Privacy Policy
1. Data Controller
RobyOne by Abram Germano
Via Sospello 123A, 10147 Turin (TO)
VAT ID: 07636130010
E-mail: [email protected]
Website: www.robyone.it
For any questions regarding the processing of personal data, you can contact us at the email address indicated above.
2. Data Collected and Processing Purposes
2.1 Navigation Data
The IT systems and software procedures responsible for the operation of this website acquire, in the normal course of their operation, some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP address, browser type, operating system, pages visited, time of request). This data is used exclusively to obtain anonymous statistical information about the use of the website and to verify its correct functioning; it is retained for the minimum time necessary and deleted after processing.
2.2 Data Provided Voluntarily by the User
The optional, explicit and voluntary sending of messages or completion of forms on the website entails the collection of the sender's contact data and all data entered in the form. The forms on the website are:
- Repair booking form — name, surname, phone, email, device and reported defect; purpose: management of the appointment and related operational communications.
- Processing status form — case number or device data; purpose: verification of the repair progress status.
- Home pickup form — name, surname, phone, email, pickup address (street, number, postal code, city, unit), preferred time slot, device category and description; purpose: organization of the courier pickup service.
- Contact form — name, email, message; purpose: response to information requests.
Legal basis: performance of pre-contractual or contractual measures (art. 6, para. 1, let. b GDPR); legitimate interest of the Controller in managing operational communications (art. 6, para. 1, let. f GDPR).
2.3 Payment Data
The website allows payment of deposits or balances via PayPal and Satispay. Transactions take place directly on the respective providers' platforms; RobyOne does not collect or store credit card data or login credentials for payment services. For their respective privacy notices please see:
3. Cookies and Tracking Technologies
The website uses cookies and similar technologies. Below is a description of the categories used.
| Category | Name / Provider | Purpose | Duration |
|---|---|---|---|
| Technical / Functional | PHP session cookies (PHPSESSID) |
User session management (booking cart, authentication status) | Session (deleted when browser is closed) |
| Technical / Functional | Cookie acceptance policy cookie | Stores the consent given by the visitor to the cookie banner | 1 year |
| Analytical (Third Party) | Google Analytics (via Google Tag Manager) | Statistical analysis of traffic in aggregate and anonymized form | Up to 2 years |
| Security (Third Party) | Google reCAPTCHA | Protection of forms from spam and abuse | 6 months |
| Maps (Third Party) | Google Maps | Display of map on "Where We Are" page | Variable |
You can disable analytical and third-party cookies by modifying your browser settings or using opt-out tools provided by individual providers (e.g. Google Analytics Opt-out). Disabling technical cookies may impair the correct functioning of the website.
4. Google Tag Manager and Google Analytics
The website uses Google Tag Manager (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for centralized management of tracking scripts, including Google Analytics 4. Data collected by Google Analytics is transmitted and stored on Google's servers, including in the United States, in compliance with the safeguards provided by GDPR (EU-USA Adequacy Decision, Standard Contractual Clauses).
The IP address is anonymized before transmission. For Google's complete privacy notice: policies.google.com/privacy.
5. Google reCAPTCHA
The website forms use Google reCAPTCHA (Google Ireland Limited) to distinguish human requests from automated ones. The service analyzes the visitor's behavior (mouse movements, visit duration, pre-existing cookies) and sends the results to Google. Legal basis: legitimate interest of the Controller in website security (art. 6, para. 1, let. f GDPR). Google privacy notice: policies.google.com/privacy.
6. Google Maps
The "Where We Are" page embeds maps provided by Google Maps (Google Ireland Limited). Loading the map may involve the transfer of data (including the IP address) to Google servers. For the complete privacy notice: policies.google.com/privacy.
7. Email and SMS Communications
Following a booking or home pickup request, the Controller sends operational communications (appointment confirmation, repair status updates) to the email address and/or phone number provided. Such communications have no promotional purpose and are sent exclusively within the scope of managing the requested service. Legal basis: performance of contract (art. 6, para. 1, let. b GDPR).
Email sending takes place via the Gmail service (Google Ireland Limited). SMS sending takes place via a third-party provider. Data is processed exclusively for the purpose of delivering the communication.
8. Data Retention Period
| Type of Data | Retention Period |
|---|---|
| Booking and processing data | 10 years (tax and legal obligations) |
| Contact form data | 2 years from the date of last communication |
| Home pickup request data | 2 years from the date of pickup |
| Website access logs | 30 days |
| Analytical data (Google Analytics) | 14 months (default setting) |
After the indicated period, data is deleted or anonymized, except where retention is required by law.
9. Recipients and Data Processors
Data may be disclosed, only to the extent strictly necessary for the indicated purposes, to the following categories of recipients:
- IT and hosting service providers (web server, database)
- Google Ireland Limited (Analytics, reCAPTCHA, Maps, Gmail)
- PayPal (Europe) S.à r.l. et Cie, S.C.A. — payment processor
- Satispay S.p.A. — payment processor
- UPS Italia S.r.l. — express courier for home pickup service
- SMS service providers
The recipients act as Data Processors (art. 28 GDPR) or, in some cases, as independent Controllers. There is no disclosure or transfer of personal data to third parties for their own purposes.
10. International Data Transfers
Some providers (Google, PayPal) process data in the United States. Such transfers take place in compliance with Regulation EU 2016/679, based on the European Commission's adequacy decision regarding the EU-US Data Privacy Framework (July 2023) and/or Standard Contractual Clauses approved by the European Commission.
11. Data Subject's Rights
As a data subject, you have the right to:
- Access (art. 15 GDPR) — obtain confirmation of processing and a copy of data concerning you
- Rectification (art. 16 GDPR) — request correction of inaccurate or incomplete data
- Erasure (art. 17 GDPR) — request erasure of data, in the cases provided for by law
- Restriction (art. 18 GDPR) — request restriction of processing in certain cases
- Data Portability (art. 20 GDPR) — receive data provided in a structured and machine-readable format
- Objection (art. 21 GDPR) — object to processing based on legitimate interest
- Withdrawal of Consent — at any time, without affecting the lawfulness of processing prior to withdrawal
- Complaint — lodge a complaint with the Data Protection Authority (www.garanteprivacy.it)
To exercise your rights, please write to us at [email protected]. We will respond within 30 days of receiving your request.
12. Updates to This Privacy Notice
The Controller reserves the right to update this privacy notice at any time, particularly following regulatory changes or changes to the services offered. Substantial changes will be signaled by a prominent notice on the website. The date of the last update is indicated at the top of this privacy notice.