This website belongs to the company DropTo S.r.l., which processes the data collected by the website as Data Controller. The Controller guarantees the security, confidentiality and protection of the data that are in its possessions, or which will come into its possession, during every phase of their processing, in accordance with the requirements set out in GDPR 679/16 and business secrecy. The website proposes links or referrals to other third-party websites over which the Controller has no control. Such links are supplied for the convenience of the users of the website and the Controller does not assume any responsibility in relation to such sites, and does not provide any indications on the accuracy or completeness of the information contained therein. This privacy notice is addressed to people who access and consult the website of DropTo S.r.l., in accordance with Article 13 of the GDPR 679/16 – “EU Regulation on the protection of personal data”. Therefore, this cookie policy describes the ways in which DropTo S.r.l. uses cookies and similar technologies to collect and safeguard information from when users visit the Website or receive emails from the company.

Methods of Processing

The information system and the software procedures responsible for the operation of this website acquire, during their normal performance, some personal data whose transmission is implicit to the use of online communication protocols. This is information that for its own nature may, through its processing and association with data held by third parties, lead to the identification of the users.

Cookie, pixel tags and JavaScript tags policy

The Website uses session, permanent, technical and analytical cookies, in addition to pixel tags and/or JavaScript tags to collect and safeguard some information regarding the user. A cookie is a small data file that the website sends and saves on the user’s hard drive and/or device (hereafter, both called “computer”); subsequently, when the user accesses the Website, the cookies saved on the computer will send information to the subject that has saved these cookies.
Session cookies serve, for example, to browse the Website without needing to issue new access data and are then deleted from the user’s computer once the browser is closed. Permanent cookies remain on the user’s computer after the browser is closed, but may be deleted at any moment using the browser’s settings. Cookies are subdivided also into “first-party cookies” and “third-party cookies”. First party-cookies are downloaded directly by DropTo S.r.l. on the user’s computer, with sole purpose of recognizing the user during successive visits.
Third-party cookies are sent by an independent service supplier that operates on the company’s account and may be used by said service supplier to recognise the user when the user visits the company’s website or the websites of third parties. Although the company may give third-party suppliers access to the Website to send these cookies to the user’s computer in accordance with all applicable laws, as illustrated in this cookie policy, the company does not control the information collected by the cookies, nor does it conserve access to this data which are immediately communicated to the third parties that collect them.
This information is controlled entirely by the third-party service supplier in accordance with its own privacy policy. Pixel tags may be used also in the emails that DropTo S.r.l. sends to the user. To learn more about cookies, visit: www.allaboutcookies.org o www.youronlinechoices.eu.
In using the company’s Website, the user gives his consent to the use and communication of cookies, pixel tags/JavaScript tags not associated to transactions as described in this policy, unless he/she withdraws this consent and forbids their use by modifying the technical settings of the computer as described below:

How to disable or delete cookies

If one wishes to prohibit browsers from accepting cookies, or wishes to be informed every time that a cookie is stored in his/her computer or wishes to delete already-stored cookies, this can be done by changing the appropriate options using the web browser’s settings, generally accessible from the “Help” or “Internet Options” section. Please refer to the links below:

· Internet Explorer

· Firefox

· Chrome

· Safari

If cookies are disabled or deleted through the browser settings, some functions or features of this website may no longer be accessible: furthermore, the user may be asked to enter once again his/her own login data and the website’s general use may be more limited. If all cookies are deleted from the browser or if another browser or computer is used, the procedure for the withdrawal of the use of cookies must be completed once again.

Purpose for the use of cookies, pixel tags and JavaScript tags

This website uses the following cookies for the purposes listed below:

· session cookies are used to store pertinent information together with the user’s IP address and the cookies’ identification code. These session cookies are cookies associated with transactions that are necessary for the use of the Website and their use does not require the user’s consent.

· permanent cookies are used to store the user’s data. This function may be activated only if the user checks the box shown at the bottom of the login page that informs the user of the presence of such function.

· permanent cookies are downloaded the first time that the user visits the Website, in order to be able to recognize him as a visitor. This cookie is updated with date and hour indicator every time that the user returns to the Website, and memorises information related to the browser preferences that are previously-detected.

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Purpose of the Processing

For an excellent quality of service, the website needs some information from the browser. It requires in particular browsing preferences, login information and frequently visited pages. This information helps the site better understand the users’ needs, in order to offer an ever-better service.

Legal Basis for Processing

The use of technical cookies is a type of processing undertaken for the Controller’s legitimate interest; the use of remaining cookies is undertaken with the data subject’s consent.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
External subjects to whom the Controller has entrusted the processing of personal data have been appointed as Processors.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processed personal data for the time that is necessary to fulfil the indicated purposes. In this case, browsing data will be retained for six months.

Refusal to provide data

The data subject may refuse to provide his browsing data to the Controller. To do so, he must disable cookies following the instructions provided by the browser in use. The disabling of the cookies may undermine the browsing experience and the use of the website’s features.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller at the address indicated above, or by email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds users that every data subject may exercise his/her right to object according to the forms and methods foreseen by Article 21 of the GDPR.
Further information on the right of the data subject are provided at the end of this section.

Submission of complaints

The data subject has the right to submit complaints to the control authority of his/her state of residence.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons

This privacy notice is made to those who send messages to the Controller by filling the online “Contact” form, pursuant to Articles 12, 13 and 14 of the GDPR 679/16 – “EU Regulation on the protection of personal data.”

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of data and type of data we collect

The personal data processed are those supplied through the filling of the from, where necessary integrated with data derived from public directories or already known, guaranteeing, in each case, consistency of processing.

Purpose of the processing

Personal data are processed to attend to the requests expressed through the filling of the online form.

Legal basis for processing

The legal basis for processing is based on the data’s subject consent given through the positive and unequivocal action that is represented by his/her free and unconditional decision to send the filled form.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
External subjects to whom the Controller has entrusted the processing of personal data have been appointed as Processors.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processes personal data for the time that is necessary to fulfil the indicated purposes. In this case, the data included in the online form are retained for two years.

Refusal to provide data

The data subject may refuse to provide his/her data to the Controller.
Nevertheless, if data is not provided, it may compromise or make it impossible to respond or attend to the requests.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.
Further information on the right of the data subject are provided at the end of this section.

Withdrawing Consent

Pursuant to Article 7 of the GDPR 679/16, the data subject may withdraw the consent he/she has provided, at any moment. If consent is withdrawn, any processing done on the data provided in the form will be stopped.

Submission of complaints

The data subject has the right to submit complaints to the control authority of his/her state of residence.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

This privacy notice is meant for natural person who subscribe to the newsletter, pursuant to Articles 12, 13 and 14 of the GDPR 679/16 – “EU Regulation on the protection of personal data.”

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of the data

The personal data processed are those included in the subscription form.

Purpose of the processing

The personal data of the subscribers are processed to:

· send the newsletter by email,

· conduct surveys and evaluate subscribers’ satisfaction.

Legal basis for processing

The legal basis for the processing is based on the data’s subject consent given through the positive and unequivocal action that is represented by his/her free and spontaneous subscription to the newsletter. The subscription is further confirmed through a double opt-in procedure.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
External subjects to whom the Controller has entrusted the processing of personal data have been appointed as Processors.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processes personal data for the time that is necessary to fulfil the indicated purposes. In this case, the data is retained until the data subject himself requests his removal from the mailing list, that is for as long as the email address remains active.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.

Withdrawing Consent

Pursuant to Article 7 of the GDPR 679/16, the data subject may withdraw the consent he/she has provided at any moment. Withdrawal of consent, which can be done through the appropriate link at the bottom of the newsletter, will mean the sending of the newsletter will be suspended.

Refusal to provide data

The provision of personal date is optional and not providing such data may, at the most, make it impossible to receive the newsletter.

Submission of complaints

The data subject has the right to submit complaints to the control authority of his/her state of residence.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

This privacy notice is made to all those who use the apps distributed directly or through third-party websites and platforms, pursuant to Articles 12, 13 and 14 of the GDPR 679/16 – “EU Regulation on the protection of personal data.”

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of the data

The processed personal data are those that were provided by the users knowingly and freely at the moment when they registered on the app (name, user ID and password, education and profession, birthday, mobile number), as well as those generated by the use of the app itself (geolocation data, conversations between the users, promotions used and selected, pairings between users to take advantage of deals).

Purpose of processing

The personal data of the users are processed to:

1) allow registration to and further use of the app;

2) geolocate the users in order to guide them toward the suggested proposals;

3) provide chat and meeting services;

4) allow users to take advantage of promotions;

5) offer preferential terms of use to frequent and loyal users;

6) communicate contact data to commercial partners to promote products and services, even third-party ones, to frequent users;

7) generate aggregate statistical data regarding the user’s consumer preferences.

Legal basis for processing

The legal basis for the processing is based on the data subject’s consent, expressed through the checking of the check box which forms a composite whole for the purposes listed in points 1, 3, 4 and 5. Consent to geolocation, referred to in point 2, is expressed separately through the settings of the user’s own mobile phone. Further consensus is requested and expressed through the checking of a checkbox for point 6. The legal basis for the processing pursuant to point 7 is based on the Controller’s legitimate interest.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
Some data pertaining to preferred promotions, that is pertaining to the consumer habits of the users, are generated automatically and proposed in anonymous and aggregated from to advertisers.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processes personal data for the time that is necessary to fulfil the indicated purposes. In this case, the data provided upon registration are retained for 2 years after the user deletes his/her account. Geolocation data are deleted every time the app is closed. Chat conversations are retained for one year. All other data (promotion choices, preferences, user pairings, etc.) are retained for two years.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.

Withdrawing Consent

Pursuant to Article 7 of the GDPR 679/16, the data subject may withdraw the consent he/she has provided at any moment. Withdrawal of consent for geolocation limits the features offered by the app. Withdrawing other types of consent leads to the immediate termination of the processing that is the subject of the withdrawal.

Refusal to provide data

The data subject may refuse to provide his/her personal data to the Controller. The provision of personal data required upon registration is needed to be able to access and use the app. Therefore, any refusal to provide such data will not allow the user to use the app and the registration process will be interrupted.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

This Privacy Notice is made to suppliers who are natural persons, that is to individual or professional firms, pursuant to Articles 12, 13 and 14 of the GDPR – “EU Regulation on the protection of personal data.”

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l, has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of the data

The personal data processed are those supplied by the data subjects during:

• visits or phone call;

• direct contact when participating in meetings, seminars, trainings, fairs;

• offer proposals;

• transmissions and transactions after an order has been made;

or if they have been collected by third parties, such as for example, the Consortium “Gruppo C3”, to whom the Controller belongs, managers of public directories, providers of addresses, or our clients and suppliers.

Purpose of processing

The personal data of natural contact persons are processed to:

1) acquire precontractual data and information (offer evaluations, verifying adequacy and compliance, provision of documents to third parties, proves of reliability);

2) manage the standard contractual relationship for the purchase of goods and services;

3) manage and check risks, prevent possible frauds or violations;

4) undertake operations that are necessary for the management of payments;

5) avoid and manage possible disputes, refer the matter to the appropriate legal avenues if needed;

6) supply loans or use financial instruments and services;

7) manage accounting, administration, financial flows and treasury matters;

8) manage the receipt and movement of merchandise.

Legal basis for processing

The legal base for processing is based on the need to pursue precontractual, contractual and post-contractual obligations, for the processing related to points 1, 2, 4, 7, 8.
For the remaining purposes, referred to in points 3, 5, and 6, the legal base is supplied by the Controller’s legitimate interest in the protection of its own rights and corporate assets.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processes personal data for the time that is necessary to fulfil the indicated purposes. In this case, the data provided by suppliers who are natural persons are retained based on administrative requirements.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.

Withdrawing Consent

Pursuant to Article 7 of the GDPR 679/16, the data subject may withdraw the consent he/she has provided at any moment. Nevertheless, the processing that is the purpose of this disclosure is lawful and allowed, even in the absence of consent, as it is necessary for the execution of a contract to which the data subject is party (the relationship for the supply of goods and services).

Refusal to provide data

The data subject may refuse to provide his/her personal data to the Controller. The provision of personal data, however, is necessary for the correct and efficient management of the contractual relationship. Therefore, any refusal to provide such data may compromise, in whole or in part, the contractual relationship itself.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

The management of the contractual relationship with clients or suppliers who are legal persons necessarily involves the processing of personal data (identifiers, phone numbers, emails) concerning the persons with whom the contract is entered into. This privacy notice is therefore provided pursuant to Articles 12, 13 and 14 of the GDPR 679/16 – “EU Regulation on the protection of personal data”, to natural persons who work with clients and suppliers. Considering the difficulty in providing it directly to the data subjects, this privacy notice is made available for them on the website of the Controller, with request to notify the data subjects.

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of the data

The personal data processed are those supplied by the data subject on the occasion of:

• visits or phone calls;

• direct contact for participation in exhibitions, displays, etc.;

• offer proposals;

• transmissions and transactions after an order has been made.

Purpose of Processing

The personal data of natural contact persons are processed to:

• forward communications of various kinds and through different communication means (phone, mobile phone, text, email, fax, paper mail);

• make requests or process requests or proposals received;

• exchange information for the purpose for executing the contractual relationship, including pre- and post-contractual activities.

Legal basis for processing

The legal basis for processing is based on the need to pursue precontractual, contractual and post-contractual obligations.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
External subjects to whom the Controller has entrusted the processing of personal data have been appointed as Processors.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processes personal data for the time that is necessary to fulfil the indicated purposes. In this case, the data of the contact persons are retained for two years following the end of their duties or work relationship with their employer.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.

Withdrawing Consent

Pursuant to Article 7 of the GDPR 679/16, the data subject may withdraw the consent he/she has provided at any moment. Nevertheless, the processing that is the purpose of this disclosure is lawful and allowed, even in the absence of consent, as it is necessary for the execution of a contract to which the data subject is party (work relationship with his/her Employer).

Refusal to provide data

The data subject may refuse to provide his/her personal data to the Controller. The provision of personal data, however, is necessary for the correct and efficient management of the contractual relationship. Therefore, any refusal to provide such data may compromise, in whole or in part, the contractual relationship itself.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

This Privacy Policy is made for those who spontaneously, or after a recruitment call, send their CV, pursuant to Articles 12, 13 and 14 of the GDPR 679/16 – “EU Regulation on the protection of personal data.”

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of the data

The personal data processed are those supplied during:

• the sending of the CV;

• filling of the appropriate form online;

• assessment interviews;

• direct contact on the occasion of displays, fairs, exhibitions, etc.;

• referrals from third parties.

Purpose of the processing

The personal data of those who spontaneously, or following a recruitment call, send their CVs are processed for purposes connected to the evaluation and selection, that is in order to propose other job offers that are consistent with the professional profile of the data subject.

Legal basis of the processing

The legal basis of the processing is based on the consent of the data subject given through the unequivocal and positive action that is represented by the free and unconditional sending of his/her own CV.

Data Retention

The data mentioned herein will be retained for a period that is no longer than thirty months from their reception.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
External subjects to whom the Controller has entrusted the processing of personal data have been appointed as Processors.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processes personal data for the time that is necessary to fulfil the indicated purposes. In this case, CVs are retained for two years.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.

Withdrawing Consent

Pursuant to Article 7 of the GDPR 679/16, the data subject may withdraw at any moment the consent he/she has given. The revocation of consent will lead to the deletion of the CV from the candidates’ archive.

Submission of complaints

The data subject has the right to submit complaints to the control authority of his/her state of residence.

Refusal to provide data

The data subject may refuse to provide his/her personal data to the Controller. The provision of data is in fact optional, but any refusal to provide them in a whole or in part may make it impossible to evaluate and select the candidate.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

This privacy notice is made to those that are called to participate in performance reviews or pre-employment reviews, pursuant to Articles 12, 13 and 14 of the GDPR 679/16 – “EU Regulation on the protection of personal data.”

Controller’s Identity

The Data Controller is DropTo S.r.l., acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of the data

The personal data processed are those supplied during:

• performance reviews.

Purpose of the processing

The personal data of those who are called to undergo performance reviews and pre-employment reviews are processed for purposes related to the evaluation and selection, or that is to propose in the future other job offers consistent with the professional profile of the data subject.

Legal basis for the processing

The legal basis for the processing is based on the consent of the data subject given through the signing of a form for receiving information about the candidate.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
External subjects to whom the Controller has entrusted the processing of personal data have been appointed as Processors.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The data referred to herein will be retained for a period that is no longer than thirty months from the review in case the subject is not hired. Otherwise, they will be retained for the duration of the work relationship, in case the person is hired.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.

Withdrawing Consent

Pursuant to Article 7 of the GDPR 679/16, the data subject may withdraw at any moment the consent he/she has given. The revocation of consent will lead to the deletion of the personal file for the acquisition of information.

Submission of complaints

The data subject has the right to submit complaints to the control authority of his/her state of residence.

Refusal to provide data

The data subject may refuse to provide his/her personal data to the Controller. The provision of data is in fact optional, but any refusal to provide them in a whole or in part may make it impossible to evaluate and select the candidate.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

This privacy notice is made to natural persons and representatives of legal persons who participate in the risk capital of the company DropTo S.r.l., pursuant to Articles 12, 13 and 14 of the GDPR 679/16 – “EU Regulation on the protection of personal data.”

Controller’s Identity

The Data Controller is DropTo S.r.l, acting through its pro tempore legal representative, with registered office in Via Ottavio Revel 20 - 10121 Turin, Italy.
The controller guarantees the security, confidentiality and protection of the personal data that are in its possession, during all phases of their processing.

Contact details of the DPO – Data Protection Officer

The Controller, DropTo S.r.l., has appointed a Data Protection Officer, or DPO, who may be contacted through the Controller’s registered office, or by emailing the address privacy@dropto.app.

Sources of the data

The personal data were spontaneously provided by the data subject during the subscription of the risk capital.

Purpose of the processing

1) The personal data are processed to call meeting and other opportunities for interactions, to pay dividends and to comply with legal obligations related to tax matters, to file accounts and reimbursement of expenses, to draw up paperwork, reports and other formal deeds destined for the Chamber of Commerce or other Entities or bodies of the Italian Public Administration.

2) The personal data are also processed to send to the data subject periodic communications through the MailChimp system.

Legal Basis for the Processing

The processing referred to in point 1) are carried out in accordance with legal requirements and for the execution of a contract to which the data subject is party or for the execution of precontractual measures adopted at the data subject’s request. The processing referred to in point 2) is carried out for the Controller’s legitimate interest (systemically inform the subjects who participate in the risk capital), in the context of the balancing of interests.

Recipients of the data

The personal data processed by the Controller are not disseminated, that is they will not be shared with unspecified individuals, in any possible form, including by making them available or for simple consultation. They may, however, be communicated to the workers who operate under the Controller’s employ, to external subjects that collaborate with the Controller and have been appointed as Processors or have been authorised to process data, as they act under the authority of the Controller.
They may also be communicated, no more than is strictly necessary, to subjects who, for the purpose of fulfilling your requests, must supply goods or perform, on behalf of the Controller, amenities or services. Finally, they may be communicated to persons who are entitled to access them in accordance with provisions laid down by law, regulations and Community legislation.
In particular, based on the roles and the tasks they perform, the workers have been authorised to process your personal data within the scope of their abilities and in accordance with the instructions given to them by the Controller.
External subjects that operate under the authority of the Controller have also been authorised to process data based on the services they provide, the processing carried out and the nature of the processed data.
External subjects to whom the Controller has entrusted the processing of personal data have been appointed as Processors.

Transfer of data

The Controller will never transfer this personal data to third countries or international organisations. Nevertheless, the Controller reserves the right to use cloud services, in which case, service supplier will be selected among those that provide appropriate guarantees as foreseen by Article 46 of the GDPR 679/16.

Data Retention

The Controller retains and processes personal data for the time that is necessary to fulfil the indicated purposes. In this case, the data of the data subject will be retained for ten years after the shares of participation in the risk capital have ceased.

Rights of the data subject

Pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 Right to oppose automated individual decision-making of the GDPR 679/16, the data subject exercises his rights by writing to the Controller to the address indicated above, or through email, specifying the object of his request, the right he wishes to exercise and attaching a photocopy of a valid ID that certifies the legitimacy of the request.
The Controller reminds in particular that every data subject may exercise his right to object according to the forms and methods foreseen by Article 21 of the GDPR.

Withdrawing Consent

Pursuant to Article 6 of the GDPR 679/16, the data subject may withdraw at any moment the consent he/she has given. However, it should be noted that the processing that is the purpose of this disclosure are lawful and allowed even in the absence of consent, and therefore the withdrawal of consent will have no consequences on the actual processing.

Refusal to provide data

The provision of certain data (personal data, fiscal data) is obligatory for the purposes of participating in the risk capital. Some further data (phone number, email address, etc.) is essential for the management of organisational aspects. For this reason, a partial or incomplete communication of such data may compromise the efficient management of the relationship.

Automated decision-making processes

With regards to the processing indicated below, the Controller never undertakes processing that constitutes automated-decision making processes on the data of natural persons.

The content of all emails must be kept confidential. Therefore, the information contained therein or any attachments are meant exclusively for the recipient. Persons or subjects different from the recipient himself/herself, pursuant to Article 616 of the Italian Penal Code, are not authorised to read, copy, modify, or diffuse the message to third parties. Anyone who receives a communication from us in error should not use it, nor bring it to the attention of anyone, but it should delete it from his/her inbox and alert the sender.
The authenticity of the sender and the contents are not guaranteed, with the exception of documents signed electronically.
Furthermore, pursuant to Article 3 of the GDPR 679/16, we inform you that our archives comprise email address related to natural persons, companies, entities with whom we have undertaken previous communications, or who have spontaneously given their email address during occasions of direct contact. Such addresses are used by us in compliance with the wishes and willingness of the data subjects to receive communications by email by our company. We also inform you that all the mailboxes of the domain “@dropto.app” are corporate mailboxes and, as such, are used for work-related communications. Therefore, for requests pertaining to operational activities, they may be read by subjects that are different from the sender and/or recipient.
If the data subject wishes that his/he email address be removed from our archive, or if he/she wishes to exercise his/her rights pursuant to Articles 15 – Rights of Access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22- Right to oppose automated individual decision-making of the GDPR 679/16, she/he may write to the Controller represented by the CEO, managing director or pro tempore legal representative of the company at DropTo S.r.l., Via Ottavio Revel 20 - 10121 Turin.

The data subject, pursuant to GDPR 679/16, may exercise his/her specific rights by contacting the Data Controller, including: the right to request access to their personal data; right to request the rectification of personal data; the right to request the deletion of their personal data, the right to request the limitation of the processing of their personal data; right to request the portability of their personal data; the right to file a complaint with the competent data protection supervisory authority.

We remind you that if the data subject wishes to have more information on the processing of his/her personal data, or to exercise the previously indicated rights, he/she can write to the address privacy@dropto.app.

Right of access: each interested party has the right to obtain confirmation of the existence or not of personal data concerning him/her and, in this case, to request access to such data. Access information includes, among other things, the purposes of the processing, the categories of personal data involved, the recipients or categories of recipients to whom personal data have been or will be communicated.

You also have the right to obtain a copy of the personal data processed. If additional copies are requested, the Controller may charge a reasonable fee based on administrative costs.

Right of rectification: each data subject has the right to obtain the rectification of inaccurate personal data concerning him/her. Depending on the purpose of the processing, each data subject has the right to complete incomplete personal data, including by submitting an additional declaration.

Right of cancellation (“right to be forgotten”): in certain circumstances, each data subject has the right to obtain the cancellation of personal data concerning him/her.

Right to restriction of processing: in certain circumstances, each data subject has the right to obtain the limitation of the processing of personal data. In this case, the respective data will be marked and can only be processed by the Controller for certain purposes.

Right to data portability: in certain circumstances, each data subject has the right to receive personal data concerning him/her, in a commonly used and legible format, and also has the right to transmit them to another entity without impediment.