PrenoPr
/
Login

Privacy Policy

This Privacy Policy describes how the PrenoPr website and application (hereinafter "Application") manage the processing of personal data of users (PRs, Venue Owners, and other subjects) who use it. This notice is provided pursuant to Art. 13 of Regulation (EU) 2016/679 (GDPR).

1. Data Controller

The Data Controller is: Vianello Christian Registered Office: Viale Giovanni Suzzani 19, Milan 20162 VAT Number: 07267090962 SDI Code: T9K4ZHO PEC Email: christian.vianello@pec.it

2. Types of Data Collected

The Controller collects and processes the following categories of personal data:
  • Personal and contact data: Name, Surname, Email Address, Phone Number (also used for integration with messaging services).
  • Tax and commercial data: VAT number, billing data, and bank details necessary for payment management and B2B commission credit.
  • Activity and reputation data: Commercial name, operational metrics, public reviews, and processing of reputation scores (e.g., internal rating system).
  • Usage and navigation data: IP addresses, system logs, and data related to user interaction with the Application and connected API services (e.g., Meta/WhatsApp).

3. Purposes of Processing

Collected Personal Data is processed for the following purposes:
  • A. Service Provision (Legal basis: Contract Execution): To allow registration to the Application, the operation of the marketplace, the matching between professionals and venues, and the correct technical provision of the requested services.
  • B. Administrative and Tax Obligations (Legal basis: Legal Obligation): For accounting management, invoicing, fee tracking, and fulfillment of obligations provided by current legislation.
  • C. Direct Marketing and Communications (Legal basis: Consent): For sending newsletters, B2B commercial communications, updates on services, and lead generation activities.
  • D. Profiling and Reputational Analysis (Legal basis: Legitimate Interest / Consent): For automated processing of data to generate evaluation metrics (e.g., reputation score calculation), monitor service quality (sentiment analysis on reviews), and optimize infrastructure.

4. Third-Party Services and Data Sharing

For the correct operation of the Application, data may be shared with third-party service providers acting as Data Processors:
  • Meta Services (Meta Platforms Ireland Ltd): Use of WhatsApp Business APIs and any login systems.
  • Financial Services (Stripe): For secure payment processing and management of B2B transactional flows.
  • Hosting Services (Hostinger): For secure database storage and web infrastructure.
  • Automation and Artificial Intelligence Systems: Cloud infrastructure for processing logical workflows and operational data analysis.

5. Data Transfer outside the European Union

Some of the third-party services used (such as Stripe, Meta, and Artificial Intelligence providers) reside or process data on servers located outside the European Economic Area (e.g., United States). The Controller ensures that extra-EU transfer takes place in accordance with applicable legal provisions, by entering into agreements based on Standard Contractual Clauses approved by the European Commission, in order to guarantee an adequate level of protection.

6. Data Retention

Personal Data is processed and stored for the time strictly necessary to achieve the purposes for which it was collected. Billing data will be stored for 10 years (according to legal obligations). Data processed for marketing purposes will be stored until the user revokes consent.

7. Data Deletion Policy

Users of the Application (including accounts linked via Facebook/Meta or WhatsApp) have the right to request the complete removal of their data and the disconnection of their profile at any time. To request data deletion: Send a written request to the PEC address: christian.vianello@pec.it specifying the email address and phone number associated with the account. The Controller will remove all personal information, including third-party API connections, within 30 working days, confirming the operation to the user.

8. Rights of the Data Subject (Art. 15-22 GDPR)

The user has the right to: obtain confirmation of the existence of personal data concerning them; know the purposes and methods of processing; request updating, rectification, integration, deletion (right to be forgotten), limitation of processing, or data portability; object in whole or in part to processing for legitimate reasons. Requests should be addressed to the Controller through the contact channels indicated in Section 1.

Last update: May 24, 2026