Privacy Policy

Privacy Policy

The present Personal Data Processing Policy (hereinafter referred to as the “Privacy Policy”) is intended to inform Clients about the processing of personal data by CHIDORI TECHNOLOGIES SRL, in its capacity as a personal data controller.The information covered by the Privacy Policy is obtained during the conclusion and execution of contractual relationships in accordance with the Terms and Conditions of Use of the Company’s Website. Terms and expressions written in capital letters in this Privacy Policy shall have the meaning attributed to them in the Terms of Use published on the Company’s Website.The information presented below mainly refers to:
  • types of personal data collected and processed;
  • purposes for which personal data are collected;
  • situations in which personal data may be disclosed to third parties and the period of storage;
  • the rights of the Company’s Clients.
The display of this Privacy Policy on the Company’s Website / on the POS display represents the fulfillment of the Company’s legal obligation to inform Clients, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR Regulation”).

1. Categories of personal data concerned

“Personal data” means any information that contributes to the identification of a natural person.​In this respect, the Company will collect, store, and process the following types of data, without this list being exhaustive:
  • name, surname;
  • telephone number;
  • Public Key (alphanumeric address);
  • billing data;
  • gender;
  • date of birth;
  • any other information that can be obtained from the identity document presented;
  • photographs;
  • copies of the identity document presented.

2. Legal basis for processing personal data by the Company

Prior to the conclusion of the contract, the Client’s action of presenting or entering personal data when using the Company’s Website represents their consent to the collection, storage, and processing of personal data under the conditions of this Privacy Policy.Following the conclusion of the contract in accordance with the Terms of Use, the Company is authorized to collect, store, and process the Client’s personal data under the respective contract, in accordance with the provisions of the GDPR Regulation.

3. Purposes of processing personal data

The Company collects, stores, and processes information regarding the Client for the purpose of:
  • concluding and executing the contract, according to the Terms of Use;
  • preventing and monitoring fraud, money laundering, economic sanctions, or terrorism financing;
  • verifying compliance with the contracting conditions as presented in the Terms of Use;
  • assisting the Client in using the Website / POS;
  • fulfilling the Company’s legal obligations;
  • preparing anonymous statistics, reports, or analyses.

4. Disclosure of data to third parties and storage period

The Company may allow access to the Client’s personal data to specific categories of persons, namely: public authorities, companies affiliated with Chidori Technologies, third parties contracted by the Company as providers of maintenance or technical support services for ATMs, and third parties that prepare reports and statistics. These third parties are either empowered by the data controller, acting on its instructions, or authorized by law to request such information.Personal data is stored for the period necessary to fulfill the purposes for which it was collected. The Client has the right to request the deletion of such information from the data controller’s database if they consider that its storage is no longer necessary.In determining the appropriate retention period for personal data, the Company considers the volume, nature, and sensitive character of the personal data, the potential risk of harm from unauthorized use or disclosure of the Client’s personal data, the purpose for which the personal data is processed, whether the Company can achieve these purposes by other means, as well as applicable legal requirements.

5. Privacy Policy: Client’s Rights

As a result of the collection, storage, and/or processing of personal data, the Client acquires the following rights:
  • right of access: the right to obtain information regarding the processed data. This includes the source of the personal data, the purpose of processing, details about the data controller, its representatives, or third parties to whom the data may be transmitted;
  • right to withdraw consent, when such consent is required for the processing of personal data;
  • right to rectification: the possibility to request modification or completion of their data;
  • right to erasure of data: this right may be exercised if the Client considers that their storage is no longer justified for the accepted purposes;
  • right to restriction of processing: the Client may request such limitation in certain circumstances (e.g., if they have exercised the right to rectification, during the period between their request and the data update);
  • right to lodge a complaint: this may be addressed to the Company or to the National Authority for the Supervision of Personal Data Processing and refers to violations of this Privacy Policy or relevant legislation by the Company or third parties who had access to the data.