Pursuant to Article 13 of Regulation (EU) 2016/679 (the “Regulation”), Arubacloud Limited LTD (the “Data Controller”), hereby provides below to its Data Subjects, the information required by law relating to the processing of their personal data (“Data”) in connection with the use of the simyousoon service.
Privacy Policy pursuant to Article 13 of Regulation (EU) 2016/679
ABOUT US |
|
Data Controller Arubacloud Limited LTD, with registered office in The Crescent, Wexford, Y35HE67 |
|
Data Protection Officer (DPO) |
|
WHAT DATA |
|
CATEGORY OF DATA |
EXAMPLES OF TYPES OF DATA |
|
Personal information |
Name, surname, street address, nationality, province and municipality of residence, taxpayer ID number, email address |
|
Log |
Source IP address, Log (system and network) |
|
Furthermore, when using the App, and exclusively for purposes connected to the provision of the service, during the initial use the App may request permissions to access certain functions offered by the operating system used by the Data Subject. Such permissions may also be granted or revoked through the operating system settings. Should the user wish to unlock the App using biometric authentication (on devices that support it), this can be fully managed from the operating system of the device on which the App is installed (iOS or Android). The App never has access to biometric or other authentication data. Authentication data are saved and managed by the operating system only. |
|
|
DEVICE RESOURCES AND DATA SUBJECT TO PROCESSING |
PURPOSE |
|
Push Notifications |
send updates on plans, promotions, and eSIM expirations |
|
Internet Connection |
API calls, social login, content loading |
|
Webview / Browser |
open informational pages, social login, eSIM guides |
|
Local Storage |
store user settings, session tokens, data cache |
|
Social Login |
user authentication |
During their normal operation, computer systems and software applications involved in the downloading/functioning/payment of Apps (including, but not limited to, Apple Store, Google Play and Windows Phone Store) collect some of the user's data, the transmission of which is an inherent part of using internet communication protocols and the smartphones and devices used, which, in any case, is processed by the respective Providers as independent Data Controllers.
Below is a list of tracking tools on the App.
|
NAME |
DESCRIPTION |
|
Firebase Analytics |
The data are used, subject to the user’s consent, to perform analyses and generate statistical information on the use of the App. |
|
Firebase Crashlytics |
Anonymous tracking of a crash on the App (the Data Controller only receives the line of code that caused the crash, but no information about the user). |
|
WHY ARE THE DATA SUBJECT'S |
|
PURPOSES OF THE PROCESSING |
|
LEGAL BASIS |
|
Activation and provision of the App The Data Subject's personal data is processed to execute the download request, to activate and provide the Application chosen by the Data Subject and to ensure the proper functioning and use of its features and provide support. |
|
The legal basis for this processing is to provide the services relating to the contractual relationship and to comply with legal requirements.
|
|
Statistical analysis and App usage The Data Subject's personal data are processed, subject to their consent, through tracking systems for the purpose of performing statistical analyses and assessing the use of the App. |
|
The legal basis of this processing is the consent initially granted by the Data Subject for the processing itself, which may freely be withdrawn at any time, without prejudice to the lawfulness of any previous processing. Any refusal of consent by the Data Subject makes it impossible to use the relevant services, without this having detrimental consequences for the contractual relationship with the Data Controller. |
|
Management of the contractual relationship The Data Subject's personal data are processed to implement actions in preparation of and following the purchase of a Service and/or a Product, such as management of the relevant order, provision of the Service itself and/or production and/or shipping of the purchased Product, related invoicing and payment management, handling of any claims and/or notifications to the support service and provision of the support itself, sending communications for information as well as fulfilment of any and all other obligations arising from the contract. |
|
The legal basis for this processing is to provide the services relating to the pre-contractual and contractual relationship and to comply with the legal requirements. The provision of the data is optional. However if the Data Subject refuses to provide the data, it will not be possible for the Data Controller to provide the requested service. |
|
Defending a right in court or out of court The Data Subject's personal data are processed to ascertain, exercise or defend a right of the Data Controller and/or to defend itself against third party claims, in court or out of court. |
|
The legal basis of the processing is the pursuit of the legitimate interest of the Data Controller, given the balance of the rights of the latter and the Data Subject. |
|
Information Security The Data Subject's personal data are processed to ensure network and information security, the protection of corporate assets and corporate systems. |
|
The legal basis for this processing is compliance with the law and the pursuit of the legitimate interest of the Data Controller, given the balance of rights of the latter and the Data Subject. The Data Subject has the right to object at any time to the processing of their personal data for the purpose in question, on grounds relating to their personal situation.
|
|
Promotional activities for Services/Products similar to those purchased The Data Subject's personal data are processed in order to send emails relating to promotions and offers relating to the Data Controller's Services/Products identical and/or similar to those covered by the current contract with the Data Subject, unless the Data Subject objected to the processing, initially or during subsequent communications.
|
|
The legal basis for this processing is legitimate interest (Article 6(1)(f) GDPR), in accordance with Article 13(11) of the ePrivacy Regulations (S.I. 336/2011). The communications will be sent within 12 months of the original sale, unless the contractual relationship is renewed or a different consent is provided. The Data Subject has the right to object at any time to the processing of his/her personal data for the purpose in question.
|
|
Promotional activities for Services/Products offered by Arubacloud Limited LTD and Aruba Group Companies The processing of the personal data of the Data Subject is carried out for the purpose of sending, under his/her prior specific consent, newsletters and communications regarding offers, discounts and promotions for Services/Products provided by the Data Controller and by the companies of the Aruba Group through traditional means (e.g. ordinary mail, telephone calls with an operator) and/or automated means (e.g. e-mail, text messages, online instant messaging applications, web and mobile push notifications). |
|
The legal basis of this processing is the consent initially granted by the Data Subject for the processing itself, which may freely be withdrawn at any time, without prejudice to the lawfulness of any previous processing. If the Data Subject refuses to give their consent, it will not be possible to use the relevant services, without this entailing detrimental consequences for the contractual relationship with the Data Controller.
|
|
Taking part in surveys/research The Data Subject's personal data are processed by the Data Controller with specific consent, for inviting participation in surveys and market research, using traditional methods (e.g. ordinary mail, telephone calls with operator) and/or automated methods (e.g. e-mail, SMS, instant messaging, pre-recorded phone calls). |
|
The legal basis of this processing is the consent initially granted by the Data Subject for the processing itself, which may freely be withdrawn at any time, without prejudice to the lawfulness of any previous processing. If the Data Subject refuses to give their consent, it will not be possible to use the relevant services, without this entailing detrimental consequences for the contractual relationship with the Data Controller. |
|
Profiling The Data Subject's personal data are processed by the Data Controller with specific consent, for profiling purposes such as the analysis of the transmitted data and the purchased Services/Products in order to offer advertising messages and/or business deals that are aligned with user selections. |
|
The legal basis of this processing is the consent initially granted by the Data Subject for the processing itself, which may freely be withdrawn at any time, without prejudice to the lawfulness of any previous processing. If the Data Subject refuses to give their consent, it will not be possible to use the relevant services, without this entailing detrimental consequences for the contractual relationship with the Data Controller.
|
|
TO WHOM DO WE COMMUNICATE |
|
|
|
|
|
CATEGORIES OF RECIPIENT |
|
PURPOSE |
|
Companies belonging to the Aruba S.p.A. Group (“Aruba Group”). |
|
Fulfilment of administrative and accounting requirements, as well as those connected with the services requested. |
|
Third party providers and companies belonging to the Aruba Group. |
|
Performance of services (assistance, maintenance, delivery/shipping of products, performance of additional services, providers of networks and electronic communication services, promotional/advertising activities only if the Data Subject has provided specific consent to marketing) associated with the requested service. |
|
Financial Administration, Public Agencies, Legal Authorities, Supervisory and Oversight Authorities. |
|
Fulfilment of legal requirements, defence of rights; lists and registers held by Public Authorities or similar agencies based on specific regulations relating to the requested service. |
|
Credit and electronic payment institutions, banks/post offices. |
|
Managing deposits, payments, reimbursements associated with the contractual service. |
|
Persons belonging to these categories operate independently as separate data controllers or as data processors appointed by the Data Controller. The Data Controller's personnel that are specially authorised for processing, including interns, temporary workers, consultants, may also have knowledge of the data, in relation to the performance of their assigned tasks. In no case shall personal data be disclosed and they shall not, therefore, be accessible by undefined parties, in any form, for example by them being made available or subject to consultation. |
|
|
|
HOW WE PROCESS THE DATA The data shall be processed using manual, electronic and remote means and in accordance with the requirements set by the relevant legislation, which seeks to ensure the confidentiality, integrity and availability of the data, and to avoid material or moral damages. |
WHERE WE PROCESS THE DATA
SUBJECT'S DATA
|
The Data Subject's data is stored in archives located in European Union countries. Where necessary for the pursuit of the stated purposes, the Data Subject's data may be transferred abroad, to countries/organizations outside the European Union guaranteeing a level of personal data protection deemed adequate by the European Commission by its own decision or, otherwise, on the basis of other appropriate safeguards, such as the Standard Contractual Clauses adopted by the European Commission or the Data Subject's consent. The Data Subject is entitled to obtain a copy of any appropriate safeguards, as well as the list of countries/organizations to which the data has been transferred by writing to privacy@simyousoon.com. |
|
HOW LONG WE RETAIN THE DATA The Data are stored in a form which enables the Data Subject to be identified for no longer than is necessary for the collection purposes, given the laws covering the activities and sectors in which the Data Controller operates. The Data necessary to comply with tax and accounting obligations are retained for 6 years from the termination of the contract. In case of Mail or Connectivity Services the internet traffic data are retained for 6 years. The personal contact data are processed for promotional activities as well as for participation in surveys and market research, for up to 24 months from the termination of the contract, unless prior consent is revoked by the data subject. Contact details are processed to send commercial offers in line with the choices of the data subjects for up to 12 months from the date of termination of the contract, unless the data subject withdraws consent beforehand. Furthermore, the processed data: • as part of the marketing activities, are stored for this purpose for 24 months; • for profiling purposes, are kept for 12 months. Once the periods thus established have transpired, the data will be deleted or processed anonymously, unless further retention is necessary to comply with obligations or to comply with orders issued by Public Authorities and/or Supervisory Bodies. |
|
WHAT ARE THE DATA The Data Subject shall contact privacy@simyousoon.com to exercise the right to obtain, in the cases provided for in the Regulation, access to the data concerning him/her, deletion of the data, correction of incorrect data, completion of incomplete data, limitation on processing the data, portability of the data and opposition to the processing. |
|
The Data Subject also has the right to lodge a claim with the competent supervisory authority (Data Protection Commission) or with the agency performing its duties and exercises its rights in the member State where the breach occurred, as provided for in Art. 77 of the Regulation, as well as to file appropriate legal proceedings pursuant to Arts. 78 and 79 of the Regulation. |