Through the Platform we collect certain information about you, as a User ("you" or the "User"), that qualifies as "Personal Data". Personal Data is generally defined as any information about identified individuals or individuals that can also be identified through other information – for example, through a number or identification number – such as: name and surname or company name; address; tax code; an image; the registration of a person's voice; fingerprint; bank details; etc.
The purpose of this Policy is to provide you with all the information you need so that you, as a User, can understand our policy with regard to the collection, disclosure and use of your Personal Data.
https://policies.google.com/privacy?hl=it (with regard to syncing events with Google Calendar).
This Policy does not apply to technical services offered by third parties in the event of external integration between the Platform and such services and their methods of processing of Personal Data. We recommend that you read carefully the relevant privacy policies on any such third-party websites:
If you are under the age of 18 (eighteen), or you lack legal capacity, this Policy is addressed to the person in charge of such undertaking under current Italian law, and who is the only person authorised to give the relevant express consent.
This Policy may be subject to additions or amendments in order to update it with respect to regulations and/or to adapt it to any technical changes made to the Platform and/or to any changes in the purposes or methods of processing your Data.
We will inform you of any changes with specific and appropriate individual notifications, but we recommend that you check this document periodically so as to stay up to date. Any updated versions, which will bear the date on which the update was made, will be published promptly on the Platform and will become effective immediately after publication. In particular, such updates will be fully binding on you from the date of publication on the Platform if you do not decide to unsubscribe from the Platform after 7 days from individual notification.
1. Data Controller, Data Processors and Data Protection Officer The data controller is Edo.io Srl, with registered office in Terni (TR), Via Federico Fratini, 6, e-mail firstname.lastname@example.org, hereinafter also referred to as the "Controller".
Appointed as System Administrator is:
A detailed list of Data Processors can always be requested by sending a simple written request to the Data Controller at the addresses indicated above.
2. Types of data processed and purpose of the processing
2.1 Browsing data and activity
The IT systems and procedures used to operate the Platform may automatically acquire, during their normal operation, certain Personal Data relating to your browsing activity, such as, by way of example, your IP address, the number of times you have accessed the site, the duration of the visit, the browser or device used, the pages viewed, and the date and time of access. Personal data relating to your browsing is collected primarily in order to obtain non-identifying statistical information about the use of the Platform and to check its proper functioning.
Cookies ("Cookies") are small pieces of text that are stored on your device and which record data related to your browsing activity. If cookies are not disabled, this data is communicated to the website, or the application that installed them, each time you return to the website.
Types of Cookies:
Technical cookies: allow you to browse through the website or application and use options or services. For example, they identify the session, restrict access to web parts, remember the elements of an order, make a request for registration or participation in an event, use the security features while browsing, and store content for audio or video broadcast. In other words, these are all of the cookies that are required to satisfy the specific request that you have made at that time and are not used for any other purpose.
Profiling cookies: allow for a more effective management of the website or application's advertising space and enable the customisation of the advertisement so that it may be relevant to the user and prevent the user from viewing advertisements which have already been seen. These cookies therefore perform true profiling of the users' behaviour.
Third-party cookies: third-party cookies are cookies used by the operator of the website or application, but are installed on the user's device by third parties other than the operator of the website or application. Third-party cookies are, for example, the statistical services of Google Analytics or the advertising service of Google Adsense.
If you would like more information about these cookies, or to find out how to refuse or delete them, please take a look at the privacy policies below, using the addresses provided.
Below is a list of the Cookies used.
|_ga||edo.io||Used to distinguish users.||2 years|
|_gid||edo.io||Used to distinguish users.||24 hours|
|_gat||edo.io||Used to throttle request rate.||1 minute|
|__utmt||edo.io||Used to throttle request rate.||10 minutes|
|__utmc||edo.io||Not used in ga.js. Set for interoperability with urchin.js. Historically used to determine if the user had started a new session.||Until end of browser session|
|__utmv||edo.io||Used to store personalised visitor data. The cookie is updated each time data is sent to Google Analytics.||2 years from set/update|
|_fbp||edo.io||Used to track the results of Facebook campaigns that lead to your site.||90 days from set/update|
|refresh_token||agenda.edo.io||Used to keep the user session active and update the access_token||30 days after set|
|access_token||agenda.edo.io||Used to authenticate requests to the server||1 day|
|refresh_token||moleskinejourney.com||Used to keep the user session active and update the access_token||30 days after set|
|access_token||moleskinejourney.com||Used to authenticate requests to the server||1 day|
The installation of Cookies, which normally takes place automatically with most browsers, can be prevented by simply deactivating the ability to receive Cookies in your browser settings.
For further, more specific information about Cookies, please click on the link of the browser you usually use:
For more information or clarifications, you can contact us by email at: email@example.com.
If you decide not to enable Cookies, your experience on the Platform may be limited.
2.2 Data processed in relation to the use of services accessible through the use of credentials
The services of the Platform are reserved for registered Users. To complete the registration process you must provide the following Personal Data:
The provision of any other Personal Data that may be required as part of the registration procedure, where not expressly indicated as required, is optional and entirely left up to you.
How may we use your Personal Data for this purpose? In general, we may need to use your Personal Data, such as your e-mail address, to set up and manage your account (for example, to send you password reminders or notify you of changes to your account details). We may also need to use your Personal Data to fulfil our contractual obligations to you, for example specifically to provide the Platform's services.
What is the legal basis for us to process your Personal Data in this way? Processing your Personal Data is required to set up and manage your account. The performance of the Platform's services also makes it necessary to process your Personal Data in order to fulfil our contractual obligations to you.
The Personal Data provided may also be processed for:
(i) Sending advertising and marketing commercial communications. Subject to obtaining express consent, as ticking “I agree specifically, in particular, to the processing of Personal Data for the purposes of sending advertising and marketing commercial communications highlighted in bold at the letter (i) of art. 2.2, extrapolated, for clarity, here” your Personal Data may be used for the purpose of sending advertising and marketing commercial communications, possibly taking into account the information you decide to provide by freely answering questions we ask you in order to better understand your interests. The consent to the processing of this data is optional and a refusal by you will not result in the inability to use the services of the Platform. Even in case of your consent, you will still have the right to object, in whole or in part, to the processing of your Personal Data for advertising and commercial purposes, by making a simple request to the Data Controller, without any formalities.
How can we use your Personal Data for this purpose? We may process Personal Data to send information and advertising material, including those from third parties; send commercial communications, even interactive; carry out direct sales or placement of products or services; or for all legitimate commercial purposes.
What is the legal basis that allows us to process your Personal Data in this way? The unequivocal, free, specific, informed, verifiable, revocable manifestation of your specific consent.
(ii) profiling activities, study and analysis of your interests and your requirements for the purposes of the definition of individual and group profiles, after obtaining your consent, as resulting from ticking “I agree specifically, in particular, to the processing of Personal Data for the purpose of profiling, highlighted in bold at the letter (ii) of art. 2.2, extrapolated, for clarity, here”. The consent to the processing of this data is optional and a refusal by you will not result in the inability to use the services of the Platform. Even in case of consent, you will still have the right to object, in whole or in part, to the processing of your Personal Data for profiling purposes, making a simple request to the Data Controller, without any formality.
How can we use your Personal Data for this purpose? We may process your Personal Data to better understand your interests and preferences, in order to provide you an experience that is consistent with those interests and preferences. For example, we may do so in order to provide you with access to content for which you have shown the most interest, or to send you personalized offers or promotions via email (provided that you have consented to receive our communications for advertising and commercial purposes), or to offer you advertising content relating to your interests. This includes, for example, adapting our advertising to make certain advertisements visible when the public is particularly interested in them.
What is the legal basis that allows us to process your Personal Data in this way? The unequivocal, free, specific, informed, verifiable, revocable manifestation of your specific consent.
2.3 Personal Data that you provide voluntarily to us
The Personal Data that you provide voluntarily and freely on the basis of your own free will (for example the sending of e-mails to the addresses indicated on the Platform in order to obtain information or the chosen inclusion of content on the Platform), may be acquired by us and in this case processed in our capacity as Data Controller. In any case, we will ask for your consent to the processing before processing your Personal Data.
Such Personal Data, where different from that already in our possession as per Article 2.2, will not in any way be disclosed or communicated to third parties outside the company of the Data Controller, nor will it be used to define the profiles or personality of the person concerned or for direct or indirect commercial or advertising purposes and, in any case, will be processed and possibly stored solely for the purposes of providing the service.
2.4 Data relating to advanced sharing and collaboration features
The Platform has advanced sharing and collaboration features that allow you, as User, to create a diary that can be sent, by third party means of transmission (for example via email or messaging applications), to third parties who are not currently users of the Platform. In making use of these sharing and collaboration features, as User of the Platform you undertake to avoid the use of Personal Data of third parties in relation to which you have not previously received an authorization from the respective owners. Such Personal Data will not be visible to us during transmission, and will not be acquired by us and processed as Data Controller, unless, after the specific acceptance of this Policy and the related processing, such Personal Data coincide with those subjects of processing in accordance with this Policy regarding third parties who have become Users.
2.5 Logging in with third-party services
We allow you or we will allow you to register and/or use our services using the account of some of the major social networks (including but not limited to Google). By choosing to use these services to register with the Platform, you authorise us to collect your Personal Data for authentication to these social networks (e.g. your username, your login credentials – in encrypted form).
The Personal Data we have access to will vary depending on how you set your privacy settings and consent on these social networks. If you decide to link the account managed by one of the above social networks to your account on the Platform – by authorising access to your Personal Data – you authorise us to acquire, process and possibly communicate the Personal Data present on these social networks, in accordance with current information and for all the specific related purposes.
Please note that we do not retain and will not retain the password to your Google account.
2.6 Protection of Personal Data
The Platform provides for the use of particularly advanced encryption technologies to protect the integrity and confidentiality of Personal Data.
The data is saved on an architecture that allows for daily backups and in case of transfer, where subject to consent, sensitive data is encrypted with AES, bcrypt or SHA2 algorithms.
However, take note that the use of an open and public computer system, such as the Internet for the transmission of information, increases the standard risks of any remote service
3. Categories of subjects to whom the Personal Data may be communicated and scope of data dissemination
Unless otherwise specified in relation to the individual purposes of the processing as specified above, the Personal Data collected may be disclosed to – or otherwise become known to – persons in charge of and/or responsible (including external) for the processing, in relation to the skills and functions of each, in order to meet the above purposes or to implement specific regulatory and/or contractual obligations.
Your Personal Data may then be communicated to companies, which Edo may contact for the implementation of operations necessary for the performance of the provisions you have received and for the provision of the services requested.
None of your Personal Data will be voluntarily disclosed unless you have expressly authorised it.
4. Processing method
The Personal Data held for the purposes set out above is processed by us, in a lawful and correct manner, by the prevalent use of automated or semi-automated tools.
5. Optional provision of data, consent and consequences of refusal
Except in the cases in which the acquisition of Personal Data is deemed necessary for the purposes of using the services you have requested; the provision of any other Personal Data is entirely optional.
Failure to provide optional data will not have any detrimental consequences for the user. Failure to provide required data may, however, make it impossible to use the services for which it is necessary to provide such data.
6. Duration of the retention of your personal data
In accordance with applicable data protection legislation, your Personal Data is stored for the period of time strictly necessary to provide the service, fulfil our obligations and achieve the purposes for which such data was collected. We may also retain data until the expiration of the applicable statutory limitation period if this is necessary to protect our legitimate interests. Thereafter, we will remove the data from our systems and records and/or take appropriate steps to make it anonymous so that you cannot be identified (unless we need to retain the data for the purpose of complying with our regulatory obligations).
7. Rights of the data subject
You have the right to request details about the Personal Data we process, and to revoke your consent to its processing, to correct or delete it and not to be contacted if you have not requested this.
(i) The right to access your Personal Data
You can request access to your Personal Data by contacting us through the contact details found at the bottom of the page. The file containing your Personal Data is usually made available within 10 days. It will however be made available no later than 30 days. On some occasions, we may be in a position to refuse access to your Personal Data (for example, if access unreasonably harms someone else's privacy or endangers someone's security). In this case we will provide you with a formal and explicit explanation of the reason for this impossibility. In some cases, we may also charge you an administrative fee to provide access to your Personal Data. Any fees will be reasonable and before we provide access to your Personal Data we will notify you to obtain your consent. If you request a copy of your Personal Data using electronic means, such as email, we will provide you with a copy of your data in electronic format, unless you request otherwise.
(ii) The right to modification or cancellation/deletion of your Personal Data
If you have created an account, you can access this account to edit or delete your Personal Data. Otherwise, you can send your request to firstname.lastname@example.org or use the feedback form on the web or mobile application. If you have problems updating or deleting your data, you can still send an email with your request to email@example.com or use the feedback form on the web or mobile application and we will solve the problem as soon as possible.
In the case of exercising the right to be forgotten, we will inform the Company and any other subjects to whom the Personal Data has been communicated of your request.
(iii) The right to object to the processing of your Personal Data
You have the right to ask us to stop processing your Personal Data, even if such processing is necessary for our legitimate interests. If you have given your consent to the transfer of your Personal Data to the Company, the Company is responsible in the relationship between you and the Company for your rights.
(iv) The right to have your Personal Data transmitted to another organisation ( Personal Data Portability)
In the event that your Personal Data is processed for the purpose of your consent or for the performance of a contract, you have the right to ask us to provide you with the data relating to you and held by us in a structured, commonly used and readable format, and, where technically possible, to transmit such data directly to another organisation.
If you believe that applicable data protection laws have been violated, you have the right to file a complaint with the Local Authority for the Protection of Personal Data in the European Economic Area ("EEA").
The above-mentioned rights can be exercised by you at any time by sending us a simple request by email.
Physical location of Personal Data
Your Personal Data is stored within the European Economic Area ("EEA"). Your Personal Data, in particular, is stored on Microsoft Azure servers, located in the Netherlands.
8. How to contact us?
If you have any questions or concerns about how we process your Personal Data, or would like to stop processing or would like to request a copy of your Personal Data, contact us via the feedback form on the web or mobile application or write to us on: firstname.lastname@example.org Include your reply address when you write to us.
List of personal data protection authorities (EEA countries)
If you believe that applicable data protection laws have been violated, you have the right to file a complaint with the European Economic Area (EEA) Local Data Protection Authority.
The local authority is different depending on the country. Below you can find details of the local data protection authorities of the countries of the European Economic Area.
Personal data protection authority
Commissioner for Personal Data Protection
Commission Nationale de l’Informatique et des Libertés - CNIL
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
In Germania, la competenza per i reclami è divisa fra diverse Autorità di vigilanza per la protezione dei dati personali.
The Icelandic Data Protection Authority
Rauðarárstígur 10, 105 Reykjavík, Iceland
Data Protection Commissioner
Tel: +423 236 60 90
Office of the Data Protection Commissioner
Postboks 8177 Dep.
Tel: +47 22 39 69 00
The Bureau of the Inspector General for the Protection of Personal Data - GIODO
The National Supervisory Authority for Personal Data Processing
Office for Personal Data Protection of the Slovak Republic