(Art. 13 of EU Regulation No. 679/2016)

This information describes how your personal data is processed and is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter “GDPR“) and applicable national privacy and data protection legislation.

Identity and contact details of the data controller 

YOUNG PLATFORM S.p.A. with registered office in Turin (TO), Via Cigna n. 96/17, (C.F. and VAT no. 11931440017), in the person of its legal representative pro tempore Alexandru Stefan Gheban (C.F.: GHBLND98T22Z129Y), e-mail [email protected] as the data controller of personal data (hereinafter “Young Platform” or also the “Data Controller“). 

If the Data Controller uses data processors or sub-processors pursuant to Article 28 GDPR, the updated list of data processors and processors is kept at the Data Controller’s registered office.

Data Protection Officer 

Pursuant to Article 37 of the GDPR, the Data Controller has appointed Mr. Angelo Giunta, Data Protection Officer (hereinafter referred to as ‘DPO’ for short), domiciled at Young Platform’s offices and contactable at [email protected].

What types of personal data do we process

The types of personal data we collect depend on the purpose for which they are collected.

In general, we may collect the following types of personal data directly from you: 

• Through the Young Platform Step app:

1. common personal data (such as, but not limited to, name, surname, date and place of birth, residential address, e-mail address, and telephone number);
2. geolocation data;
3. usage, navigation, functional, session, statistical and profiling data, including device identification;
4. images, and photographs uploaded by you in your profile.

• through the Young Platform website and App:

1. common personal data (such as, but not limited to: name, surname, date and place of birth, address of residence, tax code, e-mail address, telephone number, social security or welfare position code, bank details);
2. economic and transactional information (e.g. information on transactions you have carried out, etc.);
3. geolocation data (e.g. information on the device used);
4. bank and tax identification data;
5. personal data provided in communications or attachments to communications;
6. Usage, navigation, functional, session, statistical and profiling data, including the user’s device identifier or IP address, the time the user visits the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.) and other parameters relating to the user’s operating system and computer environment.
7. images, and photographs uploaded by you in your profile.

hereinafter ‘Personal Data‘.

Why do we process your personal data and on what legal basis 

The processing of your personal data by the Controller takes place:

A) without your express consent (Art. 6 lit. b) – f) GDPR), for the following purposes:

activate and manage the user profile in the Young Platform Step and Young Platform apps and in the platformhttps://youngplatform.com/;

• fulfil pre-contractual, contractual and fiscal obligations arising from relationships to which the data subject is a party (by way of example, to provide services reserved for registered users);

fulfil obligations laid down by law, regulation, EU legislation or an order of the Authority

pursue a legitimate interest of the Data Controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of Personal Data (e.g. the Data Controller’s right of defence in court) do not prevail

B) Only after specific and separate consent (Art. 6 lett. a) and Art. 7 GDPR), for the following marketing purposes:

– send via e-mail, post and/or sms push notification and/or telephone contact, newsletters, commercial communications and/or advertising material on the services offered by the Controller and satisfaction surveys on the quality of services.

C) Only with your specific and separate consent (Art. 6 lett. a) and Art. 7 GDPR), for the following profiling purposes:

– send advertising communications, offers and promotions by e-mail, post and/or text message and/or telephone contact, which are consistent with the profile of the person concerned.

Profiling will allow the Data Controller to customise the products and services offered to Users. To this end, the Data Controller will assess the type and number of requests for information submitted, including through the Site, purchases of goods or services made from the Data Controller, personal and contact information (e.g., place of residence), and any additional information relating to the Customer provided by the latter (e.g., age and profession).

If you have denied your consent, the aforementioned activities under B) and C) will not be possible. If you have consented to the processing activities under B) and C), you shall in any event have the right to revoke the consent given at any time.

How long do we store and process your personal data 

The Data Controller will process your Personal Data for the period necessary to achieve the purposes of the processing referred to in Article 4 above. After that, they will only be retained to comply with the relevant legal obligations, for administrative purposes and/or to assert or defend a right, and, in any case, not beyond the time limits set by law for the prescription of rights.

The Controller will process Personal Data for the purposes referred to in points B) and C) of Article 4 above for a maximum of 24 months and a maximum of 12 months, respectively.

How we process your personal data 

Personal Data are subject to both paper and electronic and/or automated processing for the time necessary to achieve the purposes for which they are collected by the Data Controller or by persons duly authorised and/or appointed to carry out such tasks, who are constantly identified and/or appointed, duly instructed and made aware of the constraints imposed by law, as well as through the use of security measures aimed at ensuring the protection of confidentiality and avoiding the risks of loss or destruction, unauthorised access, processing that is not permitted or does not comply with the purposes mentioned above.

To whom we may disclose your personal data 

For the purposes as mentioned above, your collected data may be made accessible or communicated to:

– employees and collaborators of the Controller, in their capacity as authorised processors, within the scope of their respective duties and following their instructions. These individuals are, however, subject to the obligations of confidentiality and privacy;

– to third parties performing outsourcing activities on behalf of the Controller whose activities are connected, instrumental or in support of those of the Controller (e.g. management software);

– to all those public and/or private individuals and/or legal entities (such as by way of example, legal, administrative and tax consultancy firms, funds or funds, including private welfare and assistance funds, Judicial Offices, Chambers of Commerce), if the communication is necessary or functional to the proper fulfilment of the contractual obligations undertaken, as well as the obligations arising from the law;

– to all those entities (including public authorities) that have access to Personal Data by virtue of regulatory or administrative measures;

In any case, your personal data collected will not be disseminated. 

Transfer of personal data outside the EU area 

The management and storage of your Personal Data will take place in Europe. 

The Data Controller may transfer Personal Data to third parties as autonomous Data Controllers or to external Data Processors to allow the performance of the activities listed in this policy. 

Suppose such transfer is made to countries that do not provide the same level of protection under the GDPR or applicable law, or in any event an adequate level of protection for personal data. In that case, Young Platform will ensure that each such recipient undertakes specific contractual obligations by applicable data protection laws (including the signing of the Standard Contractual Clauses “SCC” approved by the European Commission) or in the absence of an adequacy decision pursuant to Article 45(3) GDPR, or adequate safeguards pursuant to Article 46 GDPR, including Binding Corporate Rules, Young Platform requests you, pursuant to Art. 49 GDPR, the possibility of transferring personal data to a third country is subject to your specific consent.

In any case, you may request more information about the transfer of your Personal Data, including receiving a table detailing the list of external Processors, with a description of their activities and the location of their servers, by writing to the e-mail address [email protected].

His rights 

Under Articles 15 et seq. of the GDPR and the applicable national privacy and data protection legislation, you have the right to:

1. obtain confirmation from the Controller as to whether or not personal data concerning you are being processed and, if so, to obtain access to the personal data and the following information:

• the purposes of the processing;
• the categories of personal data in question;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
• where possible, the intended period of retention of personal data or, if this is not possible, the criteria used to determine that period;
• where the data are not collected from the data subject, all available information on their origin;
• the existence of an automated decision-making process, including profiling.

2. Obtain the rectification of inaccurate personal data concerning you from the Controller without delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.

3. Obtain from the Data Controller the deletion of personal data concerning you without undue delay, and the Data Controller is obliged to delete personal data without undue delay to the extent and in the cases provided for by current legislation.
4. Obtaining limitation of processing from the Controller.

Receive in a structured, commonly used and machine-readable format the personal data concerning you that you have provided to the Controller. You have the right to data portability, i.e., the right to transmit such data to another controller without hindrance from the controller to whom you have provided the data if the processing is based on consent or a contract and the processing is automated. 

5. To object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or if the processing is necessary for the purposes of pursuing the legitimate interests of the Controller or a third party.

6. If the Controller has violated your rights, you may complain to the Data Protection Authority (www.garanteprivacy.it) and/or any other competent supervisory authority under the GDPR.

Following the exercise of the rights referred to in points 2), 3) and 4), the Data Controller shall notify each of the recipients to whom the personal data have been transmitted of any rectification or cancellation or restriction of processing within the limits and in the forms provided for by the legislation in force.

To exercise the rights listed above vis-à-vis the data controller, you must submit a written request by sending a registered letter to YOUNG PLATFORM S.p.A. Via Cigna n. 96/17, 10155, Turin or by sending an e-mail to [email protected]. 

What happens in the event of a change to the Privacy Policy 

 This information notice may be amended and/or updated at any time. Suppose the Data Controller intends to process your Personal Data for purposes other than those envisaged in Art. 4 above. In that case, it undertakes to provide you, before such further processing, with adequate information regarding such different purposes and to carry out such further processing in compliance with the regulations in force, collecting your specific consent where necessary.

This Privacy Policy was published on 4 July 2024. Any updates will be published on this page.