Privacy Policy

Information on the processing of personal data

INDIGO AI S.r.l, as Data Controller, pursuant to Article 13 of EU Regulation No. 2016/679 ("GDPR"), wishes to provide the following specific information regarding the processing of personal data of users who use the chatbot.

1. Data controller

The data controller[1] is INDIGO AI S.r.l with registered office in via Torino n. 61, cap 20123, Milan (MI), Italy, e-mail admin@ndg.ai. The DPO appointed pursuant to art. 37 of Regulation 679 2016 EU is the lawyer Aldo Benato, e-mail: aldobenato@pec.it.

2. Type of data processed

Indigo AI S.r.l. processes personal data supplied voluntarily by users, via registration and use of the chatbot, or acquired by Indigo AI S.r.l. via the Facebook platform, in particular: name, surname, tax code, VAT number, email, telephone number ("personal data"). Indigo AI S.r.l. may also process particular data concerning health and sex life, racial and ethnic origin, religious, political and philosophical beliefs and adherence, voluntarily provided by users [e.g. when using the service] in order to satisfy user requests ("particular data"). Indigo AI S.r.l. may process data collected through the use of technical cookies.

3. Purpose of processing

Personal data will be processed for the following purposes:

  1. Purposes relating to the provision of the services requested, i.e. answering questions from users and sending the information requested.

  2. Purposes relating to the fulfilment of obligations provided for by law, by a regulation, by Community legislation or by an order of the Authority (such as anti-money laundering) to which the Data Controller is subject.

  3. Purposes inherent in the exercise of a legitimate interest of the Controller, including for example the right of defence in court.

  4. Subject to specific and separate consent for marketing purposes:

    • sending via e-mail, post and/or sms and/or chat and/or telephone contact, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and detection of the degree of satisfaction on the quality of services;

    • sending by e-mail, post and/or sms and/or telephone contact of commercial and/or promotional communications of third parties (e.g. business partners).

Special data will be processed for the following purposes:

Personal data collected through the use of cookies will be processed for the following purposes:

4. Nature of the provision of data

Without prejudice to what is stated in relation to technical cookies, which are necessary for the operation of the chatbot, users are free to provide their personal data, but the provision of such data is a necessary condition for the performance of the service. Failure to provide the data may make it impossible for the Controller to receive questions through the chatbot and to send the requested information. Users are free to provide their personal data and consent to the sending of promotional communications. Failure to provide consent will not allow the Controller to transmit promotional offers. Users are free to provide their particular data and to give their consent to receive answers to questions posed in the chatbot on the subject of health and sex life, an individual's racial and ethnic origin, religious, political and philosophical beliefs and adherence.

5. Processing methods

Personal data are processed by automated tools and on paper. The Data Controller shall process personal data for the time necessary to fulfil the above-mentioned purposes and in any case for no longer than 10 years from the termination of the relationship for the purposes related to the services offered and for no longer than 2 years from the collection of the data for the purposes related to marketing activities. Specific security measures are observed to prevent the loss of personal data, unlawful or incorrect use and unauthorised access. In particular, specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access, including:

6. Persons authorised to process

The personal and special data voluntarily provided by you through registration and use of the chatbot or acquired by Indigo AI S.r.l. via Facebook Messenger, Telegram, Whatsapp, Google Hangouts, Skype, Viber, LINE, WeChat may be communicated:

An updated list of the persons responsible is kept at the registered office of the Data Controller.

7. Data transfer

Personal data are stored on servers located in Ireland and Frankfurt, within the European Union. In any case, it is understood that the Data Controller, if necessary, may move the servers outside the EU. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

8. Rights of the data subject

You have the right to exercise your rights under Articles 12 et seq. of EU Regulation 2016/679 at any time, namely:

  1. access to personal data;

  2. to obtain the rectification or erasure of the data or the restriction of their processing;

  3. to object to the processing;

  4. data portability;

  5. to withdraw consent;

  6. to lodge a complaint with the supervisory authority (Garante Privacy).

To exercise the aforementioned rights, make a report or receive information on how your personal data is processed, requests may be made by writing to the Data Controller at via Torino 61, Milan (MI), 20123 or at the following e-mail address admin@ndg.ai.

----

[1]Processing shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.