Privacy Policy

(pursuant to Art. 13 of Regulation (EU) 2016/679)

For us, personal data needs to be fully and effectively protected. We want to provide our clients with a identity verification (IDV) solution in order to share trusted identity information between financial service providers and the users.

Togggle (the 'Company' or 'we/us') and all the professionals who collaborate with the Company work every day and are constantly committed to protecting your privacy and safeguarding your right to the protection of your personal data.

For this reason, if you would like to take just a few minutes, we will explain how we use the personal data we collect when you interact with us through the Togggle application ('Application') and use the related Services.

This Privacy Policy forms an integral part of our Terms of Service ('Terms'). Your use of the Application constitutes your full acceptance of the Terms.

This policy applies to anyone who installs, uses the Application or makes use of our Services ('user' or 'you').

1. Some basic information 

2. What personal data we process and how we collect it

2.1. Data provided directly by the user

2.2. Data acquired automatically while using Togggle

2.3. Data collected through other sources

3. For what purposes we process your data and what gives us the right to do so

4. Method of processing and communication of your personal data

5. Transfer of data to third countries

6. How long do we retain your data

7. Your rights

1. Some basic information

The applicable legislation, with particular reference to Regulation (EU) No. 2016/679 (General Data Protection Regulation, 'GDPR'), Italian Legislative Decree. No. 196/2003 (the 'Italian Privacy Code') and the relevant measures, decisions and guidelines issued by the Italian Data Protection Authority (collectively, the 'Privacy Law'), identify various figures who must - or sometimes simply may - come into action, taking part in data processing operations, with different roles and responsibilities based on the degree of involvement and discretionary power they may exercise with respect to how and why they process your data. 

Data controller - Togggle

The main actor is called the 'data controller' and freely and autonomously determines the purposes, methods and means of processing, having to ensure the security of your data and the protection of all your rights, according to the provisions of the Privacy Law. 

The data controller is Togggle with registered office in [●].

Other actors can also come into action with a supporting - albeit fundamental - role vis-à-vis the data controller. The Privacy Law in fact allows the latter to delegate one or more specific processing activities to external service providers, if they are reliable, called 'data processors', who may act exclusively on behalf of the data controller and within the limits of the written instructions provided by the latter. 

Please note that by 'personal data' we do not mean only those that allow your immediate identification (e.g. first and last name), but also those that, in combination with other information available to us or to third parties, would allow us to recognize you (e.g. your social security number or the IP address of the device you used to access the Application).

2. What personal data we process and how we collect it 

The use of our Application and Services involves the collection and processing of personal data. 

The categories of personal data collected are indicated in the following paragraphs. Some information is necessary to register you with the Application (your full name, email address and password), other information is only requested when you access to your personal storage space. 

As for the sources of your personal data, some information is provided directly by you (for example, to create your personal storage space, you must necessarily provide us with your full name, email address and set a password). Other personal data is automatically collected when you interact with us through the Application (for example, your device's IP address or personal data collected through cookies and other processing technologies). 

2.1. Data provided directly by the user

Some personal data is provided to us directly by you. Such data include:

✔ Account information

To use Togggle, you must create your personal storage space. When registering, you will only be asked to provide us with your name, email address and to create your own personal password. These are the only details that are essential for us to allow you to interact with us through the Application. Once you have entered this information, when you use Togggle for the first time, it is provided a validation system of your identity. We will immediately send you an email to verify your email address and ensure that it was you who requested the account to be created.

✔ Geo-location information

We may request access to and track location-based information from your mobile device, either continuously or while you are using our Application, to provide certain location-basedservices. If you wish to change our access or permissions, you may do so in your device's settings.

✔ Notifications

You may receive notifications from the Application regarding the operation of our Services, in addition to ordinary notifications related to the functions of Togggle (e.g. receiving messages), for instance we may send you notifications when system updates are available, or if we make any changes to our Terms or to this Policy.

✔ Service and support

You can contact us at any time using the form Contact us on our website [●].

When you contact us for assistance or to receive information about the operation of our Services, we will collect your email address and other details, including personal information, that you choose to share to help us to respond to your requests. 

Please do not send us any personal information through this channel that is not strictly necessary to fulfil your request. It is understood that, in this case, any processing of such personal data will be the exclusive consequence of your choice to share them with us within the above-mentioned conversation.

✔ Feedback

At any time, you can voluntarily send us your feedback on our Services. For example, you can send us reports about any bugs or technical issues you have faced while using the Application. We will only collect the data that you choose to include in the report (including, for example, any screenshots), as well as your e-mail address you used to register with Togggle. We will automatically collect some information about the type of device you are using and the operating system you are using. We will use this data exclusively to manage your report, including possibly contacting you, and to improve our Services.

2.2. Data acquired automatically when using Togggle

We have designed and set up the Application and our Services in such a way as to minimize the collection of user data, minimizing the processing of personal data to what is strictly necessary for the operation and maintenance of our services. However, when you use our Services, we automatically collect certain information through your device. 

This category of data includes:

✔ Navigation data

The computer systems and software procedures in charge of operating the Application, during their normal operation, automatically acquire certain information from your device when you access Togggle or use the related Services via mobile (smartphone).

This data includes, for example: the internet protocol (IP) address when you connect toTogggle, the time of the request and the method used to submit the request to the server; the numerical code indicating the status of the response given by the server (e.g. successful, error, etc.); the country of origin; the type of browser you are using and the name of your internet service provider (ISP); the version of the Application; the type of device used to access the internet, the operating system (iOS, Android) and other parameters and information related to your device and computer environment; the various temporal connotations of the visit, such as the time spent on each page of the Application and details about the itinerary followed within the relevant pages.

This is information whose transmission is implicit in the use of communication protocols with Togggle, and which is automatically collected to manage and optimize the use of the Application and its Services. Therefore, this information is not collected in order to be associated with identified individuals, but considering its nature could, through processing and merging with other information, also held by third parties (in particular, third party providers of Internet connection services), allow your identification.

✔ Data collected through cookies

We use cookies and other similar tracking technologies ('Cookies') to enable you to login to the Application and use our Services. To learn more about the data processing connected with the use of cookies and similar online tracking tools, please see our Cookie Policy.

✔ Application Usage Information

We collect information about how you use our Application and Services, such as what type of content you view on your status, how long you stay on the Application and how often you use it, what time you send and receive messages.

2.3. Data collected through other sources 

Sometimes, Togggle may collect information about you from other sources. In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, as well as from other third parties.

For example, if you interact with us on a social media platform (e.g. Facebook or Twitter), we receive personal information about you such as your name, email address connected from your social media account. 

3. For what purposes we process your data and what gives us the right to do so

Control over what can be done with your data is and should remain solely in your hands.

For this reason, it is our duty to provide you with all useful details to understand the processing that we may carry out in connection with the use of the Application and of our Services, indicating both the specific purpose from time to time pursued and the legal basisthat justifies the processing, allowing us or not to perform the various activities described below.

A. Registration, creation and management of your personal storage space

To access the Application, regardless of which Services you decide to use, you must create a personal storage space. For this specific purpose, we only need your full name, email addressand a personal password. Without this information, we will not be able to process your request to register with Togggle and you will not be able to use the Application.

We will use your email address, exclusively for purposes related and instrumental to the management of your account, as well as to carry out, the necessary service communications (e.g. sending the email during the first log-in to verify your identity, availability of any updates). 

The legal basis for processing your personal data for this purpose is the performance of pre-contractual measures taken at your request and the contract you have entered with us.

Legal basis: Art. 6.1, b) of the GDPR.

B. Using the Application

We will use your information to process and handle your requests for information about our Services and to provide you with the assistance you need in connection with any problems you faced while accessing or using the Application.

In relation to these purposes, we will process your personal data to perform the contract to which you are a party.

Legal basis: Art. 6.1, b) of the GDPR.

C. Testimonial posting

‍We post testimonials on our Application that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and the content of the testimonial. If you wish to update, or delete your testimonial, you could contact us.

In relation to this purpose, we will process your personal data with your consent. 

Legal basis: Art. 6.1, a) of the GDPR.

D. Security

Your personal data may also be processed for the purpose of breach analysis. For example, we may process your data in order to prevent, detect, analyze and/or manage fraud and other illegal activities against the Company or users interacting with Togggle (such as malware attempts, spamming, abusive access to our computer systems), as well as to protect the rights and safety of our users, of the Data Controller or third parties.

Legal basis: Art. 6.1, f) of the GDPR.

E. Marketing communication 

We or our third-party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences.

In relation to this purpose, we will process your personal data with your consent. 

Legal basis: Art. 6.1, a) of the GDPR.

Further purposes

In addition to the above, your data may also be processed for the following additional purposes:

F. in the field of our legitimate interest in performing statistical and aggregate analysis of an anonymous nature (Art. 6.1, f) of the GDPR);

G. for the compliance of specific legal obligations of the Data Controller (Art. 6.1, c) of the GDPR);

H. to comply with and execute requests, orders, decisions and measures of the Judicial Authority or other competent Authorities, including the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati Personali, 'Italian DPA') (Art. 6.1, c) of the GDPR);

I. in the field of our legitimate interest in ascertaining, exercising or defending one of our rights in judicial proceedings, as well as in administrative proceedings and in arbitration and/or conciliation proceedings in cases provided for under the law (Art. 6.1, f) of the GDPR).

The purposes for which the Data Controller may process your personal data, with the relevant legal bases, are summarized in the table below.

4. Method of processing and communication of your personal data

The processing of your personal data may take place using both computerized and manual procedures, but always under the supervision of appropriate security measures to counter the risk of destruction, loss, alteration or unauthorized disclosure of the same. 

Under no circumstances will your personal data be subject to fully automated decision-making processes.

Your data may be made available to third-party service providers, outsourcers and, more generally, external companies to which the Data Controller outsource the performance of activities related to the development of the Application and related Services, where this is indispensable for the performance of the purposes described above (e.g. IT service providers, companies in charge of the development and/or technical maintenance of systems, databases and services of Togggle, professionals and legal and tax consultants, and auditing companies).

These entities, bodies, companies and professionals will process your data as autonomous data controllers or data processors, subject to verification by us of their level of competence and reliability and duly appointed through an appropriate agreement pursuant to Art. 28 of the GDPR, depending on the purpose and type of data processing pursued.

Your data may also be disclosed:

✔ to third-party companies, in case of a corporate reorganization, acquisition, sale, joint venture, assignment, transfer or other disposition of part or all of our contracts, assets or stock (including in connection with a bankruptcy or similar proceedings). For example, if our Company enters into a joint venture with another company, acquires another company, is acquired by another company or merges with another company, your information may be disclosed or transferred to those companies, as well as to our new business partners, new owners or their advisors;

✔ to the Judicial Authority and/or to the Public Security Authority and/or to other competent authorities, in the event of requests or in the cases expressly provided for by law.

5. Transfer of data to third countries

Your data may also be processed outside the European Economic Area ('EEA').

Whenever the need arises to transfer your data to countries outside the EEA, it is our duty to ensure that those countries provide levels of protection and security at least equivalent to those required by the Privacy Law and to impose the same data protection and security obligations on the recipient of the data as we do (e.g. by entering into Standard Contractual Clauses with the recipient of the data and by carrying out a risk assessment of the transfer when required).

6. How long we retain your data

We will only retain your data for as long as necessary to achieve the purposes described above.

In particular, also in accordance with the provisions of specific laws:

✔ the navigation data, automatically acquired during the use of the Application and of our Services, will be deleted at the end of each session (from the log-in to the log-out), except for the sole and ascertained security reasons, to allow us to establish possible responsibilities in case of cybercrimes committed against us;

✔ data collected through cookies and similar tracking technologies will be retained in accordance with the periods set out in our Cookie Policy;

✔ the data that you provided upon registration, i.e. your name, your email address, collected for the purposes of activating and managing your personal  storage space, will be retained until you decide to deactivate your personal account;

✔ data processed for security purposes (e.g. logs) will be retained for the time strictly necessary to perform security checks and evaluate the results and, in any case, no longer than one year after collection;

✔ data collected when you interact with us through the 'Contact Us' section to request assistance, support or general information on our Services, or to report us on any technical problems faced in using the Application, will be processed only for the time strictly necessary to respond to your requests and manage your reports;

The retention times of your personal data are summarized in the table below.

After the expiration of the above-mentioned terms, we may further store your data for anonymous aggregate statistical purposes, as specified above, as well as to comply with any requests, orders, decisions or provisions issued by the Judicial Authority, Public SecurityAuthority or other competent authorities, as well as to ascertain, exercise or defend our legal rights in court.

7. Your rights

As a data subject, you may at any time exercise your rights under the Privacy Law, namely:

a. Access: to know whether or not your data is being processed and, if so, to receive evidence - among other things - of the purposes of the processing, the categories of data involved, the recipients to whom the data may be disclosed, the applicable retention period, the existence of an automated decision-making process;

b. Rectification: obtaining without undue delay the modification and updating of any inaccurate data concerning you;

c. Erasure: by obtaining the erasure of your data, unless expressly exempted, when (i) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you have withdrawn your consent to a specific data processing, if there is no other appropriate legal basis; (iii) you have objected to a specific processing for reasons related to your particular situation, as set out in point f.below and there is no overriding legitimate reason for us to continue processing; (iv) the data has been processed unlawfully; (v) the data must be erased in compliance with a legal obligation to which we are subject;

d. Restriction of processing: by obtaining the suspension of the processing of your data when: (a) you contest its accuracy, for the period necessary to allow us to carry out the necessary verifications; (b) the processing is unlawful, but you oppose the erasureof your data, requesting instead the restriction of their use; c) your data are no longer necessary in relation to the purposes identified above, but you need them for the purposes of ascertaining, exercising and/or defending your rights in court; d) you have objected to one or more processing operations and we are still in the process of verifying the existence of legitimate reasons that allow us to continue to process your data;

e. Portability: requesting to receive in a structured, commonly used and machine-readable format the personal data you have provided to us and/or to transmit them directly to another data controller;

f. Objection: objecting on grounds relating to your personal situation to processing based on our legitimate interest and obtaining its termination, except where (i) there are compelling legitimate grounds, overriding your interests, rights and freedoms, that allow us to continue the processing; or (ii) your data is necessary to enable us to establish, exercise or defend a right in court;

g. Withdrawal of consent: by withdrawing the consent previously given, it being understood that the data processing we will have carried out up to that point will remain fully lawful;

h. Complaint: by lodging a complaint to the Italian DPA, if you believe that one or more processing of your data are carried out by us in violation of the current Privacy Law. This is without prejudice to your right to lodge an administrative or jurisdictional appeal.

To exercise your rights and/or to ask for any information or clarification regarding the processing of your data by Togggle, you can write at any time to the following contacts:

– E-mail: [●].

– PEC: [●].

– Paper mail: [●].