Privacy Policy

Last updated: April 5, 2026 — GDPR Compliant

1. Data Controller

Atriums Marketplace SRL, Via Giovanni Giolitti 26, 12068 Narzole (CN), Italy, VAT IT04031370044, acts as Data Controller for platform administration data and as Data Processor on behalf of Tenants for loyalty program member data.

2. Data Collected

Tenant Data (Data Controller): Business name, VAT number, tax code, billing address, PEC, SDI code, contact email, administrator credentials.

Member Data (Data Processor on behalf of Tenant): Name, email, phone number, transaction history, point balance, tier status, referral relationships, device tokens for push notifications.

Technical Data: IP addresses, browser information, access logs, anonymized usage analytics.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Service
  • Legal obligation (Art. 6(1)(c) GDPR): Tax and accounting obligations, anti-money laundering
  • Legitimate interest (Art. 6(1)(f) GDPR): Fraud prevention, service improvement, security
  • Consent (Art. 6(1)(a) GDPR): Marketing communications, optional analytics

4. Data Storage and Security

Data is stored on servers located in the European Union. We implement technical and organizational security measures including:

  • Encryption at rest and in transit (TLS 1.3)
  • Password hashing with industry-standard algorithms
  • Role-based access control
  • Immutable audit logs
  • Regular security assessments

5. Data Retention

Account data: retained for the duration of the contractual relationship plus 10 years for tax obligations. Transaction data: retained for 10 years per Italian fiscal regulations. Audit logs: retained for 5 years. Marketing consent records: retained until withdrawal.

6. Your Rights (GDPR Articles 15-22)

You have the right to: access your data, rectify inaccurate data, request erasure ("right to be forgotten"), restrict processing, data portability, object to processing, and not be subject to automated decision-making.

To exercise these rights, use the contact form on our website.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

7. Third-Party Services

The Service relies on carefully selected third-party providers for payment processing (PCI DSS compliant), transactional email (GDPR compliant), database hosting (EU servers), and electronic invoicing via the Italian government SDI system. All sub-processors operate under data processing agreements compliant with GDPR requirements.

8. Cookies

The Service uses only essential technical cookies (session authentication, language preference). No profiling or third-party tracking cookies are used.

9. Contact

For privacy-related inquiries, use the contact form on our website.

Atriums Marketplace SRL — Via Giovanni Giolitti 26, 12068 Narzole (CN), Italy