Privacy and Data Protection Policy – Abbonamento digitale
Last updated: July 1, 2025. We are committed to protecting your privacy in full compliance with Canada's PIPEDA legislation.
Version 4.0 – Revision Date: April 15, 2026
Article 1: Identification of the Data Controller
This Privacy Policy defines the strict data processing protocols applied by the company Abbonamento digitale (hereinafter « the Platform » or « We »), whose registered office is located at 42 Avenue des Champs-Élysées, 75008 Paris, France. We act as Data Controller within the meaning of Regulation (EU) 2016/679 (GDPR). To ensure the absolute sovereignty of your data, a Data Protection Officer (DPO) can be reached at the secure address: [email protected].
Article 2: Nature of Data Collected
In accordance with the fundamental principle of data minimization, we transparently collect the following categories:
Identity Data: Last name, first names, date of birth, and certified identity documents (strictly within the framework of KYC regulatory obligations).
Contact Data: Authenticated email address, active mobile phone number, and official residential address.
Financial Data: Origin of funds, transaction histories, and user risk profiles.
Technical Data: IP addresses, unique device identifiers, routing metadata, and secure connection logs.
Article 3: Purposes and Legal Bases
The processing of your personal data is based on the following legal grounds:
Contract Performance: Essential for managing your account and accessing our digital services and subscriptions.
Legal Obligation: In accordance with the Monetary and Financial Code (AML/CFT regulations against money laundering).
Legitimate Interest: For the proactive securing of our infrastructure, fraud prevention, and system optimization.
Consent: For sending targeted marketing communications and deploying non-essential analytical trackers.
Article 4: Security and Encryption
Abbonamento digitale deploys institutional-grade cybersecurity standards:
AES-256 Encryption: Application of military-grade encryption for all sensitive data at rest.
TLS 1.3 Protocols: End-to-end security for data in transit.
Sovereign Hosting: Data is stored exclusively on redundant servers within the European Economic Area (EEA).
Article 5: Retention and Inalienable Rights
Retention Period: Your data is retained for the entire contractual duration, then immutably archived for five (5) years to comply with French legal requirements.
Exercise of your Rights: The GDPR grants you the rights of access, rectification, erasure ("right to be forgotten"), restriction, and data portability. Any formal request must be sent to [email protected]. You retain the right to lodge a complaint with the CNIL (www.cnil.fr).