11 December 2018

Opticom: app Privacy Policy

1.1 Beghelli S.p.A Ti provides, in accordance with art. 13 of the European Regulation no. 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as “GDPR”), the information requested with regard to the processing of your data and in relation to the use of the Opticom application.
1.2 Opticom has been developed for smart phones and tablets using Android / IOS and is available
free on Play Store (Android) and App Store (IOS).
1.3 This document has also been drawn up taking into account the recommendations and clarifications provided by Working Party art 29 in “Opinion no.2/2013 on apps on smart devices”, as well as the “Guidelines on transparency under Regulation 2016/679” (WP260 rev. 01).
1.4 Opticom is a service/app dedicated to subjects who are over the age of 16.
2.1 Data used by the application
The IT systems and software procedures designed for the operation of this application acquire, during normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols. This concerns information that is not collected for association with identified data subjects, but which, by their nature, could through processing and associations with data retained by third parties, enables identification of users.
This data category comprises:
IP address or ID of the device  you use, domain name, operating system, model and brand of the device, data related to network connectivity and applications currently installed on the device, information on storage space (e.g. SD card), mobile operator, URI (Uniform Resource Identifier) of resources required, time of request, method used to submit the request to the server, dimensions of the file obtained in response, numerical code indicating the status of the server response (successful, error, etc.) and other parameters related to the operating system and IT environment of your device. 
These data are used exclusively to retrieve anonymous statistical information on use of the application and to check correct operation.
Part of this information, held in the device memory, can be sent to technical support for purposes of debugging on request by the support personnel of Beghelli S.p.A. provided you have given consent on the app itself.
2.2 Data provided voluntarily by the user
To register you in the app, you will be re-directed to the site opticom.beghelli.it. The personal data processed are those best specified in the privacy policy of the site in the area "Register".
3.1 During installation of the app, Beghelli receives and/or memorises information and/or accesses information stored on your device and consequently processes personal data.
The lawful basis for processing personal data performed during installation of the app is the contract, in particular the execution of pre-contractual measures adopted on request of the data subject.
3.2 In the subsequent phase, during use of the app, your data will be processed:
• for technical management of the app;
• for management of your registration.
• to enable you to use the app functions. To best use all Opticom functions, you will receive requests for authorisation to access the following: Memory; Camera. These authorisations may be modified by you or withdrawn at any time via the general settings on your device. Rejecting these authorisations will however not enable you to make full use of Opticom services; use of the camera is required to enable communication with the systems via the device flash.
• to use dedicated services for installers and/or end users;
• to send you push notifications with warnings or alerts (also by text message) regarding correct functionality of the app as well as association with the devices;
• to send notifications on correct operation of the service.
• to enable Beghelli and installers to associate various systems installed with the respective clients.
In relation to these purposes, the lawful basis is the performance of a contract in which the data subject is a party.
3.3 Your data may be processed to ascertain, exercise or defend the rights of the Data Controller in legal proceedings
In this case the lawful basis is the legitimate interest of the Controller.
3.4 Your data may also be processed, on your free and optional consent (with option to withdraw at any time) for the following additional purposes:
• Direct marketing: by way of example, for the delivery - by electronic means (such as text message, mms, email, instant messaging app or social media) and conventional means (such as telephone calls with operator and standard post) - of promotional and commercial correspondence regarding services/products offered by the company or notifications of company events, as well as for market studies and statistical analyses.
• Profiling: by way of example, for analysis of personal preferences, habits, behaviour, interests in order to send personalised commercial correspondence/targeted promotional actions/offers and services adapted to personal needs/preferences.
• Communication/transfer of my data to third parties: by way of example, shareholding companies, associated with the Data Controller, commercial partners for processing for marketing purposes concerning the products and/or services of each third party involved.
4.1 Your data will be processed for the entire duration of the contract through to a request by the user to delete the information.
4.2 In the event of litigation, your data will be processed for the duration of any legal disputes until completion of the terms of implementation outlined in legal remedies.
4.3 For the purposes as stated in point 3.4 your data will be stored:
• For direct marketing purposes through to withdrawal of consent by the data subject;
• For profiling purposes for 24 months;
• For purposes of transferring your personal data to third parties through to withdrawal of consent by the data subject;
5.1 The processing of data is based on the principles of lawfulness, fairness and transparency with the minimisation of data (privacy by design); it may be performed both manually and using automated means designed to store, process and transmit data, and will be carried out using adequate technical and organisational measures, as far as is reasonable and state of the art, to guarantee, among others, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, access or unauthorised disclosure or any unlawful use, as well as any reasonable measures to delete or promptly rectify incorrect data with respect to the purposes for which they are processed.
6.1 Data can be processed by external subjects operating as independent controllers, such as, by way of example and not limited to, supervisory or control authorities and bodies and generally any subject, public or private, authorised to request the said data.
6.2 Your data may also be processed by companies entrusted by us (including associate companies of Beghelli S.p.a.) which on our behalf complete technical tasks, such as companies for the management and maintenance of servers where data are held, technical assistance companies, call centre companies, companies offering app maintenance services, email delivery companies, and market study companies. All these companies receive the appropriate operating instructions and are appointed Data Processors in accordance with art. 28 of the GDPR.
6.3 The data will not be divulged in any circumstances.
6.4  The data are not transferred to countries outside the EU
7.1 The data may be processed exclusively by employees of the Controller or appointed Processors assigned to fulfil the purposes outlined above, who have been explicitly authorised for processing and who have received the relevant operating instructions to do so.
8.1 With regard to the processing of your personal data, you may ask the Controller for access to all data that regard yourself, for the deletion, correction of errors, integration of incomplete data, restriction on processing in the cases stated in art. 18 of the GDPR, as well as the objection to processing in the hypothetical legitimate interest of the Controller, to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance in the case of conditions allowing the subject to exercise his/her rights of portability as stated in art. 20 of the GDPR (processing based on consent or contract and when performed with automated means); to withdraw consent at any time. The withdrawal of consent does not compromise the legitimacy of processing based on consent prior to withdrawal.
8.2 These rights may be exercised by sending notification in writing to the email address specified below or an email to: privacy@beghelli.it as well as by using the access tools available in each application.
8.3 The data subjects also have the right to lodge a complaint to the competent Supervisory authority in the member state where he/she normally resides or works, or in the state in which the presumed breach occurred.
9.1 The data controller is Beghelli S.p.A., Via Mozzeghine 13/15, loc. Monteveglio 40053 Valsamoggia, Bologna (IT).
10.1 The DPO can be contacted at the following email address: dpo@beghelli.it