Privacy Policy
The company StayEase S.r.l., as data controller, informs pursuant to Article 13 EU Regulation no. 2016/679 (“GDPR“) that the data provided by users (the”Interested” or the”User“) via the website https://stayeasechat.com or https://www.stayeasechat.com or https://console.stayeasechat.com or https://assistant.stayeasechat.com (the “Website“) as well as through the User’s use of the ChatBot, regardless of the mode and tool used, will be processed in the following manner and for the following purposes.
- The Data Controller
The Data Controller is StayEase S.r.l., with registered office in Venice – Sestiere Castello 1790, P.IVA IT04830510279, (hereinafter, the “Data Controller“).
The Data Controller provides the following e-mail address for any communication: privacy@stayeasechat.com
The Data Controller may designate one or more persons responsible for the processing of Personal Data pursuant to Article 28 of the GDPR, who, on behalf of the Data Controller, provide specific processing services or related, instrumental or supporting activities by adopting all those technical and organizational measures appropriate to protect the rights, freedoms and legitimate interests that are recognized by law to the Data Subjects.
- Description of the treatment
The processing will involve individual operations, or a complex of operations, of the following personal data provided by the Data Subject when using the services rendered by the Data Controller, through the Site, as described in the following table (the “Personal Data” or the “Data“):
Type | Purpose of Treatment | Legal Basis | Preservation Period |
Data identifying the Data Subject: first name, last name, e-mail, telephone number. | Allow the User to access theaccount and use the service. | Execution of a contract to which the Data Subject is a party or execution of pre-contractual measures taken at his or her request (Article 6(1)(b) GDPR). | For the maximum time allowed by law. |
Fulfilling obligations established by law, regulation, community law or an order of the Authority. | To fulfill a legal obligation to which the Data Controller is subject (Article 6(1)(c) of the GDPR). | For as long as necessary in accordance with the law. In any case, for a maximum period of ten (10) years. | |
Exercise the rights of the Data Controller, such as to exercise a right in court. | Legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR). | ||
Send communications related to the activity with reference to which the Data Subject has provided his/her Data;manage, improve and maintain the Site. | Legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR). | For as long as theaccount is valid. | |
E-mail address of the Interested Party. | Send newsletters related to the activities promoted by the Company; mail marketing activities,profiling activities. | Express consent of the Data Subject (Article 6(1)(a) of the GDPR). | Until consent is revoked by the Data Subject. |
Data related to the use of the Site and the ChatBot: Personal Data provided as part of communications with the ChatBot;Conversation history;ChatBot usage data(e.g . frequency of access to the Chatbot, session durations, etc.). | Process and follow up on User requests. | Execution of a contract to which the Data Subject is a party or execution of pre-contractual measures taken at his or her request (Article 6(1)(b) GDPR). | For as long as theaccount is valid or otherwise for the maximum time allowed by law. |
Manage, improve the ChatBot based on feedback and usage data;Monitor the usage of the ChatBot;Evaluate and improve the quality of service provided;Resolve any technical problems or security issues related to the ChatBot. | Legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR). | ||
Navigation data: Information about the device used (e.g. mobile network system, unique device identifiers), Settings hardware e browser, IP address, date and time of access, date and time of requests made;Web pages visited, duration of visit, interactions with the page (e.g. scrolling, click etc.), date and time of visits. | To derive anonymous statistical information about the use of the Site and the ChatBot to monitor its proper functioning. | Legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR). | Browsing data will be retained for as long as necessary to carry out the activities of analysis and comparative statistical processing, subject to any need for investigation by the competent authorities. |
Navigation data: Information about the device used (e.g. mobile network system, unique device identifiers), Settings hardware e browser, IP address, date and time of access, date and time of requests made;Web pages visited, duration of visit, interactions with the page (e.g. scrolling, click etc.), date and time of visits. | Monitoring the operation of the Site also for the purpose of improving user experience and security. | Legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR). . | Browsing data will be retained for as long as necessary to carry out the activities of analysis and comparative statistical processing, subject to any need for investigation by the competent authorities. |
Profiling;Marketing. | Express consent of the Data Subject (Article 6(1)(a) of the GDPR). The data subject may withdraw consent at any time | Until consent is revoked by the Data Subject. |
It should be noted that, with reference to navigational data, the information collected, while not intended to be associated with identified individuals, by its nature, if associated with other Data held by third parties (e.g., the internet service provider), could allow the identification of the Data Subjects (e.g., IP addresses, domain names of the PCs used, URL addresses of the requested resources, time of the request, numeric code related to the status of the response given by the server).
Please note that the use of the ChatBot does not require the input of any User Data(e.g . age, email, etc.), however said information could be processed where the same should be spontaneously provided by the User during the use of the ChatBot.
- Method of treatment
Processing of Personal Data:
- Is realized by means of the operations specified in Article 4, co. 1, no. 2 of the GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of Data;
- Is also carried out with the aid of electronic or otherwise automated means;
- is also carried out through the use of electronic mail or other remote communication techniques.
- Transfer of Personal Data
The management and storage of the Data will take place primarily in Europe, on servers of third-party companies contracted and duly appointed as data controllers.
The Data Controller may also provide access to the Site and the services referred to therein in other countries, in which case the transfer of Data to such countries is strictly limited to the actual need to be aware of it. The Data Controller will take necessary measures to protect Users’ Personal Data and prevent unauthorized access.
Personal Data may be transferred to the systems used by the Data Controller and/or third party companies contracted and duly appointed as Data Processors even outside the European Union.
In the event that such transfer takes place to countries that do not provide the same level of protection as provided by the GDPR or applicable legislation, or in any case an adequate level to protect personal data, the Data Controller will ensure that each such recipient undertakes specific contractual obligations in accordance with applicable data protection regulations (including the signing of the Standard Contractual Clauses “SCCs” approved by the European Commission) or in the absence of an adequacy decision pursuant to Article 45(3) GDPR, or adequate safeguards pursuant to Article 46 GDPR, including binding corporate rules, will request, pursuant to Art. 49 of the GDPR, the possibility of transferring personal data to a Third Country after obtaining specific consent from the Data Subject. In any case, the User may request more information regarding the transfer of Personal Data by writing to the e-mail address: privacy@stayeasechat.com
Security measures
The Data Controller has taken a variety of security measures to protect Data against the risk of loss, misuse, or alteration, consistent with the measures expressed in Article 32 of the GDPR. The processing is also carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes.
- Consequences of not providing Personal Data
Without prejudice to the Data Subject’s right to provide Personal Data to the Data Controller, the provision of Personal Data may be:
- mandatory for the purposes of providing the services accessible through the Site and for purposes related to the fulfillment of obligations under applicable laws and/or regulations, as well as provisions issued by the competent supervisory and/or control authorities/bodies;
- optional with reference to the data voluntarily provided by the Data Subject and the purposes related to the sending of informative and/or promotional messages, including those inherent to the sending of newsletters.
If the Data Subject refuses to provide Personal Data to the Data Controller, this may make it impossible for the Data Controller to provide the requested services and make access to the Site available.
In addition, please consider that the revocation of one or more permissions and/or consents not given by the User may have consequences on the proper functioning and/or the ability to properly access and/or use the Site and/or deliver the services by the Data Controller.
- Retention and deletion of Data
The retention period of Personal Data is shown in the table in Section 2 above.
At the end of the retention period, the Personal Data will be deleted. Therefore, upon the expiration of this period, the right of access, deletion, rectification and the right to portability of Personal Data can no longer be exercised by the User.
The Personal Data will be stored by means of paper and computer files, including portable devices, taking appropriate measures to ensure their security and to limit access to them only to personnel authorized by the Data Controller and within the strict scope of the purposes stated above.
- To Whom We May Disclose Personal Data
For the above purposes, Personal Data may be made accessible or communicated to:
- employees and collaborators of the Data Controller, in their capacity as authorized processors, within the scope of their respective duties and in accordance with the instructions received. Such individuals are, however, subject to the obligations of confidentiality and privacy;
- to third parties performing outsourced activities on behalf of the Data Controller whose activities are related, instrumental or supportive to those of the Data Controller (e.g., management software );
- to all those public and/or private entities, individuals and/or legal entities (such as, by way of example, legal, administrative and tax consulting firms, funds or funds, including private welfare and assistance funds, Judicial Offices, Chambers of Commerce), if the communication is necessary or functional for the proper fulfillment of the contractual obligations undertaken, as well as the obligations arising from the law;
- to all those entities (including Public Authorities) that have access to Personal Data by virtue of regulatory or administrative measures;
In any case, the Personal Data collected will not be disseminated.
- Rights of the Interested Party
The Data Subject may exercise the rights under Chapter III of the GDPR within the limits and under the conditions set forth therein (“Rights of the Data Subject“):
- Access to Data (Art. 15): The Data Subject has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him or her is being processed and, if so, to obtain access to the Personal Data in a commonly used electronic format and certain information about the processing (e.g. purposes, categories of Data processed, recipients, transfers outside the EU, implementation of profiling activities, etc.);
- rectification of Data (Art. 16): the Data Subject has the right to obtain the rectification of inaccurate Personal Data concerning him/her without undue delay and/or the integration of incomplete Personal Data, including by providing a supplementary statement;
- erasure of Data or “right to be forgotten” (Art. 17): the Data Subject has the right to obtain from the Data Controller the erasure of Personal Data concerning him or her without undue delay, and the Data Controller has the obligation to erase the Personal Data without undue delay;
- limitation of processing (Art. 18): the Data Subject has the right to obtain from the Data Controller the limitation of processing;
- portability of Data (art. 20): The Data Subject has the right to receive in a structured, commonly used and machine-readable format the Personal Data concerning him or her provided to a Data Controller and has the right to transmit such Data to another Data Controller without hindrance from the Data Controller to whom he or she provided it;
- objection to processing (Art. 21): the Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of Personal Data concerning him or her in accordance with Art. 6(1), letters (e) or (f) of the GDPR, including profiling on the basis of these provisions.
- Ways of exercising rights
The Interested Party may at any time exercise the rights by sending:
- an e-mail to privacy@stayeasechat.com
- a registered letter with return receipt to StayEase S.r.l., with registered office in Venice, Sestiere Castello 1790.
The Data Controller undertakes to provide the Data Subject with information regarding the action taken regarding a request to exercise rights without undue delay and, in any case, at the latest within a period of 30 (thirty) days from the receipt of the request, extendable up to 3 (three) months only in cases of particular complexity.
Any rectification or deletion or restriction of processing made at the explicit request of the Data Subject, except where this proves impossible or involves a disproportionate effort, will be communicated by the Data Controller to each of the recipients to whom the Personal Data were transmitted. The Data Controller may notify the Data Subject of the recipients’ contact information if requested.
- Right of complaint
Data Subjects who believe that Personal Data is being processed in violation of the provisions of the GDPR have the right to lodge a complaint with the Data Protection Authority: i) via e-mail, at garante@gpdp.it or urp@gpdp.it; (ii) by fax at 06.696773785; or (iii) By mail at the registered office located in Rome, Italy, Piazza Venezia no. 11 – Cap 00187, or alternatively by recourse to the Judicial Authority.
- Manager and appointees
The updated list of data processors and processors is kept at the Data Controller’s office.
- Changes to this policy
This policy may be, at any time, modified and/or updated. If the Data Controller intends to process your Personal Data for purposes other than those set forth in this privacy policy, it undertakes to provide, prior to such further processing, adequate information regarding such different purposes and to carry out such further processing in compliance with applicable law, collecting where necessary the specific consent of the Data Subject.
Update date: March 2024