Legal information
Privacy Policy
Last updated: 12/05/2022
This privacy notice, pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the "Regulation", or also the "Applicable Law"), is issued to the users (hereinafter, the "Data Subjects") of the mobile application "Condeo" ("Condeo"), also available in desktop version at www.condeo.com, who, following registration, request to sign up to the software platform developed by Bake Two S.r.l., with registered office in Milan, via Carlo Farini no. 5, tax code, VAT number and Milan Monza Brianza Lodi Companies Register registration number 11790900960, i.e. a cloud-based Software as a Service (the "Platform"), i.e. without the need for installation on PCs or other devices, which uses artificial intelligence to organize the relationship between the condominium property manager (the "Property Manager"), the owners of the real estate units (the "Condominium Owners") and the suppliers and/or craftsmen for ordinary and extraordinary maintenance (the "Suppliers"), and enables the Property Manager to simplify and make more efficient the relationship with their respective Condominium Owners and Suppliers, including the possibility of offering certain services directly online.
"Processing of personal data" means any operation concerning any information relating to an identified or identifiable natural person. For example: first and last name and email address with a "username" that can identify a specific person (johnsmith@...) are considered "common personal data", and collecting, recording and using them to send you a communication are considered "processing" operations, as is their storage and sharing with other parties. Information relating to a person's state of health, on the other hand, represents personal data belonging to a special category, which requires specific protection. We invite you to visit the website of the Data Protection Authority ("GPDP") to find further useful information to better understand the topic (www.garanteprivacy.it/home/diritti).
1. Data controller
Bake Two S.r.l., with registered office in Milan, via Carlo Farini no. 5, tax code, VAT number and Milan Monza Brianza Lodi Companies Register registration number 11790900960 (hereinafter the "Controller") will act as independent data controller for the management of data relating to registration on the Platform.
2. Personal data processed
Through the Platform, the Controller processes the following personal data collected directly from the Data Subject:
- Common personal data: first name, last name, date of birth, tax code, VAT number, residential/domicile address, gender, level of education, profession, email address, phone number.
The data is collected directly from the Data Subject upon registration on the Platform.
3. Purposes of processing
Your personal data will be lawfully processed by the Controller pursuant to Article 6 of the Regulation for the following processing purposes:
- contractual obligations and provision of services, to allow you to register on the Platform, interact with it and make use of the related services;
- administrative and accounting purposes, i.e. to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;
- legal obligations, i.e. to fulfill obligations imposed by law, by an authority, by a regulation or by European legislation.
Providing personal data for the processing purposes indicated above is optional but necessary, since failure to provide it will make it impossible for the Controller to provide the services available through the Platform.
4. Further processing purposes: marketing (sending of advertising material, direct sales and commercial communication)
With your free and optional consent, some of your personal data (namely first name, last name, email address, telephone contact, residential/domicile address) may also be processed by the Controller for marketing purposes (sending of advertising material and/or newsletters, direct sales and commercial communication), i.e. so that the Controller can contact you by mail, email, telephone (landline and/or mobile, with automated calling systems or call communication with and/or without operator intervention) and/or SMS and/or MMS and/or push notifications on mobile if you have downloaded and activated the "Condeo" mobile application, in order to offer you products and/or services offered by the Controller and/or by third-party companies, and to present offers, promotions and commercial opportunities. The legal basis for the above processing is explicit consent given by you. If consent is not given, the possibility of using the Platform's services will not be affected in any way. If you have given consent, you may withdraw it at any time by making a request to the Controller using the methods indicated in paragraph 8 below. You may also easily object to further promotional communications via email by clicking on the appropriate link to withdraw consent, present in each promotional email. Once consent has been withdrawn, the Controller will send you an email message to confirm that your consent has been withdrawn. If you wish to withdraw your consent to receiving promotional communications by telephone, while continuing to receive promotional communications by email, or vice versa, please send a request to the Controller using the methods indicated in paragraph 8 below. We inform you that, following your possible exercise of the right to object to sending promotional communications by email, it is possible that, for technical and operational reasons (e.g. contact lists already compiled shortly before the Controller received the objection request), you may continue to receive some further promotional messages. If you continue to receive promotional messages 24 hours after exercising your right to object, please report the problem to the Controller using the contact details indicated in paragraph 8 below.
5. Further processing purposes: disclosure of data to third-party partners of the Controller
With your free and optional consent, some of your personal data, namely mail, email, telephone (landline and/or mobile, with automated calling systems or call communication with and/or without operator intervention) and/or SMS and/or MMS and/or push notifications on mobile, may be disclosed by the Controller to the following categories of third-party companies (collectively, the "Third-Party Companies"):
- Real estate listings, sales, rentals, mortgages
- Home services, renovations, decor, furniture, doors, security fittings and armored doors, intrusion detection and safes, private guards and security
- Sanitization products, pollutant monitoring, filters and purifiers
- Air conditioning and living environment management
- Gardening, floriculture and green thumb products
- DIY
- Temporary storage and similar services
- Pet services, pet food, pet care, boarding and treatments
- Technology, computers, tablets, cameras, telephony, TV and HiFi
- Appliances, home furnishings, linens, artistic decor
- Interior design and decoration
- Utilities and commodities: energy rates and providers
- Data connections, ADSL, fiber, landline telephony, satellite, new connectivity technologies, internet providers, internet services, web design, social networks and Internet-based services
- Mobile telephony, telephone operators, rates and promotions, services and initiatives
- Home, car, personal and travel insurance, discounted rates, discounts and promotions
- Banking and credit institutions
- Advertising agencies, media agencies, communication agencies
- Delivery services
- Concierge and caregiver services
- Craftsmen and suppliers of ordinary and extraordinary maintenance services, such as electricians, plumbers, construction companies, surveyors, architects
The Third-Party Companies, as independent data controllers, will process your personal data for their own marketing purposes (direct sales, sending of advertising material and commercial communication), and may contact you by mail, email, telephone (landline and/or mobile, with automated calling systems or call communication with and/or without operator intervention) and/or SMS and/or MMS to offer you the purchase of products and/or services offered by the same categories of third-party companies and/or by other companies, and to present offers, promotions and commercial opportunities. Once the transfer has taken place, it will be the responsibility of the Third-Party Company to provide you, pursuant to Article 14(3) of the Regulation, with all the information required by that same Article 14 of the Regulation. If consent is not given, the possibility of using the Platform's services will not be affected in any way. If you have given consent, you may withdraw it at any time by making a request to the Controller using the methods indicated in paragraph 8 below. You may also easily object to further promotional communications via email by clicking on the appropriate link to withdraw consent, present in each promotional email. Once consent has been withdrawn, the Controller will send you an email message to confirm that your consent has been withdrawn. If you wish to withdraw your consent to receiving promotional communications by telephone, while continuing to receive promotional communications by email, or vice versa, please send a request to the Controller using the methods indicated in paragraph 8 below. We inform you that, following your possible exercise of the right to object to sending promotional communications by email, it is possible that, for technical and operational reasons (e.g. contact lists already compiled shortly before the Controller received the objection request), you may continue to receive some further promotional messages. If you continue to receive promotional messages 24 hours after exercising your right to object, please report the problem to the Controller using the contact details indicated in paragraph 8 below.
We inform you that your personal data will be processed by the Third-Party Companies as independent data controllers, on the basis of the specific privacy notice that will be provided to you by the same Third-Party Companies. Any requests not to receive further commercial communications from the Third-Party Companies to which the data has already been disclosed by the Controller must therefore be addressed directly to them.
6. Methods of processing and data retention periods
The Controller will process your personal data using electronic and/or automated and/or paper-based tools, with logic strictly related to the purposes themselves and, in any case, in a manner that guarantees the security and confidentiality of the data.
Your personal data collected for the processing purpose referred to in paragraph 3 above will be retained for the time necessary to pursue the purposes for which it was acquired. Personal data functional to the fulfillment of legal obligations will be retained even after the indicated term, in compliance with such obligations and with the applicable retention timeframes.
Your personal data collected for the processing purposes referred to in paragraphs 4 and 5 above will be retained for the time necessary to fulfill the purposes indicated therein and, in any case, for 24 months from the date of collection.
7. Scope of communication and disclosure of data
Your personal data may be accessed by employees and/or collaborators of the Controller responsible for providing you with services through the Platform, who are bound by law or contract to confidentiality. Such persons, who have been instructed accordingly by the Controller pursuant to Article 29 of the Regulation, will process your data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Law.
Your personal data may also be accessed by third parties who may process personal data on behalf of the Controller as "External Data Processors", such as, by way of example, hosting service providers and/or providers of technical management and maintenance services for the Site and the App, providers of banking, accounting, tax and similar services.
You have the right to obtain a list of any data processors appointed by the Controller, by making a request to the Controller using the methods indicated in paragraph 8 below.
Your personal data will not be transferred outside the European Union.
8. Rights of data subjects
You may exercise the rights guaranteed to Data Subjects by the Applicable Law by contacting the Controller at the following contact details:
- By sending a registered letter with return receipt to: Bake Two S.r.l., via Carlo Farini no. 5, 20154 Milan;
- By sending an ordinary email message to info@condeo.com;
- By sending a certified email message to baketwo@legalmail.it.
Pursuant to the Applicable Law, the Controller informs you that you have the right to obtain an indication of (i) the origin of your personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the case of processing carried out with the aid of electronic tools; (iv) the identification details of the Controller and the processors; (v) the parties or categories of parties to whom your personal data may be disclosed or who may become aware of it as processors or authorized persons.
Furthermore, you have the right to obtain:
- access, updating, rectification or, where you have an interest, integration of the data;
- deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data was collected or subsequently processed;
- certification that the operations referred to above have been brought to the attention, including as regards their content, of those to whom the data has been disclosed or disseminated, except where this proves impossible or involves a manifestly disproportionate use of means in relation to the right protected.
Furthermore, you have:
- the right to withdraw consent at any time, where processing is based on your consent;
- (where applicable) the right to data portability (the right to receive all personal data concerning you in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data and the right to erasure ("right to be forgotten");
- the right to object: (i) in whole or in part, on legitimate grounds, to the processing of personal data concerning you, even if pertinent to the purpose of collection; (ii) in whole or in part, to the processing of personal data concerning you for the purposes of sending advertising material or direct sales or for carrying out market research or commercial communication; (iii) where personal data is processed for direct marketing purposes, at any time, to the processing of your data carried out for that purpose, including profiling to the extent that it is connected to such direct marketing;
- where you believe that the processing concerning you violates the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State where you habitually reside, where you work, or where the alleged violation occurred). The Italian supervisory authority is the Garante per la protezione dei dati personali (Data Protection Authority), with registered office in Piazza Venezia no. 11, 00187 Rome (www.garanteprivacy.it).
This privacy notice has been in effect since 12/05/2022.