Privacy Policy
Privacy Policy - HiRide
Last Update : 31/01/2023
|
What is this document? Pursuant to art. 13 European Reg. n. 679/2016 (“General Data Protection Regulation” or “GDPR”) and in compliance with the principles contained therein, HiRide S.r.l. intends to inform each user (the “User”) about the processing of personal data collected on the website www. [•] (“Website”) |
Controller and contact detail
HiRide S.r.l. (hereinafter “Controller”, pursuant to art. 4(7) GDPR), with registered offices in via San Martino 12, 20122 Milano.
Contact info: [•]
Purpose of processing, Legal Basis, Personal Data and Retention Period
The Controller processes Personal Data for the following purposes, as specified here in below. The table also shows the legal basis which justifies the processing and the period of data retention:
|
Purpose |
Personal data |
Legal basis |
Data retention |
|
Account creation and management |
✓ Anagraphic information (Name, surname, P.IVA, shipping address) ✓ Contact details (email, phone number) |
Execution of contractual measures [Art. 6, 1, lett. b) GDPR] |
Until account deletion and no longer than 24 months from the date of the last contact
|
|
Manage the purchase and shipment of products. |
✓ Anagraphic information (Name and surname) ✓ Contact details (email, phone number) ✓ Shipping address |
Performance of a contract [Art. 6, 1, lett. b)] |
Until account deletion and no longer than 24 months from the date of the last contact |
|
Contact and customer care. |
✓ Anagraphic information (Name and surname) ✓ Contact details (email, phone number) ✓ Cronologia degli acquisti |
Performance of a contract or pre contractual measures [Art. 6, 1, lett. b)] |
For as long as is necessary to reply |
|
Newsletter. |
✓ Anagraphic information (Name and surname) ✓ Contact details (email) |
Consent [Art. 6, 1, lett. a) GDPR] |
Until the withdrawal of consent and no longer than 24 months from the date of the last contact |
|
Send communication for marketing purposes. |
✓ Anagraphic information (Name and surname) ✓ Contact details (email) |
Consent [Art. 6, 1, lett. a) GDPR] |
Until the withdrawal of consent and no longer than 24 months from the date of the last contact |
|
Sending commercial communications by email concerning products and services similar to those purchased (so-called soft spam). |
✓ Anagraphic information (Name and surname) ✓ Contact details (email) |
Legitimate Interest consisting in offering the user services of likely interest [Art. 6, 1, lett. f) GDPR] |
For as long as is strictly necessary to achieve the legitimate interest and until to the eventual opposition |
|
Allow the Controller to accomplish all formalities required by law. |
✓ Anagraphic information (Name and surname) ✓ Contact details (email) |
Legal obligation [Art. 6, 1, lett. c) GDPR] |
In accordance with applicable regulation |
|
Improve the Website by analyzing how Users navigate and/or use the Website. |
✓ Website usage data |
Legitimate Interest [Art. 6, 1, lett. f) GDPR] |
Not applicable (aggregate or anonymous data) |
|
Detecting or preventing fraudulent activity and exercising the Controller's rights in Court. |
✓ Anagraphic information ✓ Contact details |
Legitimate Interest [Art. 6, 1, lett. f) GDPR] |
10 years |
In case the User prefers not to communicate mandatory and/or necessary data for the fulfillment of certain purposes, the Controller reserves the right to not provide the service. Users can ask for an explanation of the legal basis of each treatment at any time.
The use of certain services of the website may require the processing of personal data of third parties sent by you to the Controller. In these cases, you make yourself as the independent data controller, assuming all the obligations and responsibilities of law. In this sense, confer on the point the widest indemnity with respect to any challenge, claim, claim for compensation of the damage from processing, etc. that it should reach the Controller from third parties whose personal data have been processed in violation of the applicable data protection rules. In any case, if you provide or otherwise process personal data of third parties in the use of the website, you guarantee right now - assuming any related responsibility - that this particular processing hypothesis is based on an appropriate legal basis pursuant to art. 6 of the GDPR which legitimises the processing of the information in question.
Processing modalities
The processing of personal data will take place through automated and/or manual tools in order to ensure proper security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of data.
Data Sharing
Your Personal Data may be shared with the following subjects: i) internet service providers and platforms used by the Controller as organisation tools, channels of communication and/or promotion (e.g., Shopify Inc. for the purchase management service whose privacy policy is available at the following link, Stripe for the payment management service whose privacy policy is available at the following link and Amazon FBA for the logistics service whose privacy policy is available at the following link); ii) consultants and other service providers who perform services for us or on our behalf and require access to this information to perform this work (e.g., Hubspot for CRM service whose privacy policy is available at the following link); iii) Shippers, carriers and couriers.
These subjects act as independent data controllers or data processors. In the latter case, the Controller has entered into a specific agreement pursuant to art. 28 GDPR (Appointment as Data Processor). The names of all authorized personnel are available under request to the Controller, at [•]
Personal data will be processed by internal staff specifically authorized under Article 29 of the GDPR.
Data processing locations
Personal data are processed at the headquarters of the Controller, as well as in the servers that host the Website. Personal data are stored on servers located in the EU and will not be transferred outside the EU. The Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers shall be carried out by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for in the GDPR.
Data Subjects’ rights
The User may exercise all the rights provided for by artt. 15-21 of GDPR at any time and without unjustified limitations, by contacting the Controller at [•]. Requests shall be filed free of charge and processed by the Controller within 30 days.
Specifically, the User can:
- Obtain from the controller confirmation as to whether or not personal data are being processed (Art.15);
- Obtain from the controller the rectification of inaccurate personal data (Art. 16);
- Obtain from the controller the erasure of personal data (Art. 17);
- Obtain from the controller restriction of processing (Art. 18);
- Have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20);
- Have the right to object to processing at every moment (Art. 21);
- With regard to the purposes of processing that are based on consent, revoke it at any time.
Complaints
In any case, Users are always entitled to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), under Art. 77 of the GDPR, if they believe that the Controller’s processing of their personal data is in violation of the applicable law.
Amendments
The Controller reserves the right to amend and update the Privacy Policy as a result of any further new or revised provisions of any national and EU laws and regulations on personal data protection.