Information on the Processing of Personal Data carried out by Hoda S.r.l., (“the Company” or “Data Controller”) provided to the Data Subject under Art. 13 of Regulation (EU) 2016/679 (from now on “Regulation” or “GDPR”)

The document you are going to read has a simple but essential goal to inform you about what happens to your Personal Data (hereinafter also “Data”) when you decide to use Weople’s application or website.

1. Data Controller and Data Protection Officer

The Data Controller is the subject that determines the purposes and meaning of personal data processing system.

The Data Controller is Hoda S.r.l., which Head Quarter is based in Via Alberto Mario, 68 - 20149 Milano (MI), Italy, e-mail address:  support@weople.space.

The Data Controller is available to clarify any doubts that you may have about this document and more generally any doubts about the actual processing of the Data, as well as the identification of other parties involved.

2. Type of Personal Data collected

As you can imagine, the use of Weople involves the processing of a big quantities of personal data. Here are the main types of data acquired by Weople:

  1. Data entered during the registration process such as name (*), surname (*), address (*), country (*), nationality (*), telephone number (*), e-mail address (*), date of birth (*), gender (*). In addition, while using the Applicationyou may provide additional information about your interests by filling out questionnaires. Only the Data marked with this symbol (*) are considered mandatory for the use of Weople.
  2. Data required for the exercise of your rights via Weople. For example, you can use Weople to exercise your rights against third party platforms (social networks, advertising agencies, service providers, e-commerce, etc.). In some circumstances, Weople may require additional information regarding your identity, such as photograph and/or scan of your identity document, a handwritten or digital signature, as well as the use of identity verification procedures. We can also request your third-party account password solely for authentication purposes – this is only to help us to prove that you are the real owner of the third party account. None of this Data is required for the functioning of the Application.
  3. Data entered following the exercise of your rights over third-parties data controllers. This category includes information acquired as a result of the exercise of your rights via Weople. Once obtained, the Data is stored in the various directories of the application (“Safe deposit boxes”).
  4. Data collected automatically as a result of the use of Weople. This information includes IP addresses (both static and dynamic), domain names of the devices used by the person connecting, URL addresses (“Uniform Resource Identifier”), the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..), the country of origin, the characteristics of the browser and operating system used. This Data is necessary for the correct functioning of Weople.

The Data Controller will process your Data in compliance with the provisions of the law and the principles applicable to the protection of Personal Data. Processing operations will only take place with regard to the purposes indicated in paragraph 3 below and according to methods and procedures aimed at ensuring the integrity, availability and confidentiality of what you share with us.

3. Purposes of the processing

Your Data will only be used to fulfill the following purposes of processing:

  1. conclude, establish and perform the Contract;
  2. process requests made through the Reserved Area of Weople or the Site. By way of example, you may use the functions of the Application to exercise your rights against other Data Controllers or to participate in the drawing of prizes and other benefits related to the investment of Data. You can also use the contact details on the Site to obtain information about our project or to apply for a position at Hoda. The Data processed for the pursuit of this purpose are those listed in Art. 2, paragraphs (i) and (ii) above as well as all other data including sensitive data that you authorized us to process during either the registration, the use of the Application or the Site.
  3. manage your browsing and allow the technical functioning of the website in order to improve its performance. Data processed for the pursuit of this purpose are those listed in the previous Art. 2, n. (iv).
  4. carry out profiling activities in order to understand your consumption preferences and interests. The Data processed for the pursuit of this purpose are those listed in Art. 2, n. (i) (iii) and (iv) above.
  5. send promotional and commercial communications and/or informative material within the the Application following the activity referred to in letter d) above. The Data processed for the pursuit of this purpose are those listed in Art. 2, n. (i) (iii) and (iv) above.
  6. inform registered users who chose to utilize the communication channel via e-mail on updates and news on the Application and its community. The User may object to the sending of such communications. In case they wish to unsubscribe to the newsletter, they may forward the request to the e-mail address indicated in all communications. The Data processed for the pursuit of this purpose are those listed in Ar. 2, n. (i)
  7. process statistical data in anonymous and aggregated form. These analyses are carried out on completely anonymous data and make it possible to understand, for instance, how the Application or the Website is used, which are the most frequently viewed contents. Also, they allow to carry out market research and statistical surveys. The Data processed for the pursuit of such purpose derive from those indicated in Art.2, paragraphs (i) and (iii) but, before being used, the data are made totally anonymous.
  8. comply with obligations laid down by law, regulation or an order of the authority;
  9. protect its rights and interests, including those of a judicial nature
  10. meet corporate organizational needs.

4. Data collected through the new automatic data portability procedures

The data categories listed here, divided by company, refer to the categories of data that it is currently possible to bring into your Weople account. It remains up to the individual to confirm the pre-selected data categories or deselect one or more categories at their discretion.

4.1 Google
  • My Activity (which includes your Search and Chrome browsing histories, as well as several other Google products)
  • YouTube and YouTube Music
  • Fit
  • Location history

5. Information on profiling and direct marketing

The Owner may use the Data indicated in Art. 2, paragraphs. (i), (iii) and (iv) to create profiles relating to the User.

The profiles are created through the use of automatic techniques and algorithms developed by Hoda S.r.l. and allow us to process information about your behavior and choices of the past in order to make predictions about your consumption preferences for the future. This operation allows us to get to know you better and offer a service tailored to your expectations (to be clear, if we notice that you like hiking, we will avoid offering you a guided tour in the London Underground).

We remind you that you will always have the possibility to change every single aspect of the profiling activity, through the special function of Weople, within which you can selectively decide which data to make available and how to use it. You may, of course, suspend the processing of this data or delete it.

In addition, you may always exercise your right to object to direct marketing activities (in "traditional" and "automated" form) under Art. 3, letter. e) of this notice.

6. Legal basis for the processing of personal data

Pursuant to Art. 6 of the Regulation, Hoda may process your Personal Data only by virtue of a legal basis provided by law and, in particular, provided that the processing is:

  1. necessary for the execution of any contractual or pre-contractual relationship between the parties;
  2. necessary for Hoda to fulfil its obligations under applicable law;
  3. based on a legitimate interest of the Data Controller or a third party;
  4. instrumental to the realization of a public interest;
  5. authorized by the interested party following a consent - free, specific, informed and always revocable, and in some cases, explicit - for the pursuit of a specific purpose of this statement.

In this perspective, we inform you that the purposes referred to in Art. 3, letter a), b), c) and d) of this information are pursued through the legal basis provided in point (i) above. The purposes of Art. 3, letter e), f), i) and j) are pursued through the legal basis provided for in point (iii) above. The purpose of Art. 3, letter h) is pursued through the legal basis provided for in point (ii) above. The purpose of Art. 3, letter g) is pursued through processing of anonymous and aggregated data, therefore by not using personal data.

In any case, the Data Controller is always at your disposal to clarify any doubts on the legal basis used in relation to the various purposes of the processing.

7. Modalities and times of the processing

Processing is carried out directly by the Data Controller, by authorized personnel, and/or by persons external to the Data Controller's organization, but in any case bound to the Data Controller by virtue, if necessary, of a specific act of appointment as external Data Processor (e.g. service companies, professionals and consultants). You can request a list of all subjects involved in the processing activities at any time.

The Data Controller will process personal data for the time strictly necessary to fulfill the abovementioned purposes and, in any case, within the limits of what is permitted by current sector legislation You will always have the opportunity to change the data shared and to select precisely the various purposes and, where possible, methods of processing by acting directly in the appropriate section of your personal area.

More specifically, for the purposes set out in Art. 3, let. a), b), c), d), and e), your data will be processed for the entire duration of the contract with the Data Controller, except for data entered during the registration process which will be stored for 10 years after the drafting of the contract. For the purposes set out in Art. 3, let. h), i) and j), your data will be stored for 10 years after the delete of your accountdisactivationdeactivation of your profile. For the purposes set out in Art. 3, let. e) and f), you can always decide to notnot to receive our communications.

8. Place of the processing

Personal data is processed within the operational headquarters of Hoda S.r.l. and in all the offices of the subjects involved in the processing activities as indicated in the previous Art. 6 and exclusively for the purposes referred to in Art. 3 of this notice.

9. Communication of Personal Data to third parties

Unless you give your expressed consent, your Data will not be disclosed and/or otherwise communicated to third parties.

10. Rights of the Data Subject

The GDPR grants you the right to:

  1. access and obtain the correction or updating of inaccurate Data;
  2. obtain the cancellation of Data processed unlawfully or unnecessarily with regard to the purposes for which the Data was collected and processed. The request for removal may not be granted when the processing is necessary to fulfil a legal obligation or exercise a legal right of the Data controller;
  3. request the limitation of the processing of Data if the accuracy of the Personal Data is contested, and only for the period needed by Hoda in order to verify whether the conditions set out in point 1 and 2 above are met or not; in order to obtain the limitation of the processing of Data in the eventcase that the accuracy of Personal Data is contested, limited to the period necessary for the CompanyData Controller to verify the accuracy of suchthe data, or in the event of unlawful processing, or in the event that the data - even if no longer necessary for the purposes of processing - are still necessary for the person concerned to ascertain, exercise or defend a right in court, or in the event that the person concerned has exercised thehis right to object to the processing of data limited to the period necessary for verification, regarding the prevalence of the legitimate reasons of the CompanyData Controller over those of the data subject limited to the period necessary for verification of the prevalence of the legitimate reasons of the Data ControllerCompany;
  4. request and receive your Personal Data held by Weople in a commonly used and machine-readable form (“data portability”);
  5. object to the processing for reasons related to the situation of the data subject. However, you are aware that the Data controller may continue to process your Data if we can prove that legitimate reasons for continuing the processing still exist, and only if such reasons prevail over your rights, interests and freedoms (for example, when we need Data to ascertain, exercise or defend a right in court). The Data Subject may also object to the processing of Data for direct marketing purposes including profiling to the extent that it is connected to such direct marketing;
  6. request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject except in cases where profiling is necessary for the conclusion or performance of a contract;
  7. file a complaint with the supervisory authority or appeal to the judicial authority for the protection of your rights.

Your requests can be addressed to Hoda S.r.l. at the contact details provided in this document. We are willing to facilitate your requests and will provide feedback within one month of receipt of the communication.

11. Changes to this privacy notice

Hoda S.r.l. may change the content of this notice. In such case, it will inform the Data subjects with the means of communication available (e-mail, postal mail, telephone, etc..).

In the event that the changes should relate to activities carried out on the basis of consent, before proceeding to any further processing, Hoda s.r.l. will require a new consent to the Data Subject.

***

Cookie notice

Manage your cookies

This notice is intended to explain the procedures followed to collect, through cookies and/or other tracking technologies, the information provided by users when they use Weople or visit its website weople.space.

Introduction to cookies and other tracking tools

Cookies are files that store information about your navigation on the website. Cookies will store some details that may help you enjoy your browsing experience (for example, it allows us to ensure that the information on the site in your future visits responds to your preferences).

At the same time, cookies help us to understand some relevant details about the use of our site - for example, to identify most visited pages and contents, and for how long. Through these tools, we can make the site more responsive to your requests and more comfortable to navigate.

Consent to the installation of cookies

European legislation requires operators of websites that use cookies or other similar technologies to inform the user about the types of cookies. In certain cases, the law requires us to request an express consent from you.

There are three types of cookies.

The website operator usually installs technical cookies o guarantee the usual browsing and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas). Analytics cookies, similar to technical cookies when used directly by the site operator, are used to collect information in an aggregate form on the number of users and how often they visit the site. Profiling cookies are used to create user profiles and to send advertising messages in line with the preferences expressed by the user when surfing the web.

Cookies can also be distinguished between first-party and third-party cookies (it depends on the subject who manage the cookie and receive the information).

We have a first-party cookie if the tool is controlled by the owner of the site, who is then responsible for providing information and indicating how to block the tracking. We talk about third-party cookie when they are managed by a third party other than the site owner. For these cookies, the obligation to inform and indicate the methods for any blockage lies with the third party, while the owner of the site is obliged to insert on the site the link to the site of the third party where these elements are available.

In our case, Hoda uses certain tools that allow the installation of technical and analytics cookies. In particular, the following services are concerned:

Weople Cookies

These are first-party cookies developed and managed directly by Hoda S.r.l. If the User click on an advertisement regarding Weople, and lands on our website, we install a cookie, called “_campaign_source” in order to store his/her origin. If you want to delete such cookie, just use the relevant functionality of your browser.

Google Analytics (Google Ireland Limited.) Google Analytics is a web analysis service provided by Google Ireland Limited. ('Google'). Google uses the Personal Data to track and examine the use of the site, fill in reports and share them with other services developed by Google. The cookies used are the following: "__atuvc"; "__atuvs"; "__utma"; "__utmb"; "__utmc"; "__utmt"; "__utmz". To give website visitors the opportunity to prevent the use of their data by Google Analytics, you can download and install the browser add-on (Opt Out) for deactivation of Google Analytics JavaScript (ga.js, analytics.js, dc.js), available at https://tools.google.com/dlpage/gaoptout?hl=en.

Google Tag Manager

Google Tag Manager is a service provided by Google Ireland Limited. This service allows us to quickly and easily obtain information about the operation, expression of interest and use of certain parts or pages of the Application and/or the Website. We also use the Google Search Console service, which allows us to monitor the performance of our initiatives within the Google search engine.

Weborama

Weborama Italia S.r.l. is a service which makes statistical analysis on Weople users who are also users of Weborama’s network. Weborama does not use the data generated on our site for advertising or profiling purposes. If you wish to find out more, please click here http://weboramaitalia.it/privacy/come-funzionano-i-cookie-di-weborama/.

Zendesk

Zendesk is a user support and assistance service offered by Zendesk, Inc. With Zendesk, we can integrate the Application or the Site with an interface to support any question from you. Once received, the request is transformed into a so-called "ticket", which allows our operators to understand the problem, organize their work and make the service more efficient. More information on how Zendesk works and any cookies that may be installed can be found at the following link: https://help.zendesk.com/hc/en-us/articles/360001863368.

Some final indications

Since the Owner cannot technically control the installation of Cookies and other tracking systems operated by third parties through the services used within the Site, any specific reference to Cookies and tracking systems installed by third parties is indicative. To obtain complete information, please review the privacy policy of any third-party services listed in this document.

Given the complexity related to the identification of technologies based on cookies and their very close integration with the operation of the web, the User is invited to contact the Data Controller if he or she would like to receive any further information on the use of cookies and any use of the same - for example by third parties - made through this site.