PRIVACY POLICY

1. GENERAL PROVISIONS

VAULTS1 S.R.L., tax code and VAT number 14378300967, with registered office at Via Vincenzo Monti, 47, 20123 Milan (MI), Italy (hereinafter “VAULTS1”), respects and protects the privacy of every user of the website www.cassettasicurezza.it and of every client, and undertakes to process and safeguard personal data lawfully, fairly, and transparently.

This Privacy Policy is drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”), Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Personal Data Protection Code), as well as applicable Italian legislation on personal data protection.

This Policy describes the methods of processing collected information (including personal data), the purposes of processing, and the data retention methods.

It outlines the principles governing the collection, use, and storage of personal data of users and clients accessing the website www.cassettasicurezza.it, as well as the purposes, methods, and parties that may access personal data for specific purposes.

We reserve the right to amend this Policy. In the event of updates, the revised version will be published on www.cassettasicurezza.it; users are therefore encouraged to review it periodically.

The terms of this Policy apply whenever the user visits VAULTS1 premises or the website www.cassettasicurezza.it, regardless of the device used.

By accessing the website www.cassettasicurezza.it, you accept the terms of this Policy. If you do not agree, please refrain from using the website and its services.

The website visitor and/or client (hereinafter “Data Subject”), by providing personal data, acknowledges that VAULTS1, as Data Controller, will process such data for the purposes and in the manner described in this Policy, in accordance with the legal bases set out in the GDPR.

Minors under the age of 16 may not provide personal data via the website without parental or legal guardian consent.

2. WHAT ARE OUR PRINCIPLES REGARDING PERSONAL DATA PROTECTION?

In collecting and processing personal data, we adhere to the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality ensured through appropriate technical and organizational measures pursuant to Article 32 GDPR

3. WHAT DATA DO WE COLLECT, FOR WHAT PURPOSES, AND HOW ARE THEY USED?

We collect and use personal data where the Data Subject intends to enter into or has entered into a contract with VAULTS1, has given consent, or where processing is necessary for the legitimate interest of the Controller or to comply with legal obligations.

We collect data provided directly by the Data Subject or obtained from lawful sources in compliance with GDPR.

Purposes of processing:

1. Website browsing

If you visit www.cassettasicurezza.it, we collect technical browsing data (IP address, access data, device information, cookies).

Purpose:

  • website security
  • technical management
  • statistical analysis

Legal basis: legitimate interest

2. Newsletter and informational communications

When registering or requesting information, we may collect name, surname, email, and phone number.

Purpose:

  • sending newsletters
  • informational and promotional communications

Legal basis: consent

Consent may be withdrawn by writing to info@cassettasicurezza.it.

3. Consultancy and contacts

To provide service consultations, we process identification and contact data.

Legal basis: pre-contractual measures

4. Execution of the rental contract

To provide safety deposit box rental services, we process:

  • name and surname
  • tax code
  • identity document
  • address
  • contact details
  • bank details
  • payment data

Purpose:

  • contract execution
  • administrative and accounting management
  • tax compliance

Data are retained for the duration of the relationship and for 10 years thereafter.

5. Online payments (PayPal and Stripe)

The website allows payments via PayPal and Stripe.

Payment card details are entered directly into the secure systems of these providers. VAULTS1 does not access or store full card data.

PayPal and Stripe act as independent data controllers.

Legal basis: contract execution

6. Direct marketing and profiling

To provide personalized offers, we may automatically analyze data relating to service usage and browsing behavior.

Such activity may constitute profiling under Article 22 GDPR.

Legal basis: consent

The Data Subject may object at any time.

7. Third-party tools (Google and Meta)

The website may use tools such as:

  • Google Analytics
  • Google Ads
  • Meta Pixel (Facebook/Instagram)

These tools may collect browsing data and online identifiers.

Their use occurs only after explicit consent via the cookie banner.

8. Communication recording

Telephone communications may be recorded for service quality and security purposes.

9. Video surveillance

A video surveillance system is active at our premises for security purposes.

Images are retained for 30 days.

10. Protection of the Controller’s rights

We may process data necessary to defend our rights in legal proceedings or to manage disputes.

11. Data sources

Data may also be obtained from:

  • banks
  • insurance companies
  • tax and legal advisors
  • judicial authorities
  • Chamber of Commerce and other public registers

We do not process special categories of data under Article 9 GDPR unless required by law.

4. HOW WE PROTECT YOUR DATA

We adopt appropriate technical and organizational measures to prevent unauthorized access, loss, or destruction of data.

Data are stored for as long as necessary for the purposes for which they were collected and in accordance with Italian legal requirements.

Retention may be extended in the following cases:

  • protection of legal rights
  • investigations of unlawful activities
  • dispute resolution
  • legal obligations

At the end of the retention period, data are deleted or anonymized.

5. YOUR RIGHTS

The Data Subject may exercise the rights provided under Articles 15–22 GDPR by contacting:

VAULTS1 S.R.L.
Via Vincenzo Monti, 47
20123 Milan (MI), Italy
info@cassettasicurezza.it

You have the right to:

  • access your data
  • rectification
  • erasure
  • restriction of processing
  • objection, including to profiling
  • data portability
  • withdrawal of consent
  • lodge a complaint with the Data Protection Authority

We will respond within 30 days.

6. TO WHOM MAY WE DISCLOSE YOUR PERSONAL DATA?

We may share data with:

  • tax and legal advisors
  • banks
  • IT and hosting providers
  • PayPal and Stripe
  • Google and Meta
  • security companies
  • competent public authorities

These parties act as Data Processors or independent Data Controllers.

TRANSFER OF DATA OUTSIDE THE EU

Some providers (Google, Meta, Stripe, PayPal) may transfer data outside the European Union.

Such transfers are carried out in compliance with Articles 44 et seq. GDPR, based on adequacy decisions or Standard Contractual Clauses.

Thank you for choosing VAULTS1. We are committed to providing secure services in compliance with Italian and European data protection laws.

To index