Privacy Policy

Please take a few minutes to read our Privacy Policy, which contains Privech™’s core privacy principles, and applies to anyone who accesses our site or uses our Mobile Apps.

Personal data and related treatment
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, even indirectly, by reference to any identifier, such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social.
“Processing” of personal data constitutes any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, conservation, structuring, consultation, processing, adaptation or modification, selection, extraction, comparison, use, interconnection, blocking and limitation, communication, dissemination, cancellation and destruction of personal data.

The inspiring principles of the Privech™ Privacy Policy
Privech™ operates in compliance with fundamental rights and freedoms, including the right to privacy and personal identity, and with all applicable rules and regulations, in a lawful, correct and transparent manner, for specific, explicit and legitimate purposes (“limitation of purpose”); the personal data collected will be adequate, pertinent and limited to what is necessary for the purposes pursued (so-called “data minimization”), and will be kept for the time necessary in relation to the purposes pursued (“retention limitation”), as well as being accurate and, if necessary, updated. Data processing will always be carried out in such a way as to guarantee adequate security.
Our information systems and the computer programs used are configured to reduce the use of personal data and identification data, in accordance with the general principle of “strict necessity”.
We inform you that Privedge™, by virtue of its policy of maximum attention to users’ personal data, reserves the right to make use of third-party services, aimed at the immediate anonymization of user data, through specific advanced technologies, so as not to allow us to identify of users who register with Privedge™.

Data controller
By “data controller” of personal data, we mean the natural person, the legal person, the public administration and any other body, association or body, which is responsible (even jointly with another controller) for decisions regarding the purposes, methods of the processing of personal data and the tools used.
The data controller of your data is the company Prosper Momentum doo, based in Zalec, Slovenia, via Galicija n. 4, VAT number SI 83523227 and company registration number:- 3848248000 (the “Owner”).
For any clarification, question or need related to your privacy and the processing of your personal data, you can contact us by sending an email to the email address: info@privedge.app

Data Protection Officer
By “Data Protection Officer” (“Data Protection Officer”) or “RPD” (“DPO”) we mean the figure, internal or external to the Data Controller, and operating, in any case, independently from this last, which analyzes, evaluates and regulates the management of the processing and protection of your personal data, preparing a complex set of security measures, aimed at protecting data, such as to guarantee compliance with EU Regulation no. 679/2016 and safeguarding the confidentiality and security of your personal data.
Our Data Protection Officer, designated in accordance with the provisions of EU Regulation no. 679/2016 is Ms. Helena Rafac.
You can contact the Data Protection Officer, for any need, by sending an email to the following address: helena@privedge.app

 

Categories of data collected and processed
a) Data and information obtained from access to our site and from browsing (so-called “navigation data”):
– data from mobile devices (for example, data relating to the user’s location);
– contact information (such as the user’s email address, telephone number, etc.);
– log-in data (such as, for example, the user’s IP address, the date and time of accessing the site or application, web pages and URLs, pages viewed);
– cookies, ours and those of third parties (to find out more, consult our Cookie Policy https://privech.com//cookie-policy);
– third-party social plug-ins (such as, for example, the Facebook “Like” button).
Your consent is not required for the collection of such data, and their acquisition takes place automatically.
b) Data and information provided by the user:
These are the personal data provided by you, voluntarily, such as, for example, name, surname, other personal data, etc. This happens, for example, when you register on the site or fill out a form on the site.
Your consent is required for the processing of these latter personal data.

Personal data processing methods and security measures
The processing of personal data is carried out with paper, magnetic, digital, telematic or electronic instruments.
Pursuant to art. 25 and 32 of the Privacy Regulation, the data controller implements adequate technical and organizational measures, aimed at:
1) effectively implement the principles of data protection, such as minimization, and to integrate the necessary guarantees in the treatment to protect the rights of the interested parties;
2) ensure that, by default, only the personal data necessary for each specific purpose of the processing are processed. This obligation applies to the amount of personal data collected, the scope of processing, the retention period and accessibility (in particular, these measures ensure that, by default, personal data are not made accessible to an indefinite number of natural persons without the intervention of the natural person);
3) ensure a level of security appropriate to the risk, though, where appropriate:
– the pseudonymisation and encryption of personal data;
– the ability to ensure the confidentiality, integrity, availability and resilience of processing systems and services on a permanent basis;
– the ability to promptly restore the availability and access to personal data in the event of a physical or technical incident;
– a procedure for regularly testing, verifying and evaluating the effectiveness of technical and organizational measures in order to guarantee the security of the processing.
Your data will not be subject to automated processing methods, including profiling, unless with your specific express consent.
In the event of a merger, acquisition, reorganization, assignment or, in any case, transfer, to third parties, of Privedge™ or, in any case, of all its assets, the personal data of users, returning to corporate assets, will be transferred together with all other Privedge™ assets.
Without prejudice to the hypothesis just mentioned, and the appointment of Managers, by the Data Controller, for the purposes related to the functioning of the site and the application and the execution of the services offered, in compliance with the applicable legislation, your data will not be transferred to third parties, without you being informed in advance and without your prior consent to the transfer, in the cases provided for by law.

Legal basis of the treatment
Your personal data is processed only in the presence of at least one of the conditions provided for by current legislation, namely:
– for the conclusion and execution of a contract of which you are a part;
– to fulfil legal obligations;
– for our legitimate interest;
– based on your specific consent.
Whenever the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time, without affecting the legitimacy of the processing prior to the withdrawal of consent.

Purpose of the treatment
Your data will be collected and processed by Privedge™, on the basis of at least one of the conditions indicated above in the “Legal basis of the processing” section, for the following purposes:
– to allow you to use the services offered by our site, such as, for example, subscribing to the newsletter;
– to allow you to register on our site and use the services reserved for registered users, including through access to any reserved areas;
– to operate, protect and improve our site;
– to conclude and execute the contract for the purchase of the products offered on our site;
– to carry out surveys and statistical analyses;
– following the purchase of one of our products, to send you commercial and promotional communications relating to similar products or services;
– comply with legal obligations and resolve potential disputes with our users or with third parties.
In relation to all the purposes listed above, the processing of your personal data is legitimate as it is necessary to execute a contract with you or provide you with a service that you have specifically requested from us, or to comply with legal obligations.
Furthermore, only with your express and specific consent, your data may be used for the following additional purposes:
– to carry out market research and surveys.
– to send commercial, advertising or promotional material, in order to update you on news, new arrivals, our offers and promotions;
– to customize our site and our commercial and promotional offers based on your specific interests.
Consent to the processing of data for advertising and marketing purposes, market research and survey purposes, as well as for the purpose of defining your profile, based on your consumption habits or choices, is not mandatory.
In any case, if given, you can withdraw your consent at any time (in any case, any withdrawal of consent will not affect the lawfulness of the treatment based on consent before its withdrawal).
The communication of personal data indicated as mandatory, for the purposes of registration or for access to restricted areas of the site or to certain services offered, is necessary for the completion of these procedures. In case of refusal by the interested party to provide such mandatory data, it may be impossible to access or use the services offered.

Responsible for the treatment
By “responsible for the treatment” of personal data, pursuant to article 4, n. 8, of the Privacy Regulation, we mean the natural person, the legal person, the public administration or any other entity, association or body, appointed by the owner, and on behalf of the latter, to the processing of your personal data (the “Manager”).
In fact, for organizational and functional needs relating to the provision of the services offered, your data could also be processed by other subjects, authorized to do so by the Data Controller.
At the moment, among the subjects who will be able to process your personal data on behalf of the Data Controller, as Data Processors, designated by the Data Controller himself, we indicate the following:
– Mr Rana Singh, who processes your personal data in carrying out the server management and maintenance activity. You can contact this subject, Data Processor, by sending an email to devs@privech.com;
– Mr Milos Jankovic, who processes your data in relation to the management and maintenance of our site and our application. You can contact this subject, Data Processor, by sending an email to info@privech.com
You can request the complete list of data processors by sending an email to our Customer Service at info@privech.com
The aforementioned Managers have been chosen by the Data Controller from subjects who, due to experience, ability and reliability, are able to provide a suitable guarantee of full compliance with the provisions in force regarding the processing of personal data, including the profile relating to security.

Recipients of personal data and possible transfer of data to non-EU countries
Your personal data may also be transferred to countries located outside the European Union, in relation to which a suitable recognition of adequacy by the European Commission has taken place, through the adoption of an adequacy decision, or which, in any case, presents appropriate guarantees. In the absence of contractual guarantees or acknowledgements of adequacy, your data cannot be transferred outside the EU without your prior explicit consent.

Cookies
A cookie is a small file containing a string of alphanumeric characters which is sent to the user’s device when a website is visited and which allows this site to recognize the user’s browser on subsequent accesses.
Cookies can be used for various purposes, such as, for example, execution of IT authentications, session monitoring, memorization of information on specific configurations, concerning users accessing the server, creation of user profiles used in order to send advertising messages in line with the preferences expressed by the user when surfing the net.
There are two basic categories of cookies: “technical” cookies and so-called cookies. “profiling”.
Technical cookies
Technical cookies are those cookies that allow the user to browse or use the services offered by the site. This category includes, for example, cookies that automatically recognize the language used by the user.
For the installation of technical cookies, the prior consent of users is not required (Provision of the Guarantor for the Protection of Personal Data, 8 May 2014, n. 229).
Profiling cookies
Profiling cookies are designed to create user profiles and are also used to send advertising messages in line with the preferences expressed by the user when surfing the net. Due to the particular invasiveness that such devices can have in the private sphere of users, current legislation provides that the user must be adequately informed about their use and express their consent.
We, therefore, inform you that our site can use both technical cookies and profiling cookies.
For more information on cookies, you can read our Cookie Policy: https://privech.com//cookie-policy

APP version of the site and push notification
In addition to the data indicated in the “Categories of data collected and processed” section, if you use the APP version of our site, Privech™ may, subject to your express consent:
– collect and process your data for marketing activities, in order to send you push notifications. You can disable Privech™ push notifications at any time by changing the settings on your mobile device;
– collect information in an automated way, in order to improve our products, services and offers.

Storage times for personal data
Your personal data will only be kept for a limited period of time, which may vary according to the purpose for which it was collected.
At the end of this retention period, your personal data will be deleted or, in any case, irreversibly rendered anonymous.
We invite you, however, to carefully read what is indicated in the following section, in relation to your rights.

 

Rights of the interested party
At any time, the user has the possibility to exercise the rights referred to in articles 15, 16, 17, 18, 20, 21 and 22 of EU Regulation no. 679/2016, by sending a written request by registered letter with acknowledgement of receipt to Prosper Momentum doo – Customer Service, Zalec, via Galicija n. 4, CAP 3310, or by e-mail at the address: info@privedge.app
Furthermore, the obligations set out in the Articles exist for the Data Controller. 19 and 34 of the EC Regulation n. 679/2016.
Below are the provisions of the law relating to the rights reserved to the interested party.
Article 15 Privacy Regulation – Right of access of the interested party
1. The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations; d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all the information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and envisaged consequences of such processing for the interested party.
2. If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to article 46 relating to the transfer.
3. The data controller provides a copy of the personal data being processed. In case further copies are requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 must not prejudice the rights and freedoms of others.
Article 16 Privacy Regulation – Right of rectification
The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
Article 17 Privacy Regulation – Right to cancellation (“right to be forgotten”)
1. The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay and the data controller has the obligation to cancel personal data without unjustified delay, if one of the following reasons exists: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the treatment is based in accordance with article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and if there is no other legal basis for the treatment ; c) the interested party opposes the treatment pursuant to article 21, paragraph 1, and there is no prevailing legitimate reason to proceed with the treatment, or he opposes the treatment pursuant to article 21, paragraph 2; d) the personal data have been processed unlawfully; e) personal data must be canceled to fulfill a legal obligation established by Union or Member State law to which the data controller is subject; f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2. The data controller, if he has made personal data public and is obliged, pursuant to paragraph 1, to delete them, taking into account the available technology and implementation costs, adopts reasonable measures, including technical ones, to inform the data controllers who are processing the personal data of the data subject’s request to delete any link, copy or reproduction of his personal data.
Article 18 Privacy Regulation – Right to limit treatment
1. The interested party has the right to obtain from the data controller the limitation of the treatment when one of the following hypotheses occurs: a) the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that their use be limited; c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party has opposed the treatment pursuant to article 21, paragraph 1, pending the verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
2. If the processing is limited pursuant to paragraph 1, such personal data are processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defence of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. The interested party who has obtained the limitation of treatment pursuant to paragraph 1 is informed by the data controller before the said limitation is revoked.
Article 19 Privacy Regulation – Obligation to notify in the event of rectification or cancellation of personal data or limitation of processing
The data controller informs each of the recipients to whom the personal data has been transmitted of any corrections or cancellations or limitations of the treatment carried out pursuant to Article 16, article 17, paragraph 1, and Article 18 unless this proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the interested party if the interested party requests it.
Article 20 Privacy Regulation – Right to Data Portability
1. The interested party has the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments by the data controller to whom he provided them if: a) the processing is based on consent pursuant to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), or on a contract within the meaning of Article 6(1)(b); and b) the processing is carried out by automated means.
2. In exercising their rights in relation to data portability pursuant to paragraph 1, the interested party has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
3. The exercise of the right referred to in paragraph 1 of this article is without prejudice to Article 17. This right does not apply to the processing necessary for the execution of a task in the public interest or connected to the exercise of public powers referred to as the data controller invested.
4. The right referred to in paragraph 1 must not harm the rights and freedoms of others.
Article 21 Privacy Regulation – Right to object
1. The interested party has the right to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. The data controller refrains from further processing the personal data unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defence of a right in court.
2. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to such marketing directly.

3. If the interested party opposes the processing for direct marketing purposes, the personal data are no longer processed for these purposes.
4. The right referred to in paragraphs 1 and 2 is explicitly brought to the attention of the data subject and is presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.
5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the interested party can exercise his right of opposition by automated means that use technical specifications.
6. If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89, paragraph 1, the interested party, for reasons connected with his particular situation, has the right to object to the processing of personal data concerning him, unless the processing is necessary for the performance of a task in the public interest.
Art. 22 Privacy Regulation – Automated decision-making process relating to natural persons, including profiling
1. The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or significantly affects his person in a similar way.
2. Paragraph 1 does not apply in the event that the decision: a) is necessary for the conclusion or execution of a contract between the interested party and a data controller; b) is authorized by Union or Member State law to which the data controller is subject, which also specifies adequate measures to protect the rights, freedoms and legitimate interests of the data subject; c) is based on the explicit consent of the data subject.
3. In the cases referred to in paragraph 2, letters a) and c), the data controller implements appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the controller of the treatment, to express their opinion and to contest the decision.
4. The decisions referred to in paragraph 2 shall not be based on the special categories of personal data referred to in Article 9(1), unless Article 9(2)(a) or (g) applies. and adequate measures are not in place to protect the data subject’s rights, freedoms and legitimate interests.

Means of protection
The interested party who believes that the processing that concerns him violates the current legislation on the protection of personal data has the right to lodge a complaint with the supervisory authority, or an effective judicial appeal, against the Data Controller, or against the same supervisory authority, against a legally binding decision of the supervisory authority concerning him.
For Italy, the competent authority is the Guarantor for the Protection of Personal Data (for more information, consult the website http://www.garanteprivacy.it/).

Links to other websites
The site may, even in the future, contain links to third-party sites. The Owner declines all responsibility in this regard, as regards the contents and purposes of these sites, the relative reliability and/or seriousness. The user who decides to connect to these sites is aware of all related risks and/or liabilities deriving from this choice.

Privacy Policy Updates
The Owner reserves the right to modify and update the content of this Privacy Policy at any time, it being understood that the text that can be consulted by accessing this section constitutes the updated version of the Privacy Policy, in force at the time of consultation.
We, therefore, invite you to periodically consult the contents on our site.

Last updated 05/03/2023