Policy Privacy for Users

Bags Parking S.r.l. with registered office in Via Nansen, 15, 20156 Milan, P. IVA and C.F. 10968670967 (hereinafter the “Data Controller”), owner of the mobile app BagsParking (hereinafter the “App”), as Data Controller for the personal data of users browsing and registered with the App (hereinafter, the “Users”) provides the following privacy policy pursuant to art. 13 GDPR (General Data Protection Regulation) – UE 2016/679 of 27 April 2016 (hereinafter, the “Regulation” and/or “Applicable Law”).

This App and any services offered through the App are reserved for individuals who are eighteen years old and over. The Data Controller does not collect personal data relating to persons under 18 years of age. At the request of Users, the Data Controller will promptly delete all personal data involuntarily collected and related to subjects under 18 years.

The Data Controller takes the utmost account of Users’ right to privacy and personal data protection. For any information related to this Privacy Policy, Users can contact the Data Controller at any time, in any of the following ways:

  • By sending a registered letter with advice of receipt to the registered office of the Data Controller (Via Nansen, 15, 20156 Milan);
  • By sending an e-mail message to [email protected].

The Data Controller has not identified a Data Protection Officer (DPO), not being obliged to appoint such an officer pursuant to Article 37 of the Regulation.

1. Purpose of processing

Users’ personal data will be processed lawfully by the Data Controller pursuant to Article 6 of the Regulations for the following processing purposes:

  1. contractual obligations and provision of the service, to allow browsing of the App or to execute the Terms of Use of the App, which are accepted by the User when registering with the App, to use the services offered through the App, and also to fulfill specific User requests. User data collected by the Data Controller for the purposes of registering with the App include: the username is voluntarily chosen, date of birth, gender, province of residence/domicile, email address, and any personal information of the User voluntarily published. Unless the User gives the Data Controller specific and optional consent to the processing of his/her data for the additional purposes set out in the paragraphs below, the User’s personal data will be used by the Data Controller for the sole purpose of ascertaining the identity of the User (also by validating the e-mail address), thus avoiding possible scams or abuses, and contacting the User solely to provide services (e.g. sending correspondence about additional services offered on the App). Without prejudice to the other provisions contained within this Privacy Policy, the Data Controller will not make Users’ personal data accessible to other Users and/or third parties under any circumstances.
  2. administrative/accounting purposes, i.e. activities of an organizational, administrative, financial, and accounting nature such as internal organizational activities and functional tasks necessary for the fulfillment of contractual and pre-contractual obligations;
  3. legal obligations, or to fulfill obligations pursuant to law, an authority, a regulation, or European legislation.

The provision of personal data for the processing purposes indicated above is optional but necessary, as failure to provide them will make it impossible for the User to browse the App, register with the App, and take advantage of the services offered by the Controller through the App.

The personal data necessary to fulfill the purposes of the processing operations described in this section are indicated with an asterisk in the App registration form.

2. Further processing purposes: marketing and newsletters

Subject to the User’s free and optional consent, some personal data of the User, e.g. first name, surname, e-mail address, may be processed by the Controller also for marketing purposes (such as sending advertising material, direct sales, commercial communications, sending of newsletters containing information relevant to the sector regarding the Controller’s activities and/or services and promotions pertaining to the contents of the App and services offered through the App by the Controller), or so that the Controller can contact him/her via email to propose the purchase of products offered by the same Controller and/or third-party companies, to present offers, promotions and commercial opportunities of the Controller and/or third-party companies.

If the User does not give his/her consent, the possibility of registering with the App and using the services offered through it will not be affected in any way.

The User may at any time revoke the consent given by making a request to the Controller in the manner indicated in section 5 below.

The User may also object to the sending of further promotional material via email by clicking on the link which is available within each email enabling the user to revoke his/her consent. Once the consent has been revoked, the Controller will send an email to the User to confirm the revocation of consent. If the User intends to revoke his/her consent to the sending of promotional communications via telephone, while continuing to receive promotional communications via email, or vice versa, he/she is invited to send a request to the Controller in the manner indicated in section 5 below.

The Data Controller declares that following exercise of the right to object to the receipt of advertising by email, it is possible that, for technical and operational reasons (e.g. completion of contact lists shortly before the Data Controller’s receipt of the objection), the User will continue to receive some additional promotional messages. Should the User continue to receive promotional messages 24 hours after exercising the right to object, please report the problem to the Data Controller, using the contacts details indicated in paragraph 5 below.

3. Processing methods and data preservation

Users’ personal data will be processed using electronic means, as strictly necessary to achieve the purpose for which they are processed, and in any event, ensuring the confidentiality of the data.

The personal data of the App Users will be kept for the time strictly necessary to carry out the primary purposes described above in Section 1, or in any case as necessary for the protection pursuant to the civil law of the interests of both the Users and the Data Controller.

In the cases referred to in section 2 above, Users’ personal data will be kept for the time strictly necessary to carry out the purposes described therein and, in any case, as long as the law allows for further storage for such specific purposes, including defense against legal requests.

If the User decides to block and/or delete his/her profile, all the data stored regarding the User are deleted. If the complete deletion of the User Data is not permitted or is required by law, the data are blocked for further processing.

4. Scope of communication and data dissemination

The personal data of Users may be disclosed to the employees and/or collaborators of the Data Controller responsible for managing the Apps. These subjects, who are formally appointed by the Data Controller as Data Processors, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of Applicable Law.

The personal data of Users may also be disclosed to third parties operating as External Data Processors handling the personal data on behalf of the Data Controller, such as IT and logistic service providers necessary for the operation of the App, outsourcing, or cloud computing service providers, professionals and consultants.

Users are entitled to obtain a list of any data processors appointed by the Data Controller via a request to the Data Controller, as indicated in section 5 below. 

4.1. Registration through Social Media

In case of registration through the Facebook Connect function, the User expressly accepts that Facebook communicates to the App the data relating to his identity such as name, date of birth, current city, gender, and email address. During registration, the user can accept which of these data to provide to the App. The user agrees that information relating to the App, any changes, and updates will be sent via email through the User’s email address obtained through Facebook Connect.

The information that the user provides to the App through the connection with Facebook Connect or with other Social Media (Apple, Google, Twitter, etc.) is subject to the settings and authorizations relating to the social platform and the third-party App.

The data collected from the account present on social media are used only to guarantee and ensure the proper execution of the contract and the provision of services. Each user can change the settings relating to the connection of their account with that of third parties, such as Facebook, Apple, or Google, and remains responsible for updating their personal data.

The App does not control or supervise the social media platforms with which the user’s personal data can be shared. Therefore any question relating to how personal data is processed by the social media provider should be addressed to the provider in question.

4.2 Third-Party Partners and Integration

The platform may contain links to third-party websites or services, such as, for example, third-party integration or co-branding services. The App does not control these third parties, which have their own rules regarding the collection, use, and disclosure of data and therefore the user must comply with the privacy policies of the other sites.

Parts of the platform may use third-party services such as Google Maps / Earth services. The use of these services is subject to the related privacy policy.

5. Data Subjects' rights

Users may exercise their rights pursuant to Applicable Law by contacting the Data Controller as follows:

  • By sending a registered letter with advice of receipt to the registered office of the Data Controller (Via Nansen, 15, 20156 Milan);
  • By sending an e-mail message to [email protected].

The User may be asked to verify his identity and the legitimacy of the request before taking further action or executing the formulated request.

Pursuant to Applicable Law, the Data Controller hereby declares that Users are entitled to obtain information on (i) the source of their personal data; (ii) the purposes of their being processed and the methods used to do so; (iii) the logic applied to the processing, if carried out by means of electronic tools; (iv) the identity of the Data Controller and the Data Processor; (v) the parties or categories of the party to whom the personal data may be communicated or who may gain knowledge of them in their capacity as data processing managers or persons in charge of processing.

Furthermore, Users are entitled to:

a) accessupdaterectify or, should they wish to do so, supplement their data;

b) the deletiontransformation into anonymous form, or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;

c) confirmation that those to whom the data are communicated or disclosed are notified of the actions referred to under letters (a) and (b), including their content unless the fulfillment thereof proves to be impossible or involves using methods that are clearly disproportionate to the right being protected.

Furthermore, Users have:

a) the right to withdraw consent at any time, if the processing is based on their consent;

b) the right to data portability (the right to receive all personal data concerning the Data Subject in a format that is structured, commonly used, and readable by automatic devices), the right to limit the processing of personal data, and the right to deletion (“right to be forgotten”);

c) the right to object:

i) in whole or in part, for legitimate reasons, to the processing of personal data concerning the Data Subject, even if pertinent to the purpose of the collection;

ii) object, in whole or in part, to the processing of his/her personal data for the purpose of sending advertising and direct marketing materials, or for carrying out market research or business communications;

iii) if personal data are processed for direct marketing purposes, to object at any time to the processing of their data for this purpose, including profiling in so far as it is connected to such direct marketing.

If Users believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they habitually reside, in the one in which they work, or in the one in which the alleged violation occurred ). The Italian Supervisory Authority is the Guarantor for the protection of personal data, based in Piazza di Monte Citorio n. 121, 00186 – Rome (http://www.garanteprivacy.it/).

The Data Controller is not responsible for updating all links that can be viewed in this Policy, therefore whenever a link is not working and/or up-to-date, Users acknowledge and accept that they must always refer to the document and/or section of the Apps referred to by the link.

6. Changes to this Privacy Policy

The App reserves the right to modify this Privacy Policy at any time in accordance with this section. In case of changes, the App will publish the updated version on the platform by inserting the date of the last update. Access and use of the platform by the User will be subject to the new version of the information published.