APP Notice

RollApp - Privacy Statement

We recommend that users of our mobile application software (“app”) read this privacy statement in full. It sets out the types of personal information we collect about our users when they use our app or when we provide services, as well as how we use and store their personal information and what rights they may have in respect of that information. Our app is not intended for children and we do not knowingly collect data about children.

1. About Gaposa and this Privacy Statement

We are Gaposa Srl, a manufacturer of automation systems for industrial and garage doors, roller shutters and solar protection systems. We are the controller and responsible for your personal information (we refer to Gaposa Srl as “we”, “us” or “our” in this privacy statement). Where we instruct our suppliers, clients and other third parties to use your personal information, these data processors will process your information on our behalf and only on our instructions and for the purposes set out in this privacy statement. We have appointed a Data Protection Officer (DPO) who is our point of contact for all issues relating to the protection of personal information and is responsible for overseeing questions in relation to this privacy statement. If you have any questions about this privacy statement or our privacy practices, please contact us using the contact details set out below.

Contact details:

Full name: MARCO GASPARRINI

Job Title: DIRECTOR

Email address: controller@gaposa.com

Postal address: GAPOSA Srl, Via Ete 90, 63900 FERMO (FM) - ITALY

This privacy statement was published on 24^th September 2020. We keep it under regular review and any changes we make to it will be, where appropriate, notified to you by email.

2. Personal information we collect about you

Personal information means any information about you from which you can be identified. It does not include information where your identity has been removed (this is anonymous data).

We may collect and use the following personal information about you:

1. Identity Data including your first name, last name, and username or similar identifier;
2. Contact Data including your email address and mobile telephone number;
3. Technical Data including the types of your devices, their internet protocol (IP) address and current location, and your login data;
4. Usage Data including information about how you use the app and our services; and
5. Marketing and Communications Data including your preferences in receiving marketing from us and our third-party partners, and your communication preferences.

 

3. How we collect your personal information

Generally, we collect your personal information directly from you – through your use of our app and services, or in person, by telephone or email. In particular, this may occur in the following circumstances:

1. when you download the app and create a user account within the app;
2. when you use the app and when you subscribe to some of our services;
3. when you correspond with us by phone, email or other electronic means, or in writing;
4. when you sign up to receive marketing communication and offers from us;
5. when you enter a competition, promotion or survey; and
6. when you give us feedback or contact us.

 

4. How we use your personal information

Under data protection law, we can only use your personal information if we have a proper reason for doing so, for example:

1. for the performance of our contract with you or to take steps at your request before entering into a contract;
2. to comply with our legal and regulatory obligations;
3. for our legitimate interests or those of a third party; or
4. where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

Generally, we do not rely on consent as a legal basis for processing your personal information although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the rules set out in this section, where this is required or permitted by law.

We will use your personal information for the following purposes and on the following grounds:

1. On the basis of fulfilling our contract with you or entering into a contract with you on your request, in order to:
   • install the app and register you as a new app user and update our user records;
   • allow you to use the app and deliver services to you through the app;
   • notify you of changes or updates to the app or any services;
   • manage your user account and our records; and
   • deal with and respond to requests, enquiries and complaints.
2. On the basis of our legal obligations, we process your personal information when it is necessary:
   • for compliance with tax, accounting, anti-money laundering and other applicable law and obligations which we are subject to;
   • for managing your statutory rights;
   • for notifying you about changes to our terms or privacy statement; and
   • for ensuring security of your personal data by preventing unauthorised access to it.
3. On the basis of our legitimate interest, we will use your personal information for:
   • allowing effective performance of our business by ensuring necessary internal administrative, commercial, and security processes;
   • verifying your identity, and preventing and detecting fraud against you or us;
   • collecting and recovering money you owe to us;
   • asking you to provide feedback, leave a review or take a survey;
   • sending you information about and enabling you to participate in events (including online events) organised by us (with or without another party), including training; prize draws and competitions; and surveys, marketing campaigns, market analysis or other promotional activities;
   • communicating with you and keeping you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives;
   • promoting (including by delivering advertisements) and making suggestions and recommendations to you (including by email or when you use the app) about products and services that may be of interest to you, as well as to personalise content you see in the app, and measuring and analysing the effectiveness of the promotions and suggestions we serve you;
   • using statistical data analytics about your use of our app and our services, to improve the app, the services, our marketing, customer relationships and experiences;
   • preventing unauthorised access and modifications to systems;
   • carrying out and dealing with security-related tasks, such as troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
   • allowing interoperability within our applications; and
   • establishing, exercising and/or defending our legal rights.

 

5. Promotional Communications

We have a legitimate interest in processing your personal information for promotional purposes (see above). This means we do not usually need your consent to send you updates about our products and/or services, including exclusive offers, promotions or information about new products and/or services. However, where consent is needed, we will ask for this consent separately and clearly.

We will not sell your personal information to or share it with other organisations outside the Gaposa group for marketing purposes, except where we remain the controller of your personal information and share it with third parties who act as a data processor on our behalf and only process the personal information on our instructions and for the purposes set out above.

You have the right to opt out of receiving promotional communications by contacting us, using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts, or updating your marketing preferences in your user profile in the app.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

 

6. Who we share your personal information with

We have instructed FAB Controls Ltd to act as a data processor and process your personal information on our behalf and instruction.

We may also share your personal information with:

1. service providers we use to help deliver products and/or services to you, such as security providers, payment service providers, and delivery companies. We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.
2. companies within the Gaposa group to deliver services to you or for the reasons such as core administration and activities that have been identified as being within our legitimate interest;
3. credit reference agencies who may, for example, supply anti-fraud and credit-insight information to us;
4. our professional advisors such as our lawyers or auditors when they need to give us their professional advice;
5. public authorities and other government bodies. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations;
6. potential corporate buyer. We may also share some personal information in the case of transfer of some or all of our business, during re-structuring or change of ownership of the business. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Your personal information may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above. Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see Section 8 below.

 

7. How long your personal information will be kept

We will keep your personal information while you have an account with us or we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary to respond to any questions, complaints or claims you raise, to show that we treated you fairly, and to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this statement. By law we have to keep basic information about our customers (including Identity and Contact Data) for six years after they cease being customers.

When it is no longer necessary to retain your personal information we will securely destroy your personal information in accordance with applicable laws and regulations. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

 

8. International transfers of your personal information

If, to deliver our services to you, it is necessary for us to share or transfer your personal information outside the European Economic Area (EEA), then some additional safeguards will apply.

Where we need to make a transfer of this nature, we will only do so if such a transfer is safe and your personal information will be secure.

This means that when we transfer your personal information outside the EEA we will only do so where (i) there are Binding Corporate rules in place; or (ii) the country where we are making the transfer to is a country deemed by the European Commission to have an adequate level of protection in place for your personal information; or (iii) if there is no adequacy decision, where we have contractual arrangement with the service provider containing protections for your personal information (the EU Commission approved Standard Contractual Clauses, for example) or (iv) where the service provider is part of an approved scheme.

 

9. Your rights

Under the applicable data protection laws you have a number of rights, as set out below:

1. Right to access your personal information. You may request confirmation that we hold personal information about you, as well as access to a copy of any such data.
2. Right to rectification. You may ask us to correct any inaccurate information we hold about you.
3. Right to erasure (or Right to be forgotten). You may, in certain circumstances, ask us to delete your personal information.
4. Right to restriction. You may ask us to restrict the processing of your personal information if (i) you want us to establish the accuracy of the information, (ii) where our use of the information is unlawful but you do not want us to erase it, (iii) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims, or (iv) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
5. Right to portability. You may request the receipt of the personal information that you have provided to us, in a structured, commonly used and machine-readable form, or its transfer to another organisation.
6. Right to object. You may object to our processing of your personal information (i) at any time when your personal information is being processed for direct marketing, or (ii) where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
7. Right not to be subject to automated individual decision making. You have the right not be subject to a decision based solely on automated processing (or profiling) that produces legal effects concerning you or similarly significantly affects you.
8. Right to withdraw consent. Where our processing of your personal information is based on your consent, you may withdraw this consent at any time, although this will not affect the lawfulness of any prior processing where we relied on your consent.
9. Right to make a complaint. You may make a complaint about our processing of your personal information by contacting us. While we hope that we would be able to address any issues you have in this respect, you may also make a complaint to the data protection regulator in the country where you are based.

If you would like to exercise any of these rights, please contact us.

You will not have to pay a fee to access your data or to exercise any of the other rights. However, we may charge a reasonable fee of your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

10. Keeping your personal information secure

We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed unlawfully, altered or disclosed. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.