skip to Main Content


Information to the User pursuant to, and for the purposes of, EU Regulation no. 679/2016, of Legislative Decree 30 June 2003, n. 196 and subsequent modifications

The purpose of this document is to describe the modes by which MYPASS S.r.l. (hereafter “MYPASS”), in accordance to the current legislation, collects and manages the Personal Data of its own Users, their type and the relevant processing by MYPASS, as well as the rights of the Users themselves referring to these processes, based on the principles of correctness, lawfulness, transparency and protection of their privacy and rights.
By implementing the registration procedure on the website, or in the Applications (hereinafter: App) linked to it, or also through the Facebook login procedure, the Users voluntarily communicate their Personal Data to MYPASS.


    MYPASS is an innovative Start-up, with an interoperable multi-channel technology of its own property, which allows to connect payment systems to access infrastructures, making them usable by its registered Users.
    MYPASS (VAT: 06455440484), has its Registered Office in Via Pammatone 7, Genova, 16121, ITALY; phone + 39 011 8397809.
    The e-mail account dedicated to data processing and protection is :


    1. The processing process will pursue the purposes related to the specified given mandate, aiming at the correct and complete execution of this task: connecting payment systems to access infrastructures, and making it usable by the registered Users.
    2. In the event that the User has given his/her consent at the time of activation of the service, or expressed it later and until revocation of the same, his/her Personal Data may be processed by MYPASS for sending advertising, commercial communications and promotional, direct sales, market research on services and events (hereinafter referred to as “marketing activities”) by MYPASS, on services of its own or of the Partners, for the purpose of their direct or indirect sale.
    3. Furthermore, with the User’s consent, marketing activities are carried out by partner Companies of MYPASS, for the purpose of direct or indirect sale of services.
    4. Finally, with the User’s consent, geolocation is carried out, only referring to some App where this option is necessary for the service usability or availability.

    User’s data will also be processed in order to fulfill the obligations imposed by tax and accounting sectors, and to comply with the obligations mandatory for the Owner and provided for by current legislation.


    Personal and Particular Data are collected through the following detailed modes:

      1. Browsing data: during the course of its normal operation, the info system responsible for operating the website acquires some Personal Data, whose transmission is implied in the use of Internet communication protocols.
        Each time the User accesses this site, and every time he/she looks for, or requests, a content, the access data are stored by MYPASS info systems, and potentially also by the Company Responsibles for Data Processing, in the form of tabular or linear data files (in special log files), structured and / or unstructured.
        These are information that is not collected to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow Users identification.
        This category of Data includes: the website from which MYPASS page has been called (so-called “referrals”), the IP addresses or the domain names of the computers used by the users connecting to the site, the addresses in URI notation ( Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc. .) and other parameters relating to the operating system and the User’s computer environment.
        These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site, to identify the pages preferred by the Users, and therefore to provide increasingly adequate content and to check its correct functioning.
        Data could be used to ascertain responsibility in case of hypothetical IT crimes damaging the site, only when required by the supervisory Bodies in charge.
      2. Data provided voluntarily by Users: if Users, by connecting to the website or using the Apps developed by MYPASS, send their Personal Data to access certain services, or to make requests via e-mail, this involves the acquisition by MYPASS of the sender’s address and / or any other Personal Data that will be used exclusively for the provision of the service. Personal Data provided by Users will be communicated to third parties only if the communication is necessary to comply with the requests of the Users themselves, or to ensure the provision of the requested service.
        Particularly, in the service registration area, the User has the possibility to transmit his Personal Identification Data (e.g. e-mail address, name, surname, postal code, other personal data and not) to MYPASS. The sending of these data takes place on a voluntary basis, and involves the subsequent acquisition of the sender’s e-mail address, as well as other Personal Data entered for the purposes of registration to the service, and those ones further entered by the User.
      3. Data that MYPASS collects from the use of its services by the User:
        MYPASS collects information on the services used by the User and how they are used, for example when the User views and interacts with MYPASS ads and content, and with those ones of our Partner Companies.

    This information includes:

      1. Activities performed and information provided by the User.
        MYPASS collects the content and other information provided by the User when using its own Services. This may be information present, or related to, the content provided. MYPASS also collects information on how its Services come to be used, such as the types of content the User views or interacts with, or the frequency and duration of User activities.
      2. Payment Information.
        If the User uses Services for purchases or economic transactions (for example when purchasing services through MYPASS software), information are collected about the purchase or transaction. These may be payment information, such as a credit or debit card number and other card details, or other authentication and account information, as well as contact, shipping and billing information.
        In order to be able to collect the fee for the services offered by the site, MYPASS requests the credit / prepaid card details that the User has to register for the payment of the services. Referring to these Data, MYPASS may have a simple transfer role (so-called “mere conduit”) or temporary memorization (so-called “catching”) as provided for in the Articles 14 and 15 of Legislative Decree 9 April 2003, n. 70 (Electronic Commerce Code). The complete Data relating to credit / prepaid cards will be transmitted, preserved and stored by the Payment Gateway Operator and the Bank Acquirer, the only subjects to have full knowledge of them in order to debit the payments indicated by MYPASS on the same credit card.
        MYPASS will, with the sole purpose of recognizing and matching the credit card to the relevant User, know only a few numbers of the credit card number (PAN); each credit card will also be combined with a code, provided by the bank gateway, identifying the cardholder, so that subsequent charges (recurring payments) are correctly received on the desired User’s credit card.
      3. Device Information.
        MYPASS collects information on computers, mobile phones or other devices where Users install its own Services, or through which it logs in, due to the permissions provided by the Users. MYPASS could associate / link the information collected from Users different devices, to provide consistent services by means of different devices. Here are some examples of information collected:

        • attributes such as the operating system, hardware version, device settings, file and software names and types, signal and battery power, and device identifiers;
        • device locations, including specific geographical locations, for example via GPS, Bluetooth or Wi-Fi;
        • connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile number and IP address.
      4. Third Party Partner Information.
        MYPASS receives information about the User and his/her activities, also inside and outside of its website / software from third-party Partners, such as information from a Partner when offering joint services, or from an advertiser about the User’s experience and interactions with him/her.

    Pursuant to EU Regulation 2016/679, the Data Processing carried out by MYPASS must always have a legal basis. Processing of User’s Data is necessary for the execution of pre-contractual measures or contractual obligations.
    Without consent to the purposes of the processing, the provision of services by MYPASS will not be possible.


    The data will not be disclosed, but they may be communicated to Third Parties / Partners when necessary for the provision of the service, as well as to subjects who perform tasks of a technical or organizational nature on behalf of MYPASS, functional to the provision of the requested services.
    Parties processing Data on behalf of MYPASS have been authorized as Data processors by specific written authorization. Personal Data of Users will be transmitted to the Companies providing services, exclusively for the purpose of allowing the use of the requested services. MYPASS currently collaborates with Third Parties / Partners to whom, consequently, the data of the Users benefiting from the related service will be communicated.
    The categories of recipients of Personal Data are:

    • PARTNERS: lifts facilities, sports facilities, restaurant structures, banks, museums, cinemas, theaters, parking lots, and transport services for tourists.
    • THIRD PARTIES: communications and marketing agencies, social network, then Companies, Associations and Professionals registered in Professional Orders, and Public Administrations.

    User’s Personal Data will be stored by MYPASS, in compliance with EU Regulation no. 679/2016, to Legislative Decree 30 June 2003, n. 196 and subsequent modifications, for a period of time not exceeding that necessary for the purposes for which they were collected and processed.
    Particularly, User’s Personal Data will be stored and processed as long as the User keeps his/her MYPASS adhesion; from the moment of the cancellation, upon the User’s request, MYPASS undertakes to provide for the correction and cancellation of the User’s Personal Data, within a time reasonable and in compliance with the existing laws.
    In accordance with the principles of proportionality and necessity, Personal Data will be stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed, i.e. taking into account: the need to continue to store the Personal Data collected ijn order to offer the services agreed with the User, or to protect the legitimate interest of the Data Controller, as described in the aforementioned purposes, and finally the existence of specific regulatory obligations (code law, anti money-laundering legislation , regulations on investment services, tax monitoring legislation, etc.) or contractual provisions that make Data Processing and Retention necessary, for certain periods of time.


    The User may at any time, by sending a communication to the Data Controller MYPASS, exercise the rights, including: the revocation of consent, access to his/her own Personal Data, and the correction or cancellation of the same ones, or the limitation of processing concerning him/her, or to oppose their processing, in addition to the right of Data portability.
    MYPASS informs the User that, in case he/she believes that his/her rights have been violated by the Data Controller and / or a third party, he/she has the right to make a complaint towards the Data Protection Authority, and / or other competent supervisory Authority, according to the GDPR.


    Data provided for the correct performance of the activity provided may also be of a particular nature. The processing of Particular Data must take place only in special cases, including the case in which the User has given his/her explicit consent to the processing of such Data for one or more specific purposes; consent that may be revoked at any time. Particular Data are Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as processing genetic Data, biometric Data intended to uniquely identify a physical person, Data relating to the health or sexual life or sexual orientation of the person.


    The communication of Data is optional, except for those ones indicated as mandatory or necessary to allow the provision of services; this communication is a contractual obligation, as a requirement of the contract, and it is necessary for its conclusion and for the consequent supply of the requested services. Services that otherwise can not be provided.


    User’s Personal Data processing will take place, in compliance with the provisions of the Privacy Law, with a logic strictly related to the purposes indicated and, in any case, with mainly automated methods and tools.
    To use these services (e.g. geolocation), the User must express consent for the Processing of his/her Data, by ticking the box in the appropriate registration form.
    Where necessary, additional Data may be requested from MYPASS, in order to make possible the provision of the additional services requested.
    At any time the User can read the Notice, and change the consent previously provided, also to verify and / or change the status of active services, and possibly request additional services; the logic used for Data Processing is to allow Users to use the services requested quickly and easily, and, above all, in compliance with current legislation.


    In the event that the User has communicated his/her Personal Data to a Data Processing Controller other than MYPASS, this last one, in addition to the Information described above, communicates, at the simple request of the User to the e-mail address, the source of these Personal Data.


    MYPASS does not use physical servers of its own property, but only those ones located in the cloud, and managed by its technological Partners; this solution allows the secure, protected, and free of technological obsolescence, storage of Users Personal Data; to this goal MYPASS uses one of the largest and most reliable European web hoster providers and datacenter, based in the EU, and certified ISO / IEC 27001.
    All MYPASS operating servers are therefore on a virtualized platform, and use the Linux system, with the most up-to-date security patches applied.
    Personal Data communicated by the Users may be processed at the registered office of the Data Processing Controller.


    MYPASS reserves the right to partially or completely modify the Privacy Policy, or simply to update its content (e.g. due to changes in applicable legislation). MYPASS will publish any updates on its website, therefore MYPASS invites all Users to check periodically the information, in order to be aware about their rights.

Back To Top