Data Controller
SIRIUS SRL is the controller of personal data in accordance to the GDPR 679/2016;
the undersigned Mr. MAURIZIO NEGRO has
been appointed – on the 24th of May 2018
– in charge of the processing and protection of
personal data, according to the definition under ex art. 28 GDPR 679/2016;
Types of collected data
The data that is collected by the
Application or third parties, are the following:
·
Username
·
Email
·
Phone number
·
Camera permission
·
Sensors permission
This application processes data that allows to directly or indirectly identify the user.
The application DOES NOT process sensitive or legal data.
Personal Data can be freely given by the user or, in case of Date Usage, it is possible to be collected while the
application is being used. Unless otherwise specified, all Data that is
required by this Application is mandatory. In case the User refuses to communicate the required data, it would be
impossible for the Application
to provide the service.
In case the application suggests some Data as optional, the User is free to not
communicate it without any kind of
consequences regarding the
Service availability and operation. All users that were to have any doubt
about which Data is required, are encouraged to contact the Controller. The potential
use of Cookies - or any other
tracing tools – by the Application or
its third-parties, unless otherwise
stated, has the purpose to
providing the Service that
has been requested by the user, in
addition to any other purposes that are described within the document or in the
Cookie Policy, in case it is available. The User assumes responsibility for the Personal Data
of third-parties obtained, published or shared through this application and
warrants that he or she has the right to communicate or disseminate them, releasing the Data controller of any liability to third-parties.
Processing Method
The Data controller takes appropriate security measures in order to
prevent unauthorized access, disclosure,
destruction or modification of the Data processed. The process is made by
computer or electronic tools, through organizational methods and logic that are
strictly related with the stated purposes. In addition to the
Data Controller, in some cases, some other people may have access to the Data that is involved in this
Application organization (administrative and commercial staff, marketing,
lawyers and system administrator ) or external subjects (like third-parties services
providers, postal couriers, hosting provider, computer societies, communication
agencies) may be named, if required,
Data processors on behalf of the
Controller. The updated list of Data processors may always be requested by the Data Treatment
Controller. The data cannot be disclosed and cannot be subject to
profiling by the Data Treatment
Controller.
Legal basis for processing
The Controller can process the Personal Data related to the User if one of the
following conditions exists:
·
The User has given consent to one or more specific
purposes.
Note: in some jurisdictions, the Controller can be authorized to
process the Personal Data, without the Consent of the User (ex. identifying data).
·
The processing is necessary in order to fulfill a
contract with the User and/or the implementation of pre-contractual measures.
·
The processing is required to meet a legal obligation for which the
Controller is subject.
·
The processing is required to pursue the legitimate treatment of
the Data Controller or third-parties.
If the Data Treatment Controller wants to use the personal data that is
collected for any other objective that is not compatible with the purposes for
which the personal data was originally collected or authorized, the Data
Controller will inform, in advance, the interested party. In performing
processing activities, the data controller is committed to:
·
ensure the accuracy and the update of the processed
data and readily handing each correction or any addition that is required by
the interested party
·
take measures to ensure a proper data protection, taking into account
the potential impact regarding the respect of the rights and the most important
liberties of the interested subject.
·
communicate to the interested party, within the time period and cases that are
foreseen by the law and any possible violation of personal data.
·
ensure that each operation complies with applicable legal
provisions.
The usage of automated decision-making processes are not foreseen.
Places
Data is processed at the operating sites of the Controller and any other location where the parties
are involved in the data processing are
located. For any other information, contact the Controller.
The collected data will not be communicated to any extra-EU countries or
international organizations.
Conservation period
Data is processed and stored for the time that is required by the
purposes for which they were collected.
Therefore:
·
Personal data is collected for purposes that are
related to the execution of a contract between the Controller and the User and
these will be kept, until the execution is completed.
·
Personal data collected for the purposes attributable to
the legitimate interest of the Data Controller will be retained until that
interest is satisfied
The user can get further information about the Data Controller's Legitimate
Interest that is pursued within the most relevant sections of this document or
by contacting the Data Controller. When the processing is based on the User
consent, The Data Controller can retain Personal Data until the consent is
revoked. In addition, the Data Controller might be obliged to keep data for a
longer period of time, in compliance to the legal obligation or by the order of an authority. At the end of the retention period,
Personal Data will be deleted. Therefore, when this period expires, the right of access, deletion, rectification and portability of Data can no
longer be exercised.
Use of collected data
User Data is collected in order
to allow the Data Controller to provide the Service, to fulfill legal obligations, to respond to requests or
legal actions,protecting own’s rights and interests (either the User’s or third-parties’), to identify any
malicious or fraudulent activities, especially regarding the following purposes: Beta
Testing, Contacting the User and the Permission to access Personal Data that is included
in the User's device. To obtain detailed information on the purposes of data
processing and the Personal Data processed, the User may refer to the
section "Personal Data
processing details".
Permission for Personal Data on the User's Device
Depending on a specific device that is used by the User, this
Application could ask for some permissions to access the User Data that is available on the device itself, according to the
following description. Such permissions must be provided by the User before any information can be processed. Following issuance, the permissions may be revoked by the
User at any time. In order to revoke permissions, the User can use the system
settings on his or hers device. The procedure for checking permissions can change
depending on the device or software that is used by the User. Please,
consider that the revocation of one or more permissions might impact the
proper functioning of this Application. In the event that the User grants the
permissions indicated below, the relevant Personal Data may
be subject to processing (access,
modification or removal) by this Application.
Camera permission
This is used to
access the device’s camera to take pictures or video.
Sensors permission
It is used to access
information from the sensors that the User can use. The Process Controller doesn't use or store
any relevant data from sensors or cameras that always remain on his or her own device.
Personal Data processing details
Personal Data is collected for the following purposes and services:
·
Beta Testing
·
To contact the User
·
Permissions to access Personal Data that is available on the User’s device
·
Other information regarding Personal Data
·
Push notifications
User Rights
RIGHTS OF THE DATA SUBJECT
Under the Regulation base (art. 15-22) the subject can exercise the
following rights toward the data processing controller:
·
Right to Access: The data subject has the right to access personal
data concerning him or her that is being processed in order to verify
if the personal data is being processed in
accordance with the law.
·
Right to Rectification: The data subject is entitled
to obtain the rectification about any imprecise or incomplete information about
him or herself, in order to ensure
the accuracy of the information according to the purpose of processing.
·
Right to Erasure: The data subject has the right to
request the data controller to erase Information regarding him or her and not process this data anymore.
·
Right to restriction of processing: The data subject
has the right to ask the data controller to limit his or hers data processing.
·
Right to Data Portability: The data user has the
right to receive the personal data in a structured, commonly used and
machine-readable format by an automatic device and to transmit such data to another data controller.
·
Right to object the processing: The data user has the
right to object to data processing for all the cases provided by the GDPR, at
any time without justifying his own decision.
·
Right not to be subject of automated decision making process: The
data user has the right to not be subject to a decision exclusively based on an
automated processing of his or hers data, including the profiling, that may produce
legal effects for him or herself or significantly effecting his or her person.
If processing is based on consent, under the art.7 of the Regulation UE 2016/679, the concerned
person can revoke the consent that has been previously given at any time, without any prejudge
for the lawfulness of the processing that was carried out before of the
withdrawal.
Where the data
subject considers that the processing concerning him or her is in breach of the Regulation, the
concerned subject has the right to complain to the Supervisory Authorities of the
Member State where he or she resides, or the State in which the alleged violation
occurred.
How to exercise rights
All rights can be exercised by sending an email to:
amministrazione@sirius.to.it We will respond without delay.
The Data Controller is:
SIRIUS SRL – via Frejus 106 - CAP 10139
The in charge of data processing and
protection SIRIUS SRL Mr. MAURIZIO NEGRO can be contacted by mailing
amministrazione@sirius.to.it.
Additional information about the information regarding data collection
and processing Legal action
The user's Personal Data can be used by the Data Controller for law
enforcement purpose within or in preparation for legal proceeding resulting
from the failure to properly use this Application or the associated Services
from the User. The user declares to be aware of the Data Controller being obliged to
disclose the Data by the order of the authorities.
Specific information
Upon the User’s request, in addition to the information that is
included in this privacy
policy, this Application can give some additional and contextual information as
regarding specific Service, or the collection and
processing of Personal Data.
Maintenance and system Log
For operation and maintenance purposes, this Application and any other third-party services that have been used
by it, might be able to collect system logs, which are files that record interactions
and may also contain
Personal Data, such as the User IP address.
Information that is not included into the policy
Any further information regarding Personal Data processing can be requested from the Data Controller
at anytime by using the contact details.
Privacy policy modifications
The data controller reserves the right to make changes to the current privacy
policy at anytime, by notifying the User within this and, if possible, on the
Application, as far as legally possible the Users will be notified through one
of its own contact details. Therefore, please consult this page frequently, by referring to the
latest modification indicated at the bottom. If the modifications reefer any processing, which
the legal basis is consent, then the Data Controller will re-collect the User's
consent as necessary.
Latest modification: 20/09/2023