Privacy Policy

– Information on the processing of personal data pursuant to Articles 13 and 14 of the GDPR –

In compliance with the obligations arising from national legislation (Legislative Decree 30 June 2003 No. 196 as amended by Legislative Decree 10 August 2018, No. 101, Personal Data Protection Code) and European Union legislation (European Regulation for the protection of personal data No. 679/2016, GDPR) and subsequent amendments, this App intends to respect and protect the privacy of its users, making every possible and proportionate effort not to infringe upon their rights. This Privacy Policy outlines the methods of processing personal data, including the choices you have made as a user, regarding the collection, use, and disclosure of certain information, including personal data, in connection with the Services provided by AppRover S.r.l. Sb on the AuthenPiQ Website and App (hereinafter referred to as “Site” and “App”).

1. Data Controller’s Contacts

The Data Controller is AppRover S.r.l. Sb (VAT No. 04381800988), with registered office at Via Carlo Venturi, No. 57, 25131, Brescia (BS).
For questions about your account or how to contact Customer Service, you can reach our Help Center at support@authenpiq.com. For specific questions regarding this privacy policy, or our use of your personal data, cookies, or similar technologies, you can contact us by email at privacy@authenpiq.com.
Please remember that when you contact us, for security reasons, we may need to verify your identity before fulfilling your request.

2. Type of Data Collected

The Data Controller’ systems acquire, during their normal operation, some personal data related to users’ activity on the website or the App. This category includes:

Data Provided Voluntarily by the User

e-mail address;
identification codes, such as username and password, instrumental in the creation of the wallet;
information provided in the context of an operational request or assistance (reason for contact or complaint);
multimedia files (photos, videos) taken through the App;
data related to orders, including the means of payment used.

Identifiers

User ID such as the e-mail, the connected wallet address, or other user- or account-level IDs that can be used to identify a particular user or account;
Private key encrypted with a password set at the time of User registration;
Authentication token automatically managed by the Firebase library and the WalletConnect library in the case of wallet access;
Data related to the user’s acquisitions: i. user’s location, ii. timestamp of the capture, iii. timestamp of the location; iv. generic data on the type of file acquired (image resolution, file type, file size).

3. Purposes and Legal Bases

All processing of personal data by the Data Controller and its external data processors occurs on the following legal bases and for the pursuit of the following purposes:

	Purposes	Legal Base
1	To provide the services requested by the data subjects. In particular, the processing of personal data is aimed at: • enabling the use of the Website and the App; • verifying the identity of users; • managing the registration and assignment of user account; • allowing the use of services requested by users, in compliance with the Terms of Service https://authenpiq.com/terms-conditions/.	Consent of the data subject or performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(a) and (b) GDPR)
2	To process and respond to customer support communications and information requests.	Legitimate interest (Art. 6(1)(f) GDPR)
3	To improve our products and services (for example, by conducting surveys among users and research activities to provide new features and to evaluate user satisfaction).	Legitimate interest (Art. 6(1)(f) GDPR)
4	To send information and marketing communications about our products and services, such as tips, offers, and newsletters via email (so-called soft-spam) in any case similar to those subject to contracts concluded between you and AppRover S.r.l. Sb.	Pursuit of our legitimate interests (Art. 6(1)(f) GDPR), provided that they do not override the interests or rights and fundamental freedoms of the data subject pursuant to Article 130(4) of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018). Such processing based on our legitimate interest does not require your specific consent. However, you may object to the processing at any time by sending a written communication to privacy@authenpiq.com or, with specific reference to the receipt of direct marketing communications via email, by clicking on the unsubscribe link in each communication.
5	To protect our systems, prevent fraud, and help us protect security (for example, by confirming your identity) and to enforce and defend the rights of AppRover S.r.l. Sb.	Legitimate interest (Art. 6(1)(f) GDPR).
6	To comply with our legal obligations, including requests from competent authorities (administrative, tax, and judicial).	Compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR).
7	To establish, exercise, or defend our rights and those of our employees, and to carry out business transactions or operations (for example, in the event of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to such transactions).	For the pursuit of our legitimate interests, provided that they do not override the interests or rights and freedoms (Art. 6(1)(f) GDPR).

For any questions about the use of personal data (including legal bases and transfer methods), cookies, or similar technologies, you can contact us by email at privacy@authenpiq.com.

4. Use of cookies and other tracking tools

For more details on the cookies used on the Website and App of AppRover S.r.l. Sb, please refer to our Cookie policy.

5. Data Retention and Protection and Possible Extra-EU Transfer

Personal data will be processed using automated means and will be stored at our headquarters and on the servers of our service providers located within the EU.

The multimedia files you have acquired are saved on your device, in a private folder contained within the device itself, and stored on Firebase cloud, which can only be accessed by system administrators. However, consider that if the notarization process of the multimedia file should fail to complete successfully, the file is deleted after the expected term of 90 seconds expires, while if the App is terminated during the notarization process, the acquired file is not deleted.

Your data will be retained for a period of time not exceeding the time necessary for the purposes for which it was collected, and, in any case, for a maximum of 24 (twenty-four) months from the last access to the platform, or up to 30 (thirty) days from the deactivation of the account. In any case, the exercise of your rights as per the following section is reserved.

We may retain some data even after the termination of our service provision relationship, as necessary for the management of specific contractual or legal obligations, as well as for administrative, tax, and/or contributory purposes, for the period of time imposed by laws and regulations in force, as well as for the time necessary to assert any rights in court.

Notwithstanding the foregoing, data processed for marketing purposes based on consent and/or legitimate interest will be retained for a period of 24 months starting from: (i) the date on which consent is given or renewed through the App or the Website, or (ii) the date of the last contact with AppRover S.r.l. Sb, which includes, for example, taking a photo or video and/or accessing the App, subject to cases where retention for a longer period is required for any disputes, requests from competent authorities, or pursuant to applicable legislation.

As a rule, we will not transfer your personal data outside the European Economic Area. However, if it become necessary to transfer your data outside the European Economic Area for the purposes of this notice, and to countries or territories not subject to an adequacy decision by the European Commission pursuant to Article 45 GDPR, (i) we will make such transfer based on the conditions set out in Articles 46 or 47 GDPR (adequate safeguards or binding corporate rules) and/or the derogations provided for in Article 49 GDPR, and (ii) we will adopt the necessary technical-organizational and/or contractual measures to ensure a level of protection of your personal data comparable to that guaranteed by the applicable legislation within the European Economic Area.

We adopt technical and organizational measures aimed at preventing the loss, misuse, and alteration of your personal data. In some cases, encryption and pseudonymization or anonymization measures may also be adopted. However, transmissions over the Internet are never completely secure, so users should not provide any personal data if they wish to avoid any risk.

6. Access to personal data

We may need to share your personal data with the following categories of recipients:

Service providers that perform activities related or instrumental to our business and operational activities as outsourced data processors appointed in writing in accordance with applicable privacy laws or acting as independent data controllers (such as IT or storage service providers, mobile measurement partners, mobile marketing service providers, and advertising networks and platforms).
If we undertake a business transaction or operation (for example, in the event of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to such transactions), your personal data may be disclosed to our advisors and the advisors of any potential buyer and may be one of the assets that is transferred to another owner.
Public, judicial, or police authorities, within the limits established by applicable laws.

Personal data will not be disclosed for reasons other than those indicated above, unless such disclosure is deemed necessary for the fulfillment of a legal obligation or in the event that your consent is requested.

7. Information and Rights in the Field of Privacy

Under the European Regulation No. 679/2016 (GDPR) and national legislation, as a data subject, you can, in the manner and within the limits established by current legislation, exercise the following rights:

request confirmation of the existence of personal data concerning you (right of access);
know its origin;
receive intelligible communication of the data;
have information about the logic, methods, and purposes of the processing;
request the updating, rectification, integration, deletion, anonymization, or blocking of data processed in violation of the law, including data that is no longer necessary for the purposes for which it was collected;
in cases of processing based on consent, receive at the cost of any necessary support, your data provided to the data controller, in a structured and machine-readable format and in a format commonly used by an electronic device;
the right to lodge a complaint with the Supervisory Authority (Privacy Guarantor – link);
as well as, more generally, exercise all the rights that are recognized by current legal provisions.

Requests should be addressed to the Data Controller, by writing to the email box privacy@authenpiq.com or to its physical address.
In the case where data is processed based on legitimate interests, the rights of the data subjects to the processing are still guaranteed (except for the right to data portability which is not provided for by the regulations), in particular the right to object to the processing which can be exercised by sending a request to the data controller.

For other requests, or if you have questions about our privacy policies, contact us at privacy@authenpiq.com.

We respond to all requests we receive from individuals wishing to exercise their rights in accordance with applicable data protection laws.