Pursuant to art. 13 and 14 of the European Regulation (EU) 2016/679 (General Data Protection Regulation), LYOTECH SRL protects and respects your personal data. In order to protect people and other subjects regarding the processing of personal data, and in relation to the information that will come into possession, we inform you as follows:
2. Purpose and recipients of data processing 2
4 Methods of data processing 4
4.1 Transfer, storage and processing of data 4
4.2 Processing for research purposes 4
7. Changes to the legislation 6
Data controller: LYOTECH SRL, Corso Unità d’Italia 10, 22063 Cantù (CO), Italy
To exercise the rights indicated below, the interested party can contact the data controller preferably at the dedicated email address privacy@lyotech.it or, alternatively, by registered mail to “DPO LYOTECH SRL, ℅ Studio Mascheroni e Brianza, Corso Unità d’Italia 10, 22063 Cantù (CO), Italy”.
UbiCAREis a monitoring service designed to assist fragile people (subjects monitored) when they are outdoors outside their living environment. The application allows the detection of the position of the monitored subject through the use of a mobile application; in this way the user can notify his position to close contacts in case of need (emergency call) and / or when in places that can be selected by the user. The UbiCaRE application can be used alone, or in combination with the LYOTECH BRIDGe service:
LYOTECH respects the privacy of its customers, especially fragile people. The collection, processing and communication of the data in question to the observers is carried out for the sole purpose of detecting any criticalities in the behavior of the monitored subject that are relevant to improve their quality of life. For this reason, the data processed is limited only to the data necessary for the purposes described above.
The recipients of the treatment - the data subjects - are the monitored subjects.
IN BREVE:
NAME | DESCRIPTION | USED TOOLS | DATA PROCESSED |
subject monitored | The one who is monitored | UbiCARE mobile application | Personal data, Tracking data |
close contacts | Those who receive notifications via SMS (standalone mode) | - | - |
observers | Those who are authorized to view the information collected on the monitored subject (BRIDGe combined mode) | BRIDGe mobile application | - |
In order to guarantee registration and use of the service, the monitored subject must provide the following self-certified identification data: Name, Surname, Tax Code, Sex, Residence address, place and date of birth.
The mobile application uses data collected from sensors available on the monitored subject's smartphone to identify the location. These data are processed with filtering techniques and data analytics to extract only the information relevant to the purposes described in this statement. The following table illustrates the data that UbiCARE can process:
DATA TYPE | SOURCE | SENSITIVE | DESCRIPTION |
Location | GPS | Yes | Coordinates detected |
WPS | Wifi | No | Public name of nearby WiFi networks |
OpenStreet data | Open street map | Yes | Information relating to the environment where the monitored subject is located |
The data considered "non-sensitive" are those that cannot be traced back to any user without the knowledge of the owner of the pseudonymised code that identifies him.
AUTHORIZATION SERVER
Personal data is stored on a server within the EU, together with the permissions granted by the monitored subjects. Access to personal data is allowed to interested parties through a special WEB BRIDGe interface accessible using the credentials provided when activating the service.
DATA SERVER
The monitoring data is processed and stored on a server within the EU that is physically and geographically separate from the AUTHORIZATION SERVER. The association between the personal data of a monitored subject and his or her personal data is entrusted to a pseudonymised code that does not allow unauthorized subjects to infer the belonging of the monitoring data.
The monitoring data collected can be processed externally to LYOTECH SRL by specialized companies and / or external persons within the EU who act on their behalf as long as they are previously anonymized and in any case in full compliance with art. 13 and 14 of the European Regulation (EU) 2016/679.
SECURITY IN DATA PROCESSING
Data transfer takes place through encrypted communication protocols (SSL-HTTPS) and / or SMS.
All passwords of UbiCARE service users are encrypted.
All data processed are stored using encrypted and password protected databases.
The monitoring data is also stored anonymously and in aggregate form for research purposes. The research results can be disseminated in conference / conference proceedings and in scientific and / or popular newspapers / publications. Such information will be treated in an anonymous and aggregate form without allowing the identification of any individual.
As interested parties, the monitored subjects and the supervisors enjoy the rights referred to in Regulation (EU) 2016/679. The interested party has the right to:
With regard to the exercise of these rights, the interested party can use the tools made available to the user through the BRIDGe web application, or write an email to privacy@lyotech.it or, alternatively, by registered mail to “DPO LYOTECH SRL, ℅ Studio Mascheroni e Brianza, Corso Unità d’Italia 10, 22063 Cantù (CO), Italy”.
* MONITORING SERVICE CLOSING: by terminating the monitoring service, the personal data of the interested parties will be immediately deleted, as well as all the information that can be connected to them (geo-location where present). With regard to non-sensitive, anonymized monitoring data, and therefore not attributable to any user, these will be processed solely for research purposes for the purposes and within the terms set out in this statement.
The personal and monitoring data of the interested parties will be stored in the manner described in this information for the entire duration of use of the UbiCARE service by the interested parties. At the end of this period all personal data will be destroyed.
Non-sensitive anonymised monitoring data, and therefore not attributable to any person, will be kept for research purposes as described in section 4.2, and in any case for a period of less than 10 years.
Any changes to this legislation will be communicated via email to the address registered during its acceptance. It is possible to request the updated legislation at the address privacy@lyotech.it or view it from the BRIDGE web application. This policy was updated on: November 17, 2020.