TIPPY RAIL APP PRIVACY POLICY

INFORMATION PURSUANT TO ART. 13 OF REGULATION EU N. 2016/679

B810 S.r.l., (Fiscal code and VAT n.: 03378920361) (hereinafter “B810”), in person of its pro tempore legal representative, with registered office in Reggio Emilia, via E. Lazzaretti, 2/1, DIGICOM S.r.l., (Fiscal Code and VAT n.: 03488160122) (hereinafter “DIGICOM”), in person of its pro tempore legal representative, with registered office in Legnano (MI), viale Cadorna, 95, and MC REGEM S.r.l., (Fiscal code and VAT n.: 02891380350) (hereinafter “MC REGEM”), in person of its pro tempore legal representative, with registered office in Reggio Emilia, via G. Gutenberg, 3, as Joint Controllers pursuant to art. 26 of Regulation EU n. 2016/679 (GDPR) (as well as being part of same business group “B810” pursuant to art. 4 n. 19) of GDPR, where B810 holds status of parent company) inform that, pursuant to art. 13 of GDPR, your personal data described in following art. 1 will be processed, by Joint Controllers, for execution of purposes referred in following art. 2.

The text of related joint controlling arrangement can be viewed upon request via contact details referred in art. 7.

This information is inspired, in particular, by following documents: Document n. 1/2008 of Working Party Art. 29 (hereinafter “WP 29”; now, EDPB); Opinion n. 2/2013 of WP 29; Guidelines n. 5/2020 of EDPB.

  1. Category of data being processed.

1.1. Joint Controllers will only process your personal data pursuant to art. 4 n. 1) of GDPR.

  1. Purpose and legal basis of the processing.

2.1. In compliance with art. 6 paragraph 1) letters b) and c) of GDPR, your personal data will be processed, by Joint Controllers, for execution of following purposes:

  1. Effective and complete use of device called “Tippy Rail” and interconnected mobile software application called “Tippy Safe Home”, including any available functionality (e.g. local alarm and on associated smartphone; detection of environmental parameters).
  2. Execution of any legal/regulatory fulfillment connected, directly or indirectly, to purpose of processing referred in letter a) above.

In compliance with art. 13 paragraph 2) letter e) of GDPR, Joint Controllers specify that any failure to communicate your personal data for execution of processing purposes described in previous art. 2.1. will determine impossibility of a correct and complete use of device called “Tippy Rail” and interconnected applicable mobile software called “Tippy Safe Home”, including any available functionality.

2.2. In compliance with art. 6 paragraph 1) letter a) of GDPR, your personal data will be processed, by Joint Controllers, for execution of following purposes:

  1. Marketing activities (e.g. commercial, advertising and/or promotional communication; market research), to be carried out with traditional and/or automated mode;
  2. Acquisition by third parties (to the business group “B810”) for marketing activities (e.g. commercial, advertising and/or promotional communication; market research), to be carried out with traditional, automated mode or in form of indirect marketing where Joint Controllers may possibly act as a vehicle for advertising message concerning goods, products or services of transferee third party.

In compliance with art. 13 paragraph 2 letter c) of GDPR, Joint Controllers inform of right to revoke, at any time, any consent given for one or all of purposes described in art. 2.2., without this event being able, however, to affect lawfulness of processing based on consent provided prior to revocation.

2.3. In compliance with art. 6 paragraph 1) letter f) and in compliance with art. 130 paragraph 4 of amended Legislative Decree n. 196/2003 (Privacy Code), your personal data will be processed, by Joint Controllers, for execution of following purpose:

  1. Direct marketing activities (soft spam), to be carried out via e-mail or via mode traditional.

2.4. In compliance with art. 6 paragraph 1) letter f) of GDPR (and in compliance with Opinion n. 6/2014 and Guidelines n. 251/2018 of WP 29), your personal data will be processed, by Joint Controllers, for execution of following purpose:

  1. Profiling pursuant to art. 4 n. 4) of GDPR, not based solely on automated processing, aimed at determining and establishing categories/classifications (cluster) based on personal information provided directly or indirectly (data provided and data observed) or aimed at knowing preferences and characteristics of customers of “Tippy Rail” device and of connected mobile software application “Tippy Safe Home”, in order to personalize offers or offer products and/or services suitable to better satisfy needs and desires of latter.

  1. Retention period.

3.1. Your personal data will be kept Joint Controllers for time strictly necessary to carry out processing purposes described in previous art. 2.1. (identifiable, approximately, until user unequivocally communicates to Joint Controllers that no longer wishes to use “Tippy Rail” device and interconnected “Tippy Safe Home” mobile software application), possibly extendable in order to comply with regulatory and/or judicial obligations.

3.2. The retention period of your personal data, processed for execution of purposes referred to in art. 2.2. letters c) and d), will last until you decide to communicate revocation pursuant to art. 17 of GDPR to one or all of related consent previously given, without this event affecting lawfulness of processing based on consent previously provided.

3.3. The retention period of your personal data, processed for execution of purposes referred in articles 2.3. and 2.4., will last until you decide to communicate your opposition pursuant to art. 21 of GDPR to one or both of related processing purposes.

  1. Addresses.

4.1. In compliance with art. 13 paragraph 1) letter e) of GDPR, Joint Controllers specify that your personal data may be communicated, if appropriate, to one or more addresses pursuant to art. 4 n. 9) of GDPR (which generally belong to following categories: marketing, analysis, IT, cloud computing companies; consultants of various kinds) in order to correctly execute processing purposes described in previous art. 2. Finally, Joint Controllers specify that your personal data will not be disseminated, with possible exception, if necessary, for execution of processing purpose referred in art. 2.2. letter c).

  1. Transfer.

5.1. Your personal data will be stored through use of a public cloud computing service (whose relative provider has been fully appointed, by Joint Controllers, as Processor pursuant to art.28 of GDPR), suitable to transfer such information, through one or more appointed sub-Processors pursuant to art. 28 paragraph 4) of GDPR, in one or more extra EEA countries (in particular, USA): in this regard, Joint Controllers specify that appropriate guarantee for any such transfer is found in art. 46 paragraph 2) letter c) of GDPR.

  1. Data subject’s rights.

6.1. In relation to your personal data, Joint Controllers inform, in compliance with the Guidelines n. 260/2018 of WP 29, of faculty to exercise following rights, possibly subject to limitations provided for by art. 2 undecies and 2 duodecies of Privacy Code: right of access pursuant to art. 15 of GDPR: right to obtain confirmation as to whether or not personal data concerning relevant data subject is being processed, as well as information referred in art. 15 of GDPR (e.g. processing purposes, retention period); right of rectification pursuant to art. 16 of GDPR: right to correct, update or integrate personal data; right to erasure pursuant to art. 17 of GDPR: right to obtain cancellation or destruction or anonymization of personal data, however, if conditions listed in same article are met; right to restriction of processing pursuant to art. 18 of GDPR: right with a markedly precautionary connotation, aimed at obtaining limitation of treatment where hypotheses governed by same art. 18; right to data portability pursuant to art. 20 of GDPR: right to obtain personal data, provided to Joint Controllers, in a structured format, commonly used and readable by an automatic system (and, if required, to transmit them, directly, to another Controller), where the specific conditions indicated in same article exist (e.g. legal basis of consent and/or execution of a contract; personal data provided by data subject); right to object pursuant to art. 21 of GDPR: right to obtain permanent cessation of a specific processing of personal data; right to lodge a complaint with Supervisory Authority (e.g. Italian Privacy Guarantor) pursuant to art. 77 of GDPR: right to lodge a complaint where it is believed that processing under analysis violates national and EU legislation on protection of personal data.

6.2. In compliance with art. 12 paragraph 1) of GDPR, Joint Controllers undertake to provide communications referred in articles from 15 to 22 and 34 of GDPR in a concise, transparent, intelligible, easily accessible form and in simple and clear language: such information will be provided in writing or by other possibly electronic means or, at request of data subject, will be provided orally as long as the identity of data subject is proven by other means.

6.3. In compliance with art. 12 paragraph 3) of GDPR, Joint Controllers inform that undertake to provide information relating to action taken regarding a request pursuant to articles from 15 to 22 of GDPR without undue delay and, in any case, at latest within one month of receiving request; this term can be extended by 2 months if necessary, taking into account complexity and number of requests (in this case, Joint Controllers undertake to inform data subject of this extension and reasons for delay, within one month of receipt of request).

6.4. You may exercise, at any time, aforementioned rights (except for right pursuant to article 77 of GDPR) by using contact details illustrated in following art. 7.

  1. Contact details.

7.1. Joint Controllers can be contacted at following addresses: info@b810group.it, privacy@digicom.it and mcregem@legalmail.it

7.2. Data Protection Officer (DPO) pursuant to art. 37 of GDPR, appointed Joint Controllers, can be contacted at following addresses: privacydpob810@baldiandpartners.it, privacydpodigicom@baldiandpartners.it and dpomcregem@baldiandpartners.it

Reggio Emilia/Legnano, 23.2.2021 (date of last update)

B810 S.r.l., DIGICOM S.r.l. and MC REGEM S.r.l.

(in person of their respective pro tempore legal representatives)