Pursuant to art. 13 and 14 of the European Regulation (EU) 2016/679 (General Data Protection Regulation), LYOTECH SRL protects and respects your personal data. In order to protect people and other subjects regarding the processing of personal data, and in relation to the information that will come into possession, we inform you as follows:
1. Data Controller 2
2. Purpose and recipients of data processing 2
3. Data processed 3
3.1 Personal data 3
3.2 Monitoring data 3
4 Methods of data processing 4
4.1 Transfer, storage and processing of data 4
4.2 Processing for research purposes 4
5. Rights of data subjects 4
6. Duration of treatment 6
7. Changes to the legislation 6
1. Data Controller
Data controller: LYOTECH SRL, Corso Unità d’Italia 10, 22063 Cantù (CO), Italy
To exercise the rights indicated below, the interested party can contact the data controller preferably at the dedicated email address email@example.com or, alternatively, by registered mail to “DPO LYOTECH SRL, ℅ Studio Mascheroni e Brianza, Corso Unità d’Italia 10, 22063 Cantù (CO), Italy”.
2. Purpose and recipients of data processing
UbiCAREis a monitoring service designed to assist fragile people (subjects monitored) when they are outdoors outside their living environment. The application allows the detection of the position of the monitored subject through the use of a mobile application; in this way the user can notify his position to close contacts in case of need (emergency call) and / or when in places that can be selected by the user. The UbiCaRE application can be used alone, or in combination with the LYOTECH BRIDGe service:
- STANDALONE MODE: the monitored subject uses the UbiCARE application and sends communications to his/her contacts via SMS.
LYOTECH respects the privacy of its customers, especially fragile people. The collection, processing and communication of the data in question to the observers is carried out for the sole purpose of detecting any criticalities in the behavior of the monitored subject that are relevant to improve their quality of life. For this reason, the data processed is limited only to the data necessary for the purposes described above.
The recipients of the treatment - the data subjects - are the monitored subjects.
The one who is monitored
UbiCARE mobile application
Personal data, Tracking data
Those who receive notifications via SMS (standalone mode)
Those who are authorized to view the information collected on the monitored subject
(BRIDGe combined mode)
BRIDGe mobile application
3. Data processed
3.1 Personal data
In order to guarantee registration and use of the service, the monitored subject must provide the following self-certified identification data: Name, Surname, Tax Code, Sex, Residence address, place and date of birth.
3.2 Monitoring data
The mobile application uses data collected from sensors available on the monitored subject's smartphone to identify the location. These data are processed with filtering techniques and data analytics to extract only the information relevant to the purposes described in this statement. The following table illustrates the data that UbiCARE can process:
Public name of nearby WiFi networks
Open street map
Information relating to the environment where the monitored subject is located
The data considered "non-sensitive" are those that cannot be traced back to any user without the knowledge of the owner of the pseudonymised code that identifies him.
4 Methods of data processing
4.1 Transfer, storage and processing of data
Personal data is stored on a server within the EU, together with the permissions granted by the monitored subjects. Access to personal data is allowed to interested parties through a special WEB BRIDGe interface accessible using the credentials provided when activating the service.
The monitoring data is processed and stored on a server within the EU that is physically and geographically separate from the AUTHORIZATION SERVER. The association between the personal data of a monitored subject and his or her personal data is entrusted to a pseudonymised code that does not allow unauthorized subjects to infer the belonging of the monitoring data.
- STANDALONE MODE: The monitoring data are usable only to close contacts via SMS.
- BRIDGe COMBINED MODE: The monitoring data can only be used by observing users via the BRIDGe mobile application by entering their credentials.
The monitoring data collected can be processed externally to LYOTECH SRL by specialized companies and / or external persons within the EU who act on their behalf as long as they are previously anonymized and in any case in full compliance with art. 13 and 14 of the European Regulation (EU) 2016/679.
SECURITY IN DATA PROCESSING
Data transfer takes place through encrypted communication protocols (SSL-HTTPS) and / or SMS.
All passwords of UbiCARE service users are encrypted.
All data processed are stored using encrypted and password protected databases.
4.2 Processing for research purposes
The monitoring data is also stored anonymously and in aggregate form for research purposes. The research results can be disseminated in conference / conference proceedings and in scientific and / or popular newspapers / publications. Such information will be treated in an anonymous and aggregate form without allowing the identification of any individual.
5. Rights of data subjects
As interested parties, the monitored subjects and the supervisors enjoy the rights referred to in Regulation (EU) 2016/679. The interested party has the right to:
- right to information - right to obtain information on which data are processed by the owner;
- right of access - right to request and obtain the data held by the owner in an intelligible form;
- right to update and rectify - right to obtain the updating or correction of the data provided;
- right to be forgotten - right to obtain the deletion of data in possession of the holder. This option results in the termination of the monitoring service *;
- right to object - right to oppose the processing: no further data concerning him will be collected, without prejudice to the use of any data already collected to determine, without altering them, search results or those that, originally or following processing, are not attributable to an identified or identifiable person. This option results in the termination of the monitoring service *;
- right to withdraw consent - right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation. If you object to the processing of data essential for the use of the service, this option implies the end of the monitoring service *;
- right to request and obtain the blocking or limitation of data processed in violation of the law and those whose retention is no longer necessary in relation to purposes of the processing.
With regard to the exercise of these rights, the interested party can use the tools made available to the user through the BRIDGe web application, or write an email to firstname.lastname@example.org or, alternatively, by registered mail to “DPO LYOTECH SRL, ℅ Studio Mascheroni e Brianza, Corso Unità d’Italia 10, 22063 Cantù (CO), Italy”.
* MONITORING SERVICE CLOSING: by terminating the monitoring service, the personal data of the interested parties will be immediately deleted, as well as all the information that can be connected to them (geo-location where present). With regard to non-sensitive, anonymized monitoring data, and therefore not attributable to any user, these will be processed solely for research purposes for the purposes and within the terms set out in this statement.
6. Duration of treatment
The personal and monitoring data of the interested parties will be stored in the manner described in this information for the entire duration of use of the UbiCARE service by the interested parties. At the end of this period all personal data will be destroyed.
Non-sensitive anonymised monitoring data, and therefore not attributable to any person, will be kept for research purposes as described in section 4.2, and in any case for a period of less than 10 years.
7. Changes to the legislation
Any changes to this legislation will be communicated via email to the address registered during its acceptance. It is possible to request the updated legislation at the address email@example.com or view it from the BRIDGE web application. This policy was updated on: November 17, 2020.