Privacy Policy - Newsletter

Newsletter

Introduction – Who are we?

Yeldo S.A., registered with Commercial registry office of Canton Ticino under the identification number CHE-255.680.014, having its registered office in Via Balestra, 12 6900 Lugano, Switzerland (hereinafter the “Data Controller” or “Yeldo”), owner of the website https://www.yeldo.com/ (hereinafter the “Website”), in its capacity as data controller in relation to personal data pertaining to the users using the Website (hereinafter the “Users”) provides the following privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).

The Data Controller, established outside the European Union, providing a service to subjects resident in the European Union, will process the personal data of Users browsing the Website in full compliance with the Applicable Law, pursuant to Article 3(2)(a) of the Regulation.

How to contact us?

The Yeldo Group takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this privacy policy, Users may contact the Joint Controllers at any time, using the following methods:

For Yeldo S.A.: by sending an email to privacy@yeldo.com For Y-Crowd S.r.l.: by sending an email to privacy@yeldocrowd.com by sending a certified email to: ycrowd@legalmail.it For Yeldo GmbH: by sending an email to privacy@yeldo.com

The Users may also contact the Data Protection Officer (DPO) appointed by the Yeldo Group. The contact details of the DPO are: Shibumi S.r.l., in the person of Lapo Curini Galletti, email: dpo@yeldo.com.

The Data Controller, established outside the European Union, has appointed as its Representative in the European Union, pursuant to Article 27 of the Regulation, the company Yeldo S.r.l., with registered office in Milano, Via Borgogna 5.

What do we do? – Procesing Purposes

By subscribing to the mailing list, the User will receive a periodic newsletter from the Joint Controllers, which will contain information and updates, also of a promotional and commercial nature, relating to the services and activities of the companies that are part of the Yeldo Group (hereinafter, the "Service").

The companies that are part of the Yeldo Group have signed an agreement defining the shared management of the activity of sending promotional and/or commercial communications. The main control of this activity is performed by Yeldo S.A., which verifies that the contents of the communications comply with the general and special applicable legislations, including the provisions of the competent authorities. The object of the communications, on the other hand, is defined by Yeldo S.A. in coordination with the individual companies of the Group.

Particularly, the personal data of the Users will be lawfully processed for the following purposes:

  • processing of the user’s request: Users’ personal data are collected and processed by the Joint Controllers for the sole purpose of fulfilling the latter's request concerning the sending of the newsletter. Therefore, the User will receive from the Joint Controllers a periodical newsletter that will contain information and updates, also of promotional and commercial nature, related to the services and activities of the companies that are part of the Yeldo Group. The User data collected by the Joint Controllers for this purpose include: first name, last name, e-mail address, phone number. No other processing will be carried out by the Joint Controllers in relation to the Users' personal data. Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances shall the Joint Controllers make Users' personal data accessible to other Users and/or third part;

  • legal obligations, i.e., to comply with obligations imposed by law, an authority, a regulation or European legislation.

The provision of personal data for the above processing purposes is optional but necessary, since failure to provide such data will make it impossible for the User to receive the newsletter e-mails from the Joint Controllers.

The User may easily oppose further sending of promotional communications by clicking on the appropriate link in each e-mail. Once the request has been made, the Joint Controllers will send the User an e-mail message to confirm that what the User has requested has been carried out.

The Joint Controllers informs that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (i.e., the formation of contact lists already completed shortly before the receipt by the Joint Controllers of the request for objection) the User will continue to receive some further promotional messages. If you continue to receive promotional messages after 24 hours of exercising your right to object, please report the problem to the Joint Controllers using the contact details set out in paragraph 7 below.

Legal basis for processing

Processing of user’s request (as described in par. 3, lett. a)): the legal basis consists in art. 6, paragraph 1, lett. a) of the Regulation, namely, the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Joint Controllers asks the User to provide a specific free and optional consent, in order to pursue such processing purpose.

Legal obligations (as described in the previous paragraph 3, letter b)): the legal basis consists of art. 6, paragraph 1, lett. c) of the Regulation, as the processing is necessary for compliance with a legal obligation to which the Joint Controllers are subject.

Processing methods and data retention period

The Joint Controllers will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

As regards the purpose described in paragraph 3, letter a) above, Users’ personal data will be stored for the time strictly necessary to fulfil the purposes described therein and, in any case, until Users withdraw their consent.

As regards the purpose described in paragraph 3, letter b) above, the personal data of the Users will be kept for the time strictly necessary to fulfil such purpose, or in any case as long as necessary to protect the interests of both the Users and the Joint Controllers in civil proceedings.

In any case, this is without prejudice to possible retention periods provided for by laws or regulations.

Transmission and dissemination of data

The User’s personal data may be transferred to third countries located outside the European Union that offer an adequate level of data protection, in particular to the territory of Switzerland. In this case, the Data Controller will ensure that the transfer takes place in accordance with the adequacy decision adopted by the European Commission on the basis of Article 45 of Regulation (EU) 2016/679. The effect of that decision is that personal data may be transferred from the EU (and Norway, Liechtenstein and Iceland) to that third country without the need for additional safeguards. In other words, transfers to that country will be treated as data transfers within the EU.

The personal data of the Users may be disclosed to the employees and/or collaborators of the Joint Controllers in charge of managing the newsletter’s service and the Users’ requests. These subjects, who have been instructed to do so by the Joint Controllers pursuant to Article 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Regulations.

The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Joint Controllers as “Data Processors” pursuant to Article 28 of the Regulations, such as, for example, IT and logistic service providers functional to the operation of the mailing list, suppliers of outsourcing or cloud computing services, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Joint Controllers, by making a request in the manner indicated in paragraph 7 below.

Rights of the data subjects

Users may exercise their rights granted by the Applicable Regulations by contacting the Joint Controllers as follows: For Yeldo S.A.:

  • by sending an email to privacy@yeldo.com For Y-Crowd S.r.l.:
  • by sending an email to privacy@yeldocrowd.com
  • by sending a certified email to: ycrowd@legalmail.it For Yeldo GmbH:
  • by sending an email to privacy@yeldo.com

The Users may also contact the Data Protection Officer (DPO) appointed by the Joint Controllers. The contact details of the DPO are: Shibumi S.r.l., in the person of Lapo Curini Galletti, email: dpo@yeldo.com.

The Data Controller, established outside the European Union, has appointed as its Representative in the European Union, pursuant to Article 27 of the Regulation, the company Yeldo S.r.l., with registered office in Milano, Via Borgogna 5.

Pursuant to the Applicable Law, Users have:

  • the right to withdraw consent at any time, if the processing is based on their consent;
  • the right of access to personal data;
  • (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure ("right to be forgotten");
  • the right to object:
    • in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
    • in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
  • if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/ ).


The Joint Controllers are not responsible for updating all links that can be viewed in this cookie policy, therefore whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to such link.