Protecting your privacy is extremely important to us at Alpha.
This Privacy Policy is intended to give you a clear overview of how we handle data in order to earn your trust.
ALPHA is a suite of apps that introduces what is known as "connected clienteling," a new kind of shopping experience tailored to the customer. ALPHA offers an up-to-date client style profile, tailored style requests and suggestions. With its advanced features, ALPHA helps you connect with your favorite Brand and have direct contact with the relevant Sale Associates/Store/Client Advisors/Client Service so you can stay up to date with the latest trends.
SUMMARY
1. CO-OWNERS OF DATA PROCESSING
2. WHAT CATEGORIES OF DATA WE PROCESS
3. LEGAL BASES
4. PURPOSE OF DATA PROCESSING
5. PRIVACY OF MINORS
6. DIRECT CUSTOMER CONTROL OVER DATA
7. SHARING OF CUSTOMER DATA
8. LINKS TO SERVICES OF THIRD-PARTY PROVIDERS
9. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU
10. PRIVACY FOR CUSTOMERS RESIDING OUTSIDE THE EU
11. DATA RETENTION
12. DATA PROTECTION RIGHTS
13. THE DATA PROTECTION SUPERVISORY AUTHORITY
14. HOW YOUR DATA IS PROTECTED
15. COMMUNICATIONS
1. WHO IS THE DATA CONTROLLER OF THE DATA YOU PROVIDE TO US
Our App is a licensed SaaS and White Label product.
For this reason, this policy explains how we process your data, while for how the Brand processes your data we suggest you directly view their Privacy Policy, which you will find within their sites or in app when creating your personal account.
The DATA CONTROLLERS and CO-OWNERS of the processing of your personal data in Alpha, ex art. 26 GDPR, are:
All our servers are physically located in Europe, specifically in Frankfurt (DE).
AS THE CO-OWNERS ARE LEGAL ENTITIES THAT ARE PART OF THE SAME CORPORATE GROUP (INTRA-GROUP DATA TRANSFER), BUT SUBJECT TO ITALIAN AND AMERICAN LAW RESPECTIVELY, THEY HAVE JOINTLY DECIDED TO REGULATE AS FOLLOWS THE DATA PROCESSING THROUGH THE ALPHA APPLICATION, PAYING GREAT ATTENTION TO GDPR COMPLIANCE.
THE CO-OWNERS DECIDED TO APPLY THE EUROPEAN REGULATIONS ALSO TO NON-EU USERS BECAUSE THEY ARE MORE PROTECTIVE PROVISIONS OF THE RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
Article 26(2) of the GDPR Regulations provides that, "The co-ownership agreement shall adequately reflect the roles and relationships of the co-owners with the data subjects. The essential content of the agreement shall be made available to the data subjects."
The parties signed a DPA (Data Protection Agreement) in order to limit the areas of circulation and processing of personal data (e.g., storage, archiving and retention of data on their own servers or in the cloud) to countries that are part of the European Union. Link to the DPA doc.
2. WHAT CATEGORIES OF DATA WE PROCESS
Personal data (hereinafter referred to as "Data") is information that refers to an identified or identifiable physical person. Within the scope of the processing purposes highlighted in the following paragraph, we process the following categories of data:
The information collected could be as follows:
- internet protocol (IP) address associated with device used to connect.
- browser type and parameters of device used to connect to the site.
- name of internet service provider (ISP).
- date and time of visit.
- visitor's source (referral) and exit web page.
- possibly the number of clicks made within the site and any preference expressed.
There are only technical cookies/necessary for the basic functionality of the site on our website. Through the site there is no collection of personal data or profiling.
3. LEGAL BASES
We process data with your CONSENT.
By using our App, you explicitly approve the Privacy Policy of the app, consenting to the processing of your personal data in point 2) in relation to the methods and purposes described below, but explicit consent will only be required through the choice of checking the box in the account creation window, if necessary. Consent, according to the European Regulation (Art. 4 GDPR), is any free, specific, informed, and unambiguous manifestation of will, following our clear and concise request.
If you do not provide consent, we will not be able to allow your account registration and App functionality to continue.
Your provided consent applies to all processing activities performed for the same purpose(s).
We process personal data without your consent only for the following legal bases and purposes:
CONTRACTUAL or PRECONTRACTUAL BASIS.
LEGAL OBLIGATIONS
LEGITIMATE INTEREST
Based on the legitimate interest of the Contact Persons to establish and maintain profitable and optimal professional relationships with their customers, actual and potential (Art. 6, lett. f, GDPR), your personal data may be processed by the Contact Persons for the following purposes:
Our App does not engage in marketing activities, but consents may be asked for the purpose of direct marketing or marketing by third party companies that are licensees of the App (indirect) and for this please refer to the Privacy Policies you will find at the consent checkbox from time to time referring to the company ("Brand") using our Clienteling App. Therefore, we encourage, always take a look at any links to the privacy documents in the App.
4. FOR WHAT PURPOSES WE WILL PROCESS YOUR INFORMATION
We collect Personal Information directly from you when you interact with us to:
We will process data for the following main reasons:
For profiling activities
Our App does not use the information obtained through the chat platform for marketing purposes.
Data will be processed for the sole purpose of aggregate statistics and reports, therefore, anonymously in order to improve the quality of service and will all be encrypted "at rest."
5. PRIVACY OF MINORS.
We recognize the importance of protecting the personal information of minors. That is why our app provides services that cannot be provided to minors as specified by law in your jurisdiction.
We do not knowingly collect personal information from minors. If we become aware that we have unintentionally collected personal information from a minor, we will take steps to delete such information as soon as possible. In this regard, our app implements "by design and by default" processes and protections to keep their personal information safe.
6. CONTROL OVER YOUR DATA
You can control your data in these ways:
You can change or delete your personal data at any time. Always check that the data is correct, true, and up to date. If you have any doubts or questions about how to rectify/delete, you can contact us at the email below: legal@meetalpha.it
You can stop push notifications by changing your preferences in IOS from the notification’s settings menu on your device.
7. WITH WHOM WE SHARE YOUR DATA
We always take appropriate measures to ensure that your data is processed, protected, and transmitted in accordance with applicable legal requirements.
For the purposes set out in section 3) above, the personal data you provide may be made accessible to:
SUBPROCESSORS/THIRD PARTIES
8. LINKS TO THIRD PARTY PROVIDER SERVICES
If the app allows interaction between you and the Brand through end-to-end messaging channels of Third-Party Providers, by way of example but not limited to WhatsApp, please refer to the specific privacy policy, because under no circumstances can the Owners be held responsible for compliance with privacy regulations implemented by third parties.
9. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EU
Your data will not be transferred outside the EU. The management and storage of your personal data takes place in the cloud and on servers located within the European Union (Frankfurt - Germany) owned and/or at the disposal of the Joint Data Controllers and/or third-party companies duly appointed as data controllers.
Any cross-border transfer of data to countries takes place in accordance with the applicable regulatory provisions, as well as in compliance with the provisions assumed by the European Court of Justice and domestic and foreign Authorities on the protection of personal data.
In the absence of consent, your personal data will not be disseminated.
In any case, transfers of personal data to countries outside the European Economic Area (EEA) or to an international organization are permitted provided that the adequacy of the third country or organization is recognized by a decision of the European Commission (Article 45 of EU Regulation 2016/679).
In the absence of such a decision, the transfer is permitted where the data controller or processor provides adequate safeguards that provide for enforceable rights and effective remedies for data subjects (Art. 46 of EU Regulation 2016/679).
AS THE CO-OWNERS ARE LEGAL ENTITIES THAT ARE PART OF THE SAME CORPORATE GROUP (INTRA-GROUP DATA TRANSFER), BUT SUBJECT TO ITALIAN AND AMERICAN LAW RESPECTIVELY, THEY HAVE JOINTLY DECIDED TO REGULATE AS FOLLOWS THE PROCESSING OF DATA THROUGH THE ALPHA APPLICATION, PAYING GREAT ATTENTION TO COMPLIANCE WITH THE GDPR.
THE CO-OWNERS DECIDED TO APPLY THE EUROPEAN REGULATIONS ALSO TO NON-EU USERS AS PRVISIONS MORE PROTECTIVE OF THE RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
Article 26(2) of the GDPR Regulations provides that, "The co-ownership agreement shall adequately reflect the roles and relationships of the co-owners with the data subjects. The essential content of the agreement shall be made available to the data subjects."
The parties have signed a DPA (Data Protection Agreement) in order to limit the areas of circulation and processing of personal data (e.g., storage, archiving and retention of data on their own servers or in the cloud) to countries that are part of the European Union.
10. FOR NON-EU RESIDENTS
For non-EU residents, current privacy regulations will apply, subject to all standards of security and respect for all rights accorded to citizens of the European Union.
COUNTRY-SPECIFIC INFORMATION
Under the CPRA amendment, users can choose not to share their personal information (including sensitive personal information) with third parties. For the purposes of the above, please contact legal@meetalpha.it and provide the information to be added to our "opt-out list."
However, given the trade agreement, the UK is committed to maintaining an equivalent data protection regime. the EU and UK have a trade agreement (the EU-UK Trade & Co-operation Agreement) that sets legislative standards for data protection.
11. HOW LONG YOUR DATA WILL BE STORED FOR
In accordance with Article 17 of the GDPR, your data will be stored for as long as we are legally required to or as long as we need your data for the stated purposes.
Your data will then be deleted in accordance with the principle of data minimization:
Chat content will be archived for only the 12 months preceding the last interaction, after which it will be permanently deleted from our servers.
Therefore, if the chat is used for much longer periods, only the last 12 months of instant messaging will always be stored on our servers.
FOR LEGAL OBLIGATIONS: Data having civil, accounting, tax nature will be kept for the term of ten years, as provided by law.
They will be processed and stored in the following terms:
12. WHAT DATA PROTECTION RIGHTS YOU CAN CLAIM AS A DATA SUBJECT
You can exercise multiple rights to which you are entitled as a data subject.
To do so, please see the contact details in Section 15 of this privacy policy.
Right of access
You can request information about your stored personal data (Art. 15 of the GDPR). This information includes the categories of data processed by us, the purposes of the processing, the origin of the data if we have not collected it directly from you, and if applicable the recipients to whom we have transmitted your data. You may receive from us a free copy of your data, which is the subject of the agreement. If you are interested in additional copies, we reserve the right to bill you for any additional copies.
Right to rectification and erasure
You can request rectification of inaccurate personal data and completion of incomplete personal data about you. (Art. 16 of the GDPR). In addition, you can request the deletion of your data under the terms and conditions of Art. 17 of the GDPR.
This could happen, for example:
Right to restrict processing
You have the right to limit the processing of your personal data, e.g., by marking your stored data for the purpose of limiting its future processing. For this purpose, you must meet one of the conditions specified in Art. 18 of the GDPR, e.g.
Right to data portability
You have the right to receive in a structured, commonly used, machine-readable format the personal but non-particular content data you have provided to us. You can transfer said data to another data controller without hindrance. You have the right to obtain direct transmission of personal data to another data controller, if technically feasible (Art. 20 GDPR).
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, provided that the processing of the data is based on your consent or on our legitimate interests or those of a third party. In such a case, we will refrain from further processing your personal data unless you demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of a legal claim. You can object to the processing at any time if your personal data is processed by us for direct marketing purposes (Art. 21 GDPR). The right to withdraw your consent to processing remains freely revocable at any time, regardless of your right to object.
Right to lodge a complaint with a supervisory authority
We work together with you to achieve a fair resolution of any complaints regarding data protection. You have the right to file a complaint with the Data Protection Authority if you believe that our processing of your personal data violates applicable data protection law.
Please note that you will be able to exercise your rights by simply sending a request via e-mail to the Data Controller's Internal Data Protection Contact, indicated in point 1 of this Privacy Policy, as well as being able to use the additional IT systems, adopted by the Data Controllers, which will allow you to independently modify or revoke the consents previously expressed and, where possible, to re-evaluate your preferences regarding the processing carried out (e.g. mail-in and preference center managed on IT platforms).
13. THE PERSONAL DATA PROTECTION SUPERVISORY AUTHORITY
The personal data protection provisions, contained within the GDPR, are available and accessible by clicking this link.
The Supervisory Authorities relevant to the processing of personal data covered by this privacy policy are:
- Garante italiano per la protezione dei dati personali, Italian personal data Protection guarantor
- Garante europeo per la protezione dei dati personali, European Data Protection Supervisor
- European Data Protection Board/EDPB
14. HOW YOUR DATA IS PROTECTED
The processing of your personal data is carried out by means of the operations indicated in Article 4, No. 2), GDPR - carried out with or without the aid of computer systems - namely: collection, recording, organization, structuring, updating, storage, adaptation or modification, extraction and analysis, consultation, use, communication by transmission, comparison, interconnection, limitation, deletion, or destruction.
In any case, the logical and physical security of the databases and, in general, the confidentiality of the personal data processed will be guaranteed, putting in place all the necessary technical and organizational measures adequate to ensure their security.
It should be noted that:
It should be noted that "at rest" or "not yet (or no longer) in use or in motion," is all that data stored on any local or remote storage drive, to backups made on our local storage drives or cloud network servers that are encrypted by us for the purpose of protecting data security.
15. COMMUNICATIONS
If you have any questions, concerns or requests regarding this Privacy Policy or the processing of your personal data, you may contact us as a data subject at the following e-mail address: legal@meetalpha.it