Privacy Policy – Aurea Hub S.r.l.
Last Updated: 14/03/2025
What is this document? Through this privacy policy drafted pursuant to Art. 13 European Reg. no. 679/2016 (“General Data Protection Regulation” or “GDPR”) and in compliance with the principles contained therein, Aurea Hub S.r.l. intends to inform each user (“the User”) of the processing of personal data collected through the website https://www.aureahub.com/ (“Site”) and its application available for iOS and Android devices (“App”).
1.Owner and Contact Details.
Aurea Hub S.r.l. (hereinafter referred to as “Aurea”, the “Company” or “Data Controller” for the purposes of Art. 4(7) GDPR), with registered office at Via Giosuè Carducci 18, 20123, Milan (MI), Italy.
2. Purpose of processing, Legal basis, Personal data processed and Retention period
The Data Controller acquires personal data for the following purposes, as specified below, where the legal basis and duration of data processing is also highlighted.
| Purpose of processing | Data processed | Legal Basis | Term |
|---|---|---|---|
| The data will be processed to enable authentication to the App in order to enable your user experience. |
✓ Biographical Information (First and Last Name) ✓ Contact details (email address) |
Execution of pre-contractual and/or contractual measures [Art. 6(1)(b) GDPR] | For the period required for the response. |
|
Handling and processing of inquiries The data provided will be processed to handle and respond to requests for information and technical support, as well as for the purpose of assisting you before, during and after the provision of our services. |
✓ Biographical Information (First and Last Name) ✓ Contact details (email address) |
Execution of pre-contractual and/or contractual measures [Art. 6(1)(b) GDPR] | For the period required for the response. |
|
Communications for marketing purposes Personal data will be processed for direct marketing activities, i.e., sending you event communications via e-mail. We will continue to send you advertising communications of products and services offered by the Owner. |
✓ Biographical Information (First and Last Name) ✓ Contact details (email address) |
Consent [Art. 6, 1(a) GDPR] | Until consent is withdrawn, but no later than 24 months from the date of last contact. |
|
d) Legal compliance The data will be processed to fulfill obligations under the law, a regulation, or EU legislation. |
✓ Biographical Information (First and Last Name) ✓ Contact details (e-mail address) ✓ Tax data |
Legal obligation [Art. 6, 1(c) GDPR] | For the period provided by law |
|
(e) Trial defense Data will be processed to establish, exercise or defend a right in court. |
✓ Biographical Information (First and Last Name) ✓ Contact details (e-mail address) ✓ Data related to the use of services |
Legitimate interest [Art. 6(1)(f) GDPR] | Until the conclusion of the litigation |
|
(f) Information security Data will be processed to ensure network and information security. |
✓ Log data ✓ IP address ✓ Navigation data |
Legitimate interest [Art. 6(1)(f) GDPR] | 6 months |
|
(g) Statistical analysis Data will be processed for statistical purposes and analysis of the services offered. |
✓ Aggregate usage data ✓ Access statistics |
Legitimate interest [Art. 6(1)(f) GDPR] | 12 months in aggregate |
|
(h) Service improvement Data will be processed to improve the user experience and services offered. |
✓ User feedback ✓ Usage data ✓ User preferences |
Legitimate interest [Art. 6(1)(f) GDPR] | 24 months |
|
(i) Payment services management Data will be processed to manage payment services, transactions and financial operations within the Aurea App. |
✓ Biographical Information (First and Last Name) ✓ Contact details (e-mail address) ✓ Financial Data ✓ Transaction data ✓ IBAN and bank details |
Performance of the agreement [Art. 6, 1(b) GDPR] | For the duration of the contractual relationship and for the following 10 years as stipulated in the tax regulations |
|
l) Aurea Quest Management Data will be processed to manage participation in the Aurea Quest educational program, track progress, and provide customized training content. |
✓ Biographical Information (First and Last Name) ✓ Contact details (e-mail address) ✓ Formative progress data ✓ Learning preferences ✓ Results of quizzes and activities |
Contract Execution [Art. 6, 1(b) GDPR] and Consent [Art. 6, 1(a) GDPR] | For the duration of participation in the Aurea Quest program and for the following 24 months. |
The provision of your Data for the purposes indicated in letters a) and b) is necessary and obligatory; therefore, in case of failure to provide it, it will not be possible to establish or continue the contractual relationship with you, nor to provide the requested services.
The processing activities under d), f), g) and j) do not require your explicit consent, as they are based on the legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR. In any case, the Data Controller has carried out a thorough balancing of interests to ensure that such processing does not adversely affect the fundamental rights and freedoms of data subjects.
The provision of your Data for the purposes indicated in (c), (e), (h) and (i) is not mandatory. For such processing, your prior consent is required, which will be requested by the Company in a manner appropriate for each activity. In any case, your consent may be revoked at any time, without any negative consequence with respect to your existing contractual relationship with the Company.
The use of some services of the website and the App may require the processing of personal data of third parties sent by you to the Controller. With respect to such hypotheses, you place yourself as an autonomous data controller, assuming all the legal obligations and responsibilities. In this sense, you confer on the point the widest indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the Controller from third parties whose personal data have been processed in violation of the applicable data protection regulations. In any case, should you provide or otherwise process personal data of third parties in the use of the website or the App, you warrant as of now - assuming all related liability - that this particular hypothesis of processing is based on a suitable legal basis under Article 6 of the GDPR that legitimizes the processing of the information in question.
3. Methods of Processing
The processing is carried out using automated and/or manual computer and telematic tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of the data.
4. Data Access.
Personal Data may be shared with the following external parties: i) Internet service providers and platforms used by the Data Controller as organizational tools, communication and/or promotional channels; ii) consultants and other service providers who perform services for us or on our behalf and require access to such information to perform such work; iii) shippers, carriers and couriers.
These entities act as autonomous data controllers or data processors. In the latter case, the Controller has entered into a specific agreement pursuant to Article 28 GDPR (Appointment as Data Processor). The list of Data Processors can be requested by contacting the Data Controller and/or the DPO at the contact details indicated in paragraph 2 above.
Personal data will also be processed by the Owner's internal staff specifically authorized under Article 29 GDPR.
5. Place of Data Processing.
Personal data are processed at the Controller's premises, as well as in the servers hosting the website //www.aureahub.com/. Personal data is stored in servers located in the EU and will not be transferred outside of the EU under any circumstances. However, since some important service providers to our infrastructure are based outside the European Union (e.g. Cloud service providers), by using the Data Controller's services personal data may be stored on servers located outside the European territory. The Data Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers are made by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards required by the GDPR.
6. Rights of the Data Subject.
You may exercise all your rights under Articles 15-21 of the GDPR at any time and without unjustified restriction by contacting the Data Controller at info.aureahub@gmail.com. Requests are filed free of charge and processed by the Controller within 30 days.
In particular, the User may:
Obtain confirmation that processing is taking place (Art.15);
Obtain rectification of inaccurate or incomplete data (Art. 16);
Obtain the deletion of data without undue delay (Art. 17);
Restrict processing to only part of the personal data (Art. 18);
Receive a copy of personal data held by the data controller in a commonly used, machine-readable format; Obtain unimpeded transfer to another data controller (Art. 20);
Object at any time to the processing of personal data. (Art. 21);
With respect to the purposes of processing that are based on consent, revoke it at any time.
7. Complaints
The User may always lodge a complaint with the competent Authority (Data Protection Authority), pursuant to Art. 77 of the GDPR, if it is believed that the Controller processes its Personal Data in violation of the applicable legislation.
8. Changes to the Privacy Policy
The Data Controller reserves the right to amend and update the following Privacy Policy as a result of any new national or European data protection law provisions.