The application Tippy is the property of B810 s.r.l. with registered office in 21/1 Via Lazzaretti, Reggio Emilia, and is managed on the basis of joint control over the data, exclusively with Digicom s.r.l. by an agreement between said enterprises.
A summary of this agreement is provided below in order to inform the data subjects: “cooperation agreement between the two enterprises having joint control over the data, aimed at optimising the IT infrastructure, marketing activities, the performance of the application and the services provided through it”.
Within the meaning of Art. 26 GDPR, the essential contents of the agreement will be provided to any data subjects wishing to receive a copy, by sending a request to the email address email@example.com
This privacy statement is aimed at all those who access the application – by completing the registration procedure – in order to take advantage of the news and services it contains.
The Data Controllers within the meaning of Regulation EU no. 679/2016 are B810 s.r.l. with registered office at Via Lazzaretti 21/1, Reggio Emilia, Tax ID no. and VAT reg. no. 03378920361, and Digicom s.r.l., with registered office in Via Cadorna 95, Legnano (Milan), Tax ID no. and VAT reg. no. 03488160122.
Within the meaning of Art. 13 Regulation EU 2016/679 – GDPR – we hereby inform you that your data will be processed using the means and for the purposes described below.
Art. 1 Scope of data processing
The Controllers process personal data, in other words “identification” data – such as your name, surname, tax ID no, address, phone number, email address etc. – required to register for the application Tippy.
Art. 2 Purposes of data processing
All “identification” personal data will be processed to allow the user to register, which is necessary to use all functions of the application Tippy, and to provide the various services it offers.
The Enterprises having joint control over data will process your personal data subject to your specific and separate consent, for the following purposes:
i) to carry out marketing activities (including, by way of mere example: dispatch of promotional and publicity material), to send newsletters containing updates;
ii) to carry out profiled analyses on the registered users with the aim of assembling individual or group categories, on a statistical or detailed level, with the aim of finding out more about the needs and expectations of the data subjects and being able to propose products or services that are assessed and/or selected as advantageous for the data subjects;
iii) to carry out business activities such as transferring the data to third parties who operate in product sectors analogous to those in which the joint data controllers operate;
Art. 3 Data processing methods
Your personal data will be processed in the manners described in Art. 4(2) GDPR, namely through the collection, registration, consultation, processing, profiling, conservation, extraction, circulation, communication, transfer, erasure and destruction. Personal data is processed both on paper and using electronic and/or automated means.
The Controllers will process your personal data for the time necessary to meet its legal obligations and to fulfil the aforementioned purposes, without prejudice to the right of the data subject to have his/her data erased in the manners described in the clause ‘Withdrawal of Consent’. Once there is no legal basis and any legal obligations have expired, the data will be destroyed.
Your data, which are collected for the purposes specified in points i), ii) and iii) or Art. 2 will not be kept for any longer than necessary to meet the purpose for which they have been processed. To determine the appropriate storage period, the Joint Data controllers will also evaluate the quantity, nature and sensitivity of any personal data collected, and the purposes for which they are processed. Please note, however, that you may, at any time and at your full discretion, revoke the consent given for said purposes through the application Tippy or by following the indications provided in Art. 7 below.
The data will in any case be processed in accordance with the principles of fairness, lawfulness and transparency, and using instruments and procedures that avoid the risk of loss, unauthorised access, and the unlawful use and disclosure thereof.
Art. 4 Access to data
Your personal data may be made accessible for the purposes defined referred to in art. 2: (i) to employees and collaborators of the Controller, in their capacity of persons authorised to process the data; (ii) to third-party enterprises or other persons – by mere way of example: professional offices, consultants, business partners etc. – which are outsourced to perform activities on behalf of the Controllers, in their capacity of data processors.
Art. 5 Communication of data
Without the need for express consent – art. 6(b) and (c) GDPR – the Controllers may pass on your personal data for the purposes referred to in art. 2 to: Supervisory authorities, Judicial Authorities, and to any persons to whom such data must be passed on by law. Said persons will process the data in their capacity as independent Data Controllers.
Art. 6 Transfer of data
Your personal data will be kept in paper archives located in the offices of the Controller Enterprises and on servers located inside the European Union.
It is understood, however, that if necessary, the Controllers will have the right to move the servers and archives also to countries outside the EU. In this case, the Controllers assure henceforth that data will be transferred outside the EU in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission.
Art. 7 Withdrawal of consent
The consent given originally can be withdrawn at any time, by informing the Controllers of this intent using the contact information given in the point entitled “How to exercise your rights “.
Any data processed prior to this will remain valid and lawful.
Art. 8 Rights of Data subjects
In relation to the processing of your personal data, you have the right:
(i) to be informed about: the data and registered office of the Joint Data controller; the purposes and methods of processing; the data and registered office of the Data processor(s);
(ii) to obtain, at the expense of the Joint Data controller or Data processor, without delay:
confirmation that your personal data has been/is being processed, and to receive such data and details of their origin in an intelligible form, as well as information on the purposes underlying the data processing;
erasure of your personal data, when: i) they are no longer necessary in relation to the purposes for which they were collected, ii) consent has been withdrawn and there is no further legal basis for them to be processed, iii) the data have been processed in breach of the law, iv) the data subject has objected to the processing and there is no prevailing legitimate reason to continue with the processing, v) the Controller is obliged by law to erase your personal data;
to the update, correction or, if interested, the integration of your data;
to receive confirmation that the operations referred to in numbers 2) and 3) have been brought to the attention, also with regard to their content, of those to whom the data has been passed on or distributed, except where this proves to be impossible or would involve expenses that are obviously out-of-proportion with respect to the right being protected.
(iii) to object to the processing of your personal data, for reasons connected to your specific circumstances, within the meaning of art. 6(1) letter e) or f) GDPR;
(iv) to object to the processing of your personal data for the purposes of direct marketing;
(v) to submit a complaint to a supervisory authority;
(vi) to receive your personal data, in a structured and legible format from an automatic device, and to transfer said data to another Data Controller without any impediments from the Controllers to whom you originally provided such data. In exercising your rights with regard to data portability, data subjects have the right to have his/her personal data transferred directly from one Controller to another, if this is technically feasible.
(vii) not to be subject to a decision that is based purely on the automatic processing of data, including profiling, which might produce legal effects pertaining to him/her or might have a similar, significant impact on the data subject him/herself.
The Controllers will provide a copy of the personal data being processed; should further copies be requested by the data subject, the Controllers can charge a contribution fee based on the administrative costs actually incurred.
Art. 9 How to exercise your rights
You may exercise the aforementioned rights at any time by sending to at least one of the Data Controllers:
a registered letter with acknowledgement of receipt to: (i) B810 s.r.l. with registered office in Via Lazzaretti, 21/1, Reggio Emilia; (ii) Digicom s.r.l., with registered office in Via Cadorna 95, Legnano (Milan)
an email to firstname.lastname@example.org
if you do not wish to receive any further messages, promotions etc., please use the specific link at the foot of the email received.
Art. 10 Minors
Registration on the web site is permitted only to people aged 14 and over. If information is registered on persons who have not reached this age, the Controllers will immediately erase all such data.
Art. 11 Data Controllers and Processors
The Data Controllers are B810 s.r.l. with registered office in Via Lazzaretti, 21/1, Reggio Emilia and Digicom s.r.l., with registered office in Via Cadorna 95, Legnano (Milan)
The updated list of the Data processors is kept at the registered offices of the Data Controllers.