HLPY APP PRIVACY POLICY


1.    What is the privacy policy about?

This page describes, for the purposes of Articles 13 and 14 of the EU Regulation 2016/679 - General Data Protection Regulation ("GDPR") how we collect, use and share personal data through our hlpy application ("App") of hlpy S.p.A. ("hlpy", "We" or "Company") intended for hlpy's partners who download the App, interact with us through the App and use its services and its authorised users ("Responders").

2.    Who is the Data Controller?

The Company, with registered office in Via Abbadesse 20, 20124 (MI), Milan, as data controller has designated a Data Protection Officer ("DPO"). Data subjects may contact the DPO by writing to dpo@hlpy.co.

3.    What personal data do we collect and how do we use them?

The App acquires personal data ("Data") as part of normal operation, the transmission of which is an integral part of Internet communication protocols, together with information voluntarily provided by the user during registration and user activation, as well as in the context of using the services offered through the App, or by sending requests for information.

Data Categories

Registration of the rescuer or user and provision of App services: Personal and contact details of the rescuer and his authorised co-workers to use the App.

Purpose of processing

For the creation and activation of the App user profile

Legal basis of the processing

Necessary to enable the Rescuer and the user to use the services available on the App and the provision of rescue services by the Rescuer (Art. 6, par. 1, lett. b) GDPR).

 

Data Categories

Log Files: When accessing the App, we collect information from the device in use by the Rescuer. This includes the IP Address, date, time, Unique Identifiers and other information such as the type of device, operating system, language, and the name of the telephone or internet provider. This information is collected through SdKs within the App, which help us to prevent content display anomalies, irregular service shutdowns and illegitimate access. You can find more information about SdKs in the 'Cookie policy' section below.

Purpose of processing

To enable Rescuers to enjoy the App. We use this information for purposes including analysing trends, administering the App, monitoring Rescuer movements within the App and tailoring our services to the needs of Rescuer users. Except as set out in this Policy, we do not link this automatically collected data to any other personal data collected from the Rescuer user.

Legal basis of the processing

The processing is necessary to enable the use of the App services, when in use (Art. 6, par. 1, lett. b) GDPR).

Data Categories

Cookies: When accessing the App, we collect information from the device being used by the Rescuer. This includes IP Address, date, time, Unique Identifiers and other information such as device type, operating system, language, telephone or internet provider name. This information is collected through SdKs within the App, which help us to prevent content display anomalies, irregular service shutdowns and illegitimate access. You can find more information about SdKs in the 'Cookie policy' section below.

Purpose of processing

To enable Rescuers to enjoy the App. We use this information for purposes including analysing trends, administering the App, monitoring Rescuer movements within the App and tailoring our services to the needs of Rescuer users. Except as set out in this Policy, we do not link this automatically collected data to any other personal data collected from the Rescuer user.

Legal basis of the processing

The processing is necessary to allow the use of the services of the App, when in use (Art. 6, par. 1, lett. b) GDPR) or on the basis of the user's consent (Art. 6, par. 1, lett. a) GDPR) when given by selecting the appropriate buttons on the banner or through the App's privacy preferences management tool.

 

Data Categories

Data provided voluntarily by the Respondent: Should you provide feedback or contact us via the App, by phone or by e-mail, we will collect your Data (contact data, communication data and data contained in related requests or interaction with hlpy resulting from such requests) in order to fulfil your request.

Purpose of processing

To communicate with the rescuer and answer questions and requests for information that may be addressed to hlpy.

Legal basis of the processing

Legitimate interest of hlpy and following up a specific request from the Rescuer (Art. 6, par. 1, lett. f) GDPR).

 

Data Categories

Access to mobile device functions: In order to activate and use certain functions, it is necessary for the Rescuer to grant the App access to additional functions of his mobile device. When he activates the App or accesses the function for the first time, he is asked to grant the App subsequent access to additional functions of his mobile device when the App is in use. These functions are strictly necessary for managing the requested and possibly assigned/accepted rescue mission:

a)    Camera (e.g. for taking photographs necessary for the handling of the rescue file or copies of documents relevant for this purpose);

b)    Photos/Media/Files (e.g. for uploading documents to the App and sharing with hlpy for the purpose of managing the assigned rescue mission);

c)    GPS-detected position of the device (e.g. to enable correct detection for the purpose of prompt management of the rescue service and the appropriate communication of its position to the final beneficiary of the rescue service and to receive the necessary information to carry out the rescue);

d)    call system (e.g. to make calls directly from the App to hlpy numbers and be in contact with the support service).

 

Purpose of processing

Provision of the breakdown service according to the contractually defined modalities.

Legal basis of the processing

Contractual necessity for the purpose of fulfilling contractual obligations towards the Rescuer (Art. 6, par. 1, lett. b) GDPR) and Consent of the Rescuer (Art. 6, par. 1, lett. a) GDPR).

 

Data Categories

In-App Service Notification Management: The App offers the possibility to use push notification (push technology or server push describes a type of communication in which data is transmitted while the received App is running in the background) to inform the Rescuer about missions and/or new features of the App.

Purpose of processing

Provision of the breakdown service according to contractual arrangements.

Legal basis of the processing

Contractual necessity and hlpy's legitimate interest (Art. 6, par. 1, lett. f) GDPR).

 

Data Categories

Data needed to comply with legitimate requests from the competent authorities or to make statutory notifications.

Purpose of processing

In order to comply with our legal obligations, orders from authorities which may include orders from competent authorities, when we reasonably believe that we are obliged to make such disclosures and when the disclosure of the Rescuer's personal data is strictly necessary to comply with the aforementioned legal obligations or orders from competent authorities.

Legal basis of the processing

Fulfilment of legal obligations to which hlpy is bound (Art. 6, par. 1, lett. c) GDPR).

 

Data Categories

Prevention and management of fraudulent activity: We will use information on fraudulent or criminal activity related to the use of our services for the purposes of detecting and preventing fraud or abuse.

Purpose of processing

Protection of hlpy rights.

Legal basis of the processing

Legitimate interest of hlpy to ensure the security of its systems, the security of the Rescuers using the App and that of the beneficiaries of the rescue services who could be harmed in the event of fraudulent activity on the App (Art. 6, par. 1, lett. f) GDPR).

 

Data Categories

Legal protection of our interests: Where appropriate, we will process the personal data collected to enforce our contractual terms and conditions, protect our business operations, protect our rights, privacy, safety or property, and/or that of our affiliates, and enable us to pursue available legal remedies or limit any damages that may be awarded against us.

Purpose of processing

Asserting or protecting one's rights or defending oneself in court.

Legal basis of the processing

Legitimate interest of hlpy in protecting our organisation under the law (Art. 6, par. 1, lett. f) GDPR).

 

4.    With whom do we share user information?

Users' Data may be processed by the suppliers hlpy uses, who act as data processors for the maintenance of the App.

Data will also be disclosed to competent authorities and/or law enforcement agencies if required for the above purposes, by law or for the protection of our legitimate interests in accordance with applicable laws.

Furthermore, in the event of corporate transactions involving the sale, transfer or other form of operation involving hlpy, the Data may be made available, to the extent necessary for the activities preliminary and consequent to such transactions, to third parties involved in the management of the relevant transactions for the necessary evaluations and integration processes and to the relevant successors in title, where applicable.

The Data are stored and processed in Italy and/or in countries belonging to the European Economic Area; in particular, the servers are located in Ireland. Should the Data be shared with third parties located outside the European Economic Area for the purposes of providing the relevant services related to the App, we will ensure that the transfer is carried out in accordance with the applicable legal provisions by entering, where necessary, into agreements ensuring an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.

 

5.    What are the user's rights?

The subjects to whom the Data refer have the right to obtain confirmation of the existence or non-existence of such Data and to know their content and origin, verify their accuracy or request their integration, updating, rectification (Articles 15 and 16 of the GDPR), namely:

• Right of access. The right to obtain access to personal information about you along with certain related information;

Right to data portability. The right to receive personal information, provided by the user and processed on the basis of consent or for the performance of a contract, in a common format and to have it transferred to another data controller if necessary;

Right of rectification. The right to obtain rectification of personal data without undue delay in the event of inaccurate or incomplete personal data;

According to Articles 17, 18 and 21 of the Regulation, you have the right to request the deletion, restriction of processing, transformation into anonymous form or blocking of data processed in breach of the law, as well as to oppose in any case, for legitimate reasons, their processing, namely:

• Right to erasure. The right to obtain the deletion of one's personal data without undue delay in certain circumstances, such as if the personal data are no longer necessary in relation to the purposes for which they were collected or processed;

• Right to restriction of processing. The right to obtain, in specific circumstances identified by applicable law, a limitation of the processing of one's own data for a specified period of time, for example when contesting the accuracy of personal data, for the time to verify the accuracy and correctness of such data.

Right to object. The right to object to the processing of one's personal data, including on the basis of legitimate interest, and to object to the processing of personal data for direct marketing purposes, insofar as this is related to such direct marketing.

The user also has the right to revoke at any time any consent given to the processing of Data. The rights may be exercised by contacting the Data Controller and/or the Data Protection Officer at the following addresses:

• e-mail: dpo@hlpy.co

• by fax to +39 02 87369735

• by mail, to Via Abbadesse 20, 20124 Milan (MI)

 

Complaint to the Garante per la protezione dei dati personali. The data subject has the right to lodge a complaint with the Garante per la Protezione dei Dati Personali, who can be contacted at https://www.garanteprivacy.it/ if he/she considers that his/her rights have been infringed or if he/she is not satisfied with the response provided by hlpy following the exercise of his/her rights.

 

6.    How long do we keep the Data?

We process the User Data for the time strictly necessary for the pursuit of the above-mentioned purposes and, thereafter, retain the Data for the following periods of time:

• Data collected indirectly while using the App: Data will be processed only for the time necessary to guarantee the user the possibility to use the App and the requested services;

• Requests of information: Data will be processed only for the time necessary for the proper management of the request and then deleted except for reasons of protection of hlpy's rights;

• Collection and management of data related to the management of rescue services offered by rescuers: Data will be processed only for the time necessary for the management of the mission assigned to the rescuer and for the duration of the contractual relationship, and in any case no longer than 10 years from their collection and recording, for the purpose of hlpy exercising its rights.

hlpy reserves the right to keep statistical information on the use of the App in an anonymised and aggregated form for statistical use to improve the App on the basis of a legitimate interest.

 

7.    How do we protect User Data?

Information security is very important to us, and we have safeguards in place to preserve the integrity and security of the information we collect and share with our suppliers.

However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those whose information may have been compromised and take other measures, in accordance with applicable laws and regulations.

QUESTIONS ABOUT OUR PRIVACY POLICY?

If you have any questions about our Privacy Policy, please feel free to write to us at info@hlpy.co.

Before accessing or using our Site, users should ensure that they have read and understand how we collect, process, store, use and share their Data as described in this Privacy Policy.



 

HLPY COOKIE POLICY

1.    Foreword

The Cookie Policy of hlpy S.p.A.. ("Cookie Policy") describes the different types of cookies that are used in connection with the App.

Hlpy S.p.A., having its registered office at Via Abbadesse 20, 20124 (MI), Milan is the data controller of the personal data described in this Cookie Policy ("Data Controller") and determines the purposes and means pursuant to EU Regulation 2016/679 (GDPR).

Interested parties may contact the Controller at the following addresses

• By post, by writing to the address Via Abbadesse 20, 20124 (MI), Milan;

• By fax, at 39 02 87369735;

• By e-mail, at dpo@hlpy.co

Pursuant to Article 37 GDPR, the Data Controller has appointed a Personal Data Protection Officer ("RDP"). Data subjects may contact the DPO by writing to the e-mail address dpo@hlpy.co.

 

What are cookies?

Cookies are small text files that can be used by websites to make the user experience more efficient.

Cookies allow us to store small amounts of information on your computer or mobile application about your visits to our Site.

 

What kind of cookies do we use?

The App uses different types of cookies. Some cookies are placed by third party services.

You can change the cookie settings in your browser at any time to allow you to use all features without restriction when browsing our Site or using our App. We encourage you to read our Site Privacy Policy (https://hlpy.co/privacy-policy) which contains all the information about who we are, how we process Personal Data and how you can contact us.

Below, we outline the types of cookies we use on the App.

• Necessary cookies

Necessary cookies help to make the App usable by enabling basic functions such as page navigation and access to secure areas. The App cannot function properly without these cookies.

Listed below are links to the respective policies on the use of cookies by accessing and consent forms provided:

a)    Session cookie: is used to keep the user logged into the app. Its duration is 1 hour.

We only use necessary or technical cookies to ensure that the App functions properly.

We may also collect information about your use of the App in an anonymous form such as: pages and areas visited, time spent, traffic origins, geographical origin,. These cookies are treated as technical cookies under applicable law. These cookies are sent from third party domains external to the App.

Cookies that are strictly necessary for the operation of the App or technical cookies (or equivalent to them) may be installed on the user's device automatically, without the need to collect consent in advance. We base this processing on legitimate interest, within the meaning of Article 6(1)(f) GDPR, as specified in the Guidelines on cookies and other tracking tools.

• Analytical and performance cookies

The App also uses cookies to facilitate its use (e.g. to store information entered into forms by the user, or the use of the password storage function). These cookies require the user's consent for their use (Art. 6(1)(a) GDPR).

Listed below are links to the respective notices on the use of cookies by accessing and the consent forms provided:

a)    Google Firebase: https://firebase.google.com/support/privacy

 

Tab 2 - THIRD-PARTY TRACKING TECHNOLOGIES

 We will endeavour to update this list if or when we work with new partners who offer a choice over the collection of user information, but as partners change and new technologies become available, it is likely that this list will change over time and you are asked to review it regularly. We will also notify you via a banner on the App.


Third-party partners:

Firebase Crashlytics

Type of technology of tracking:

Technician

Description:

Firebase Crashlytics is an SDK used for technical purposes related to the login process. It is a monitoring service provided by Google for crashes that offers support in monitoring, prioritising and resolving stability problems that impair the quality of the app.



Third-party partners:

Firebase Analytics

Type of technology of tracking: 

Statistics for internal analysis

Description:

Google Analytics for Firebase/Firebase Analytics, is an analytics service provided by Google Ireland Limited. To find out how the data is used by Google, please consult Google's partner policy at this link: Google's partner policy

Firebase Analytics may share data with other services provided by Firebase including, for example, Crash Reporting, Authentication, Remote Config or Notifications. The User can consult this privacy policy for a detailed description of the other tools used by the Data Controller.

To enable Firebase Analytics to function, the App uses certain mobile device identifiers or technologies similar to cookies.

The User can opt-out of certain Firebase functions via the settings on his mobile device. For example, you can change the advertising settings available on your device, or you can follow the instructions applicable to Firebase that may be included in the privacy policy.

Personal Data processed: Tracking Tool.

Place of processing: Ireland - Privacy Policy