“Smart heating" app privacy policy
1. Data controller
Ridea srl, with registered office in 24040 Ciserano (BG), via Francesca, 54/A, VAT No. and Tax Code 01692990433, hereinafter referred to as the "Data Controller", guarantees compliance with the regulations on the protection of personal data by providing the following information on its processing of data pursuant to art. 13, EU Regulation 2016/679 (General Data Protection Regulation - GDPR) as amended.
2. Data processed, purpose and legal basis for processing
2.1. Data generated by accessing the app
During the course of their normal operation, the computer systems and software procedures used to operate the "Smart heating" app automatically acquire certain information whose transmission is implicit in the use of Internet communication protocols.
The information collected may be as follows:
The legal basis legitimising the processing is the Controller’s legitimate interest.
2.2. Data recorded for security purposes
For security purposes (spam filters, firewalls, virus detection), automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the relevant laws, to block attempts to damage the app's management infrastructure or to harm other users, or in any case harmful or criminal activities. This data is never used to identify or profile users, but only for the protection of the app and its users.
The legal basis legitimising the processing is the Controller’s legitimate interest.
2.3. Data voluntarily provided by the user through registration for the service
The personal data provided by the user, in this case an e-mail address, at the time of registering for the service are collected and processed for the following purposes:
a) to register for the service;
b) for contact purposes in relation to the functions inherent in the app itself (e.g. reports of various kinds);
c) for the performance of customer relationship activities on the basis of contractual and/or precontractual agreements;
d) for the occasional sending of informative e-mails relating to the app (e.g. new or developing features, new versions, etc.) (so-called 'soft-spam').
The legal basis legitimising the processing:
During the course of their normal operation, the computer systems and software procedures used to operate the "Smart heating" app automatically acquire certain information whose transmission is implicit in the use of Internet communication protocols.
The information collected may be as follows:
- domain names;
- Internet Protocol (IP) address;
- operating system used;
- parameters of the device used to connect.
The legal basis legitimising the processing is the Controller’s legitimate interest.
2.2. Data recorded for security purposes
For security purposes (spam filters, firewalls, virus detection), automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the relevant laws, to block attempts to damage the app's management infrastructure or to harm other users, or in any case harmful or criminal activities. This data is never used to identify or profile users, but only for the protection of the app and its users.
The legal basis legitimising the processing is the Controller’s legitimate interest.
2.3. Data voluntarily provided by the user through registration for the service
The personal data provided by the user, in this case an e-mail address, at the time of registering for the service are collected and processed for the following purposes:
a) to register for the service;
b) for contact purposes in relation to the functions inherent in the app itself (e.g. reports of various kinds);
c) for the performance of customer relationship activities on the basis of contractual and/or precontractual agreements;
d) for the occasional sending of informative e-mails relating to the app (e.g. new or developing features, new versions, etc.) (so-called 'soft-spam').
The legal basis legitimising the processing:
- with regard to the purposes set out in 2.3(a), (b) and (c), is the performance of a contract to which the data subject is party or the performance of pre-contractual measures taken at the request of the data subject;
- with respect to the purposes set out in point 2.3(b), is the Data Controller’s legitimate interest.
3. Provision of data
The provision of data:
- with regard to points 2.1 and 2.2, is obligatory and implicit in the service itself, downloading and installing the app directly implies the provision of such data;
- with respect to the purposes set out in point 2.3(a) and (c), is mandatory and any refusal will make it impossible for the Controller to implement the contractual or pre-contractual commitments undertaken;
- with regard to the purposes set out in point 2.3 letter d), is optional, however refusal will make it impossible for the Controller to update you on, for example, the introduction of new features, etc.
4. Locations and methods of data processing and retention times
The data collected by the app are processed at the Data Controller's premises, and at its data centre in via Francesca, 54/A, Ciserano (BG).
The data collected will be processed by means of electronic or otherwise automated, computerised and telematic tools, or by means of manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in such a way as to guarantee their security.
The data collected, including telematics traffic data, is retained as long as the subscription to the service offered via the app is maintained. Upon cancellation of the subscription, and unless otherwise specified by the Authority in an administrative or judicial decision, the aforementioned the data will be destroyed and the possibility of obtaining a copy will no longer be guaranteed.
The data collected will be processed by means of electronic or otherwise automated, computerised and telematic tools, or by means of manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in such a way as to guarantee their security.
The data collected, including telematics traffic data, is retained as long as the subscription to the service offered via the app is maintained. Upon cancellation of the subscription, and unless otherwise specified by the Authority in an administrative or judicial decision, the aforementioned the data will be destroyed and the possibility of obtaining a copy will no longer be guaranteed.
5. Authorised persons, persons responsible and communication of data
The processing of the data collected is carried out by the Data Controller’s internal staff identified for this purpose and authorised to process them in accordance with specific instructions given in compliance with the regulations in force.
The data collected, to the extent that is pertinent to the purposes of processing indicated and where necessary or instrumental to the performance of said purposes, may be processed by third parties appointed as external data processors, or, as the case may be, communicated to them as autonomous data controllers, namely:
Under no circumstances and for no reason whatsoever will your data be disseminated.
The data collected, to the extent that is pertinent to the purposes of processing indicated and where necessary or instrumental to the performance of said purposes, may be processed by third parties appointed as external data processors, or, as the case may be, communicated to them as autonomous data controllers, namely:
- companies that are part of our corporate group;
- persons, companies, associations or professional firms providing assistance and advice to our Company;
- companies, bodies, or associations carrying out services connected with and instrumental to the performance of the above-mentioned purposes (e.g. maintenance of computer systems, etc.).
Under no circumstances and for no reason whatsoever will your data be disseminated.
6. Data transfer to non-EU countries
The data may be transferred abroad to non-European countries, and in particular to the United States, only after verification of the standard contractual clauses (Standard Contractual Clauses) adopted/approved by the European Commission pursuant to Art. 46, par. 2(c) and (d) of the GDPR, or the binding rules for the company set out in Art. 47 of the GDPR or, failing that, by virtue of one of the derogatory measures set out in Art. 49 of the GDPR.
Transfer to the United States is authorised under the specific agreement called the EU-US Data Privacy Framework (available here), so no further consent is required.
Transfer to the United States is authorised under the specific agreement called the EU-US Data Privacy Framework (available here), so no further consent is required.
7. The Data Subject’s rights
In relation to the personal data communicated, the Data Subject has the right to exercise the following rights:
a. (Art. 7.3 EU Regulation 679/2016 - GDPR) Withdrawal of consent;
b. (Art. 15 EU Regulation 679/2016 - GDPR) To accessing and request a copy;
c. (Art. 16 EU Regulation 679/2016 - GDPR) To request rectification;
d. (Art. 17 EU Regulation 679/2016 - GDPR) to request erasure ('right to be forgotten');
e. (Art. 18 EU Regulation 679/2016 - GDPR) To obtain restriction of processing;
f. (Art. 20 EU Regulation 679/2016 - GDPR) To receive them in a structured, commonly used and machine-readable format for the purpose of exercising the right to portability;
g. (Art. 21 EU Regulation 679/2016 - GDPR) To object to the processing.
You may exercise your rights, as well as request further information regarding your Personal Data, by sending an e-mail to privacy@ridea.it, specifying the content of your request in the subject line.
Requests relating to the exercising of the user's rights shall be processed without undue delay and, in any event, within one month of the request; only in cases of particular complexity and number of requests may this period be extended by a further two (2) months.
Remember that it is the right of the data subject (Art. 77 EU Regulation 679/2016 - GDPR) to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), based in Rome, Piazza Venezia no. 11, tel. +39 06 696771, e-mail: protocollo@gpdp.it.
a. (Art. 7.3 EU Regulation 679/2016 - GDPR) Withdrawal of consent;
b. (Art. 15 EU Regulation 679/2016 - GDPR) To accessing and request a copy;
c. (Art. 16 EU Regulation 679/2016 - GDPR) To request rectification;
d. (Art. 17 EU Regulation 679/2016 - GDPR) to request erasure ('right to be forgotten');
e. (Art. 18 EU Regulation 679/2016 - GDPR) To obtain restriction of processing;
f. (Art. 20 EU Regulation 679/2016 - GDPR) To receive them in a structured, commonly used and machine-readable format for the purpose of exercising the right to portability;
g. (Art. 21 EU Regulation 679/2016 - GDPR) To object to the processing.
You may exercise your rights, as well as request further information regarding your Personal Data, by sending an e-mail to privacy@ridea.it, specifying the content of your request in the subject line.
Requests relating to the exercising of the user's rights shall be processed without undue delay and, in any event, within one month of the request; only in cases of particular complexity and number of requests may this period be extended by a further two (2) months.
Remember that it is the right of the data subject (Art. 77 EU Regulation 679/2016 - GDPR) to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), based in Rome, Piazza Venezia no. 11, tel. +39 06 696771, e-mail: protocollo@gpdp.it.