Data controller
The data controller is CDLAN s.p.a. - via Caldera 21, Milan.
The data protection officer can be contacted at rpd@cdlan.it
The following data are recorded on the CDLAN servers for APP operation:
- email address, internal telephone number, public telephone number of the user;
- sip account associated with the user's device to enable push notifications regarding incoming calls or messages. Credentials are encrypted;
- the platform used (iOS/Android);
- last connection IP address;
- APP usage data;
- data of telephone traffic made using the APP.
Data are processed to deliver the service. The legal basis is found in Art. 6, paragraph 1(b) of Regulation EU/679/2016. Traffic data are also retained to fulfil legal obligations. The legal basis is found in Art. 6, paragraph 1(c)
Retention period
Sip account, platform used and connection IP address are retained for 14 days to transmit notifications if the APP is not active at the time of the call.
APP usage data are retained for as long as necessary for billing purposes.
Traffic data are kept for six months for reasons related to service delivery. They are kept at the disposal of the judicial authority for 72 months as required by law.
Communication
The data will be processed by specially authorized employees of CDLAN.
Any third parties processing the data will be appointed as data processors and will receive specific instructions.
Transfer outside the EU
Data are not transferred to countries outside the European Union. The data are processed in Italy.
Rights of the data subject
The data subject has the right to ask the data controller for access to the data concerning them, obtaining a copy of the data and information on the processing to which they are subject.
They also have the right to obtain rectification or, in certain cases, erasure of data, data portability, and restriction and blocking of data processing.
To exercise their rights, the data subject may contact the Data Protection Officer at rpd@cdlan.it
Right to submit a complaint to the authority
The data subject may submit a complaint to the Data Protection Supervisory Authority www.garanteprivacy.it.