I. Personal Data Controller and Processor
The Personal Data Controller is Bending Spoons S.p.A., based in Corso Como 15, Milan (Italy). Please email any requests relating to the processing of any personal data concerning you to email@example.com.
II. Categories of processed data, processing purposes and conditions
The Company shall process the categories of personal data shown below, for the following purposes:
|Purpose||Legal basis||Categories of processed data|
|i. to enable you to use our services the Company needs certain personal data (e.g. to create or modify your user account, allow you to use the application, send technical information about how the app works, process and reply to any requests, contact our support staff, send you a code to enter at first authentication).||Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (art. 6(1)(b) of the GDPR).||common data: name and surname, email address, telephone number, address, Apple ID, photograph, contacts, chat conversations, bank data used for transactions|
|ii. to discharge the Company’s legal obligations and any other obligations arising out of the instructions received from the authorities.||Compliance with a legal obligation to which the Data Controller is subject (art. 6(1)(c) of the GDPR)||common data: name and surname, email address, telephone number, address, Apple ID, photograph, contacts, chat conversations, bank data used for transactions|
If the app needs to access your address book you will be asked to select one of the following options: “access all contacts”, in which case all or a preset list of numbers in your address book will be automatically accessed, or “manually select”, in which case you will be asked to select the single numbers that may be accessed by the app.
Please be reminded that, if the processing requires your consent for one or more processing purposes,
you may give your consent only if aged at least 16 years (see art. 8 of the GDPR). If you are aged below 16,
the consent must be given by a parent or other holder of parental responsibility (in the latter case, the
Data Controller shall make every reasonable effort to verify that consent is given or authorised by the
holder of parental responsibility).
Should we become aware that we have collected the personal data of a child aged below 16 years without the consent of a parent or holder of parental responsibility, we shall delete the data and close the relevant account forthwith.
III. Methods, timeframe and place of processing
The personal data concerning you may be processed either electronically or on paper.
Bending Spoons adopts all the technical and organisational measures for preventing the loss, improper use and alteration of personal data under your control, and, in some cases, may also adopt data encryption methods. However, no type of Web transmission or storage of the data may be considered absolutely secure, for which reason we caution you not to send any information you consider confidential and which you would like to keep secret.
The processed data are stored at the Company’s headquarters, in the archives provided by our IT services provider. The data required to discharge any legal obligations, and obligations relating to the use of the app, shall be stored for the time required to perform the purposes for which they were collected and, in any case, for no longer than 10 years after the termination of the contract (or the cancellation of the app registration). At the end of this period of time the data shall either be deleted or pseudonomysed.
IV. Mandatory or optional nature of the supply of personal data and consequences of the refusal to answer
It is necessary for you to supply your personal data. Your refusal to supply the requested data, or the supply of inaccurate data, might make it impossible to register with the application and use its services.
V. Entities, or categories of entities, to which any personal data concerning you may
be disclosed, or which may acquire your personal data, and scope of disclosure of the data
The personal data supplied by you shall be processed by the following entities:
VI. Sharing your personal data with Countries outside the European Economic Area
Any personal data concerning you could also be transferred to third-party entities based outside the EEA, to fulfil the purposes mentioned above.
In these cases the Company undertakes to put into place appropriate measures to ensure adequate protection of those personal data in the place of destination, verifying that the third-party entities are Privacy Shield certified or comply with the group rules laid down by the competent authorities or have entered into specific agreements with the Company, in this respect.
A copy of the appropriate or expedient warranties are available for consultation, on request, at the Company’s headquarters.
VII. Your privacy rights
You may contact the Data Controller, in writing, by means of a registered letter with proof of receipt addressed to the Company’s headquarters, or an email to firstname.lastname@example.org, to exercise your rights to access, modify, delete or object to the processing of your personal data (as set out in the Privacy Provisions), or to obtain: