and Contact Details

The Data Controller is Designtech srl ("Designtech" or the "Data Controller") VAT N: IT12415810964, with registered office in: via Cristina Belgioioso 171 - 20157 Milan.

[email protected]

Purpose of processing, Legal basis, Personal data processed and Retention period

The Controller acquires personal data for the following purposes, as specified below, where the legal basis and duration of data processing is also highlighted.

Purpose	Data	Legal Basis	Data retention
Creation and management of a personal User profile	✓ biographical information ✓ Contact details (email address, cell phone number) ✓ Professional information	Execution of contractual measures [Art. 6, 1(b) GDPR]	Until the User deletes his/her personal profile from the App.
Space reservation management and service delivery.	✓ Biographical information (first and last name) ✓ Contact details (email address, cell phone number) ✓ Time slots of interest and services required	Contract performance [Art. 6, 1, lett. b) GDPR]	Until the account is deleted, but no later than 24 months from the date of last contact.
Manage and/or deliver catering services	✓ Health status information (allergies, intolerances)	Consent of the data subject [Art. 9.2(a) GDPR]	Until the end of service delivery, and in any case no later than 24 months from the date of last contact.
Profiling aimed at analyzing your consumption habits to target commercial proposals of interest.	✓ Biographical information (First and last name) ✓ Contact details (Email address)	Consent of the data subject [Art. 6, 1, lett. a) GDPR]	Until consent is withdrawn, but no later than 24 months from the date of last contact.
To enable the Controller to fulfill formalities required by law, including those of a fiscal nature.	✓ Biographical Information ✓ Contact details	Legal obligation [Art. 6, 1(c) GDPR]	According to applicable regulations.
Improve the App by analyzing how Visitors or Users navigate and/or use the App.	✓ App usage statistics.	Legitimate Interest. [Art. 6, 1(f) GDPR]	Until the User deletes his/her personal profile from the App.
Detect or prevent fraudulent activities and exercise Controller's rights in court	✓ Biographical Information ✓ Contact details	Legitimate Interest. [Art. 6, 1(f) GDPR]	10 years

In the event that the User prefers not to communicate data that is mandatory and/or necessary for the fulfillment of certain purposes, the Data Controller reserves the right not to provide the service.

The User may request clarification of the legal basis of each processing at any time.

Modalities of Treatment

The processing is carried out using automated and/or manual computer and telematic tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of the data.

Access to data

Personal Data may be shared with the following entities, in accordance with Applicable Privacy Laws: (i) Internet service providers and platforms used by the Controller as organization tools, communication and/or promotion channels; (ii) third party providers of specific services to the extent necessary for the provision of the service; (iii) the parent company (Design Venture Partners) and its subsidiaries.

All relationships with the subjects listed above are - and will be - formalized with a contract pursuant to Art. 28 GDPR (Appointment as Data Processor).

Personal data will be processed by internal personnel specifically authorized under Art. 29 GDPR. The names of all authorized personnel are available under request to the Data Controller at [email protected]

Place of Data Processing

Personal data is processed at the Controller's premises, as well as in the Controller's servers. Personal data is stored in servers located in the EU and will not be transferred outside the EU under any circumstances. The Data Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers are made by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards required by the GDPR.

Data Subject’s rights

The User may exercise all rights under Articles 15-21 of the GDPR at any time and without unjustified restriction by contacting the Controller at [email protected]. Requests are filed free of charge and processed by the Controller within 30 days.

In particular, the User may:

Obtain confirmation that processing is taking place (Art.15);
Obtain rectification of inaccurate or incomplete data (Art. 16);
Obtain deletion of data without undue delay (Art. 17);
Restrict processing to only part of the personal data (Art. 18);
Receive a copy of personal data held by the data controller in a commonly used, machine-readable format; Obtain unimpeded transfer to another data controller (Art. 20);
Object at any time to the processing of personal data. (Art. 21);

Complaint

The User can always file a complaint with the competent authority (Data Protection Authority), pursuant to Article 77 of the GDPR, if it is believed that the Controller processes its Personal Data in violation of the applicable legislation.

Amendments

The Controller reserves the right to amend and update the following Privacy Policy as a result of any new provisions of national or European data protection laws.