Privacy Policy NARVALO APP

This document has been specifically drawn up to inform you about the processing of your personal data by the company NARVALO SRL , whose data is indicated below.
In accordance with European Regulation 2016/679 (hereinafter: "GDPR"), the following information is provided to you.

The Data Controller - as defined pursuant to art. 4, co. 1, no. 7) of the GDPR - is the company "NARVALO SRL" , with registered office in Milan, Via Pietro Maroncelli n. 17, tax code, VAT number and registration in the Company Register of Milan, Monza-Brianza and Lodi 11286320962, REA n. MI - 2592277 (hereinafter "Data Controller").

For ease of reading, below are some definitions directly contained in the provisions of the GDPR.
Pursuant to art. 4, co. 1 of the GDPR, means:
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific identity factors physical, physiological, genetic, mental, economic, cultural or social nature of that natural person;
"Processing" means any operation or set of operations carried out on personal data or on sets of personal data, with or without the aid of automated means, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, erasure or destruction;
"Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

This Privacy Policy is valid for three different "types of Users", depending on which the categories of data processed varies:
I. Users without masks (hereinafter, “Basic Users”);
II. Users with the Urban mask (hereinafter, “Narvalo Urban”);
III. Users with the Active mask (hereinafter, “Narvalo Active”).

a) Common personal data: as defined by art. 4, co. 1 of the GDPR. This category includes both personal data such as, for example, name, surname, date of birth, residential address, tax code, and contact data such as landline and/or mobile telephone number and e-mail address. This data is processed in relation to all the "types of users" described above.
On the registration page you will be asked:
● for “Narvalo Base” Users, name, surname, e-mail address;
● for “Narvalo Urban” Users, name, surname, email address and the alphanumeric code or QR code present in the guarantee coupon of the mask;
● For “Narvalo Active” Users, name, surname, email address, the alphanumeric code or QR code present in the guarantee coupon of the mask and the code relating to the Shield Active, gender (male/female), age.

b) Technical data: The computer systems and software procedures used to operate this application acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which, by its very nature, could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP address or domain name of the device used, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the IT environment of the device.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the application and to check its correct functioning, and are deleted immediately after processing.
The data could be used to ascertain responsibility in the event of hypothetical computer crimes against Narvalo.
This data is processed in relation to all "types of Users".
We point out that, regardless of the foregoing, the IT systems and software procedures responsible for the operation of the Apps (such as the Apple store or Google Play) acquire, during their normal operation, some data in any case referable to the User whose transmission it is implicit in the use of Internet communication protocols, smartphones and the devices used. This category of data includes, by way of example but not limited to, the geographical position, the identity of the telephone, the User's contacts, e-mail, credit card data in the case of paid Apps, etc.
NARVALO is not involved in such treatments nor can it be held responsible for them. The interested party may, however, consult the privacy information made available on the following sites:
Apple Store:
Google Play:

c) Geolocation data
This App uses features of Google Maps (when using the Android operating system) and Apple Map Framework (when using the IOS operating system) which can acquire data relating to your geographical position (GPS, Wi-FI, network GSM). Subject to your express consent expressed at the time of opening the "login" service - via a specific PopUp Alert - the App accesses the data relating to your geographical position. Based on the option you have chosen - "Always allow" or "Allow when using the App" - the App will ask you for consent respectively only once or from time to time through a specific Runtime Permission
Localization, starting from the "active" choice in the App, allows you to check and access your device's navigator, knowing the air quality as well as, for Urban and Active Users, calculating the route taken. At any time the user can deactivate the localization of the geographical position by accessing the appropriate section of the App. The choice to deactivate geolocation is not definitive and can be reactivated with the same activation methods. The location data will not be stored in any way by NARVALO except in anonymized and/or aggregated form for statistical purposes.

d) Mask usage data (Narvalo Urban/Active)
By turning on the App and through the user's prior consent to the use of geolocation data (according to the methods described above in point c), information relating to the places where the User has used the App may be acquired, as well as, for Urban and Active Users, the time and methods of use of the mask (for example the data collected will also allow the processing of the data necessary to calculate the times for replacing the filter, allowing the sending of a reminder for proceed with its replacement.). For Narvalo Active Users only, it will also be possible to acquire data on the status of the mask (battery, fan speed and status, automatic use time) also allowing Users to download this information through CVS files.
All this data can be collected only when the App is active and only in the case of express consent to the collection of geolocation data. At any time you can deactivate the localization of your geographical position or any other function connected to the use of the sensor, by accessing to the appropriate section of the App. The choice to deactivate geolocation is not definitive and you can reactivate it with the same activation methods. The location data will be stored to provide the User with the functions connected to the service. NARVALO will not use geolocation data except in anonymized and/or aggregated form.

e) Data pursuant to art. 9 GDPR
Using the sensors installed in the mask, the data on the pressure in the mask and the air temperature inside the mask will also be detected. This data will allow you to verify whether the mask is worn, where it is worn, as well as the relative operating temperature and their subsequent processing will allow you to calculate the user's breathing rate and any other useful data deriving from the use of the mask, complete with filter. The sensor will allow it to detect the operating speed of the fan as well as any additional information about the user's breathing, such as breathing rate.

f) Profiling
As defined in the art. 4 of the GDPR, profiling means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation , health, personal preferences, interests, reliability, behavior, location or movements of that natural person. In this sense, you will be optionally asked for information relating to your habits (e.g. vehicles and places, respectively, used and frequented habitually), functional to the use of the App.

g) Push notifications
This App can send push notifications relating to the service both when the application is active and when it is in the background or closed, if you have activated the sending of push notifications via your device's operating system (Android or IOS). This data is processed in relation to Urban and Active Users.
Specifically, if prior consent is given, it will be possible to use the following functions and related notifications:
● “remind me about the mask” based on the calendar and/or time and/or pollution, reminds the User to use the mask;
● “change filter”: based on actual use of the mask, the App suggests changing the filter;
● “sharing or adding events to your calendar”;
● “breathing notifications”: possibility of sending notifications based on data relating to the user's breathing rate;
● “automatic detection”: for Active Users only, it allows you to send the User a notification reminding you to interrupt the session on the App;
● “malfunctions”: for Active Users only, notifications will be sent on the status of the fan and battery.

h) Usage Identifiers and other similar Technologies
The usage identifier is the unique code of the device worn which is used to provide personalized information and value-added services relating to the User's preferences for using the device, such as, for example, the time of wearing the mask, the fan rotation speed or air quality in the areas or places visited while wearing the mask or the duration of the filter.
When the App is used, NARVALO may collect information relating to activities in the App through the use of usage identifiers, so as to be able to provide additional services and/or advice that better respond to your personal interest for better use. of the device referring to its need and/or particular interest in use.
You can request, at any time, to no longer receive targeted information through the settings of your device's operating system (Android or IOS).
The App also uses third-party analysis platforms to collect anonymous and/or aggregate statistical information on the use of the application.
NARVALO has adopted tools that reduce the user's identification power and tools to not cross-reference the information collected with other information already known to the platform.
You can disable the use of the above usage markers at any time by searching the system settings and disabling the latter's permissions.
The Data described in this paragraph are processed within the limits and in consideration of the different functions available in the App for each type of User (Basic, Urban or Active).

The Data Controller processes your personal data for the following purposes:
to. management of your registration on the App;
b. use of the functions present in the App;
c. sending notifications to use the App (only for Urban and Active Users);
d. compliance with obligations imposed by laws or regulations;
And. analysis of air quality in places frequented by the user;
f. analysis of health conditions (respiratory rate) of users (only for Active Users);
g. profiling activities, functional to the use of the App;
h. sending communications of a commercial nature in order to update users regarding Narvalo initiatives/promotions;
the. sale of data in aggregate form, only following an anonymization process.

The legal basis of the processing is Article 6, paragraph 1 of the GDPR, according to which the processing is lawful only if and to the extent that at least one of the following conditions applies:
- art. 6.1, letter a), the interested party has given consent to the processing of their personal data for one or more specific purposes;
- art 6.1, letter b), the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the interested party;
- art 6.1, letter c), the processing is necessary for compliance with a legal obligation to which the controller is subject;
The legal basis, in relation to the purposes described above, is:
- the art. 6.1 letter c), in relation to the purposes referred to in letter d);
- Article 6.1 letter. a) and b), for everything concerning the processing purposes referred to in letters. a, b, e, f;
- optional and revocable, for everything concerning the purposes of the processing referred to in letters c, gh, i.

We inform you that your data will be processed in compliance with the GDPR and current legislation regarding the processing of personal data.
We inform you that the processing of the data in question is based on the principles established by Article 5 of the GDPR, in particular on the principles of correctness, lawfulness, transparency and protection of the confidentiality and rights of the person whose data is processed.
The processing of your personal data will be carried out using paper, IT and telematic tools, in order to guarantee security and confidentiality in accordance with the provisions of Article 32 of the GDPR.
Your personal data will be retained by the Data Controller for the period strictly necessary to achieve the purposes for which they were collected, and in any case in compliance with the principle of minimization referred to in Article 5, paragraph 1, letter c) of the GDPR as well as the obligations established by law. The location data will be stored to provide the User with the functions connected to the service. NARVALO will not use geolocation data except in anonymized and/or aggregated form.

We inform you that your personal data are not subject to dissemination, meaning with this term the communication of the same to indeterminate subjects, in any form, including making them available or viewable.
On the other hand, the communication of data is requested from the Data Controller, in compliance with legislative provisions, by public authorities, judicial authorities, supervisory and control bodies, information and security bodies or other subjects and/or public bodies for purposes defense and security of the State, prevention and detection or repression of crimes.
To achieve the purposes described in point 3, the Data Controller may need to communicate your personal data to the following categories of third parties:
a) natural persons authorized by the Data Controller pursuant to and for the purposes of Art. 29 of the GDPR due to the performance of their work duties;
b) subjects who have been appointed by the Data Controller pursuant to Article 28 of the GDPR as data processors (the Data Controller), i.e. the natural or legal person who processes personal data on behalf of the Data Controller;
c) entities that provide services for the management of the digital and non-digital communication system;
d) subjects through which the Data Controller uses in various capacities for the provision of the requested service/product.
e) subjects who take care of administrative and fiscal obligations for the Data Controller.

We inform you that your personal data will be processed by the Data Controller exclusively within the national territory. The data you provide will not be transferred by the Data Controller to third countries inside or outside the European Union and/or to international organisations.

Pursuant to art. 7 co. 3 of the GDPR, we inform you that you can revoke the consent given at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
By submitting your request directly to the registered office of the Data Controller indicated above or by using the following e-mail address: , you may exercise, at any time, pursuant to articles 15 to 22 of the GDPR, the right to :

a) request confirmation of the existence or otherwise of your personal data;
b) obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom your personal data have been or will be communicated and, if possible, the retention period;
c) obtain the correction and deletion of your personal data;
d) obtain the limitation of the processing of your data;
e) obtain data portability, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without impediments;
f) object to processing at any time and also in the case of processing for direct marketing purposes;
g) oppose automated decision-making concerning individuals;
h) to ask the Data Controller to access and rectify or delete the data or limit the processing of data concerning him or to oppose their processing, as well as the right to data portability;
i) revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
j) lodge a complaint with a supervisory authority.

The features, functions and services offered by the Site or the APP may undergo changes in the future, consequently, this Privacy Policy may undergo changes and additions over time. We therefore invite you to periodically check the contents.