Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to articles 13 and 14 of regulation (EU) 2016/679 (GDPR)

PayDo S.p.A. (hereinafter, “PayDo“), with registered office in Milan (MI), Viale Regina Margherita 30, communicates to you, as required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (“GDPR“), the following information:

1) WHAT PERSONAL DATA WE PROCESS

For the purposes set out in this Policy, PayDo processes common personal data, in particular personal data (e.g., first name, last name, email address, telephone number), and, with reference to certain services, the IBAN code.

2) PURPOSE OF PROCESSING AND RELATIVE LEGAL BASES

The personal data provided may be processed by PayDo in order to:

to provide the services you have requested;
to comply with the obligations provided for by applicable laws and/or regulations, as well as by provisions issued by the competent supervisory and control authorities/bodies;
allow the use of the service, as requested, of automatic compilation of some fields aimed at improving the user experience;
carry out the analyses necessary to solve any technical anomalies;
carry out the analyses necessary for the resolution of any disputes.

The legal basis for the processing of personal data for the purposes referred to in letters a) and b) above is, respectively, compliance with a legal obligation (Article 6(1)(c) GDPR) and the performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR).

Subject to the specific consent of the data subject, by selecting the appropriate flag, PayDo authorizes PayDo to store the IBAN of the data subject in order to facilitate future acceptance operations. In particular, Plick for an amount of less than €250, which comply with the conditions indicated in the policy, may be automatically accepted. The consent given may be revoked at any time in the manner described in the privacy policy.

The legal basis for the processing of personal data for this purpose is the consent of the data subject (Article 6(1)(a) GDPR).

3) DATA CONTROLLER

PayDo, in the person of its legal representative pro tempore, is configured as the Data Controller (the “Controller“) exclusively with regard to the activities provided directly by PayDo.

In the case of services provided by PayDo on behalf of third parties (for example, banks, financial institutions, corporates) the role of PayDo is that of Data Processor.

In the case of services provided by PayDo on behalf of third parties (e.g., banks, financial institutions, corporates), PayDo’s role is that of the Data Processor (the “Processor“).

4) NATURE OF DATA CONFERMENT

For the pursuit of the purposes referred to in paragraph 2 above, the provision of your personal data is mandatory.

Any refusal to communicate your data will make it impossible for PayDo to provide you with the requested service of automatic compilation of fields aimed at improving the user experience.

5) PROCESSING METHODS AND STORAGE PERIOD

In relation to the purposes indicated above, your personal data may be processed, in accordance with the provisions of the GDPR, by means of IT tools. The processing operations will be carried out in such a way as to ensure the security of personal data, as provided for in Article 32, GDPR.

Your personal data will be processed for the time from time to time necessary to complete the requested financial service. Thereafter, in order to allow you to take advantage of the service you have subscribed to, it will be stored by the Controller for a period of 12 months starting from the last financial service provided by PayDo that you received or validated. Beyond this period, your personal data may be retained by the Controller solely for the purpose of complying with any legal or tax obligations.

Your personal data is stored on servers owned or used by the Controller located in the European Union.

6) WITH WHOM WE MAY SHARE YOUR PERSONAL DATA

For the pursuit of the above purposes, the Controller may need to communicate your personal data to third parties belonging to the following categories:

banks, financial institutions or corporates, in order to follow up on the request for the provision of financial services requested;
authorities and supervisory bodies, in compliance with legal or regulatory obligations or orders;
consultants of the Owner, involved in the process of data processing.

The subjects belonging to the above categories operate, in some cases completely independently, as autonomous Data Controllers, in other cases as Data Processors specifically appointed for this purpose by PayDo, in compliance with the provisions of article 28, GDPR.

7) RIGHTS OF THE INTERESTED PARTIES

In relation to the processing described in this Information Notice, as a data subject you may, under the conditions set out in the GDPR, exercise the rights set out in Articles 15 et seq. of the GDPR and, in particular, the following rights:

• right of access: right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data – including a copy thereof – and communication of, among others, the following information:

purpose of the processing;
categories of personal data processed;
recipients to whom the data have been or will be communicated;
period of conservation of the data or the criteria used;
rights of the data subject (rectification, erasure of personal data, restriction of processing and right to object to processing;
right to lodge a complaint;
the right to receive information on the origin of your personal data if they have not been collected from the data subject;
the existence of an automated decision-making process, including profiling;

• right to rectification: right to obtain the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;

• right to erasure (right to be forgotten): right to obtain the erasure of personal data concerning you, when:

the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you have revoked your consent and there is no other legal basis for the processing;
you have successfully objected to the processing of your personal data; d) the data have been processed unlawfully;
the data have been processed unlawfully;
the data must be deleted in order to comply with a legal obligation;
the personal data has been collected in connection with the provision of information society services as referred to in Article 8(1) GDPR.

The right to erasure does not apply to the extent that the processing is necessary for the performance of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defense of legal claims;

• right to restriction of processing: right to obtain the restriction of processing, when:

the data subject disputes the accuracy of the personal data;
the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead that their use be restricted;
the personal data is necessary for the establishment, exercise or defence of legal claims;

• right to object: right to object to the processing of their personal data, unless there are legitimate reasons for the Controller to continue the processing;

• right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Controller and the right to transmit them to another controller without hindrance, if the processing is based on consent and is carried out by automated means. In addition, the right to have your personal data transmitted directly by PayDo to another controller if this is technically feasible;

• Right to file a complaint with the Guarantor Authority for the protection of personal data, Piazza Venezia n. 11 – 00187, Rome (RM).

The above rights may be exercised, with regard to the Controller, by contacting PayDo at the following email address, info@plick.eu.

The exercise of your rights as data subject is free of charge pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, including for their repetitiveness, the Owner may charge you a reasonable expense contribution, in light of the administrative costs incurred to manage your request, or deny satisfaction of your request.

INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR CONTACTS, REQUESTS FOR INFORMATION AND SUPPORT pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

PayDo S.p.A. (hereinafter, “PayDo“), with registered office in Milan (MI), Viale Regina Margherita 30, hereby informs you, as required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (“GDPR“), the following information:

1) WHAT PERSONAL DATA WE PROCESS

For the purposes set out in this Policy, PayDo processes common personal data, in particular the Client’s identification and contact data such as name, surname, e-mail. These data are processed in order to uniquely identify each Data Subject in order to respond to the request for information made through the web form available in the “Contacts” section of the plick.eu website. For the purposes set out in this Policy, PayDo processes common personal data provided voluntarily by Data Subjects, in particular:

identification and contact data (name, surname, e-mail address);

content of the request and/or message sent by the Data Subject.

These data are processed in order to uniquely identify each Data Subject in order to respond to the request for information made through:

the web form available in the “Contacts” section of the plick.eu website.

communications sent to PayDo’s email addresses.

Note: The Data Subject is invited not to include unnecessary personal data or special categories of data in the message pursuant to art. 9 of the GDPR.

2. PURPOSES OF PROCESSING AND RELATED LEGAL BASES

The Data Controller informs the Data Subjects that the personal data acquired by the Company will be processed, electronically and physically, for the following purposes (the “Purposes”):

Purpose of the processing	Legal basis of the processing	Nature of the provision of personal data
Management of requests for information received through the form called “Write for more information”, available in the “Contacts” section of the plick.eu website and/or through communications sent to PayDo’s e-mail addresses	Art. 6 (1) (b) GDPR: execution of the Contract to which the Data Subject is a part and in the execution of pre-contractual measures adopted at the request of the Data Subject.	Personal data are processed to process a specific and voluntary request for assistance through the Data Controller’s website. The provision of data is therefore necessary in order to allow the correct provision of the assistance service. In fact, failure to provide such data may result in the inability to execute the requests of the Data Subject.

The Data Controller also informs the Data Subject that he/she has the possibility to: (i) revoke, at any time, any consent given, it being understood that the revocation of consent does not affect the lawfulness of the processing based on consent before the revocation; (ii) object, at any time, to the processing of their personal data based on the legitimate interest of the Company. In the event that the Company intends to use the personal data for any other purpose that is incompatible with the Purposes for which they were originally collected or authorised, the Company will inform the Data Subject in advance and, where required, request his/her consent for such processing activity.

3) DATA CONTROLLER

The Data Controller is PayDo S.p.A., with registered office in Milan (MI), Viale Regina Margherita 30 – 20122, VAT number 09669060965, which can be contacted at the following e-mail address info@plick.eu.

4) NATURE OF THE PROVISION OF DATA

In order to pursue the purposes referred to in point 2 above, the provision of personal data is mandatory. Any refusal to communicate them will make it impossible for PayDo to provide you with the requested support service.

5) PROCESSING METHODS AND STORAGE PERIOD

In relation to the purposes indicated above, the personal data provided may be processed, in accordance with the provisions of the GDPR, through IT tools. The processing operations will be carried out in a way that ensures the security of personal data, as required by Article 32 of the GDPR.

The personal data of the Data Subjects, defined in point 2 of this policy as “common data”, will be stored and processed for a period not exceeding 1 year from collection. In the case of processing carried out for the management of complaints, for the exercise of a right in court or to comply with obligations provided for by law, these periods may be extended until the end of the handling of the complaint, the exhaustion of any judicial proceedings initiated or the end of the obligation provided for by law. Once the retention period has ceased, the personal data of the Data Subjects will be deleted, unless there are further legitimate interests of the Data Controller and/or legal obligations that make it necessary, subject to minimization, their storage.

Personal data will be stored on servers owned or used by the Data Controller located within the European Union.

6) WITH WHOM WE MAY SHARE YOUR PERSONAL DATA

In order to pursue the purposes indicated above, the Data Controller may need to communicate the personal data provided to third parties belonging to the following categories:

Supervisory authorities and bodies, in compliance with legal or regulatory obligations or orders;

consultants of the Data Controller, possibly involved in the data processing process.

The subjects belonging to the above categories operate, in some cases in total autonomy, as Independent Data Controllers, in other cases as Data Processors specifically appointed for this purpose by PayDo, in accordance with the provisions of Article 28 of the GDPR.

7) RIGHTS OF THE DATA SUBJECTS

In relation to the processing described in this Policy, as a data subject, under the conditions provided for by the GDPR, it will be possible to exercise the following rights enshrined in Articles 15 et seq. of the GDPR and, in particular:

right of access: the right to obtain confirmation as to whether or not personal data is being processed and, where that is the case, to obtain access to the personal data held about you – including a copy of the same – as well as the provision of, among others, the following information:
1. purpose of the processing;
2. categories of personal data processed;
3. recipients to whom these have been or will be communicated;
4. data retention period or criteria used;
5. rights of the data subject (rectification, erasure of personal data, limitation of processing and right to object to processing;
6. the right to lodge a complaint;
7. the right to receive information on the origin of the personal data if they were not collected from the data subject;
8. the existence of automated decision-making, including profiling;finalità del trattamento;

right to rectification: the right to obtain the rectification of inaccurate personal data and/or the completion of incomplete personal data;

right to erasure (“right to be forgotten”): the right to obtain the erasure of personal data concerning you, when:
1. the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. consent has been withdrawn and there is no other legal basis for the processing;
3. you successfully oppose the treatment;
4. the data have been unlawfully processed,
5. the data must be erased to comply with a legal obligation;
6. the personal data have been collected in connection with the provision of information society services referred to in Article 8(1) GDPR.

The right to erasure does not apply insofar as the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;

right to restriction of processing: the right to obtain the restriction of processing, where:
1. the data subject contests the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests that their use be limited;
3. the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;

right to object: the right to object to the processing of your personal data, unless there are legitimate reasons for the Data Controller to continue the processing;

right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data of the data subject provided to the Data Controller and the right to transmit them to another controller without hindrance, if the processing is based on consent and is carried out by automated means. In addition, the right to have your personal data transmitted directly by PayDo to another controller if this is technically feasible;

right to lodge a complaint with the Italian Data Protection Authority, Piazza Venezia n. 11 – 00187, Rome (RM).

The above rights may be exercised against the Data Controller by contacting PayDo at the following e-mail address: info@plick.eu.

The exercise of the rights recognized as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including because they are repetitive, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred in handling your request, or deny the satisfaction of your request.