Auriga SpA, as data controller, hereby provides with some information on your personal data processing regarding the download and use of SimplyMobile mobile banking app (hereinafter mentioned as 'App').
Auriga, as Data Controller, commits to ensuring the compliance of the processing of personal data carried out by Auriga with the Community rules on personal data protection, more precisely with EU Regulation 2016/679 (General Data Protection Regulation, hereinafter mentioned as ‘GDPR’) and its principles. Auriga protects the safety, ethical conduct and transparency of all personal data processing and implements the appropriate measures to allow data subjects to exercise their rights.
The Data Protection Officer (‘DPO’) appointed by Auriga supervises continued compliance of personal data processing with the GDPR. For any questions about this information, including questions about the User's rights under the GDPR, the User can email the DPO: firstname.lastname@example.org.
It is important that the Users’ personal data held by Auriga are accurate and up-to-date. Auriga advises the Users to inform Auriga if their personal data should change during their employment in Auriga.
Auriga processes users’ personal data for the following purposes:
Personal data, referred to in the following art. 5, processed by Auriga, have been provided by the Users.
Some personal data can indeed only be processed with the users’ consent pursuant to Article 6, paragraph 1, lett. a) GDPR.
Users can withdraw their consent at any time for the future, by making a request to the following DPO Auriga email address email@example.com.
Auriga processes the personal data it needs to fulfil the aforementioned purposes set out by Article 6, paragraph 1, lett. b) GDPR.
Other personal data will be processed in accordance with Article 6, paragraph 1, lett. f) GDPR for the pursuit of the legitimate interests of Auriga—Eg. For the optimised and technically error-free provision of the Service referred to in the App.
Furthermore, it may be required to process personal data to fulfil a legal obligation to which Auriga is subject (article 6, paragraph 1, letter c) GDPR or to protect the fundamental interests of the Users (article 6, paragraph 1, lett. d) GDPR.
Auriga will only keep Users’ personal data for the time reasonably needed to fulfil the purposes Auriga collected them for.
Auriga may keep Users’ personal data for an even longer period provided for by specific legal obligations or applicable legislation and therefore for compliance purposes. In any case, this is done without prejudice to data retention referred to in Article 4 for legal protection purposes provided for by applicable law. Auriga shall contemplate the following:
in order to set the appropriate retention period for personal data.
It could in any case happen that the European or national legislator enforces a longer retention period. In such cases, the data will not be deleted or blocked until the corresponding retention period has expired. After this period, the data will be permanently deleted.
Downloading and Installing the App
When Users download the App for installation, Auriga requests consent for the use of interfaces to access functions and contents of the Users’ device in order to collect certain data, including:
Auriga is required to acquire and process such data to fulfil the existing Contract with the Users, the legal basis is represented by Article 6, paragraph 1, lett. b) GDPR ("Processing is lawful only if and to the extent that ... it is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the data subject").
Access to the abovementioned interfaces is required in order to provide the Users with the purposes and services of SimplyMobile App.
Using SimplyMobile App
Whenever Users use the App on their device, Auriga collects the so-called server log files. Such data keeps track of all requests and all accesses to the App by Users and records all error messages from an application. They include the following Technical and Usage Data
The legal basis for processing the aforementioned data is ruled by art. 6, paragraph 1, lett. f) GDPR. Auriga has a legitimate interest in data retention for detecting and fixing App errors, determining its use, improving and optimising its services.
Data will be deleted when the Users exit the SimplyMobile App session.
Auriga can also collect aggregate data
The aggregate data may derive from personal data provided by Users, but are not considered personal data under the law as they do not reveal—either directly or indirectly—the Users’ identity.
While browsing the Auriga Website, the following information may be collected and stored in the site's server (hosting) log files:
The legal basis of processing is ruled by art. 6, paragraph 1, lett. f) GDPR., the website operator has usually a legitimate interest in storing data for detecting and fixing website errors, determining its use, improving and optimising the services offered.
The purpose of this type of data processing therefore results from the abovementioned legitimate interest of Auriga: detecting and fixing errors website in order to determine its use or make improvements.
Data collected during the Website operation are kept for the time strictly necessary to take the specified actions. Upon expiry, the data will be deleted or anonymised, unless further purposes envisaged and/or required by law for their conservation arise.
Third party companies
Auriga may disclose Users personal data—only when necessary for the service provision—to its professional consultants or to companies providing services and are appointed by Auriga (for example, payment service providers, may have access to personal data of Users limited to the time and purposes strictly necessary for the service provision).
External companies process data on behalf of Auriga as Data Processors.
Website and SimplyMobile App, together with other systems, are protected by technical and organizational measures adopted against loss, destruction, access, modification or disclosure of data by unauthorized persons. To this end, Auriga has put into place adequate security measures to detect any suspected breach of personal data for which Auriga reports such breaches to the Users and to any applicable regulatory authority, where legally required.
Auriga undertakes to respect the rights that the GDPR attributes to data subjects regarding personal data protection. If Users submit a request regarding the exercise of their rights under the Privacy Law, Auriga shall respond within 30 days from the day of request receipt and, where possible, satisfy the Users’ request within such period. If the case may be, in complex cases, such period can be extended up to another 60 days.
Users can email the DPO firstname.lastname@example.org banca to exercise their rights as an interested party in the processing of personal data by Auriga. In particular, Users rights are:
For more detailed information on the rights recognised to subjects interested in personal data processing, visit the web page of the Italian data protection authority: Italian Data Protection Authority: https://www.garanteprivacy.it/Regolamentoue/diritti-degli-interessati