GOAPP S.r.l. with registered office at Via Terminio, 35 – 83100 – Avellino, VAT number 02660110640 (hereinafter, “Data Controller”), as the Data Controller, informs you pursuant to Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter, “Privacy Code”) and Article 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed according to principles of correctness, lawfulness, transparency, in respect of the purposes and methods indicated below, collecting them to the extent necessary and accurate for the processing.
1.Subject of the Processing
Type of Data Collected
Pursuant to EU Regulation 679/2016 on the processing of personal data, when you use our services, you accept that our Company collects some of your personal data. This information is intended to inform you which data we collect, why and how we use it.
1.1.1. Data Provided by the User
When you request information via the “Contacts” form, register an account or purchase products through our e-commerce, we ask you to provide us with some data that are necessary to use our services.
These are, for example and not exhaustively, the data we ask for:
- E-mail address
- Company name/Company denomination
- Company sector
For online purchases, we may ask you for further information:
1.1.2. Data we automatically collect from the website
We collect the following data through the services we use:
- Technical data: for example, IP address, browser type, information about your computer, data about the current (approximate) location of the device you are using;
Purpose of the Processing and Legal Basi
The personal data you enter is processed by the owner of this website for:
2.1) Purposes connected with the provision of services requested by you. For example:
- allowing the user to access the site https://www.goapp.it/
- allowing the user to request information,
- registering on our e-commerce,
- allowing you to purchase the products/services you requested,
- carrying out the requested service or performance. The legal basis of the processing is the execution of an agreement or pre-contractual measures.
2.2) Your data will also be processed to:
- collect statistical information on the use of the site (most visited pages, number of visitors by daily time slot, geographical areas of origin, etc.) and improve its usability for its users. The legal basis in this case is the Data Controller’s legitimate interest in ensuring a service that meets your expectations.
2.3) We may manage your data in order to send you – also by email, SMS and MMS – advertising material, newsletters and informative and/or promotional communications related to products and services provided and/or events promoted by the Data Controller or its commercial partners, unless you object, which can be exercised through the unsubscribe links located at the bottom of the communications we send you.
The legal basis for the processing is your express and prior consent.
The processing of your personal data is carried out through the operations indicated in art. 4 n. 2) GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.
Data protection and all transactions are guaranteed by SSL (Secure Sockets Layer) communication protocol encryption since registration.
Access to data and communication
Your data may be made accessible for the purposes referred to in point 2 to:
employees and collaborators of the Data Controller in their capacity as authorized and/or internal processors and/or system administrators; third-party companies or other subjects (for example ICT companies, website providers, consultants, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external processors. The Data Controller may also communicate your data for the purposes set out above to:
supervisory bodies, judicial authorities, police authorities, public bodies, and all those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data as autonomous data controllers. Only with your express and prior consent for the purposes referred to in the previous point 2.3), the Data Controller may communicate your personal data to third-party companies such as commercial partners and event organizers, who will process the data as external processors.
Your data will not be disclosed.
The data collected by the website during its operation is stored for the time strictly necessary to carry out the specified activities. Upon expiry, the data will be deleted or anonymized, unless there are further purposes for storing them, for example, for security reasons in case any abuse cases need to be clarified. In such cases, the Data Controller will keep the personal data acquired for the time necessary to fulfill legal obligations and/or possibly to assert and/or defend a right in the appropriate venues. The data collected for the purposes referred to in the previous point 2.3), instead, will be processed and stored until any revocation of your consent.
Personal data is not subject to transfer outside the European Union. In any case, it is understood that, if necessary, the Data Controller may transfer personal data also to non-EU countries, guaranteeing in advance that the transfer of personal data outside the EU will take place in compliance with the applicable legal provisions (starting from EU Reg. 679/2016) and therefore stipulating, if and to the extent necessary, specific agreements that ensure an adequate level of protection of personal data or adopting the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU.
Nature of data provision
The provision of data for the purposes set out above is mandatory for all that is required by legal and contractual obligations, and therefore any refusal to provide them in whole or in part may make it impossible for the Data Controller to execute the contract/provide its services. The failure to provide data for the purposes referred to in the previous point 2.3) of the “Processing purposes” paragraph will instead have no consequences regarding the delivery of goods and provision of services.
Rights of the data subject and methods of exercising them
We inform you that, at any time and if the conditions are met, you may exercise your rights provided for by Articles 15 and onwards of the GDPR:
- obtain confirmation as to whether or not personal data concerning you exists and their intelligible copy;
- obtain the updating, rectification or integration of your data;
- request the erasure of your data, where allowed by law;
- object, in whole or in part, to the processing of personal data concerning you;
- limit processing, in case of violation, request for rectification or objection;
- request the portability of electronically processed data provided on the basis of consent or contract;
- withdraw your consent to the processing of your data, if provided for.
Regarding fully automated profiling, obtain the intervention of the controller to express your opinion and challenge the decision.
If you deem it appropriate, you may file a complaint with the Guarantor Authority for the Protection of Personal Data.
To exercise your rights, you may contact the data controller at the following email address: firstname.lastname@example.org.