PRIVACY POLICY
Dear Interested Party,
Vikey S.r.l. has great respect for Users' privacy.
The data that may be communicated through the Mobile App (described below) will be treated with the utmost care and with all the instruments necessary to guarantee their security, in full compliance with the regulations in force to protect the confidentiality of the data. We wish to inform you that the "European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data" (hereinafter "Regulation" or "GDPR") provides for the protection of individuals with regard to the processing of personal data as a fundamental right. Therefore, pursuant to Article 13 of the GDPR, we wish to inform you of the following.
1. WHAT IS VIKEY AND HOW IT WORKS
Vikey offers an innovative service to property owners and managers who, thanks to Vikey, can self check-in their accommodation guests.
Specifically, thisis a service that allows Users, through the use of this mobile app operated by Vikey (the 'Mobile App'), the remote check-in and to enter accommodation facilities with a digital key. As a result of the above, Vikey acts on behalf of the hosts, owners and managers of the properties in which the User decides to stay.
Vikey, in accordance with the GDPR, acts as Data Processor, with respect to the data communicated by Users during registration and navigation data, in particular, the data referred to in points a) and b) of Article 3 of this Policy. The hosts, hotel managers, property owners and managers (collectively, the “Hosts”), who receive the data provided by the Users to Vikey, act as Data Controller, pursuant to the Regulation.
By accepting the following privacy policy, the User declares that he/she is aware that his/her personal data may also be disclosed to third parties for purposes related to the provision of services, as further specified in Article 7 below.
2. GLOSSARY
'Personal data' shall mean any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of that person's physical, physiological, genetic, mental, economic, cultural or social identity.
"Vikey" isthe company Vikey S.r.l. - Via Salaria, 292 | 00198 | Rome (Rm) | P.IVA: 13657201003, Mail: info@vikey.it.
"Processor" or “Data Processor” the natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Controller.
'Controller' or “Data Controller” means the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of the processing of personal data and the instruments adopted, including security measures.
"User(s)" and/or "Data Subject(s)" the individual using this Mobile App to whom the Personal Data relates.
3. DATA CATEGORIES
At the express request of the Controller, the Data Processor collects Personal Data and other information directly from its Users as part of the registration processes on the Mobile App in order to provide the services requested by the Users (this includes data such as: e-mail address, first name, last name, gender, date of birth, citizenship, place of birth, residence, type of document, document number, place of issue of document) for the purpose of staying in the Data Controller's accommodation facilities. This data is considered by the Controller as strictly necessary for the stay in its facility.
The Data Processor is entitled to send the User communications regarding services offered by third parties that may improve the User's stay experience. By way of
illustrative and not exhaustive, such services include: experiences such as tours and courses, ticketing, transfer insurance coverage, e-sim, purchase of delivery services, remarketing, etc...
a. Data provided during registration and data required for payment.
Vikey will process personal data necessary to provide the requested service and to properly register on the Mobile App in order to allow access to the platform and the use of related services. Such data are provided directly by the Data Subject and may include personal data and contact details, including but not limited to e-mail address, first name, last name, gender, date of birth, citizenship, place of birth, residence, type of document, document number and place of document issuance. Vikey may also process data relating to invoicing and data necessary for payment of the stay (in the event of a direct request). If the User so authorises, Vikey may store authentication, which shall be used only for the purposes of executing the contract. It is understood that the User always has the right to ask the Responsible and/or the Controller to delete the Personal Data collected.
b. Data provided to carry out the check-in
Hosts, hotel managers, property owners and managers need certain Personal Data from the User in order for the User to properly check-in at the facilities. Some Personal Data, such as a personal photo, is necessary for the Data Controllers to confirm that the personal photo (sent via the Mobile App) matches the ID of the User who intends to check-in. Vikey will retain only the Personal Data that is essential under legal obligations (as, for example, the Italian “Testo Unico delle Leggi di Pubblica Sicurezza”). The personal photo of the User will be deleted once the Host confirms that the check-in was successful.
c. Automatically collected data.
Computer systems and applications dedicated to the operation of the Vikey Mobile App may collect, in the course of their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users.
d. Data provided voluntarily by the User.
The voluntary and explicit sending of electronic mail to the addresses indicated in the different access channels to the Vikey platform does not imply any request for consent and entails the acquisition of the sender's address and data, necessary to reply to requests, as well as any other personal data included in the message. Such data is understood to be voluntarily provided by the User at the time of the request. By entering a comment or other information, the User expressly accepts this document, and in particular consents to the contents entered being freely disclosed to third parties as part of the provision of services. On the contrary, specific summary information will be reported or displayed in the sections of this Mobile App as prepared for particular on-demand services (forms). The User must therefore explicitly consent to the use of the data reported in these forms in order to send the request. Vikey shall not be liable for any disclosure on the platform of content voluntarily provided by the User within the scope of the services. It is understood that under no circumstances shall Vikey disclose the Personal Data voluntarily provided by the User, unless such data are strictly necessary for the fulfillment of the purposes of the service offered by Vikey.
e. Third-party providers.
The Mobile App utilizes third-party service providers to provide the User with a comprehensive service that allows: User entry into the accommodation facility by comparing a photograph and identification document through Amazon AWS; payment for the stay through Stripe; secure communication (to Users) through Mailgun; and the sending of short messages (SMS) through Twilio or the Wati and Zoho Providers. It is hereby stated that the use of these providers may involve the transmission of Personal Data to a third country. For this reason, the User has the option to verify the use of their personal data by the provider through the following links: : i) Amazon AWS https://aws.amazon.com/it/privacy/ ; ii) Stripe, https://stripe.com/it/privacy; iii) Mailgun, https://www.mailgun.com/legal/privacy-policy/; iv) Twilio, https://www.twilio.com/legal/privacy; v) Zoho, https://www.zoho.com/privacy.html; vi) Wati, https://www.wati.io/privacy-policy/; vii) Google Cloud, https://cloud.google.com/terms/cloud-privacy-notice?hl=it;
4. SOURCE OF PERSONAL DATA
The personal data held by the Data Controller are collected directly from the Data Subject by voluntarily completing specific requests during registration and use of the Mobile App.
5. PURPOSE OF DATA PROCESSING AND LEGAL BASIS
The processing of Users' data has the following purposes and legal basis:
1. Registration and access to the platform
Purpose: authentication, use of and accessto the platform.
Legal basis: contractual fulfilment with the manager.
2. Payment processing
Purpose: payment of Usersfor the booked stay andfor additionalservices.
Legal basis: contractual fulfilment with the Controller.
Provider: Stripe
3. Data strictly necessary for check-in
Purpose: Express request of Hosts who need to verify the identity of the User
Legal basis: contractual fulfillment with the Controller.
4. Sending direct marketing communications
Purpose: updates on the Manager's products and services.
Legal basis: legitimate interest of the Manager.
Provider: Mailgun
5. Maintenance and service improvement
Purpose: use of aggregated and anonymous data to improve the service.
Legal basis: legitimate interest of the manager.
6. Detecting or preventing fraudulent activities
Purpose: to detect, prevent orstop fraudulent activities on the Mobile App.
Legal basis: legitimate interest of the manager andlegal obligation.
7. Compliance with court orders
Purpose: to comply with legal obligations.
Legal basis: legal obligation.
8. Accounting entries
Purpose: to comply with legal obligations.
Legal basis: legal obligation.
9. Automatically collected data
Purpose: to guarantee and improve the service experience.
Legal basis: the legitimate interest of the manager.
10. Data provided voluntarily by the User,
Purpose: is the purpose inherent in the request to enter that data.
Legal basis: User consent.
The provision of personal data for the purposes set out in points 1, 2 and 3 of this article is necessary in order to allow you to register on the platform and to stay in the Owner's accommodation. Therefore, without this data, you will not be able to use our services.
To find out how the Data Controller processes data, the User may send a direct request to the Data
Controller or to the e-mail addressinfo@vikey.it.
6. CHILDREN'S DATA
The Controller does not collect personal data from minors under the age of 14 in compliance with the provisions of Legislative Decree 101/2018. The User who provides untruthful data during registration expressly releases the Owner from any form of liability, it being understood that this exemption extends to the parents and/or guardians of the User under the age of 14. In the event that a parent or guardian of the minor User believes that the latter has registered on the Vikey platform, he/she shall immediately notify the Owner, who will provide for the deletion of the minor User's personal data.
It is necessary to inform the User that if minors under the age of 14 are present, for the sole purpose of allowing them to enter the Owner's accommodation, Vikey may request the following data: name, surname, gender and date of birth.
To find out how the Data Controller processes data, the User may send a direct request to the Data Controller or to the e-mail address info@vikey.it.
7. RECIPIENTS OF DATA
To the extent relevant to the stated processing purposes, Users' data shall be communicated to the Data Controller. Furthermore, Users' data may be further communicated to partners, private companies, third party technical service providers, hosting providers, IT companies, it being understood that, in accordance with the principle of minimisation expressed by the GDPR, only the data necessary to achieve the purposes for which they are transferred will be shared. In this regard, please note that no images of Users, nor data relating to Users' identity documents will be shared (except in countries where this is expressly requested by the authorities).
If suppliers process personal data on behalf of the Controller, they will be appointed as data processors pursuant to Art. 28 GDPR.
To find out how the Data Controller processes data, the User may send a direct request to the Data Controller or to the e-mail address info@vikey.it.
8. TRANSFER OF DATA TO A THIRD COUNTRY
Vikey may share some of the data collected with services located outside the European Union. In particular, through the service of Third Party Providers. The transfer is authorised and strictly regulated by Article 45(1) of EU Regulation 2016/679, so it does not require any specific authorisation. In order to learn about the processing methods of the Data Controller, the User may send a direct request to the Data Controller itself or to the e-mail addressinfo@vikey.it.
9. RETENTION PERIOD
According to the retention limitation principle (Art. 5, GDPR), the verification of the obsolescence of retained data in relation to the purposes for which they were collected is carried out periodically. In particular:
a) data necessary for registration are processed, for the time strictly necessary to achieve the purpose for which they are collected. Some data (such as ID documents)may be retained only according to the deadlinesstipulated by legal regulations.
b) data strictly necessary for check-in (such as personal photo uploaded to the Mobile App) will be deleted by Vikey from the moment after receiving identity confirmation determined by the Host. c) Automatically collected data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the platform and to check its regular operation, including forsecurity purposes or in accordance with legal deadlines,
d) The data provided voluntarily by the User will be kept for a period of time not exceeding the fulfilment of the purposes for which they are processed or in accordance with the deadlines laid
down by law.
It is understood that Vikey is an Italian company that operates within certain countries of the European Union. This impliesthat the legal provisions related to the storage of the User's Personal Data may vary depending on the country in which the User decides to stay, but not only. For further information the User can always contact Vikey's customerservice or by sending a communication to info@vikey.it.
To find out how the Data Controller processes data, the User may send a direct request to the Data Controller or to the e-mail address info@vikey.it.
10. RIGHTS OF THE DATA SUBJECT
The Data Subjectshall always have the right to request from the Data Controller and the Data Processor access to his/her data, rectification or erasure of data, restriction of processing or the possibility to object to processing, to request data portability, to withdraw consent to processing by asserting these and the other rights provided for by the GDPR by simply notifying the Data Controller and/or the Data Processor. The Data Subject may in any case also lodge a complaint with a supervisory authority.
The Interested Party may forward the aforementioned requeststo the following e-mail address: info@vikey.it
11. DATA PROCESSING METHODS
The Personal Data provided by Users will be processed in compliance with the aforementioned legislation and with the confidentiality obligations that inspire the activity of the Data Processor. The data will be processed both by computerised means and on paper or any other suitable support, in compliance with the appropriate security measures pursuant to Article 5(1)(F) of the GDPR.
12. FINAL NOTES AND HOW TO UPDATE
The Privacy Policy is provided only for the Vikey platform and not for other websites and/or mobile apps eventually consulted by the User through links contained in this Mobile App. The Privacy Policy may be subject to change due to the introduction of new regulations in this regard, provided that Vikey will promptly inform Users in such case, the User is invited to periodically check the Privacy Policy in order to stay updated.
Last updated 15.03.2023