This informative is given under EU N. 2016/679 Regulation of the European Parliament and from the 27 April 2016 of the Board relative to the safeguard of physical person with reference to the personal data treatment, and to the free circulation of these data (General Regulation on data protection, also called “Regulation” or “GDPR”), to those who interact with app “KINUP”. Treatment holder, subsequently identified, can change or simply update all or a part of his informative, informing the users. Modifications and updates will be binding as soon as published on the App. So, the user is invited to read the Privacy informative every time he log into the App. In case of non-acceptance of Privacy informative changes, the user have to stop using this App and he can require to remove his/her personal data to the Treatment holder.

This document explains which information is collected when you use our App, and how and why this information is collected and utilized. We take seriously your privacy and we are proactive to ensure necessary steps to protect your personal data.

Our contacts

1.     Data controller: EMC Therapy srl, via Arno, 09 – 60025 Loreto (AN), email: info@kinup.it

2.     Data processor: Sistema 3 srl, via Valle Cascia, 33 – 62010 Montecassiano (MC), email: info@sitema3.it

3.     Protection data processor: Sig. Fabio Cerolini, email: dpo@sistema3.it

Which personal data are collected by the App?

Data processor collects on behalf of Data controller the following personal data:

·       Contents and informations voluntarily given by the user

-       1

1.     Contact data and contents

I.e., personal data voluntarily given by the user to the App during its use, for example personal data, addresses, login credentials to services, personal preferences, other personal contents, etc.

Failure to provide this personal data by the user, for which there are a legal and contractual obligation, or if these data are necessary requirements for the service use or for the conclusion of the contract, will lead to the Data controller inability to provide all or part of his services.

The user who communicates to the Data controller data of third parts, is directly and exclusively responsible for their origin, storage, treatment, communication and diffusion.

2.     Tax and payment data

Data voluntarily given by the user to the App when he uses paid services can be used by the Data conroller to made payments and to comply with applicable law.

3.     Special categories of personal data (health data)

User health condition data which can be treated only with expressed consent of the interested person.

Treatment of this data category is necessary for the App use.

Failure to treatment consent of these data will lead to the Data controller inability to provide all or part of  his services.

The user can revoke the treatment authorization for these data at any time.

·       Data and contents automatically collected during App use

1.

1.     Technical data

Informatic systems and software procedures proposed by this App operation can collect, during their common operation, some personal data which transmission is implicit in the internet communications protocols. These information are not gathered to be linked to identified users, but for their nature, may allow to identify users through elaborations and associations with data controlled by third parts. In this category are included IP addresses, or domain names used by user who connects to the App, URI (Uniform Resource Identifier) addresses of requested resources, the hour of request, the utilized way to submit  the request to the server, obtained file dimension, etc.

2.     Navigation data

Data on the use of the App by the user can be collected, for example performed exercises, functionalities and utilized services.

3.     For which purposes?

Collected Personal data can be used for the execution of contractual and pre-contractual obligations and law obligations as well as for the following purposes:

We elaborate your contact (name, contact details, etc.) and payment data for the following purposes:

·       Service or purchase contracts constitution, fulfilling and resolution

·       App supply and relative functions and contents

·       Account creation in the App

·       Product payment elaboration

·       To answer contacts and support requests

·       To identify and solve technical problems and enhance performance

·       To manage technical infrastructure of user data storage

About health data treatment:

We treat your health data for the following purposes:

·       Exercise customisation

·       Storage and viewing of wellness progress

·       For scientific research purpose to study the benefits of movement under pain conditions

Technical and navigation data are collected by the informatic system and App software procedures for its common operations. This information is not collected to be linked to identified users, but for their nature, may allow to identify users through elaborations and associations with data controlled by third parts. This data is used only to get anonymous statistic information on the App use and to control its correct operation

How we treat data?

Personal data treatment is made through telematic and/or informatic tools, with organizational modalities and logics strictly related to shown purposes. Personal data treatment is made by Data processor with whom Data collector subscribed a special contract following the article 28 of GDPR. Data processor can have the help of further Data processors with whom he can join a special written contract with protection obligations which have to be respected and carried out.

Which is the Treatment legal basis?

User personal data Treatment is founded on the following legal basis:

·       user given consent for one or more specific purposes;

·       treatment is necessary for contract execution with the user and/or pre-contractual measures execution;

·       treatment is necessary to fulfil law obligations to which Data controller is subjected.

It’s always possible to request to the Data controller to clarify legal basis of each treatment via mail to the address info@kinup.it

Where data re collected?

Data are collected both in server units belonging to the Data processor, located in via Valle Cascia n. 33 in Montecassiano, either to Aruba spa Datacenter IT2 located in via Sergio Ramelli, 8, 52100, Arezzo (AR). However, Personal data may be transferred to extra UE countries: USA. For those countries if a European Committee adequacy decision is in force or, in absence of this decision, it’s possible to require more information to the Data controller. The info to be required can be about proper adopted guarantees, and also the modalities to obtain a copy of this data or the exact place where they were available.

Which security measures are adopted?

The Treatment is made by Data processor with modalities and instruments suitable for guaranteeing personal data security and confidentiality. The Data processor has adopted - for the Data controller - technical and organizational measures adequate for guaranteeing and allowing to demonstrate that the Treatment is made in compliance of reference law. Furthermore, connections are carried on in a security regimen https with adoption of BCRYPT encryption tools. A daily backup system is available with copy both on server with RAID5 discs and another copy in an external dedicated NAS. Continuity service is guaranteed (business continuity) through data redundancy made by Aruba spa provider.

How long data are stored?

Personal data will be stored for the necessary period referring to applicable laws. Personal data will be stored for the contract duration, for the execution of inherent and consequent obligations, for respect of applicable law and regulatory obligations, and for our or third parts’ defensive purposes. Anyway, user can withdraw his/her personal data consent at any time, under conditions that the treatment has the consent as a legal basis. In this case, the Data controller will not be able to allow the app functioning anymore and the account will be deleted. All the personal data will be deleted or stored in a form that can’t allow user identification within 30 days from the end of the storage period. At the end of this term right of login, deletion, rectification and right of portability of personal data can’t be exercised anymore. Data supplied to services providers will be managed for strictly necessary period to the execution of tasks given to them.

Which rights are granted to the user?

Users have all the rights admitted by UE 2016/679 Regulation. These are:

·       right to have access to its personal data (after confirmation that their own data are under treatment by the Data controller);

·       right to obtain the rectification and integration of its own personal data.

·       right to obtain the deletion of its own personal data.

·       right to obtain the limitation of the treatment of its own personal data if there are special conditions.

·       right to receive personal data given to the Data controller in a common use format, as well as to transmit to another Data controller.

·       right to oppose to the personal data treatment if there are situations connected to his own personal situation.

·       right not to be submitted to an automatic decisional process.

·       right to receive a communication when his data are corrupted or stolen.

·       right to withdraw the consent to the treatment at any time.

·       right to lodge a complaint with public control authority.

To exercise its personal rights, users can send a request to the contacts of Data controller or Data processor available in this document.

Last version 22/03/2022.