Wash Out

Privacy Policy – washout-app.com Website and Wash Out App

This privacy notice, provided pursuant to Regulation (EU) 2016/679 (“GDPR”), contains important information on the processing of your personal data through the website www.washout-app.com (hereinafter “Site”) or through our app (hereinafter “App”).

Data controller

Wash Out S.r.l. (the “Controller”)
Via Costanza 1, 20146 Milan
VAT: 09454100968
E-mail: privacy@washout-app.com

The Controller has appointed a Data Protection Officer (“DPO”) who can be contacted at the following address: dpo@washout-app.com

Personal data collected

For the purposes set out in this notice, the Controller will process the following personal data:

Navigation data

The IT systems and software procedures responsible for the operation of the Site may, in the course of their normal operation, acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the devices used by users connecting to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.

This data is used solely to control the proper functioning of the site, to allow the correct provision of web services and functionalities requested by you, as well as to ascertain any liability in the event of hypothetical computer crimes against the site or third parties.

With reference to personal data collected through cookies, we invite you to read our Cookie Policy.

Data you voluntarily provide to us

We collect the data you voluntarily provide to us when you make a contact request through the Site, or during the registration and activation of an account on the App, as well as when you book our services through the App. In particular, in the context of registration/booking of services, we collect the following data:

  • Identification data (first name, last name, year of birth)
  • Contact data (address, e-mail, telephone)
  • IP address
  • Billing data
  • Geographic coordinates
  • Device and operating system information
  • App usage metrics
  • Vehicle details (model, license plate, location)

Purposes of processing

Personal data will be processed by the Controller for the following purposes and on the basis of the following lawful conditions:

  • To allow you to browse the Site/App and to provide the web services and functionalities you have requested. This processing is necessary for the performance of a contract or pre-contractual measures taken at your request. The provision of personal data for this purpose is necessary to allow you to browse the Site/App and to provide the relevant services and functionalities; failure to provide data for this purpose may result in the inability to browse the Site/App correctly and to use the services and functionalities appropriately.
  • To verify the proper functioning of the Site/App, web services and functionalities, as well as to ensure adequate security of the Site/App. This processing is based on the legitimate interest of the Controller in monitoring the proper functioning of the Site/App, including web services and functionalities, as well as in ensuring appropriate security against any computer crimes committed by third parties.
  • To register you and create an account on the App, and to request the provision of the service (booking, payment for vehicle washing). This processing is necessary for the performance of a contract or pre-contractual measures taken at your request. The provision of personal data for this purpose is necessary to allow you to register and create an account; failure to provide your personal data entails the inability to create an account on the App, as well as to book one of our services.
  • To exercise or defend a right of ours in court or out of court. This processing is necessary to pursue the Controller's legitimate interest in exercising or defending its own rights.

Data transfer

The Controller stores the data on servers located within the European Union.

Where the Controller, due to requirements related to the location or places of processing of its suppliers, needs to transfer data outside the European Union to countries for which the European Commission has not issued an Adequacy Decision, the Controller undertakes to guarantee adequate levels of protection and safeguards, also of a contractual nature, according to applicable rules, including the stipulation of standard contractual clauses, supplemented where appropriate by additional technical, legal and organizational measures necessary to ensure that the level of protection of personal data is equivalent to that of the European Union.

Data retention

The Controller retains personal data only for the time necessary to achieve the purposes for which they were collected or for any other related legitimate purpose.

Navigation data is deleted after 90 days, except for any need to ascertain crimes by the judicial authority.

Personal data processed to register you and create an account on the App, also through "social login" methods, is retained as long as you keep the account active.

Personal data processed to manage and fulfill your booking and payments is retained for 10 years from collection, in accordance with the limitation periods applicable by law.

Personal data processed for the fulfillment of civil, accounting and tax obligations, also connected to any purchases, is retained for a maximum of 10 years starting from the date of the event giving rise to the legal obligation (e.g., from the date of your booking).

Recipients

For the performance of certain processing activities, data may be communicated to external parties who act as data controllers or who process personal data on behalf of the Controller, as data processors. In particular, personal data may be communicated to the following categories of recipients:

  • companies that provide us with hosting and database services;
  • companies that provide us with IT services and computer assistance;
  • companies that provide the online payment management and electronic invoicing system;
  • consultants and law firms;
  • authorities to which the right to access data is granted by law or regulations (e.g., public security authorities, police forces).

Rights of the data subject

In the cases provided for, you may exercise the following privacy rights in relation to the processing of your data:

  • the right to receive confirmation as to whether or not personal data processing is ongoing and the right to know what personal data is being processed and how it is used (right of access);
  • the right to request the updating, modification and/or correction of personal data (right of rectification);
  • the right to request the deletion of data (right to be forgotten);
  • the right to request restriction of processing (right of restriction);
  • the right to receive a copy of the data in electronic format and to request that such data be transmitted to another data controller (right to data portability);
  • the right to object to processing where the processing is based on our legitimate interest or in the case of processing carried out for marketing purposes, also based on profiling (right to object).

If you exercise any of the aforementioned rights, it will be the Controller's responsibility to verify that you are entitled to exercise it.

Contacts

To exercise your rights or for any questions, you can write to us at the e-mail address privacy@washout-app.com or contact the DPO at dpo@washout-app.com.

Further rights

If you believe that the processing of your personal data is in breach of the provisions of personal data protection legislation, you will always have the right to lodge a complaint with the Data Protection Authority or to take action before the competent judicial Authority.