According to the articles 13 and 14 of the GDPR Regulation (EU) 2016/679 and the article 13 of the Italian Data Protection Code 196/2003

  1. Who is the Data controller?

    The Data Controller Responsible for your personal information is Dilium S.r.l., with its Legal Head Office located in via Selvanesco, 75, 20141 Milan - MI - ("The Owner") acting as the controller of the processing of the customer’s personal data and of any potential person bound with them (jointly defined as the'"Interested Party") as in the following paragraph 2 and to be contacted at the e-mail address
  2. What Type of data are processed?

    The Data Controller processes the personal data provided by the Subject, including name, surname, company name, address, telephone number, e-mail address, bank and payment details (jointly defined as the "Data"). The Data Controller does not need to process the data about health of the Interested Parties or the other special categories of personal data in according to Article 9 of the GDPR ( as defined below), therefore the Interested Party must not divulge these personal information to the Owner.
  3. Why are the Data processed?

    The Owner can process a persons personal data only in the following cases: a) to sign work and service agreements with the Owner; b) to fulfil the pre-contractual, contractual obligations and the fiscal rules arising under the existing agreement signed with the Interested Party; c) to carry out the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as Money Laundering prevention); d) to exercise the rights of the Owner, for example the right to defense himself in Court. The purposes referred to in points (a) to (d) are jointly defined as the "Contractual Purposes");

    (e) to carry out functional tasks as well as securitization activities, loan sale and financial issue, assignment of the company or its unit, acquisitions, mergers, split off or other transfers and the activities for its execution; (f) to check to prevent potential risk as well as fraudulent activities ( jointly defined as "Purposes basis of Legitimate Interest").

    (g)to Promote the products and services offered by the Data Controller, moreover by sending advertising materials, newsletters, commercial communications, market research and direct sales activities, also by traditional communication as well as paper-based communication or through remote communication as well as email, chat, phone, sms, instant message, chatbot, smart interactive systems and other remote communications tools; (h) to promote - moreover through the performance of the activities in accordance to the previous letter (g) - the products and services offered by third parties located in the European Union, to which the concerning data will be communicated, belonging to the following product sectors: insurance activities, wholesale and retail trade, information and communication services, professional and technical activities, event organization; and (i) to promote statistical activities to support the promotional tasks to better focus the duties, habits and interests of the Interested Parties and the performance of preparatory and / or functional activities to the correct completion of these promotional initiatives ( jointly defined as Marketing Purposes).
  4. On what basis are data used?

    The processing of data is mandatory according to the Contractual Purposes as provided in the present Privacy Policy in the letters (a) and (c) of paragraph 3 and to fulfil the law duty according to letter (d) of the paragraph 3. If the Interested Party does not provide the Data necessary to Contractual Purposes it may be impossible to carry the professional services out. Treatment for Purposes basis of the Legitimate Interest referred to in paragraph 3, letter (e), is done in pursuit of the legitimate interest of the Owner and of his/her counter parties to perform the corporate transactions in accordance with Article 6, letter f) of GDPR, meant to balance against the interests of users as the processing of data is the extent strictly necessary to the execution of such operations, while the treatment for the Purposes of Legitimate Interest referred to in paragraph 3, letter (f) is functional to the pursuit of a Legitimate Interest of the Owner according to the limits imposed on such treatment and the specific circumstances in which the processing takes place, as illustrated in the same paragraph 3.
    The treatment for the purposes of legitimate interest is not mandatory and the Interested Party may object to submit this processing with procedures expressed in paragraph 8 as follows. So far as the Interested Party is opposed to such processing, his / her Data may not be used for the Purposes basis of the Legitimate Interest, unless the Owner proves the presence of legitimate mandatory reasons prevailing or of exercising or defending a right pursuant to Article 21 of the GDPR.
    Lastly, the processing is optional in order to the Marketing Purposes: if the Interested Party refuses his explict consent, he will not be able to receive commercial communications, newsletters, to take part in opinion surveys, statistics, to receive communications and services in line with his profile. At any time, the Interested party may revoke any consent given with procedures expressed paragraph 8.
  5. How are the Data processed?

    The processing of the personal data is performed by the operations indicated in the article 4 of The Italian Data Protection Code 196/2003 and article 4.2 GDPR, precisely: data collection, registration, conservation, consultation, processing, modification, selection, extraction, use, communication by different way, erasure, destruction. The data may also be processed by manual or electronic instruments suitable to guarantee the security, safety and confidentiality, against with unauthorized access and infringement of rights guaranteed in compliance with provisions of the Privacy Code.
  6. Whom are the Data communicated to?

    The Data may be communicated for the Contractual Purposes to subjects performing connected and functional services to the management of the present Privacy Policy or to be signed it and, primarily, to the following categories of subjects located within the European Union and, within the limits of referred to in paragraph 7, to the Interested Party outside the European Union: (a) business partners, service providers, tax and legal advice, including debt collection agencies; (b) IT or archiving service providers, such as the company issuing and managing the digital signature certificate in case that the digital signature is used by the Interested Party to sign the present Privacy Policy.

    The Data may be disclosed for the Purposes basis of Legitimate Interest referred to in paragraph 3, letter (e) and (f), to commercial partners, providers of assistance services, technical, tax and legal advice, buyer subject in order to securitisation and to sale loan strictly necessary to the execution of such operations when is functional to the pursuit to manage the loans sold as well as assignement of credit and financial issue, assignment of the company or its unit to dilium Srl potential purchasers, acquisitions, mergers, split off or other transfers and the activities for its execution.
    The Data may be disclosed for the Purposes of the Legitimate Interest referred to in paragraph 3, letter (f), to the competent Authorities to carry out the controls indicated above (e.g. fraud prevention). The Data will not be subject to disclosure.

    The Interested Party should act as appropriate in each case as independent third parties or outside responsible person in charge of data processing. The updated list of companies that collect data can be communicated at any time on request by the Data Controller to the data subjects at the address indicated in paragraph 8.
    The Data will not be subject to disclosure.
  7. Are the data transferred abroad?

    Personal data can be transmitted freely without any restrictions outside the national territory to Countries located within and outside the territory of the European Union. The interested Party shall have the right to obtain a copy of the data held abroad and to obtain information about the place where such data are stored by expressly request it to the Owner at the address indicated in paragraph 8.
  8. What are the rights of the Interested Party?

    The Interested Party shall have the right at any time and for free: i) to obtain confirmation of whether or not data relating to him and request access and their communication in an intelligible form; ii) to obtain the hard copy or the digital copy of a) the origin of the data; b) the purpose of the treatment and its mode; c) the logic applied to data processing carried out through electronic instruments; d) the informations about the data controller or subjects in charge of processing; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them such as delegates representative, responsible or person in charge; iii) to: a) request the updating, correction or - if it is of his interest - the integration of data; b) obtain the cancellation, the transformation in anonymous form or the block of data that may be processed in violation of the law, and to oppose, for legitimate reasons, the treatment; c) to obtain the certificate about the way these operation have been brought to the attention of the Interested Party in the event that for any reason it is impossible or this involves a disproportionate effort in order to the rights. iv) to object a) in full or in part, to the processing of data concerning or b) for the purposes of direct marketing carried out through automated methods, including phone or letter as weel as traditional methods. Please note that the Interested Partys right of objection, set out in the previous point b), for direct marketing purposes to the automated and traditional means and that the possibility for the Interested Party to exercise the right of even partial opposition. Therefore the Interested Party may decide to receive only communications by using traditional methods or only automated communications or none of the two.
    Where applicable, the Interested Party is empowered with the rights indicated from articles 16 to 21 GDPR as well as the right to submit a complaint to the Italian Data Protection Authority. The request in order to these rights must be sent to, or by the methods communicated time to time by the Data Controller.
  9. Who are the external data processors?

    The full list of data processors is available by sending a written request to the address specified in paragraph 8 of this Privacy Policy.
  10. What the entry into force of the GDPR modify?

    These provisions shall enter into effect from 25th May 2018, after the entry into force of the GDPR.
    Time-limit on Data Storage:
    (a) for Contractual and Legitimate Purposes referred to in paragraph 3, letters (a) to (e), Data are retained for a period corresponding to the term of the present Privacy Policy (including possible contract renewals) and for at least10 years following the term of the expiry date, the resolution or termination of the present Privacy Policy, except in case of the maintenance of the information in order to reply to any request of legal dispute or by Legal Authority according to the governing Law.
    (b) on legitimate reasons according to paragraph 3, letter (f), even if said data are processed in a way pertinent to the purpose of their collection and its verify;
    (c) for Marketing Purposes according to paragraph 3, letters from (g) to (i) of the present Privacy Policy and are collected for a period corresponding to the term of these Privacy Policy (including possible contract renewals) and for at least 24 Months following the term of its expiry date.

    Other Rights of the Interested Party: the Interested Party may, at any time in accordance with the procedures referred to in paragraph 8 above, request to the Data Controller (a) to limit the processing of the Data in the case of (i) the Data Subject disputes the accuracy of the Data, for the period strictly necessary to the Owner to verify the accuracy of such Data, (ii) the processing is unlawful and the data owner opposes the erasure of the personal data and requests the restriction of their use; (iii) the controller no longer needs the personal data for the purposes of the processing but they are required by data owner for establishment, exercise or defence of legal claims; (iv) the data owner has objected to processing pursuant to article 21 paragraph 1 GDPR waiting for the pending verification about the override between the legitimate interest of the data controller in respect to those of the Data owner; (b) to object at any time to the further processing of their data basis of the Legitimate interest as well as statistical activities or promotional surveys; (c) to obtain the erasure of personal data without undue delay; (d) to achieve portability concerning the personal data.

    Right to complaint: The Interested Party shall have the right to lodge a complaint nt with the Data Protection Authority are the law conditions permit it.
  11. APPS

    Dilium® develops and distributes APP all over the world through the use of the Apple®, Google® Play stores and Huawei. In particular he has developed Radio PRL101,7, DBLock, WakeMeAPP, InPolitixAR, dilimoji, bellfish, Augmented Reality Studio.
  12. Geographic position

    Some APPS can collect, use and share data relating to the geographical location of the user, in order to provide services based on the location itself.
    Most devices provide tools to deny geographic tracking. If the User has expressly authorized this possibility, our APPS can receive information on his actual geographical position.
    The geographical location of the User, at the specific request of the User or when the User does not indicate in the appropriate field the place where he is located and allows the application to automatically detect the position.
  13. FaceID®

    Some APPS use Face ID® functionality to launch the application or to play. UNDER NO CIRCUMSTANCES DILIUM SRL SHALL SAVE OR DISTRIBUTE THIS DATA.
  14. TrueDepth® API

    Some APPS use TrueDepth® API functionality to engage with Augmented Reality Camera. UNDER NO CIRCUMSTANCES DILIUM SRL SHALL SAVE OR DISTRIBUTE THIS DATA.
  15. Intellectual property and trademarks

    dilium® is a registered trademark in Italy, Europe, United States, Canada, and Japan and is going to be registered in the rest of the world. Animoji®, iPhone®, Face ID® , TrueDepth® are registered trademarks of Apple® in the United States and other countries of the world.
  16. Updates

    This Privacy Policy shall be valid from the date shown below. The Owner has the exclusive right to change and/or amend this Privacy Policy also following the entry into force of the GDPR and any subsequent changes and integrations of the Regulations. If substantial, the changes will be notified in advance and the Interested Party will be able to examine the text of the present Privacy Policy constantly updated on the website, in the section dedicated to the company Privacy Policy.
  17. Microsoft Clarity

    We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Milan, May 25th 2018

The Data Controller

dott. Donato Angelo De Ieso