Skip to main content
Talk with us
(+39) 049 099 1301
Write to us
Book an appointment
09:00 – 18:00 mon-fri
User Log In

Mod. INL – Data Updated 02/2026

Information on the processing of personal data

Pursuant to Art. 13 of EUROPEAN REGULATION NO. 679/2016

Dear Data Subject,

Finapp SpA, as Data Controller pursuant to Art. 13 of European Regulation No. 679/2016 “General Data Protection Regulation (GDPR)” (hereinafter EU Regulation), containing provisions on the processing of personal data, intends to inform you about the processing of your personal data. The law provides that anyone processing personal data is required to inform the data subject regarding the data processed and the qualifying elements of the processing, which must in any case take place in a lawful, fair, and transparent manner, as well as protect confidentiality and guarantee the rights of the data subject.

It is specified that data processing means any operation or complex of operations concerning the collection, recording, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, or destruction of the data itself.

1. Data Controller

The Data Controller is Finapp SpA, with registered office in Via del Commercio, 27 – 35036 Montegrotto Terme (PD), C.F. and P.I.V.A. 04600140232, reachable at the following contact details: telephone +39 049 0991301, e-mail: info@finapptech.com (hereinafter “Controller” or “Data Controller”).

2. Nature of Data Processed, Purposes and Legal Basis of processing

Nature of data processed. In relation to the purposes of the processing listed below, please note that only “common personal data” will be processed such as, for example: personal data of the corporate contact person (name, surname, denomination, email); etc.

Purposes of processing. Your personal data will be processed for the following purposes:

  • respond to your request for registration to our newsletter: by voluntary filling in of the specific form found in this newsletter area;
  • comply with legal obligations;
  • marketing: to send you advertising material, direct sales, performance of market research and commercial and promotional communications;

Legal basis of processing. Personal data, for the purposes referred to in points 2A and 2B, will be processed lawfully to fulfill pre-contractual and contractual obligations between us and the user (Art. 6, par. 1 lit. b), and to fulfill our legal obligations (Art. 6 par. 1 lit. c). Your personal data, for the purposes referred to in point 2C of this information notice, may be processed lawfully exclusively with your specific, separate, express, documented, preventive and completely optional consent (Art. 6. par. 1 lit. a of the EU Regulation). The consent you have given may be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation (Art. 7 par. 3 of the EU Regulation). Furthermore, the data subject is informed that, pursuant to Art. 21 of the EU Regulation, the data subject has the right to object at any time to the processing of personal data concerning him/her carried out for direct marketing purposes (including profiling) and that, if the data subject objects to the processing, personal data may no longer be processed for such purposes.

Clarification: following the principle of maximum transparency towards the Data Subject that distinguishes our Company, we wish to inform you that if you decide to provide consent to point 2C (marketing), you must be previously informed and aware that the purposes of the processing pursued are of a specific commercial, advertising, promotional and marketing nature in a broad sense, such as:

  • 1. sending advertising and informative material (e.g. Newsletter), of a promotional nature;
  • 2. sending commercial information by paper, automated or electronic means and, in particular, by ordinary mail or e-mail, telephone (e.g. calls, WhatsApp messages, SMS, MMS), fax and any other computer channel (e.g. websites, mobile apps);
  • 3. forwarding invitations to events, exhibitions and informative and promotional meetings;
  • 4. forwarding update communications on promotional initiatives or on technical news, for services, training or assistance and/or detection of the degree of satisfaction with quality.

3. Recipients of the data and Processing methods Existence of an automated decision-making process, including profiling

The processing of your personal data will be based on the principles of correctness, lawfulness and transparency and may be carried out using paper and electronic tools both by the personnel of the writing Company, authorized/entrusted with the processing of personal data, and by external parties called to perform specific tasks on behalf of the Data Controller, in the capacity of Data Processors, pursuant to Art. 28 of the EU Regulation, subject to our letter of appointment imposing on them the duty of confidentiality and security of the processing of personal data, and the adoption of suitable security measures to prevent data loss, unlawful and incorrect use, and unauthorized access, in compliance with current provisions on the protection of personal data. For the sake of brevity, the detailed list of such figures is available at the office of the Data Controller and is at your disposal. Your personal data will not be disseminated and will not be transferred to third countries or international organizations, nor will they be communicated to third parties except for legal or contractual obligations. With reference to the provisions of Art. 13 of the EU Regulation at par. 2 lit. f) and Art. 14 of the EU Regulation at par. 2 lit. g), it is noted that the Data Controller currently does not use any automated decision-making system or process.

4. Data retention periods

Your personal data will be kept for a period of time no longer than the achievement of the purposes for which they are processed, in compliance with the principle of storage limitation provided for by the EU Regulation and/or for the time necessary for legal and contractual obligations or until the specific consent is revoked by the data subject and, therefore:

  • with reference to the purposes indicated in points 2A-2B, the data will be kept for the time no longer than the achievement of the purposes for which they are processed and/or for the time strictly necessary for the fulfillment of legal and contractual obligations;
  • with reference to the purposes indicated in point 2C, the data processed for Marketing purposes will be kept for no longer than 24 months from collection.

To guarantee the declared storage times, a periodic annual check is provided for the data processed and the possibility of being able to delete them if no longer necessary for the intended purposes.

5. Access to data (categories of recipients to whom the data may be communicated)

We further inform you that the collected data will never be disseminated and will not be subject to communication without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants or other subjects for the fulfillment of tax and legal obligations or for the fulfillment of the purposes (where authorized), subject to our letter of appointment imposing on them the duty of confidentiality and security of the processing of personal data. With reference to Art. 13, par. 1, lit. e) of the EU Regulation, we proceed to indicate the subjects or categories of subjects (duly identified and instructed) who may become aware of the user’s personal data as processors or appointees and a specific list by category is provided below:

  • Shareholders, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as appointees/authorized and/or data processors (e.g. offices: commercial, technical, administrative, legal, press; system administrators, external professionals, various service providers, etc.);
  • Partner companies and/or companies directly connected with the writer, as their activities are essential to the completion/execution of what you have requested.

Your personal data may also be communicated to external subjects who are recipients of the practices concerning you, in the performance of the activities and to external subjects who interact with the writer, always and exclusively for activities functional to the purposes described above, external subjects called to perform specific tasks on behalf of the Data Controller, in the capacity of Data Processors, pursuant to Art. 28 of the EU Regulation. For the sake of brevity, the detailed list of such figures is available at our office and is at your disposal.

6. and 7. Communication and transfer of data

Without the need for express consent (Art. 6 par. 1, lit. b), c) and f) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in points 2A to 2B to supervisory bodies, judicial authorities, as well as to those subjects to whom communication is mandatory by Law for the fulfillment of the purposes indicated above. These subjects will process the data in their capacity as independent data controllers. Personal data are stored on devices located at the office of the Data Controller or at providers, within the European Union. Your data will not be disseminated. To ensure the security of such transfers, we only use subjects who offer the necessary guarantees to implement appropriate technical and organizational measures so that the processing carried out complies with the provisions of EU Reg. 679/2016. Both regarding the data present on its own devices and for any data present at providers, the Data Controller has implemented appropriate technical and organizational measures to guarantee a suitable level of security, in full compliance with what is indicated in the EU Regulation.

8. Consequences of failure to communicate data

The personal data referred to in points 2A-2B of this information notice are necessary; without such data, it would be impossible for us to proceed with registration (creation of your personal account) and to fulfill contractual and legal obligations. On the other hand, the personal data referred to in point 2C are optional; the refusal to provide them will not entail any consequence and will not prejudice your request to proceed with registration as well as to perform contractual and legal obligations. You can therefore decide not to provide any data or to subsequently deny at any time the possibility of processing data already provided.

9. Rights of the data subject

In your capacity as a data subject, you have the rights referred to in Articles 15 to 22 of the EU Regulation listed below and precisely you have the right to:

  • obtain confirmation of the existence and processing of personal data concerning you and, in such case, obtain access to your data (so-called right of access);
  • obtain information regarding the purposes of the processing, the categories of data in question, the recipients or categories of recipients to whom the data have been or will be communicated, in particular if recipients in third countries or international organizations, the expected period of data storage or the criteria used to determine such period;
  • and if the data are not collected from the data subject, obtain all available information on their origin;
  • obtain the rectification of data concerning you (so-called right of rectification);
  • obtain the erasure of data concerning you (so-called right to be forgotten);
  • obtain the restriction of processing (so-called right of restriction of processing);
  • obtain data portability, i.e. receive them from a data controller in a structured, commonly used and machine-readable format and transmit them to another data controller without hindrance (so-called right to data portability);
  • object to the processing at any time (so-called right to object). You are specifically informed, as required by Art. 21 of the EU Regulation, that if personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning him/her carried out for such purposes and that if the data subject objects to the processing for direct marketing purposes, personal data may no longer be processed for such purposes;
  • be informed (with the possibility of objecting) of the existence of an automated decision-making process concerning natural persons, including profiling;
  • revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
  • lodge a complaint with a supervisory authority (Garante per la Protezione dei Dati Personali).

Please note that there may be conditions or limitations to the rights of the data subject. It is therefore not certain that, for example, you have the right to data portability in all cases, as this depends on the specific circumstances of the processing activity. Another example: if you decide to object to the processing of data, the Data Controller has the right to evaluate your request, which may not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms.

10. Methods of exercising rights

Without any formality, you may at any time exercise your rights in a clear and explicit way by sending:

  • a registered letter with return receipt to the writer;
  • an e-mail to the address info@finapptech.com;
  • Or by contacting the Data Controller directly at the number: +39 049 0991301.

11. Minors

What is offered by the Data Controller and the subject of the relationship with you does not provide for the intentional acquisition of personal information referring to minors. In the event that information on minors were involuntarily recorded, the Data Controller will delete them promptly, upon request or notification from the data subject.

12. Appointees/Authorized persons – Data Processors

Below we provide some information that it is necessary to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards Data Subjects are a founding part of our business.

  • Appointees/Authorized persons. The updated list of appointees/authorized persons for processing is kept at the office of the Data Controller.
  • Data Processors. For the sake of brevity, the detailed list of such figures is available at our office.

Finapp world

Who we are
Vision and Mission 
Authors
Finapp probe
Resources
News
Partners

Applications

Agriculture
Environmental Monitoring
Water Leaks
Scientific Research
Water Resource
FAQ

Link

Finappedia
Contacts
Privacy Policy
Cookie Policy
Work with us

Newsletter

Get exclusive access to our latest information by subscribing to Finapp’s newsletter!

Headquarters

FINAPP S.P.A. | Via Del Commercio, 27 – 35036 Padova (PD) – Italy
Mail: info@finapptech.com
Phone: (+39) 049 099 1301
VAT 04600140232
Paid-in capital: €71,600.00 f.p.

Follow us

Placeholder

All rights reserved. © 2026 by FINAPP S.P.A. | credits

Privacy Policy | Cookie PolicyChange cookie preferences