Stendhapp srl – Innovative Startup with Social Vocation (“Stendhapp”, “We”, “the Company”) offers a free online service providing users (“users”, “user”, “you”) with tips for discovering artistic and cultural heritage and much more.
Stendhapp srl – Innovative Startup with Social Vocation (“Stendhapp”, “We”, “the Company”) offers a free online service providing users (“users”, “user”, “you”) with tips for discovering artistic and cultural heritage and much more. It also allows professionals in the cultural sector (“providers”, “provider”) to provide detailed information about places and events featured on the application. The mobile components and related applications (apps) and the website (together referred to as the “Website/Websites”) are owned and managed by Stendhapp srl.
Stendhapp understands that providing online information entails a high level of trust from users. Stendhapp greatly values this trust and attaches the highest importance to the security and confidentiality of personal data provided by users through the use of the Website or services.
The processing of your personal data may include any kind of procedure, including collection, registration, arrangement, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction.
Users’ personal data will be processed primarily by automated means, but also on paper, strictly in accordance with the relevant purposes, using databases, electronic platforms operated by Stendhapp or by third parties appointed for this purpose as external controllers and/or integrated computer systems of Stendhapp and the aforementioned third parties and/or websites and/or apps owned by or used by Stendhapp.
- Collection and processing of personal data
- Sharing of information by the user
- Personal data retention periods
- User’s rights
- Protection of personal data
- Information on children
- Reports to users
- Collection and processing of personal data
Personal data means any information that allows an individual to be identified. It does not include data from which the identity has been removed or otherwise made anonymous (“anonymous data”).
Users’ personal data are encrypted and stored in a MongoDB Atlas cloud server, located in Europe, owned by MongoDB Limited which, by policy, guarantees the confidentiality and security of the customers’ data, ensuring, among other things, that it will maintain organisational, technical and physical protection measures in order to
– protect the security and integrity of the customers’ data while they are within its systems
– protect customers’ data from accidental or unauthorised access, use, alteration or disclosure within its systems.
Stendhapp stores the information in the MongoDB Atlas cloud as data controller or processor: users may disable the collection and use of their information by making a request to email@example.com.
The collected personal information may include, but are not limited to: first name, last name, email address, city and State of residence, phone number, billing information, survey responses, booking information, travel logs and other information the User provides on the Websites, IP address and web browser software. The following sections detail the types of processed data, divided by sources and/or activities:
1.1. Registering for app services and viewing of events and places
When users register for the app, they are asked to provide certain data, some of which are essential for using the app. The essential data are: a valid email address, first name, surname, age group and a “strong” password that is immediately encrypted using MD5 and is never visible on our systems. The registration procedure also asks for other optional information such as: country and city of residence, gender, which are collected for statistical purposes or to create audience segments: the user is free to provide or omit this information.
When using the application on a device through a browser or mobile app, the Company collects and processes the user’s location information, if the user has given permission to share their geolocation data by setting the appropriate configuration on their device. Location data allow us, among other things, to show the Users information about nearby attractions and events as they move around.
If the user has set up some preferences on the category of places to be displayed on the map, the application will take this into account when showing places and events.
It is possible to change preferences and privacy settings at any time, therefore disabling the sharing of information with the application. Turning off geolocation affects several important features of the application and limits the app service provision.
The application also automatically collects certain information from the computer or device the User utilizes to visit Stendhapp. For example: session data, including the IP address, the browsing software they use and the website of origin.
1.2 Email messages
In order to help users discover the beauty of the areas around them, Stendhapp may send them emails containing information on places and events selected according to the User’s preferred categories as indicated on the application, or invitations to take part in surveys to improve the service offered. For example, if a user has selected music as their preference, they may receive an email about a concert that will be held nearby. The Company believes that these emails offer useful information, but users can always avoid receiving these communications by sending a message to firstname.lastname@example.org, as specified at the bottom of each email.
Moreover, the Company uses emails to give notice about service information and instructions on the technical use of the web app and mobile app, information on any software updates and patches, administrative messages or requests for clarification regarding the user account and/or their reports of places and/or events and/or accessibility, as well as any update that generates a change or addition to the functionality of the web app and mobile app. Please note that it is not possible to unsubscribe from receiving such service communications.
Users will only receive marketing messages from the Company if they have expressly given their consent to them. However, users may at any time withdraw their consent to receive marketing communications by sending an email to email@example.com or by changing their profile settings on the app.
1.3 User profiling by segment data aggregation
Stendhapp automatically collects certain data about the users’ activity on the app, such as contents they have viewed, places they have visited and searches they have made. If users have registered with Stendhapp through social media, the company may collect data from their social pages (e.g. likes, shares and friends), in line with the permissions they have given to the specific social medium; Stendhapp also automatically records information about users’ interactions with their social pages. All of these types of data are used to better understand users’ interests and preferences, to further customise their experience and to create audience segments (dividing users into groups based on criteria related to site usage, demographics and social media behaviour data). For example, a segment of users who share preferences for music and food and wine, have a Facebook account and live in Southern Italy, could be automatically created. The anonymous statistical data corresponding to this segment may be shared with providers interested in reaching this audience. Under no circumstances will Stendhapp transfer individual users’ data to third party companies, except in the circumstances specified in this Policy, and such transfer will never be made in return for payment.
1.4 Feedback from social campaigns
Stendhapp may record data on interactions with users and followers on its social pages in order to carry out analyses and create audience segments (see previous paragraph) for planning targeted communication campaigns.
1.5 Website users – cookies collection
The Company collects information through cookies and other similar technologies (e.g. web beacons).
Cookies are lines of text that act as computer markers sent by a server (here, the Website server) to a User’s device (generally to the Internet browser) when the User visits a specific website page; cookies, which may also be set by websites other than those the user is visiting (“third-party cookies”), are automatically stored by the user’s browser and retransmitted to the server that generated them each time the user visits the same Internet page. This way, for example, cookies allow and/or facilitate access to certain Internet pages in order to improve the User’s navigation (i.e. they allow storage of visited pages and other specific information, such as frequently consulted pages, connection errors, etc.), or they allow profiling activities. Therefore, in order to make full and easy use of the Website, it is advisable that you state your preferences regarding cookies when you log in for the first time.
The cookie configuration that you set when you first access the Website can be later modified at any time while browsing, by disabling or deleting (each time or once for all) the various types of cookies ( “Statistical” – “Marketing”). However, this may imply that the optimal use of some Website areas may be precluded. Please note that cookies classified as “Necessary” cannot be disabled.
Statement for cookies on the Website:
- Necessary cookies: These are necessary to allow you to browse this Website and use its features. In particular, they enable functions without which you would not be able to make full use of this Website, since their activation allows basic functions such as page navigation and access to secure areas of the Website. For this reason they cannot be disabled.
- Statistical cookies: Statistical cookies are used to monitor the performance of this Website, e.g. to find out the number of visited pages or the number of Users who have viewed a particular section. The analysis of these cookies generates anonymous and aggregate statistical data without reference to the identity of the Users of this Website. They are also useful for assessing possible changes and improvements to be made on the Website itself. The User can choose to enable or disable statistical cookies at any time.
This Website also utilizes Google Analytics as a provider of statistical cookies, a web analytics service supplied by Google, Inc. (“Google”). You can obtain more information on the data processing activities carried out by Google Analytics at the following link: https://support.google.com/analytics/answer/6004245 .
- Marketing cookies: Marketing cookies are used to send advertisements and supply services in line with the preferences you have expressed. In particular, they are used to deliver advertisements and services that are potentially close to your interests, as well as to create individual profiles based on your tastes, preferences and consumption choices, as detected while you browse this Website or by comparing your browser activities. They are used, for example, to limit the delivery of a particular advertisement, or to derive the effectiveness of a campaign from the frequency of display of relevant advertisements. You can choose to enable or disable marketing cookies at any time.
- Web app cookies: the web app too uses Technical cookies for the registration process, and Preference, Statistical and Marketing cookies.
- Description of how to consent to the installation of cookies: When you access the Website for the first time, you will find a short information banner containing a link to this extended information notice, where you will find more information about the cookies installed by the Owner and by third parties, their description, the characteristics of the different categories of cookies and you will be able to choose yourself which cookies authorise.
With regard to the use of statistical and marketing cookies, useful for providing services in line with your tastes, preferences and consumption choices, your consent is required.
By clicking OK and continuing to browse the Website, you consent to the use of the cookies you have selected. However, you can change your cookie preferences (including cookies set by third parties) at any time.
For more information about cookies in general, how to view the cookies installed on your device and how to manage and delete them, please refer to sites such as www.allaboutcookies.org and www.youronlinechoices.com/
1.6 “Contact us” form available on the website
Stendhapp will respond to requests received via the “contact us” form available on our website. Users may, however, at any time deny their consent to receive communications from Stendhapp by sending an email to firstname.lastname@example.org as indicated at the bottom of the email messages.
1.7 Defence of our legitimate interests
The Company collects and may transfer users’ personal data to third parties in the following cases in order to protect its legitimate interests:
- Security reasons: in order to protect the Website, the app, the web app and other users from misuse or cyber attacks. For example, for investigation, prevention or action with respect to unlawful or potentially unlawful activities, to protect and defend the rights, tangible and intangible property or safety of Stendhapp, its customers or others, in accordance with the Users’ Service Agreement.
- Legal Defence: for the purpose of complying with subpoenas, court judgments or other lawful and applicable legal process; for the purpose of establishing or exercising the Company’s rights; for the purpose of defending itself in disputes; for other purposes required by law. In such cases, the Company reserves its right to raise or waive any legal objection or right.
- Changes in corporate structure: in connection with business transactions, such as divestitures, mergers, consolidations, sales of assets or in the event of bankruptcy or other insolvency proceedings.
In summary, the Company collects and may transfer personal information to third parties when necessary to protect the legitimate interests of the Company (or of third parties): users’ interests and fundamental rights do not prevail over such interests.
The Company also reserves the right to share aggregate or anonymous information with third parties, including advertisers or investors. For example, Stendhapp may disclose the number of visits paid to sites or destinations to advertisers. This information does not contain any personal data and is used to develop content and services of interest to users.
- Sharing of information by the user
If users choose to create a profile on Stendhapp, their profile information will not be viewable by other users through the application, but only by Stendhapp staff and third parties engaged by the company.
Stendhapp does not share email addresses with other users or make them public by any other means. If, however, users decide to make their own content available, the texts and photos will be published on Stendhapp for the benefit of all users of the platform and the user’s name who provided the content or a pseudonym chosen by the user will be displayed. By making content available, the user automatically assigns all rights of use to Stendhapp.
Furthermore, if users choose to share an image of a place they have visited through Stendhapp, it will only be visible on their social media according to their specific settings and not to other Stendhapp users. These images will be viewable within the user profile by the user, Company staff and third parties appointed by us.
2.1 Sharing information with third parties
- Storage of personal data
Stendhapp is committed to keeping users’ personal data up to date and complete. We will delete personal data when their processing is no longer necessary or permitted. Data provided by users in accordance with this Policy will be retained for a maximum period of two years after their last use, except in the following cases:
- where there are legal requirements to keep personal data for a longer or shorter period;
- personal data provided to respond to specific user’s requests will be retained for a maximum period of 10 years;
- personal data used to respond to a user’s request to access to their data will be retained for a period of 5 years from the date on which access was granted;
- data of users who have not verified their email address after registering for the app and webapp will be retained for 30 days after the registration attempt.
- User’s rights
The user has the right to verify, supplement and update the information provided, as well as to request to close their account by sending an email to email@example.com.
If the user decides to close their account, the account will be deactivated and any personal data will be removed, but the places that have been suggested to us prior the cancellation request will remain visible to the community.
Once the account is closed, the user will be no longer able to access their personal data. They can, however, open a new account at any time, but will not be able to recover any previous data.
Users can change their password and privacy preferences at any time as long as their account remains active, on their Profile page.
In accordance with applicable law, users have the right to access, rectify, delete, limit the processing of their data, as well as the right to data portability and the right to object. Further details and information on how and when users can exercise their rights are available below. Requests will be answered within 30 days, extendable by another 30 days in accordance with the law.
In accordance with applicable law, users have the following rights with regard to their personal data:
- Right to request access to personal data. This allows users to receive a copy of their personal data stored by the Company and to verify that the processing is lawful.
- Right to request the correction of data if incorrect. Users also have the right to supplement any incomplete personal data recorded, taking into account the purposes of the data processing.
- Right to request the deletion of any personal data if:
- they are no longer necessary for the purposes for which they were collected or processed;
- the user withdraws consent, where the processing of personal data is subject to consent and there is no further legal basis;
- the user objects to the use of his/her/their personal data and the company has no overriding legitimate reason to continue this use;
- personal data have been processed unlawfully;
- personal data must be deleted in order to comply with legal obligations.
- Right to object to the use of one’s personal data. The Company is committed to act in the interests of users, unless there is an overriding legitimate interest in the processing of the data or a need to continue processing for the purposes of resolution, exercise or defence in the context of a legal claim.
- Right to restrict the use of personal data, if:
- the accuracy of the data is questioned by the user, during the period in which the company is required to verify its accuracy;
- the data processing is unlawful and the user object to the deletion of their personal data by requesting the restriction;
- the Company no longer needs the user’s personal data for processing purposes, but they are needed by the user for legal claims;
- the user has objected to data processing, for the period during which the Company is required to verify the presence of overriding legitimate grounds.
- Right to data portability. The user may request that such personal data be sent to third parties, where possible. The data will be provided in electronic format in the form of queries to our database. This right can only be exercised if it relates to personal data provided to the company, if the data processing is subject to consent or necessary for the performance of a contract between the user and the company, and if the data processing is carried out by automated means.
The Company reserves the right to request specific information from the user to confirm their identity and their right to access personal data (or to exercise other rights). This is a security measure to ensure that personal data is not disclosed to people who do not have a right to receive them. In order to speed up the response time, the Company may contact the user to request further information about their request.
- Protection of personal data
Stendhapp wants users to have peace of mind when using the app and the website, and is committed to protecting the collected personal data. Although no website can guarantee absolute security, Stendhapp implements and enforces physical, administrative, technical and organisational measures to protect the personal data provided against unlawful or unauthorised access, unauthorised disclosure and accidental loss, damage, alteration or destruction of data.
For example, only employees and authorised third parties may access personal data and only for the implementation of permitted business purposes. Furthermore, Stendhapp uses encryption for the transmission of personal data between the user’s system and the Company system. Stendhapp also uses firewalls and intrusion detection systems to prevent unauthorised persons from accessing users’ personal data.
- Information relating to minors
Stendhapp is a general audience Website and does not offer services for children. The Company does not knowingly collect data from children under the age of 14. If a user known to be under the age of 14 has submitted personal data to the Company, the information will be deleted or destroyed as soon as possible.
- Alerts to users
Stendhapp, through its apps and the Website, offers its users free information services on Italian artistic, cultural and gastronomic heritage and related events. When users register on our app, we believe we are acting in their interest by sending updates and information related to the topics covered by the app, such as notifications of places and events that are geographically close or similar to the user’s preferences. For example, if a user has selected music as one of their interests, Stendhapp may prioritise information about concerts in their area within the app and send them an email with the schedule of a music festival in another region that may be of interest to them. We consider such messages an integral part of our services to increase users’ awareness of the beauty around them. For more information, please see the Service Agreement (link).
For any further questions or complaints about the processing of personal data by the Company, please write to: firstname.lastname@example.org. Users also have the right to lodge complaints about the Company’s processing of personal data with the competent authorities. However, the Company invites users to give it the opportunity to address any concerns they may have by contacting it before turning to the competent authorities.
Full contact details:
Stendhapp srl – Startup Innovativa A Vocazione Sociale C.F./P.IVA:10579460964
Via Settembrini, 52 – Milan – Italy
Att.: Privacy Officer
Stendhapp also uses open data owned by the Public Administration, which use is regulated by the licence available at the following link https://www.dati.gov.it/content/italian-open-data-license-v20 .