PRIVACY POLICY

This privacy policy is issued in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR). This document describes how daAaB collects, uses, processes, and protects your personal data when you use our Application and services.

1. Data Controller

daAaB collects some Personal Data from Users. The Data Controller is:

2. Types of Collected Data

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies, Usage Data, and identification data required during registration. Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy. The Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application. Failure to provide mandatory Data requested by this Application may make it impossible to provide our services. Where some Data is explicitly stated as optional, Users are free not to communicate it without any consequences on the availability or functioning of the service. Users are responsible for any third-party Personal Data obtained, published, or shared through this Application and confirm that they have the third party's consent to provide the Data to the Controller.

3. Mode, Place and Legal Basis of Processing

Methods of processing

The Data Controller processes the Data of Users in a proper manner and takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Data. Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures strictly related to the purposes indicated. In addition to the Controller, Data may be accessible to internal personnel involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from the Data Controller at any time.

Place of data processing and international transfers

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. For third-party services located outside the European Economic Area (EEA), transfers are carried out in compliance with GDPR requirements, relying on adequacy decisions (such as the EU-U.S. Data Privacy Framework) or Standard Contractual Clauses (SCCs) approved by the European Commission.

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they were collected for. Data collected for purposes related to the performance of a contract shall be retained until such contract has been fully performed and for the time required by fiscal and legal obligations (typically 10 years). Data collected based on User consent (e.g., analytics or marketing) shall be retained until such consent is withdrawn. Users can always request the Data Controller to remove their data.

Purposes of processing

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes, based on the specified legal grounds:

  • Registration and authentication of Users (Legal basis: Performance of a contract)
  • Displaying content from external platforms (Legal basis: Legitimate interest)
  • Traffic optimization and distribution (Legal basis: Legitimate interest for security and performance)
  • Handling payments (Legal basis: Performance of a contract)
  • Analytics (Legal basis: User Consent)

Detailed information on the processing of Personal Data and specific third-party services is outlined below.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Registration and authentication of Users: By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
  • Google OAuth (Google LLC): Registration and authentication service provided by Google LLC and connected to the Google network.
    • Legal basis: Performance of a contract / contractual necessity.
    • Place of processing: USA (transfers carried out in compliance with the EU-U.S. Data Privacy Framework).
    • Privacy Policy
  • Displaying content from external platforms: This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
  • Open Street Map: Maps visualization service provided by Openstreetmap Foundation that allows this Application to incorporate interactive maps on its pages.
    • Legal basis: Legitimate interest of the Controller for correct operation, optimization, and security of the service.
    • Place of processing: United Kingdom (UK).
    • Privacy Policy
  • Traffic optimization and distribution: This type of service allows this Application to distribute content using servers located across different countries and to optimize performance, filtering communications.
  • CloudFlare (Cloudflare Inc.): Traffic optimization and web security service provided by Cloudflare Inc. It filters all traffic between this Application and the User’s browser.
    • Legal basis: Legitimate interest of the Controller for correct operation, optimization, and security of the service.
    • Place of processing: USA (transfers carried out in compliance with the EU-U.S. Data Privacy Framework).
    • Privacy Policy
  • Handling payments: Payment processing services enable this Application to process payments, sharing only the information necessary to execute the transaction with financial intermediaries.
  • PayPal (PayPal Inc.): Payment service provided by PayPal Inc., which allows Users to make online payments.
    • Legal basis: Performance of a contract / contractual necessity.
    • Place of processing: USA (transfers carried out in compliance with the EU-U.S. Data Privacy Framework).
    • Privacy Policy
  • Analytics: The services contained in this section enable the Owner to monitor and analyze web traffic and keep track of User behavior. Activated only upon explicit consent.
  • Google Analytics (Google LLC): Web analysis service provided by Google LLC. Google utilizes the Data collected to track and examine the use of this Application and prepare reports.
    • Legal basis: User Consent (optional, withdrawable at any time via the cookie banner).
    • Place of processing: USA (transfers carried out in compliance with the EU-U.S. Data Privacy Framework).
    • Privacy Policy
    • Opt Out

Cookie Policy

This Application uses Cookies. To learn more and for a detailed cookie notice, you may consult our Cookie Policy. - Cookie Policy

4. Additional Information About Data Collection and Processing

Legal defense

The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services. The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

Contextual Information

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) or use for this purpose other Personal Data (such as IP Address).

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

The Rights of Users (GDPR)

In accordance with GDPR (Articles 15-22), Users may exercise specific rights regarding their Data processed by the Controller. In particular, Users have the right to: (a) withdraw their consent at any time; (b) object to the processing of their Data; (c) access their Data; (d) verify and seek rectification; (e) restrict the processing of their Data; (f) have their Personal Data deleted or otherwise removed (Right to be forgotten); (g) receive their Data and have it transferred to another controller (Data portability); (h) lodge a complaint with their competent data protection authority (such as the Italian Garante Privacy). Requests to exercise these rights must be directed to the Data Controller via the contact details provided in this document.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller remove their Personal Data.

Information about this privacy policy

The Data Controller is responsible for this privacy policy, updated to ensure full compliance with European personal data protection standards.

5. Definitions and Legal References

Personal Data (or Data)

Any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.

Usage Data

Information collected automatically from this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application.

User

The individual using this Application, who must coincide with or be authorized by the Data Subject, to whom the Personal Data refers.

Data Subject

The living natural person to whom the Personal Data refers.

Data Processor

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller, as described in this privacy policy.

Data Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The Data Controller, unless otherwise specified, is the Owner of this Application.

Application

The hardware or software tool by which the Personal Data of the User is collected.

Cookies

Small pieces of data stored in the User's device.

Last updated: July 16th, 2026