INDIGO AI S.r.l, as Data Controller, pursuant to Article 13 of EU Regulation No. 2016/679 ("GDPR"), wishes to provide the following specific information regarding the processing of personal data of users who use the chatbot.
The data controller is INDIGO AI S.r.l with registered office in via Torino n. 61, cap 20123, Milan (MI), Italy, e-mail email@example.com. The DPO appointed pursuant to art. 37 of Regulation 679 2016 EU is the lawyer Aldo Benato, e-mail: firstname.lastname@example.org.
Indigo AI S.r.l. processes personal data supplied voluntarily by users, via registration and use of the chatbot, or acquired by Indigo AI S.r.l. via the Facebook platform, in particular: name, surname, tax code, VAT number, email, telephone number ("personal data"). Indigo AI S.r.l. may also process particular data concerning health and sex life, racial and ethnic origin, religious, political and philosophical beliefs and adherence, voluntarily provided by users [e.g. when using the service] in order to satisfy user requests ("particular data"). Indigo AI S.r.l. may process data collected through the use of technical cookies.
Personal data will be processed for the following purposes:
Purposes relating to the provision of the services requested, i.e. answering questions from users and sending the information requested.
Purposes relating to the fulfilment of obligations provided for by law, by a regulation, by Community legislation or by an order of the Authority (such as anti-money laundering) to which the Data Controller is subject.
Purposes inherent in the exercise of a legitimate interest of the Controller, including for example the right of defence in court.
Subject to specific and separate consent for marketing purposes:
sending via e-mail, post and/or sms and/or chat and/or telephone contact, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and detection of the degree of satisfaction on the quality of services;
sending by e-mail, post and/or sms and/or telephone contact of commercial and/or promotional communications of third parties (e.g. business partners).
Special data will be processed for the following purposes:
Subject to specific and separate consent, purposes related to the provision of the requested services, i.e. answering questions from users.
Allow the chatbot to function;
Without prejudice to what is stated in relation to technical cookies, which are necessary for the operation of the chatbot, users are free to provide their personal data, but the provision of such data is a necessary condition for the performance of the service. Failure to provide the data may make it impossible for the Controller to receive questions through the chatbot and to send the requested information. Users are free to provide their personal data and consent to the sending of promotional communications. Failure to provide consent will not allow the Controller to transmit promotional offers. Users are free to provide their particular data and to give their consent to receive answers to questions posed in the chatbot on the subject of health and sex life, an individual's racial and ethnic origin, religious, political and philosophical beliefs and adherence.
Personal data are processed by automated tools and on paper. The Data Controller shall process personal data for the time necessary to fulfil the above-mentioned purposes and in any case for no longer than 10 years from the termination of the relationship for the purposes related to the services offered and for no longer than 2 years from the collection of the data for the purposes related to marketing activities. Specific security measures are observed to prevent the loss of personal data, unlawful or incorrect use and unauthorised access. In particular, specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access, including:
planning periodic database backups;
limiting access to databases through the use of credentials;
limiting access to databases through policies on belonging to the same network in the AWS cloud;
limiting access to machine instances through the use of ssh keys;
limiting access to environment configurations by creating accounts with distinct roles.
The personal and special data voluntarily provided by you through registration and use of the chatbot or acquired by Indigo AI S.r.l. via Facebook Messenger, Telegram, Whatsapp, Google Hangouts, Skype, Viber, LINE, WeChat may be communicated:
employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons authorised to process and/or internal data processors and/or system administrators;
to third party companies or other entities (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors.
An updated list of the persons responsible is kept at the registered office of the Data Controller.
Personal data are stored on servers located in Ireland and Frankfurt, within the European Union. In any case, it is understood that the Data Controller, if necessary, may move the servers outside the EU. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
You have the right to exercise your rights under Articles 12 et seq. of EU Regulation 2016/679 at any time, namely:
access to personal data;
to obtain the rectification or erasure of the data or the restriction of their processing;
to object to the processing;
to withdraw consent;
to lodge a complaint with the supervisory authority (Garante Privacy).
To exercise the aforementioned rights, make a report or receive information on how your personal data is processed, requests may be made by writing to the Data Controller at via Torino 61, Milan (MI), 20123 or at the following e-mail address email@example.com.
Processing shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.