Hello and welcome to the privacy policy (the "Policy" of Edo.io Srl ("Edo" or "We" or "Us"), a company under Italian law that developed and owns Moleskine Journey (former Edo Agenda), a cloud service that combines calendar, note-taking and task management functions and makes them available as a web application and for mobile devices published on the website https://discover.moleskinejourney.com and Moleskine Planner (former Moleskine Balance), an app that makes you aware of how you use your time, allowing you to visually plan your days and find out where you invest your hours through intuitive charts published on the App Store (each hereinafter the "Platform").
Moleskine Journey and Moleskine Planner are part of the new Suite of Apps created to help you plan and design your life: the Moleskine Everyday Suite which will include four Apps. In addition to the two Apps already mentioned, in fact, Moleskine Everyday Suite will include also Moleskine Notebook which will help you focus on ideas, with digital and analog writing and drawing functions to spark your creativity, and. Moleskine Pocket which will help you gather inspiration and organise your projects and ideas in one convenient place.
You will be able to access and use the Moleskine Journey and Moleskine Planner apps by registering, just once, and then logging in with your credentials (password and username) to each of the two apps. In other words, your user profile is unique and, in this way, by logging in with Journey credentials, you will have the ability to take advantage of the potential offered by Planner and vice versa, by logging in with Planner credentials you will have automatic access features offered by Journey. This will allow you to have at your disposal a wider range of services - without prejudice to the need to subscribe specifically to use the premium features of the apps - without the need to make two separate logins and therefore without the need to obtain additional login credentials.
In view of the complementary nature of the features offered by the two apps and the fact that Edo is the data controller for the personal data processed by both of them, the unification of your account for access to the two Apps does not entail any changes relating to the purpose or the legal bases of the processing referred to in this Policy.
Through the Platform we collect certain information about you, as a User ("you" or the "User"), that qualifies as personal data (the "Personal Data"). Personal Data is information about individuals who are identified or identifiable through other information, such as a number or identification code. Examples of Personal Data include a person's first name, last name, address, social security number, a picture, a person's voice, fingerprints, and bank details.
The purpose of this Policy is to provide you with all the information you need so that you, as a User, can understand our policy with regard to the collection, disclosure, and use of your Personal Data.
If you intend to activate the Platform's services through services offered by third parties (by way of example only and not limited to: login with Google), Personal Data about you may be shared by such third parties with Edo, as better explained below.
We recommend that you read carefully the relevant privacy policy on any such third-party websites on how your Data will be processed by them and possibly shared with Edo:
https://policies.google.com/privacy?hl=it (with regard to login with Google).
This Policy does not apply to the services offered by third parties in the event of syncing between the Platform and such services and to their methods of processing Personal Data. We recommend that you read carefully the relevant privacy policy on any such third-party websites on how any Personal Data will be processed by them:
https://policies.google.com/privacy?hl=it (with regard to syncing events with Google Calendar).
This Policy does not apply to technical services offered by third parties in the event of external integration between the Platform and such services and their methods of processing of Personal Data. We recommend that you read carefully the relevant privacy policies on any such third-party websites:
Moleskine Journey and Moleskine Planner optionally integrate with OpenAI to provide the Mol-E AI assistant feature.
The information you enter may be also sent to OpenAI's servers.
We won't sell these data, but we might use them to improve this feature. Just be aware of this information when using Mol-E and don't share anything private.
This feature is new and experimental. Results may be incomplete or inaccurate and they may change in the future.
If you are under the age of 18 (eighteen), or you lack legal capacity, this Policy is addressed to the person in charge of such undertaking under current Italian law, and who is the only person authorised to give the relevant express consent.
This Policy may be subject to additions or amendments in order to update it with respect to regulations and/or to adapt it to any technical changes made to the Platform and/or to any changes in the purposes or methods of processing your Data.
We will inform you of any changes with specific and appropriate individual notifications, but we recommend that you check this document periodically so as to stay up to date. Any updated versions, which will bear the date on which the update was made, will be published promptly on the Platform.
***
1. Data Controller, Data Processors and Data Protection Officer The data controller is Edo.io Srl, with registered office in Terni (TR), Via Federico Fratini, 6, e-mail team@edo.io, hereinafter also referred to as the "Controller".
Appointed as System Administrator is:
Marco Muratore
A detailed list of Data Processors can always be requested by sending a simple written request to the Data Controller at the addresses indicated above.
2. Types of data processed and purpose of the processing
2.1 Browsing data and activity
The IT systems and procedures used to operate the Platform may automatically acquire, during their normal operation, certain Personal Data relating to your browsing activity, such as, by way of example, your IP address, the number of times you have accessed the site, the duration of the visit, the browser or device used, the pages viewed, and the date and time of access.
Personal data relating to your browsing is collected primarily in order to obtain non-identifying statistical information about the use of the Platform and to check its proper functioning.
2.1.1 Cookies
Cookies ("Cookies") are small pieces of text that are stored on your device and which record data related to your browsing activity. If cookies are not disabled, this data is communicated to the website, or the application that installed them, each time you return to the website.
Types of Cookies:
Technical cookies: allow you to browse through the website or application and use options or services. For example, they identify the session, restrict access to web parts, remember the elements of an order, make a request for registration or participation in an event, use the security features while browsing, and store content for audio or video broadcast. In other words, these are all of the cookies that are required to satisfy the specific request that you have made at that time and are not used for any other purpose.
Profiling cookies: allow for a more effective management of the website or application's advertising space and enable the customisation of the advertisement so that it may be relevant to the user and prevent the user from viewing advertisements which have already been seen. These cookies therefore perform true profiling of the users' behaviour.
Third-party cookies: third-party cookies are cookies used by the operator of the website or application, but are installed on the user's device by third parties other than the operator of the website or application. Third-party cookies are, for example, the statistical services of Google Analytics or the advertising service of Google Adsense.
If you would like more information about these cookies, or to find out how to refuse or delete them, please take a look at the privacy policies below, using the addresses provided.
Below is a list of the Cookies used.
Cookie name | Domain | Description | Duration |
---|---|---|---|
_ga | edo.io | Used to distinguish users. | 2 years |
_gid | edo.io | Used to distinguish users. | 24 hours |
_gat | edo.io | Used to throttle request rate. | 1 minute |
__utma | edo.io | Used to distinguish users and sessions. The cookie is created by the javascript library, it is updated every time data is sent to Google Analytics. | 2 years from set/update |
__utmt | edo.io | Used to throttle request rate. | 10 minutes |
__utmb | edo.io | Used to determine new sessions/visits. The cookie is created by the javascript library, it is updated every time data is sent to Google Analytics. | 30 minutes from set/update |
__utmc | edo.io | Not used in ga.js. Set for interoperability with urchin.js. Historically used to determine if the user had started a new session. | Until end of browser session |
__utmz | edo.io | Stores the traffic source or campaign that explains how the user reached your site. The cookie is created by the javascript library, it is updated every time data is sent to Google Analytics. | 6 months from set/update |
__utmv | edo.io | Used to store personalised visitor data. The cookie is updated each time data is sent to Google Analytics. | 2 years from set/update |
_fbp | edo.io | Used to track the results of Facebook campaigns that lead to your site. | 90 days from set/update |
cookie_permission | agenda.edo.io | Used to store consent to the use of cookies | 1 year |
refresh_token | agenda.edo.io | Used to keep the user session active and update the access_token | 30 days after set |
access_token | agenda.edo.io | Used to authenticate requests to the server | 1 day |
cookie_permission | moleskinejourney.com | Used to store consent to the use of cookies | 1 year |
refresh_token | moleskinejourney.com | Used to keep the user session active and update the access_token | 30 days after set |
access_token | moleskinejourney.com | Used to authenticate requests to the server | 1 day |
The installation of Cookies, which normally takes place automatically with most browsers, can be prevented by simply deactivating the ability to receive Cookies in your browser settings.
For further, more specific information about Cookies, please click on the link of the browser you usually use:
For more information or clarifications, you can contact us by email at: journeyapp@moleskine.com.
If you decide not to enable Cookies, your experience on the Platform may be limited.
You can find more information about cookies and how to manage them by consulting the site www.aboutcookies.org or by consulting the provision identification of the simplified procedures for the information and the acquisition of consent for the use of cookies.
2.2 Data processed in relation to the use of services accessible through the use of credentials
The services of the Platform may be reserved for registered Users. In that case, to complete the registration process you must provide the following Personal Data:
The provision of any other Personal Data that may be required as part of the registration procedure, where not expressly indicated as required, is optional and entirely left up to you.
How may we use your Personal Data for this purpose? In general, we may need to use your Personal Data, such as your e-mail address, to set up and manage your account (for example, to send you password reminders or notify you of changes to your account details). We may also need to use your Personal Data to fulfil our contractual obligations to you, for example to provide the Platform's services.
What is the legal basis for us to process your Personal Data in this way? Processing your Personal Data is required to set up and manage your account. The performance of the Platform's services also makes it necessary to process your Personal Data in order to fulfil our contractual obligations to you.
The Personal Data provided may also be processed for:
(i) Sending advertising and marketing commercial communications. Subject to obtaining express consent, your Personal Data may be used for the purpose of sending advertising and marketing commercial communications, possibly taking into account the information you decide to provide by freely answering questions we ask you in order to better understand your interests. The consent to the processing of this data is optional and a refusal by you will not result in the inability to use the services of the Platform. Even in case of your consent, you will still have the right to object, in whole or in part, to the processing of your Personal Data for advertising and commercial purposes, by making a simple request to the Data Controller, without any formalities.
How can we use your Personal Data for this purpose? We may process Personal Data to send information and advertising material, including those from third parties; send commercial communications, even interactive; carry out direct sales or placement of products or services; or for all legitimate commercial purposes.
What is the legal basis that allows us to process your Personal Data in this way? The unequivocal, free, specific, informed, verifiable, revocable manifestation of your specific consent.
(ii) profiling activities, study and analysis of your interests and your requirements for the purposes of the definition of individual and group profiles, after obtaining your consent. The consent to the processing of this data is optional and a refusal by you will not result in the inability to use the services of the Platform. Even in case of consent, you will still have the right to object, in whole or in part, to the processing of your Personal Data for profiling purposes, making a simple request to the Data Controller, without any formality.
How can we use your Personal Data for this purpose? We may process your Personal Data to better understand your interests and preferences, in order to provide you an experience that is consistent with those interests and preferences. For example, we may do so in order to provide you with access to content for which you have shown the most interest, or to send you personalized offers or promotions via email (provided that you have consented to receive our communications for advertising and commercial purposes), or to offer you advertising content relating to your interests. This includes, for example, adapting our advertising to make certain advertisements visible when the public is particularly interested in them.
What is the legal basis that allows us to process your Personal Data in this way? The unequivocal, free, specific, informed, verifiable, revocable manifestation of your specific consent.
2.3 Personal Data that you provide voluntarily to us
The Personal Data that you provide voluntarily and freely on the basis of your own free will (for example the sending of e-mails to the addresses indicated on the Platform in order to obtain information or the chosen inclusion of content on the Platform), may be acquired by us and in this case processed in our capacity as Data Controller. In any case, we will ask for your consent to the processing before processing your Personal Data.
Such Personal Data, where different from that already in our possession as per Article 2.2, will not in any way be disclosed or communicated to third parties outside the company of the Data Controller, nor will it be used to define the profiles or personality of the person concerned or for direct or indirect commercial or advertising purposes and, in any case, will be processed and possibly stored solely for the purposes of providing the service.
2.4 Data relating to advanced sharing and collaboration features
The Platform has advanced sharing and collaboration features that allow you, as User, to
create a diary that can be sent, by third party means of transmission (for example via email
or messaging applications), to third parties who are not currently users of the Platform.
In making use of these sharing and collaboration features, as User of the Platform you
undertake to avoid the use of Personal Data of third parties in relation to which you have
not previously received an authorization from the respective owners. Such Personal Data will
not be visible to us during transmission, and will not be acquired by us and processed as
Data Controller, unless, after the specific acceptance of this Policy and the related
processing, such Personal Data coincide with those subjects of processing in accordance
with this Policy regarding third parties who have become Users.
2.5 Logging in with third-party services
We allow you or we will allow you to register and/or use our services using the account of some of the major social networks (including but not limited to Google). By choosing to use these services to register with the Platform, you authorise us to collect your Personal Data for authentication to these social networks (e.g. your username, your login credentials – in encrypted form).
The Personal Data we have access to will vary depending on how you set your privacy settings and consent on these social networks. If you decide to link the account managed by one of the above social networks to your account on the Platform – by authorising access to your Personal Data – you authorise us to acquire, process and possibly communicate the Personal Data present on these social networks, in accordance with current information and for all the specific related purposes.
Please note that we do not retain and will not retain the password to your Google account.
2.6 Protection of Personal Data
The Platform provides for the use of particularly advanced encryption technologies to protect the integrity and confidentiality of Personal Data.
The data is saved on an architecture that allows for daily backups and in case of transfer, where subject to consent, sensitive data is encrypted with AES, bcrypt or SHA2 algorithms.
However, take note that the use of an open and public computer system, such as the Internet for the transmission of information, increases the standard risks of any remote service
3. Categories of subjects to whom the Personal Data may be communicated and scope of data dissemination
Unless otherwise specified in relation to the individual purposes of the processing as specified above, the Personal Data collected may be disclosed to – or otherwise become known to – persons in charge of and/or responsible (including external) for the processing, in relation to the skills and functions of each, in order to meet the above purposes or to implement specific regulatory and/or contractual obligations.
Your Personal Data may then be communicated to companies, which Edo may contact for the implementation of operations necessary for the performance of the provisions you have received and for the provision of the services requested.
None of your Personal Data will be voluntarily disclosed unless you have expressly authorised it.
3.1 Transfer of Personal Data to Moleskine S.r.l. for marketing and profiling purposes
Subject to your specific consent, your Personal Data can be transferred to Moleskine S.r.l., which is an Italian company that controls Edo and will process your Personal Data for the following purposes:
In both the abovementioned scenarios, Moleskine S.r.l. will process your Personal Data acting as autonomous controller with the meaning of Article 4(7) GDPR.
In particular, depending on your specific consent, Moleskine S.r.l. will process your Personal Data for both marketing and profiling purposes or only for marketing purposes. Moleskine S.r.l. will not process your Personal Data if you give your consent only for profiling and not for marketing purposes.
Moleskine S.r.l. will process your Personal Data in full compliance with the general principles of the GDPR and will respect a retention period of 60 (sixty) months established for both marketing and profiling purposes. At the expiry of the mentioned retention period, Moleskine S.r.l. shall seek the renewal of your consent to continue to the processing of your Personal Data.
In any case, the refusal to provide your consent to the transfer of your Personal Data to Moleskine S.r.l. for marketing and/or profiling purpose will not affect in any way your ability to use the Platform.
For further and more detailed information about how Moleskine S.r.l. will process your Personal Data, you are encouraged to consult Moleskine S.r.l. privacy policy.
4. Processing method
The Personal Data held for the purposes set out above is processed by us, in a lawful and correct manner, by the prevalent use of automated or semi-automated tools.
5. Optional provision of data, consent and consequences of refusal
Except in the cases in which the acquisition of Personal Data is deemed necessary for the purposes of using the services you have requested; the provision of any other Personal Data is entirely optional.
Failure to provide optional data will not have any detrimental consequences for the user. Failure to provide required data may, however, make it impossible to use the services for which it is necessary to provide such data.
6. Duration of the retention of your personal data
In accordance with applicable data protection legislation, your Personal Data is stored for the period of time strictly necessary to provide the service, fulfil our obligations and achieve the purposes for which such data was collected. We may also retain data until the expiration of the applicable statutory limitation period if this is necessary to protect our legitimate interests. Thereafter, we will remove the data from our systems and records and/or take appropriate steps to make it anonymous so that you cannot be identified (unless we need to retain the data for the purpose of complying with our regulatory obligations).
7. Rights of the data subject
You have the right to request details about the Personal Data we process, and to revoke your consent to its processing, to correct or delete it and not to be contacted if you have not requested this.
(i) The right to access your Personal Data
You can request access to your Personal Data by contacting us through the contact details found at the bottom of the page. The file containing your Personal Data is usually made available within 10 days. It will however be made available no later than 30 days. On some occasions, we may be in a position to refuse access to your Personal Data (for example, if access unreasonably harms someone else's privacy or endangers someone's security). In this case we will provide you with a formal and explicit explanation of the reason for this impossibility. In some cases, we may also charge you an administrative fee to provide access to your Personal Data. Any fees will be reasonable and before we provide access to your Personal Data we will notify you to obtain your consent. If you request a copy of your Personal Data using electronic means, such as email, we will provide you with a copy of your data in electronic format, unless you request otherwise.
(ii) The right to modification or cancellation/deletion of your Personal Data
If you have created an account, you can access this account to edit or delete your Personal Data. Otherwise, you can send your request to journeyapp@moleskine.com or use the feedback form on the web or mobile application. If you have problems updating or deleting your data, you can still send an email with your request to journeyapp@moleskine.com or use the feedback form on the web or mobile application and we will solve the problem as soon as possible.
In the case of exercising the right to be forgotten, we will inform the data controllers that are processing your personal data.
(iii) The right to object to the processing of your Personal Data
You always have the right to ask us to stop processing your Personal Data, pursuant to applicable regulations.
(iv) The right to restrict the processing of your Personal Data
You have the right to ask to obtain the restriction of the processing of your Personal Data where: (a) the accuracy your Personal Data is contested, for a period enabling us to verify the accuracy of your Personal Data; (b) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead; (c) we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (d) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override those of you.
(v) The right to have your Personal Data transmitted to another organisation ( Personal Data Portability)
In the event that your Personal Data is processed for the purpose of your consent or for the performance of a contract, you have the right to ask us to provide you with the data relating to you and held by us in a structured, commonly used and readable format, and, where technically possible, to transmit such data directly to another organisation.
(vi) Complaints
If you believe that applicable data protection laws have been violated, you have the right to file a complaint with the Local Authority for the Protection of Personal Data in the European Economic Area ("EEA").
The local Data Protection Authority will be different depending on the country you are in. In the annex to the Privacy Policy, you can find a list of the Local Data Protection Authorities in the EEA countries in which we operate.
The above-mentioned rights can be exercised by you at any time by sending us a simple request by email.
Physical location of Personal Data
Your Personal Data is stored within the European Economic Area ("EEA"). Your Personal Data, in particular, is stored on Microsoft Azure servers, located in the Netherlands.
8. How to contact us?
If you have any questions or concerns about how we process your Personal Data, or would like to stop processing or would like to request a copy of your Personal Data, contact us via the feedback form on the web or mobile application or write to us on:
journeyapp@moleskine.com
Include your reply address when you write to us.
Annex
List of personal data protection authorities (EEA countries)
If you believe that applicable data protection laws have been violated, you have the right to file a complaint with the European Economic Area (EEA) Local Data Protection Authority.
The local authority is different depending on the country. Below you can find details of the local data protection authorities of the countries of the European Economic Area.
Country |
Personal data protection authority |
Austria | Österreichische Datenschutzbehörde |
Belgium | Commission de la protection de la vie privée |
Bulgaria | Commission for Personal Data Protection |
Croatia | Croatian Personal Data Protection Agency |
Cyprus | Commissioner for Personal Data Protection |
Czech Republic | The Office for Personal Data Protection |
Denmark | Datatilsynet |
Estonia | Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) |
Finland | Office of the Data Protection Ombudsman |
France | Commission Nationale de l’Informatique et des Libertés - CNIL |
Germany | Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit In Germania, la competenza per i reclami è divisa fra diverse Autorità di vigilanza per la protezione dei dati personali. |
Greece | Hellenic Data Protection Authority |
Hungary | Data Protection Commissioner of Hungary |
Iceland | The Icelandic Data Protection Authority Rauðarárstígur 10, 105 Reykjavík, Iceland Tel. +354-510-9600 e-mail: postur@personuvernd.is Website: https://www.personuvernd.is/ |
Ireland | Data Protection Commissioner |
Italy | Garante per la protezione dei dati personali |
Latvia | Data State Inspectorate |
Liechtenstein | Datenschutzstelle Kirchstrasse 8 Tel: +423 236 60 90 e-mail: info.dss@llv.li Website: http://www.llv.li/#/1758/datenschutzstelle |
Lithuania | State Data Protection |
Luxembourg | Commission Nationale pour la Protection des Données |
Malta | Office of the Data Protection Commissioner |
Holland | Autoriteit Persoonsgegevens |
Norway | Datatilsynet Postboks 8177 Dep. Tel: +47 22 39 69 00 e-mail: postkasse@datatilsynet.no Website: https://www.datatilsynet.no/English/ |
Poland | The Bureau of the Inspector General for the Protection of Personal Data - GIODO |
Portugal | Comissão Nacional de Protecção de Dados - CNPD |
Romania | The National Supervisory Authority for Personal Data Processing |
Slovakia | Office for Personal Data Protection of the Slovak Republic |
Slovenia | Information Commissioner |
Spain | Agencia de Protección de Datos |
Sweden | Datainspektionen |
United Kingdom | The Information Commissioner’s Office |