Scope of application
This Privacy Policy is valid for the use of the website
www.xolo.io/it-en (hereinafter, the
“Platform”) and all applications, services (including paid services), products and tools therein, regardless of how you log in, whether from mobile devices or apps. This document is also valid when it is accessed via a link or other similar method. This Privacy Policy may be modified at any time by new versions posted on the Platform, which will also bear the date of entry into force;
Data Controller and DPO
The processing of personal data in relation to the provision of services is managed by
Xolo Italia S.r.l., a single shareholder company with registered office in 20144 - Milan (MI), at Via Tortona no. 33, VAT number and Tax ID: 12134920961, PEC (certified email): xoloitaliasrl@pec.it, as party to any contractual relationship, as well as by
Xolo OÜ, headquartered on Paju 1a, 50603 - Tartu, Estonia, Reg. No. 12844111, VAT ID: EE101793070, as owner of the Platform. The data will be used in compliance with the provisions of EU Regulation 2016/679. The Data Protection Officer
(DPO - Data Protection Officer) is
Dr. Mikko Teerenhovi, reachable at:
mikko.teerenhovi@xolo.io. For further information concerning the processing of personal data received by way of the contractual relationship, please refer to the Privacy Policy appended thereto;
Data processed
The following personal data will be collected from the Platform users: Data that identify the user, such as name, address, telephone numbers, email addresses, user, Tax ID, VAT number, etc. If you use payment services, additional identification data (such as social security number or date of birth), tax identification numbers (such as VAT number) and other information (such as bank account number) and, more in general, all data provided during a transaction, including credit card and/or bank account numbers, transaction details and form of payment. It may be possible to collect additional data, as required or authorised by law, for authentication or identification, or simply for data verification. Such data may include location information, including general location data (for example, IP address) and, subject to consent, the exact location data of the mobile device used, if any. In addition, the Data Controller may collect computer and connection information for statistical purposes, information on data traffic to and from websites, reference URLs, information on advertisements, IP address, access times, including the pages consulted during browsing. Some data will also be collected through cookies and similar technologies;
Data Processing Purpose
Personal data will be processed mainly to provide and improve services, as well as improve the user’s browsing. The data will be used for the purpose of sending newsletters for promotional initiatives. Processing is based on the consent given for this specific purpose and up to its revocation. Such data are provided to allow the provision of services. Data are collected and stored in digital/IT form, on paper or via mobile or tablet applications, for the accurate and complete performance of the services, and may possibly be disclosed to third parties, such as: cloud computing service managers, IT partners, employees and trusted collaborators, and third-party professionals in charge of the service or affiliated parties. Data will also be provided upon simple request to third parties, such as: law enforcement agencies, courts, governmental bodies or public authorities, intergovernmental or supranational bodies, subjects authorised by law, subjects involved in judicial proceedings, provided that they have a suitable order/injunction/title/measure/sentence or any other instrument issued by the judicial authority. Any data provided will be used to correctly perform identity checks, also in order to prevent fraudulent or suspicious activities or violations. Any telephone conversations concerning the correct execution of the services will be recorded with prior written and telephonic consent. Transactions will be carried out with the aid of the Internet payment processing system called Stripe Payments Europe Limited, with automatic debit on credit card, which will be managed by the agency as the sole Data Controller of data entered therein. The communication of such data by the Customer is mandatory, in order to allow the correct execution of the contract. Every most appropriate security and protection measure, both material and IT, will be adopted in order to prevent unauthorised access, and the modification, disclosure or destruction of data. The aforementioned transactions may be refused, blocked or withheld following breach of contractual rules, as well as suspected fraud and similar actions. Payment information relating to credit card numbers and/or card expiration date and/or other sensitive data, etc. entered on the Platform can be used as a default payment method for future transactions;
Data retention time and data deletion
Personal data will be stored in accordance with data protection laws to the extent necessary for the processing purposes defined in this Notice. At the end of the contractual relationship and/or the termination of the services, the personal data on the portal will be deleted after 10 years, unless otherwise required for legal, fiscal, accounting purposes sub 4);
Rights of the Data Subject
Without prejudice to any restrictions provided for by current legislation, the Data Subject has the right to access, amend, delete and limit the processing and portability of his/her personal data. Furthermore, you may, thus and simply, withdraw your consent and object to processing on the basis of legitimate interests. Likewise, you can lodge a complaint with the Supervisory Authority. More precisely, the Data Subject can:
- Withdraw consent to the processing of personal data at any time;
- Access his/her personal data, requesting information and clarifications on purposes of processing, categories of personal data, categories of recipients to whom the personal data have been or will be communicated, where possible, the envisaged period of personal data retention or criteria used for the determination of this period, existence of the right to request the amendment or deletion of personal data, or to limit personal data processing or to oppose such processing, the right to lodge a complaint with the supervisory authority, any information available with respect to the source of personal data, the existence of automated decision-making processes with the awareness that the right of access cannot affect the rights and freedoms of others and that it could be limited by the laws in force at that time;
- Obtain the amendment of inaccurate personal data and possibly provide an additional declaration of consent;
- Request the deletion of personal data under certain conditions (e.g., when personal data are no longer necessary in relation to the purposes for which they were processed, or when there is no legitimate overriding reason to proceed with processing, such as identification/prevention of fraudulent activities), unless processing is necessary to exercise the right of freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for requests relating to complaints/legal proceedings or defence activities. The right to deletion may be limited by law;
- Obtain the limitation of the processing of personal data if their accuracy is disputed or if heir use is possibly unlawful;
- File a complaint with a Supervisory Authority;
Cookies and similar technologies
The use of cookies and similar technologies is aimed at faster and safer browsing. Cookies are small text files that are automatically created by the browser and stored on the device when using the Platform. The cookies and similar technologies used have different functions:
- May be technically necessary for the provision of the services selected by the user;
- Help improve user navigation (e.g., by saving font size and data entered in the forms);
- Allow users to store the most relevant selected choices;
For more information on the policy adopted on the subject of cookies, please refer to the Privacy Policy appended to the accounting data processing contract;
Data security
Personal data will be protected through technical and organizational security measures to minimize the risks associated with loss, misuse, unauthorized access and unauthorized disclosure and alteration of data. It should be noted that other users have access to the information shared on the Platform, from which it will be possible to see any information that users have chosen to share. Some personal data provided may be shared with third parties for the sole purpose of facilitating transactions, including those that involve processing payments. The services provided on the Platform are not intended for use by minors, who are not authorized to use the services listed therein. For greater protection, the use of a public or shared computer is not recommended, since, during the period in which access is maintained, anyone who uses the computer/browser in question will be able to see most of the account information of the registered user. If you change your password or user ID, you are required to update your account information. To end a browsing session, it is generally sufficient to exit and/or delete the cookies. If some browser privacy settings are enabled, the session may still be terminated by closing the page. In order to protect the account and personal data in case of use of public or shared computers, it is advisable to exit and/or delete cookies after use. If the Privacy Policy undergoes further changes over time, we invite you to periodically consult this document. To this end, the Privacy Policy will present the update date at the bottom of the document itself. It should be noted that, if the changes concern any processing whose legal basis is the consent of the Data Subject, his/her consent will be collected again, as warranted;
Contacts
Owner of the Platform:
Xolo OÜ, headquartered on Paju 1a, 50603 - Tartu, Estonia, Reg. No. 12844111 VAT ID: EE101793070,
info@xolo.io; Manager of the contractual relationship: Xolo Italia S.r.l., a single shareholder company with registered office in 20144 - Milan (MI), at Via Tortona no. 33, VAT number and Tax ID: 12134920961,
ciao@xolo.io, PEC:
xoloitaliasrl@pec.it;
Statutory References
For anything not expressly contemplated here, please refer to EU Regulation 2016/979 (GDPR). With regard to the processing of personal data provided for the services selected on the Platform and not detailed herein, please refer to the Privacy Policy applicable to the contractual relationship.