Privacy and Data Protection Policy – Abbonamento digitale
Last updated: July 1, 2025. We are committed to protecting your privacy in full compliance with Canada's PIPEDA legislation.
Version 4.0 – Revision Date: April 15, 2026
Article 1: Identification of the Data Controller
This Privacy Policy defines the strict data processing protocols applied by the company Abbonamento digitale (hereinafter "the Platform" or "We"), with its registered office at 42 Avenue des Champs-Élysées, 75008 Paris, France. We act as Data Controller within the meaning of Regulation (EU) 2016/679 (GDPR). To ensure the absolute sovereignty of your data, a Data Protection Officer (DPO) can be reached at the secure address: [email protected].
Article 2: Nature of Data Collected
In accordance with the fundamental principle of data minimization, we transparently collect the following categories:
Identity Data: Name, first names, date of birth, and certified identity documents (strictly within the scope of regulatory KYC obligations).
Contact Data: Authenticated email address, active mobile phone number, and official residence address.
Financial Data: Origin of funds, transaction histories, and user risk profiles.
Technical Data: IP addresses, unique device identifiers, routing metadata, and secure connection logs.
Article 3: Purposes and Legal Bases
The processing of your personal data is based on the following legal grounds:
Contract Performance: Essential for managing your account and accessing our digital services and subscriptions.
Legal Obligation: In accordance with the Monetary and Financial Code (AML-CFT regulations against money laundering).
Legitimate Interest: For the proactive securing of our infrastructure, fraud prevention, and optimization of our systems.
Consent: For sending targeted marketing communications and deploying non-essential analytical trackers.
Article 4: Security and Encryption
Abbonamento digitale deploys institutional-grade cybersecurity standards:
AES-256 Encryption: Application of military-grade encryption for all sensitive data at rest.
TLS 1.3 Protocols: End-to-end securing of data streams in transit.
Sovereign Hosting: Data is stored exclusively on redundant servers within the European Economic Area (EEA).
Article 5: Retention and Inalienable Rights
Retention Period: Your data is kept for the entire contractual period, then immutably archived for five (5) years to comply with French legal requirements.
Exercise of Your Rights: The GDPR grants you the rights of access, rectification, erasure ("right to be forgotten"), restriction, and data portability. Any formal request must be sent to [email protected]. You retain the right to lodge a complaint with the CNIL (www.cnil.fr).