Notice under articles 13-14 of EU Reg. 2016/679 (GDPR)
Privacy Notice · Seismic & Fall
Version 1.0 · last updated [DATE]
1. Data Controller
Natural person, single-mandate commercial agent under article 1742 of the Italian Civil Code, holder of an active Italian VAT number, acting independently and outside of the agency relationship. By express choice tied to the nature of the social experiment, the Controller's identifying data (name, address, phone, certified email) are not published in clear text in this document, but are reachable in a verified and official form through the Q-code below, which points to the public chamber of commerce extract of the position and to the Italian Revenue Agency record tied to the VAT number. This mode fulfils the duty to inform under GDPR articles 13-14, since it enables the data subject to identify the Controller in public registries and to exercise their rights without obstacles.
Principal's extraneousness. The Principal is neither Controller nor Joint Controller of the processing carried out through the Application. No data collected through the Application is communicated to the Principal. The Principal's identity is not disclosed.
No insurance coverage. In line with the experimental nature, no policy is in place to cover the data subjects for the processing described here: the Signatory personally assumes the risks connected with the use of the Application, within the limits allowed by law.
2. Data Protection Officer (DPO)
Appointment of a DPO is not mandatory under GDPR article 37: the processing is not carried out by a public authority, and the Controller's core activity does not consist of large-scale processing nor systematic monitoring of sensitive data. For any privacy-related request use the channel pointed to by the Q-code.
3. Categories of data processed
| Category | Where | Example |
|---|---|---|
| Sensor data (accelerometer, gyroscope) | On-device only | 10 Hz buffer, 30 s windows |
| Approximate location | Server (as an area, e.g. cell or 1 km square) | Lat/Lon rounded to 2 decimals |
| Random device identifier | Server | UUID generated at install, not tied to SIM/IMEI |
| Area-consensus events (confirmed alert) | Server | timestamp, area, outcome |
| Technical operation data | Server (logs) | app version, OS, truncated IP |
The following are not processed: name, phone number, address book contacts, audio, video, health data, message content.
4. Purposes and legal basis
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Running the area-consensus experiment | letter a) explicit consent through click-wrap |
| On-device operation (fall detection, demo) | letter b) performance of the service requested by the User |
| Security, anti-fraud, anti-abuse | letter f) Controller's legitimate interest |
| Research, statistics, software improvement | letter a/f) consent and legitimate interest, on aggregated data |
5. Device sensors and permissions
The app accesses:
- Accelerometer / gyroscope: on-device processing, no transmission of the raw signal;
- Approximate location: only if the User enables area consensus, reduced to an area square;
- Notifications: to show the detector states (demo);
- Background execution: to allow monitoring during the experiment.
Each permission can be revoked at any time from the operating system settings.
6. Processing methods
Processing is carried out with electronic tools, by authorized personnel and with security measures (TLS in transit, access control, logs). Raw data is not transmitted; the processing that leaves the device is pseudonymized and minimized (privacy by default, GDPR article 25).
7. Retention period
- Aggregated area-consensus events: 12 months, then anonymized for statistical purposes.
- Technical operation logs: 6 months.
- Random identifier: lifetime of the installation; deleted on uninstall or reset.
8. Recipients and external processors
Data may be communicated to entities acting as Processors under GDPR article 28:
- Hosting / cloud provider: [e.g. EU provider]
- Transactional email service: [provider]
- The Controller's tax adviser, within the scope of the engagement.
No data is communicated to the Principal or to the agency network. No data is sold, transferred or communicated for third-party marketing purposes.
9. Transfers outside the EU
The Controller prefers providers with servers in the European Union. If a provider processes data outside the EEA, the transfer will be based on Standard Contractual Clauses (EU Decision 2021/914) or other instruments compliant with Chapter V of the GDPR. The updated list of sub-processors is available by writing to the Controller through the Q-code channel.
10. Automated decision-making
On-device fall detection is automated processing that does not produce legal or significant effects on the User within the meaning of GDPR article 22: in the current version, no real rescue service is triggered for third parties.
11. Rights of the User
The User may exercise at any time the rights provided by GDPR articles 15-22:
- access, rectification, erasure;
- restriction and objection to processing;
- data portability;
- withdrawal of consent, without prejudice to the lawfulness of past processing;
- complaint to the Italian Data Protection Authority (garanteprivacy.it).
Requests through the channel pointed to by the Q-code · response within 30 days.
12. Provision of data
Provision of data for execution purposes (area consensus) is optional; refusal makes it impossible to participate in that experiment. On-device use of the fall detector alone does not require any personal data to be sent to the server.
13. Cookies and similar technologies
The showcase site uses only technical session cookies, exempt from consent under the Italian Data Protection Authority decision of 10 June 2021. Any activation of analytics cookies will be preceded by a compliant banner. Details in the [Cookie Policy if separate].
14. Minors
The app is not intended for children under 14. For minors, consent of those exercising parental responsibility is required, under article 2-quinquies of Italian Legislative Decree 196/2003 as amended.
15. Changes to the notice
The Controller may update this notice; substantial changes will be communicated in-app and on the website with reasonable notice.