PRIVACY POLICY

 

In respect of the provisions of EU Reg. 2016/679 (General Data Protection Regulation - GDPR), we hereby provide Users with the due information on the processing of any personal data they may provide.

 

  1. Owner and Data Controller.

In accordance with Articles 4 and 24 GDPR, the Owner and Data Controller is Athena S.p.A., with its registered office in Via delle Albere, 13, 36045, Alonte (VI) – Italy – VAT No 00589040242; Tel. +39 0444 727272.

Owner contact email: privacy@athena.eu.

 

  1. Types of Data collected.

Among the types of Personal Data that this Application collects there are:

1) Personal Data of the User: email, fist name, last name, ID User and password, as well as the geographical location, if the User authorizes the App to access to his/her position.

2) Personal Data of third parties identified voluntarily by the User: name, telephone number for sending by SMS or, alternatively, the email address, depending on the option chosen by the User.

Personal Data is freely provided by the User upon registration of the Application and activation of the SOS Function.

3) Payment Information: this Application uses payment providers (e.g. Apple, Google) to process payments. Although this Application does not store any credit card information itself, it stores a payment ID number that is given out by the respective provider and can be allocated to a person by that payment provider, as well as price, currency, VAT (based on country info), and payment provider.

Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.

 

  1. Cookie.

Cookies consist of portions of code installed in the browser that assist the Owner in providing the Service according to the purposes described.

Any use of Cookies - or of other tracking tools - by this Application or by the owners of third party services used by this Application, unless stated otherwise, serves to identify Users and remember their preferences, for the sole purpose of providing the service required by the User.

Activity strictly necessary for the functioning of the Service: this Application uses Cookies to save the User's session and to carry out other activities that are strictly necessary for the operation of this Application, for example in relation to the distribution of traffic.

Activity regarding the saving of preferences, optimization, and statistics: this Application uses Cookies to save browsing preferences and to optimize the User's browsing experience. Among these Cookies are, for example, those used for the setting of language and currency preferences or for the management of first party statistics employed directly by the Owner of this Application. Cookies employed by the App access the following information: model of the Device;  operating system version; language and anonymous information related to the usage of the Application, such as date and time of access, duration of the use, frequency of use, visited sections of the Application, version of the Application and information on possible crashes.

The Owner does not use profiling cookies within the Application.

 

  1. Legal basis of processing.

The Owner may process Personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes;
  • provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • processing is necessary for compliance with a legal obligation to which the Owner is subject;
  • processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
  • processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

  1. The purposes of processing.

In compliance with the conditions of lawfulness pursuant to art. 6 GDPR, the Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes:

  1. a) Registration and authentication. By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services. The User registers by filling out the registration form and providing the Personal Data directly to this Application.
  2. b) Location base interactions – Sos Function. This Application may collect, use, and share User location Data in order to provide location-based services.

Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Application.

At any time, Users may disable the Geo-location function through the settings of their device.

  1. c) to fulfil obligations laid down by law, regulations or EU legislation, to prevent or discover fraudulent activity or abuses harmful to the website, for the pursuit of the legitimate interest of the Controller or third parties, provided that your interests or rights or fundamental freedoms do not prevail, and to handle any complaints and/or disputes.
  2. Place, Method of Processing and Data Storage Period.

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located. For further information, contact the Owner.

The Personal Data will be processed with electronic/automated media, by means of operations of collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block, communication, archiving, erasure and destruction of the data.

The processing will be carried out with methods and instruments aimed at guaranteeing the utmost data security and confidentiality, by persons specifically instructed for that purpose.

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

In respect of the provisions of Art. 5 paragraph 1 letter e) GDPR the personal data collected will be stored in a form that allows for the data subjects to be identified for a period of time not exceeding the achievement of the purposes for which the personal data are processed.

Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.

Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.

The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

To find out about the criteria at the basis of the data storage period, write to privacy@athena.eu.

Once the retention period expires, Personal Data shall be deleted without unjustified delay.

Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

 

  1. Transfer of Data to a non-EU Country and/or International Organisations.

The Application does not share, sell, transfer or otherwise disseminate the personal data to third parties located in a non EU-country and/or to international organisations and it will continue not to do so in future, subject to legal obligations, unless this is necessary for the purposes laid down by the Services or if you have provided your explicit consent to that processing.

 

  1. Third-Party websites.

If this Application contains links to other websites or services owned or controlled by third parties, the Owner is not responsible for the privacy policies or practices of those third-party websites or services. You are required to check that the policies and practices are acceptable before use.

 

  1. Amendments to the Privacy Policy.

Laws and practices on privacy are continuously evolving. As a result, this Privacy Policy  may be updated. Therefore, please consult this page periodically to see our most recent version. The continued use of this Application after a new version of the Privacy Policy  has been uploaded to the Application itself will indicate your approval of and consent to the new version.

 

  1. Rights of Users.

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, pursuant to articles 15-22 GDPR, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible.

 

Last Updated:  on 16 July, 2019