CO-CONTROLLERS OF THE TREATMENT

MatiPay S.r.l.
Via San Sabino n. 21
Mola di Bari, 70042 Italia
+39 080 53 21 796
info@sitael.com

Gruppo Argenta S.p.A.
Registered office:
Via M. Fanti n.2
Reggio Emilia, 42124 Italia
Operational headquarters:
Via Milano n. 8/11
Peschiera Borromeo, 20068 Italia

RESPONSIBLE FOR DATA PROTECTION «DPO»

dpo@matipay.com +39 080 53 21 796

Via San Sabino, 21

SERVICE OFFERED BY THE ARGENTA APPLICATION

By registering on the Argenta Application (hereinafter also the "Application"), the user will be able to use the services offered by the Application, including the possibility of conveniently purchasing from their smartphone the products present in the vending machines equipped with the hardware necessary for the operation of the Application, installed at Gruppo Argenta customers, by opening a “virtual wallet” that the user can recharge in different ways.

PERSONAL DATA PROCESSED

Please note that this Privacy Policy together with the Terms and Conditions document - establishes the basis on which personal data and other information provided by users while using the Application will be processed. As part of the provision of the services offered, the Joint Controllers collect and process the following types of data:

1. Data provided by the user during the registration process and through the use of the Application

The user may provide personally identifiable information ("personal data") to the Joint Controllers as they are necessary to complete the registration to the Application and to use the services offered by the same. We inform you that, if the user completes the registration to the Application through their social network (eg Facebook), the Joint Controllers will automatically collect, where available, the social network ID, name, surname, age, gender and city of origin of the user.

We also point out that, if the user uses a device with an Android operating system, in order for the Application to work, it is necessary to activate the localization within its own operating system. In any case, we would like to point out that the Joint Controllers will not process personal data relating to the user's location.

Among the services offered, there is also that of sending / receiving micro-credits to / from your contacts who are already users of the Application, by entering the telephone number of the user to whom you intend to transfer a micro-credit.

Automatically Collected Data

The computer systems and procedures used to operate the Application acquire, during their normal operation, some personal data in accordance with the applicable laws. This data includes information relating to login data, the operating system, the model of the device used and the software in use.

PRIVACY OF MINORS OF 16 YEARS

We inform you that the Data Controller does not consciously collect or request information from users under the age of 16, nor do they allow such users to register to use the services offered. In fact, the services and related contents are not aimed at users under the age of 16. By accessing the Application and using the services offered by it, the user declares to be over the age of 16. If the Data Controller realizes that they have collected personal information belonging to a user under the age of 16, they will delete this information as soon as possible. Furthermore, in the event that a user believes that the Data Controller is in possession of information belonging to a user under the age of 16, please contact the DPO at the above email address.

PURPOSE OF THE TREATMENT

Use of the services offered to registered users
The data collected directly by the user is used in order to provide services such as the creation of a personal profile, the acquisition of products through the Argenta Group's vending machines and the sending / receiving of micro- credits to / from their contacts who are already users of the Application.
Legal basis of the processing
The treatments put in place for this purpose are based on the execution of a contract to which the user is a party, with the exception of the uploading of the user's photo during the creation of the profile for which the treatment is based on the consent provided. by the user.
The data will be kept until the user requests the deletion of your profile or for 24 months from the date of the user's last interaction with the Application..

Fraud Prevention (only Android users)

The IMEI identifier of the mobile phone of users who use Android as an operating system is used in order to prevent fraud.
Legal basis of the processing
The treatments put in place for this purpose are based on the legitimate interest of the Data Controller for the prevention of fraud.
Data retention period
The data will be kept until the user requests the deletion of your profile or for 24 months from the date of the user's last interaction with the Application.

Sending of commercial and informative communications

The data provided directly by the user is used in order to send commercial communications, promotions and advertising messages.
Legal basis of the processing
The treatments put in place for this purpose are carried out with the specific consent provided by the user.
Data retention period
Until the revocation, by the user, of the consent given for sending commercial communications

Profiling activity

The data provided by the user are used for the analysis of his consumption choices and purchasing habits through the detection of the type and frequency of the operations carried out and, if indicated, of the areas of interest optionally requested and selected by the user in the form. registration, for the purpose of sending information and / or advertising material of specific interest to the user as well as surveys of your degree of satisfaction with the services offered.
Legal basis of the processing
The treatments put in place for this purpose are carried out with the specific consent provided by the user.
Data retention period
The data relating to the location, device and software used by the user will be kept until the account is canceled for 24 months from the date of the user's last interaction with the Application.

NOTE RELATING TO DATA STORAGE

Once the aforementioned terms have expired, the user's personal data will be permanently deleted or in any case irreversibly made anonymous. When the Data Controller will no longer need to use the user's personal data to comply with contractual or legal obligations, it will remove them from the systems and registers and / or will take appropriate measures to make such data anonymous so that the user can no longer be identified through them. If it is necessary to keep the user's personal data in order to ensure compliance with legal or regulatory obligations to which the Data Controller is subject, such data will have mandatory retention periods that may derive from current legislation.

NATURE OF DATA PROVISION

1. User registration

RECIPIENTS OF THE DATA

We inform you that your data may be made accessible for the aforementioned purposes to:

• employees and collaborators of the Joint Controllers, expressly trained and authorized to process;
• Selecta AG, parent company of the Argenta Group based in Switzerland, as Data Processor, in order to allow it to provide assistance to the companies belonging to the Group with reference to the information systems necessary for the management and analysis of relations with customers and related interactions with them, as well as more generally in terms of IT support.
• service providers who carry out outsourcing activities on behalf of the Joint Controllers (e.g. administrative and / or accounting support at the IT level, assistance in creating accounts for cashless payment services or IT level support in theme of hosting and software maintenance, etc.), as Data Processors, within the limits of the purposes indicated in this statement;
• government authorities, courts of law, external consultants and similar third parties if required or permitted under applicable law.

The list of data processors can be requested through a specific request to the DPO.

METHOD OF TREATMENT

The processing of personal data provided by the user is carried out by means of the operations indicated in art. 4, no. 2) of the GDPR, by personnel expressly authorized to process and appropriately trained in order to guarantee the confidentiality of the data processed and to avoid the loss, destruction, unauthorized access or unauthorized processing of the same data, as well as by the units to which they belong, as far as of their competence.

The data provided will be collected using suitable electronic and / or paper tools, with logic strictly related to the purposes themselves and, in any case, capable of guaranteeing the security, secrecy and confidentiality of the same.

TRANSFER OF DATA

The specified ut supra data are stored on servers located within the European Union. The companies to which the personal data of the users are transmitted are the following:

• Selecta AG - parent company of the Argenta Group based in Switzerland - guarantees an adequate level of data protection pursuant to art. 45 (1) of the GDPR.

We guarantee that the transfer of data outside the EU takes place in compliance with the applicable legal provisions. If you wish to obtain further details on the security measures put in place to protect the personal data you have provided, please contact the DPO at the above email address.

USER RIGHTS

In the spirit of absolute transparency and fairness with which MatiPay S.r.l. intends to manage the matter, we assure you of our complete availability for any necessary clarification and our collaboration for the appropriate obligations.

We inform you that the Regulation gives users the possibility to exercise specific rights.

As the data subject, you have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed. In this case, pursuant to art. 15 of the GDPR, you will have the right to obtain access to your personal data and to verify the purposes and methods of processing. You can also exercise your rights to update, rectify, integrate, oppose, limit, and, where possible, the cancellation of your personal data.

Pursuant to art. 7 of the GDPR, the interested party has the right to withdraw any consent given at any time. We inform you that this revocation will not affect the lawfulness of the processing prior to the withdrawal of consent.

To exercise these rights, the user can access the "settings" section within the Application or contact the Data Protection Officer at the email address dpo@matipay.com.

Interested parties who believe that the processing of personal data referred to them occurs in violation of the provisions of the GDPR have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the Regulation itself or to take the appropriate judicial offices ex art. 79 of the GDPR.

CHANGES TO THIS POLICY

The possible entry into force of new sector regulations, as well as the constant updating of user services, may result in the need to change the methods and terms described in this policy. We therefore invite you to periodically consult this page.