Personal data processing policy

of the user of the Luckey Guest application

Data controller and data processed.

According to art. 13 of EU Regulation 2016/679 the company Sofia S.r.l. Piazza della Vittoria 47 - 26900, Lodi (LO), e-mail: support@sofialocks.com, appointed data processor (hereinafter “Data Processor”) by Wellio Italy S.r.l. with registered office in Milan, via Cornaggia 10, tax ID and registration number with the Milan Companies Register no. 12033871000 - PEC (certified e-mail): wellioitaly@legalmail.it, autonomous data controller of its specific clients (hereinafter ”Data Controller” or “Autonomous Data Controller”), and by Wellio Société en nom collectif, with registered office at 30 rue Kléber 75116 Paris, registered with the Paris Companies Register no. 832 117 402 00012, autonomous data controller of its specific clients (hereinafter the “Data Controller” or “Autonomous Data Controller”), hereby informs you that the Autonomous Data Controller at whose premises you are at and/or will go to in the future has installed a system of access to the premises through virtual Key, special smart locks that, through a cloud platform, allow you to proceed with the opening of access gates to the environments of the structure itself using credentials that are created through this application. Sofia S.r.l., as Data Processor, and the Data Controller will then proceed to the processing of personal data consisting, in particular, of credentials and individual access, the latter with reference to the environments for which the credentials are enabled, as well as to the date and time of access to the environments.

Processing methods and purposes.

The personal data identified above will be processed, as a result of the installation and use of this application, in automated form, exclusively for purposes strictly related to the fulfillment of the contract you concluded with the Data Controller at whose premises you are at and/or will go to and, therefore, for the creation of credentials for access to environments and for subsequent management. The processing of said data will be based on the principles of lawfulness, purpose, transparency, correctness, quality, relevance and non-excessiveness, respecting the rights and fundamental freedoms and dignity, with particular reference to the protection of privacy and personal identity, as well as to the right to data protection and will not in any case be processed for the purpose of profiling your habits and your behavior.

Legal basis and nature of the provision.

The data will be processed for the fulfillment of the contract you concluded with one of the two Autonomous Data Controllers and, therefore, to allow the creation and management of virtual keys necessary to access the environments within the structure. The provision of data that is requested through the installation and use of this application, as well as the data acquired at the time of the creation and use of credentials is not in any way mandatory. However, your refusal to provide it could prevent the structure to allow you access to the environments. In any case, please note that you can prevent the acquisition of data by refusing the installation of the application or, in any case, proceeding, even afterwards, with its uninstallation through the appropriate functions of your smart device. However, in this case, the Data Controller may not be held responsible where you cannot access the environments.

Retention period.

The personal data identified above will be processed, as long as you need to access the environments made available to you, for the entire duration of the contract you concluded with one of the two Autonomous Data Controllers. The data will be deleted after 30 days from the expiration of the contract, subject to further obligations of retention imposed by law for the data controller.

Communication and dissemination of data.

(Without prejudice to the provisions of the context of the processing carried out for the fulfillment of the contract you concluded with the data controller), The data processed in the context of the application and for its specific purposes will not be disseminated or communicated outside the European Union, but will be made known to the company Sofia S.r.l. as Data Processor appointed for the management of access to individual environments. Your data will also be communicated to the employees and collaborators of the data controller and processor specifically authorized to process, instructed and trained on the fulfillments and obligations arising from the legislation on the protection of personal data.

Rights of the data subject.

Pursuant to art. 15 et seq. of EU Regulation 2016/679, you have the right to access your personal data as well as, in the cases provided for by current legislation, the right to request the rectification, cancellation or portability of data to another data controller, as well as to request the limitation of processing or oppose it. It is noted that current legislation also allows you, where you believe there has been a violation of the rules on the matter, to submit reports or complaints to the control authority of the EU Country of habitual residence, or work or where the violation occurred, which for Italy is the Guarantor for the protection of personal data, for the proposal of which consult the relevant information on the site www.garanteprivacy.it, and for France is the CNIL, for which, consult the site https://www.cnil.fr/professionnel.

DPO

You can contact the Data Protection Officer (DPO) writing to the e-mail address dpo@covivio.it if the Data Controller is Wellio Italy S.r.l. or writing to the e-mail address dpo@covivio.fr id the Data Controller is Wellio Société en nom collectif instead.