Privacy Notice on the Processing of Personal Data
Last revision: 23 September 2025

1. Introduction and legal references
This notice explains the processing of personal data collected through this website, including those obtained via cookies, tracking technologies and—where present—contact forms, restricted areas, digital services, and economic transactions carried out electronically.
This notice is addressed to anyone who accesses or uses this site, describing how users’ personal data are collected, used and protected, as well as the rights granted by law.
These provisions do not concern other websites, pages or online services accessible through any external links that may be present on the site; please refer to the respective privacy notices of those third parties.
This notice is provided in compliance with the main national and international data protection regulations, including:

  • Regulation (EU) 2016/679 (GDPR)
  • Other regulations that may apply.

2. Who manages your data and how can you contact us?
Your personal data are processed by:
Corefab Srl - Società Benefit
 Via Po,77 20032 Cormano (MI)
 info@corefab.it
 VAT ID: 09935390964

For any information regarding the processing of personal data or to exercise your rights under the law, data subjects can contact the Controller.

3. On what legal bases do we process your data?
The processing of personal data collected through this site (including via cookies, similar technologies, contact forms, restricted areas, digital services and transactions, where applicable) is based on one or more of the following legal bases:

  1. Performance of a service/pre-contractual measures requested by the user through the provided contact forms;
  2. Compliance with legal, regulatory or statutory obligations;
  3. Express consent of the user with regard to communications of a commercial nature;

An additional legal basis, the legitimate interest of the Controller, may be used for specific purposes (e.g., ensuring IT security, preventing fraud, protecting the Controller’s rights in legal proceedings).

Failure to give or withdrawal of consent may reduce or limit certain functionalities or personalized services.

4. What data do we collect when you visit the site?
While browsing this site, the following data may be collected—also via cookies and similar technologies such as pixel tags, web beacons, local storage and equivalent technologies:

  • Browsing and technical data: information such as IP address, device identifiers, operating system and browser data, requested URLs, connection times, technical logs, technical preferences, usage data collected via cookies and tracking technologies (pixel tags, web beacons, local storage and equivalent tools).

  • Data communicated via social integrations and third-party platforms: data transmitted through social features (login, plugins, shares, etc.), processed in accordance with the rules of the respective platforms as well as this notice.

5. How do we process your data, how do we protect it, and how long do we keep it?
Personal data collected through this site are processed mainly with electronic and digital tools in accordance with the principles of lawfulness, fairness, data minimization, integrity, and confidentiality.

Data are retained according to the following timelines:

  • Cookie preferences and consents: retained for 180 days, as per the Cookie Policy on this site.
  • Browsing and technical data: retained only for the time necessary to ensure the security, integrity and functionality of the site and subsequently anonymized or aggregated.
  • Data collected for contractual and transactional purposes: retained for the time required by applicable laws (for example, tax or accounting laws).
  • Data processed for marketing purposes: retained until consent is withdrawn or deletion is requested.
  • Data entered via forms or specific requests: retained for the time necessary to respond or fulfil the related purpose.

6. Who may receive your data?
The personal data collected through this site may be accessed, within the limits of their respective responsibilities and purposes, by:

  • Internal subjects authorized by the Controller, duly trained in privacy and security matters;
  • Suppliers and third parties appointed as Processors (for example: technical providers, IT companies, customer support companies, consultants, payment service providers and logistics providers, where applicable);
  • Business partners, third parties and affiliates, exclusively for promotional/marketing purposes if you have given specific consent or exercised opt-out where provided;
  • Providers of plugins, social networks and services for interaction with external platforms, which may process personal data according to their own logic as independent controllers (please refer in that case also to the individual privacy notices of such third parties);
  • Competent public authorities and supervisory bodies, within the limits imposed by law or to comply with requests from judicial authorities;

The updated list of external recipients can be made available upon request by writing to the Controller’s contacts.

7. Where can your data be transferred?
Personal data collected through this site may be processed and transferred—for the purposes indicated—to the following countries:

  • to countries belonging to the European Economic Area (EEA), Switzerland or other countries recognized by the competent authorities as providing an “adequate” level of protection required by law;

Updated list of “adequate” countries:

8. What are your rights regarding the data collected?
The user, based on applicable law, has the right to:

  • Obtain confirmation as to whether or not personal data concerning them are being processed and, where that is the case, access such data and related information (right of access).
  • Request the rectification, update or deletion of inaccurate data or data that are no longer necessary (right to rectification and erasure).
  • Request restriction of processing or object to the processing of data, including for promotional/profiling purposes, where provided.
  • Request data portability in a structured and interoperable format (where technically feasible).
  • Withdraw consent given to the use of non-technical cookies and to the processing of data collected through tracking tools.
  • Report any irregularities or abuses to the competent supervisory authorities.

To exercise these rights, simply send a request to the Controller’s contacts, who will respond within the timeframes provided by the applicable local regulation.

9. How are minors’ data processed?
The protection of minors is a fundamental priority.

The services and content of this site are not intended for individuals under 18 years of age.

We do not knowingly collect personal data of minors without the verifiable consent of a parent or legal guardian.

If a parent or guardian believes that a minor has provided personal data without authorization, they may request its removal, update, or restriction of processing by writing to the contacts indicated in this notice.

10. How to make reports or complaints to the authorities?
If you believe that the processing of your personal data through this site does not comply with applicable law, you may lodge a complaint free of charge with the competent supervisory authorities, including:

How will we inform you about changes to this notice?
This notice is subject to periodic review due to regulatory updates or changes to the services offered through the site. Any significant change will be communicated on this page.
Last revision: 23 September 2025

_____________________________________________________________

Privacy Policy for the Basic Version of Svista Track

Effective Date: 10/02/2025

1. Introduction

This Privacy Policy describes how location data is processed within the basic version of the Svista Track app (“App”). In this version:

No registration is required, and no user database is maintained.
Location data is used exclusively to detect proximity to identifier devices (e.g., RFID or BLE beacons) that mark the totems and checkpoints along the route.
Data processing takes place solely on the user’s device and only for the time necessary to operate the app’s features. By using the App, the user consents to the processing of location data as described in this policy.

This notice is provided in conjunction with and in accordance with the provisions contained in the Corefab Srl Privacy Policy.

2. Data Controller

The Data Controller for the data processed through the App is:

Corefab Srl – Società Benefit
Via Po,77 20032 Cormano (MI)
info@corefab.it
Partita IVA: 09935390964

3. Data Collected

a. Location Data (GPS)

Purpose of Use:
The App accesses the device’s location services solely to verify proximity to identifier devices (totems and checkpoints) along the route.
Collection Method:
Location data is acquired in real time and used exclusively to trigger multimedia content or other location-related functionalities.
No Storage:
Location information is not stored, recorded, or transmitted to external servers; processing occurs solely on the device and only for as long as necessary to operate the function.
b. Other Data

Technical and System Data:
The App may use technical information about the device (e.g., model and operating system version) to ensure compatibility and optimize performance, without associating such data with any personal identity.

4. Purpose of Data Processing

Location data is processed solely for the following purposes:

Proximity Detection:
To verify in real time that the user is in the immediate vicinity of an identifier device (totem or checkpoint) in order to activate the associated content.
App Functionality:
To enable the correct functioning of the App’s features, such as the automatic activation of multimedia content when the user is near a device.

5. Method of Processing

Local Processing:
Location data is processed directly on the user’s device and is not transmitted to any third parties.
Transitory Processing:
Data is used only for the time necessary to verify proximity to the devices and manage the functionalities of the App.
No Storage:
No persistent logs or temporary files containing location data that could identify the user are created.

6. Consent and Management of Location Permissions

Request for Consent:
Upon launching the App, the user is informed and asked to authorize access to the device’s location services.
Consent Management:
The user may revoke location access at any time via the device settings.
Implications of Revocation:
Revoking location access may compromise the proper functioning of the features that rely on proximity detection to totems and checkpoints.
ù

7. Data Security

Technical and Organizational Measures:
Since location data is processed solely on the device and not transferred externally, the best practices are adopted to ensure data security and integrity during its brief usage.
Data Protection:
As no sensitive data is stored, the risk of unauthorized access or data breaches is minimized.

8. User Rights

Even though this version of the App does not store personal or location data, the user retains the following rights:

Access and Information:
To request information about how the data used by the App is processed.
Revocation of Consent:
To modify or withdraw the location access permissions at any time via the device settings.
Request for Clarification:
To contact the Data Controller for further information or clarifications regarding this Privacy Policy.
To exercise these rights or for any requests related to data protection, the user may contact us using the details provided in Section 2.

9. Changes to the Policy

We reserve the right to update this Privacy Policy at any time in accordance with applicable laws and industry best practices. Any changes will be published within the App and, if necessary, communicated to the users. We recommend that you periodically review this page for any updates.

10. Contact

For questions, clarifications, or additional information regarding this Privacy Policy, please contact:

Corefab Srl – Società Benefit
Via Po,77 20032 Cormano (MI)
info@corefab.it
Partita IVA: 09935390964

Warning: some page functionalities could not work due to your privacy choices: