Privacy Policy
The purpose of this privacy policy is to provide all the information on the processing of personal data carried out by Fyne S.r.l. in the context of the services offered through the "Syncro" platform (as better indicated below).
1.INTRODUCTION - WHO ARE WE?
Fyne S.R.L., with registered office in Via Berardi 8, Taranto 74123 (Italy), P.IVA 03273410732 (hereinafter, the "Data Controller" or, simply, “Controller”), owner of the online platform and application branded "Syncro" (hereinafter, the "App" or "Syncro"), as the data controller of the processing of the data of the users of the App (hereinafter, the "Users") provides below the privacy policy pursuant to Art. 13 ofthe EU Regulation 2016/679 of 27 April 2016 (hereinafter, the "Regulation") and Article 13 of the UK General Data Protection Regulation (together with the Regulation, the "Applicable Law").
2.HOW TO CONTACT US?
The Controller takes the right to privacy and the protection of personal data of its Users into the utmost consideration.
You may contact the Controller at any time, using the following methods:
- By sending a registered letter with return receipt to the Controller's registered office at Via Berardi 8, Taranto 74123 (Italy);
- By sending an e-mail to: privacy@appsyncro.com
The Data Controller has not identified the figure of the Data Protection Officer (DPO), since it is not subject to the designation obligation provided for in Article
37 of the Regulation.
3.WHAT DO WE DO? - PURPOSE OF PROCESSING
Syncro is a platform that allows a registered Users to connect with one of their friends on the platform so that, each User can take a photo at the same moment, in synchronization, creating a post to be published on the App (hereinafter referred to as the “Service”).
In connection with the activities that may be carried out through the App, the Controller collects personal data relating to Users.
This App and the services that may be offered through the App are reserved for subjects who are at least fourteen years old. The Data Controller does not therefore collect personal data relating to persons under the age of 14. At the request of Users, the Data Controller will promptly delete all personal data involuntarily collected relating to persons under the age of 14.
Users' personal data will be lawfully processed by the Controller for the following purposes:
a) Contractual obligations and provision of the Service: to allow navigation of the App or to execute the General Terms and Conditions of the Service, which are accepted by the user when registering on the App; to fulfil specific requests of the User (such as, by way of example, the possibility of contacting the Controller by accessing the relevant section of the App).
The User data collected by the Controller for the purpose of the registration on the App include:
● name, surname, date of birth, telephone number, photo chosen as profile image, as well as all the User's personal information that may have been voluntarily communicated to the Controller. Unless the User gives the Controller a specific and optional consent to the processing of his/her data for the further purposes set out in the following paragraphs, the User's personal data will be used by the Controller for the sole purpose of ascertaining the User's identity (also by validating the telephone number), thus avoiding possible fraud or abuse, and contacting the User for service purposes only;
● personal data whose transmission is implicit in the use of internet communication protocols and/or the use of mobile applications, such as: IP addresses used by users who connect to the App, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, log files and other parameters relating to the User's operating system and IT environment, the IP identifier of the device, the date and time of the server request, the User Agent of the device. The User's data collected by the Controller for the purposes of any contact or request for information include: first name, last name, contact details, as well as any personal information the User may have voluntarily communicated to the Controller.
b) Synchronisation of User’s telephone contacts: The User may decide, following his/her registration, freely and optionally, to authorise the synchronisation function of his or her own telephone contacts, in order to set up an advanced search function for other Users as well as to find out who, among his own contacts, is already subscribed to Syncro and possibly choose to follow him on the App. The Controller will exclusively collect the telephone number from the phonebook of the User's telephone device.
Telephone numbers collected from the phonebook of the User's device, for which Syncro cannot successfully perform a match with registered Users of the App (i.e. belonging to non-subscribed Users) will be subject to pseudonymisation, so that they cannot be accessed unencrypted by the Data Controller, nor the Data Controller will be able to trace the identity of the data subject to whom the telephone number belongs and, in any way, process or use this data for any other purpose.
The Controller also provides the possibility for the User to send a link to subscribe to Syncro, via the sharing functionality of the User's device. In the event that the User decides to send the link to download Syncro to one of his contacts, the Controller will not process personal data relating to the contact chosen by the User, since the sending of the link is independent of Syncro and takes place via the User's device sharing functionality.
In the event of non-authorisation, the User's ability to register and/or use Syncro shall not be affected in any way.
In the event of authorisation, Users may deny it at any time, from the settings of their device, by searching for the "Syncro" App and changing the access authorisation to their phonebook.
(c) Legal obligations, i.e. to fulfil obligations laid down by law, by an authority, by a regulation or by European legislation.
In order to enable the User to take the photo in synchrony with his or her friends, Syncro uses the camera(s) on the User's device, to the extent permitted by the User. The device camera(s) is only activated following authorisation provided by the User, at the time of the request for activation by the device. While accessing the mobile device's camera(s), the Controller will not collect and/or process any information other than the images voluntarily posted by the User on the App for the sole purpose of providing the Service. If, on the other hand, the User chooses the "Deny" option, Syncro, and therefore the Controller, will not have access to the camera(s). The User may activate/deactivate access to the camera(s) on his device at any time, through the settings provided by his device.
If the User decides not to activate the aforementioned settings, he/she will still be able to use the App and access the Service, but with certain limitations (e.g. it will be impossible for the User to publish photos in synchrony with his/her friends and thus make full use of the Service).
This data is collected solely for the purpose of properly executing the General Terms and Conditions of the Service, accepted by the User during registration,
as well as for the functional performance of the Service itself.
The personal data in the application form for registration purposes are all necessary to be able to continue with the registration and are, specifically, the following: first name, surname, date of birth, e-mail.
4.FURTHER PURPOSES OF PROCESSING
4.1. Marketing (sending of advertising material, direct sales and commercial communication)
Some of the User's personal data (i.e. the telephone number, email) may also be processed by the Controller for marketing purposes (sending advertising material, direct sales and commercial communications), i.e. so that the Controller may contact the User by SMS, email or other messaging apps, to propose to the User the purchase of products and/or services offered by the Controller itself and/or by third parties, to present offers, promotions and commercial opportunities.
If consent is not given, the possibility of registering on the App will not be affected in any way.
In the event of consent, the User may withdraw it at any time by making a request to the Controller in the manner indicated in paragraph 8 below.
The Data Controller informs that, following the exercise of the right to object to the sending of promotional communications, it is possible that, for technical and operational reasons (e.g. formation of contact lists already completed shortly before the receipt by the Data Controller of the request for objection) the User may
continue to receive some further promotional messages. Should the User continue to receive promotional messages after 24 hours have elapsed from the exercise
of the right to object, please report the problem to the Controller, using the contacts indicated in paragraph 8 below.
5.LEGAL BASIS
Contractual obligations and provision of the Service (as described in para. 3(a)): the legal basis is Art. 6(1)(b) of the Regulation, i.e. the processing is necessary for the performance of a contract to which the User is party or for the performance of pre-contractual measures taken at the User's request.
Synchronisation of User’s telephone contacts: (as described in para. 3(b)): the legal basis consists of Art. 6(1)(a) of the Regulation, i.e. the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller asks the User for the provision of a specific, free and optional consent, in order to pursue this processing purpose.
Legal obligations(as described in para. 3(c) above): the legal basis is Art. 6(1)(c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.
Further processing purposes: for processing relating to marketing activities (as described in Section 4.1 above), the legal basis consists in Article 6(1)(a) of the Regulation, i.e. the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller asks the User for the provision of a specific free and optional consent, in order to pursue such processing purpose.
6.PROCESSING METHODS AND DATA RETENTION PERIODS
The Data Controller will process the Users' personal data by means of manual and computerised tools, with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data.
The personal data of the App's Users will be stored for the time strictly necessary to fulfil the primary purposes illustrated in paragraphs 3(a) and (c) above, or in any case as necessary to protect the interests of both the Users and the Data Controller under civil law.
In the case referred to in paragraph 3 b) above, the personal data contained in the User's address book will be kept for the time strictly necessary to carry out the verification of the presence of the User's contacts on Syncro and, in any event, until the User revokes his consent.
In the case referred to in paragraph 4.1 above, the Users' personal data shall be kept for the time strictly necessary to fulfil the purposes set out therein and, in any event, until the User withdraw his or her consent.
In any case, any retention periods provided for by law or regulations are unaffected.
7.SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA
The personal data of the Users may be disclosed to the employees and/or collaborators of the Controller in charge of managing the App and the Users' requests. These subjects, who have been instructed in this sense by the Controller pursuant to art. 29 of the Regulations, will process the User's data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Law.
Users' personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, by way of example, suppliers of IT and logistical services functional to the operation of the App, suppliers of outsourcing or cloud computing services, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller in the manner indicated in paragraph 8 below.
8.RIGHTS OF THE DATA SUBJECTS
Use may exercise the rights guaranteed to them by the Applicable Law by contacting the Controller in the following ways:
- By sending a registered letter with return receipt to the Controller's registered office at Via Berardi 8, Taranto 74123;
- By sending an e-mail to: privacy@appsyncro.com
The Data Controller has not identified the figure of the Data Protection Officer (DPO), since it is not subject to the designation obligation provided for in Article
37 of the Regulation.
Pursuant to the Applicable Law, the Data Controller informs Users that they have the right to obtain information on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) the identification details of the data controller and data processors; (v) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of such data in their capacity as data processors or persons in charge of processing.
Furthermore, Users have the right to obtain
a) access, update, rectification or, when they are interested, integration of the data;
b) the cancellation, transformation into anonymous form or limitation of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
In addition, Users have:
a) the right to withdraw their consent at any time, if the processing is based on their consent;
b) the right (where applicable) to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format);
c) the right to object:
i) in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of collection
ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising materials or direct selling or for the performance of market or commercial communication surveys;
iii) if their personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for such purposes, including profiling insofar as it is related to such direct marketing
d) if they consider that the processing concerning them is in breach of the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, based in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/).
The Controller is not responsible for updating all the links displayed in this privacy policy, therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the App referred to by that link.