Privacy Policy

Last updated: March 2026

2. Personal Data Collected

The Controller collects the following categories of personal data:

  • Registration data: first name, last name, email address, encrypted password.
  • Billing data: address, ZIP code, city, province, country, tax code; for business customers: company name, VAT number, SDI code, PEC.
  • Contact data: phone number (optional).
  • ECU files: the files uploaded by users for technical processing.
  • Browsing data: IP address, browser type, operating system, pages visited.

3. Purposes of Processing

  • Account management: registration, authentication and management of the user profile.
  • Service provision: receipt, processing and return of the ECU files.
  • Billing and accounting: issuing invoices and managing payments.
  • Service communications: transactional emails relating to orders.
  • Legal obligations: compliance with tax and accounting obligations.
  • Security: fraud prevention and protection of the platform.

4. Legal Basis for Processing

  • Performance of a contract (art. 6.1.b GDPR): for account management and service provision.
  • Legal obligation (art. 6.1.c GDPR): for billing and tax obligations.
  • Legitimate interest (art. 6.1.f GDPR): for platform security and fraud prevention.
  • Consent (art. 6.1.a GDPR): for any marketing communications, if expressly provided.

5. Retention Period

  • Account data: for the entire duration of the contractual relationship and up to 12 months after closure.
  • Billing data: 10 years from issue, as required by Italian tax legislation.
  • Uploaded ECU files: 30 days from the processing date, unless otherwise requested.
  • Browsing data: a maximum of 12 months from collection.

6. Communication and Sharing of Data

Personal data may be communicated to the following providers, who act as Data Processors:

  • Supabase Inc.: database and authentication infrastructure.
  • Resend Inc.: transactional email sending service.
  • Stripe Inc.: online payment service.
  • Tax advisor: for accounting management and tax compliance.

Data is neither sold nor transferred to third parties for marketing purposes.

7. Transfer of Data Outside the EU

Some providers may transfer data outside the European Union. In such cases, the Controller ensures that the transfer takes place in compliance with the GDPR, through the Standard Contractual Clauses (SCC) approved by the European Commission.

8. Rights of Data Subjects

Pursuant to articles 15-22 of the GDPR, you have the right to:

  • Access (art. 15): obtain confirmation of the processing and a copy of the data.
  • Rectification (art. 16): request the correction of inaccurate or incomplete data.
  • Erasure (art. 17): request the deletion of your data.
  • Restriction (art. 18): request the restriction of processing.
  • Portability (art. 20): receive your data in a structured and readable format.
  • Objection (art. 21): object to the processing at any time.
  • Withdrawal of consent: withdraw the consent given at any time.

To exercise your rights write to: puntomap@libero.it. The Controller will reply within 30 days.

You may also lodge a complaint with the Italian Data Protection Authority: www.garanteprivacy.it.

9. Data Security

The Controller adopts adequate technical and organisational measures to protect data from unauthorised access, loss or disclosure. Among the measures adopted: password encryption, transmission via HTTPS and data access limited to authorised personnel.

10. Cookies

The site uses technical cookies necessary for the operation of the platform. For more information see our Cookie Policy.

11. Changes to the Privacy Policy

The Controller reserves the right to modify this Privacy Policy at any time. Changes will be published on this page with an updated date. In the event of substantial changes, registered users will be informed by email.