top of page

Information on the processing of personal data

This page provides information on the processing of personal data of users of services rendered through the You Key application (hereinafter the "Service") required by current legislation on the protection of personal data, in particular pursuant to Art. . 13 of EU Regulation 2016/679 (hereinafter "GDPR").

1. Data Controller

The data controller of the users of the Service is: ALOSYS COMMUNICATIONS SRL (hereinafter the "Owner" or "Alosys") Registered office: Via Giovanni Paisiello 12 Int.S29 Rome 00198 Fiscal code and VAT number: 08974171004 Tel: 06.51964757 | Fax. 06.54224210 Contact details: e-mail:

2. Types of data processed​

The personal data (hereinafter the "Data") that may be collected and processed within the scope of the Service are as follows:

(a) personal data (e.g. name, surname, date and place of birth, tax code and/or VAT number) and contact details (e.g. email and telephone number) of users, necessary for registration to the Service;

(b) Service access data (e.g. date and time of each access to the Service, IP address, etc.) and data relating to use of the Service (e.g. data relating to so-called log files such as date and time of sending or receiving encrypted files transferred through the Service). In this regard, it should be noted that neither the Data Controller nor any other person, apart from the user who is the recipient of the encrypted file transferred via the Service, can have access to the document transferred unencrypted;

(c) data relating to payments of license fees for use of the Service (e.g. billing data, etc.);

(d) tracking data to analyze your interactions with the service and/or with other services e.g. for marketing and profiling purposes, authorized by the customer. To receive further information about the methods of treatment through tracking systems by the Data Controller, it is possible to consult the specific information, available at the following link:

It should be noted that failure to provide certain Data (e.g. the data requested during user registration, etc.) could make it impossible to provide the Service. If the User provides the Data Controller with third-party data, he relieves the Data Controller of any responsibility for their treatment for purposes instrumental to the provision of the Service.

It should be noted that the Data Controller does not collect or process users' biometric data, making use, for the provision of the Service, of the systems offered by the user's device for the generation of unique and personal codings based on biometric authentication.

​3. Purpose of the treatment

User data is collected and processed by the Data Controller for the following purposes:

(a) to allow the Owner to provide and improve the Service;

(b) to protect your account and the Service, including for the purpose of preventing abuse and external attacks;

(c) to fulfill legal obligations to which the Data Controller may be subject (for example in tax matters);

(d) to respond to user requests;

(e) for promotional purposes by sending commercial communications or carrying out market studies;

(f) to analyze the habits and behavior of data subjects for profiling purposes.

4. Legal bases that legitimize the treatment

(1) the treatments carried out for the purposes referred to in letters (a), (b) and (d) of paragraph 3 above are carried out as necessary for the execution of a contract with the user and/or for the execution of pre-contractual measures, pursuant to Art. 6, par. 1 letter b) of the GDPR;

(2) the treatments carried out for the purposes referred to in letter (c) of paragraph 3 above are carried out, pursuant to Art. 6, par. 1 letter c) of the GDPR, to fulfill legal obligations to which Alosys is subject as Data Controller;

(3) the treatments carried out for the purposes referred to in letters (e) and (f) of paragraph 3 above are carried out on the basis of the express consent of the interested party, pursuant to Art. 6, par. 1 letter a) of the GDPR. ​

It is also possible that the Data Controller carries out data processing for further purposes necessary for the pursuit of the legitimate interest of Alosys, as Owner, as well as for the protection of the interested parties or third parties, depending on the case, and in any case pursuant to Art. 6, par. 1 lit. f) of the GDPR. In these cases, the Data Controller will process the Data only after having ascertained that the pursuit of its legitimate interests or those of third parties does not compromise the fundamental rights and freedoms of the interested parties and will inform the interested parties of the treatments in question.

5. Recipients

​​Only the following categories of recipients will have access to personal data:

(1) Alosys personnel expressly authorized to process personal data for the management of the Service (e.g. administrative, commercial, marketing, legal personnel, system administrators, etc.);

(2) external subjects (e.g. third party technical service providers, hosting providers, IT companies, external consultants, etc.) who process data on behalf of the Data Controller and who are therefore appointed by Alosys as data processors pursuant to Art. 28 of the GDPR; as well as

(3) third parties who process the data as independent data controllers, for example to fulfill legal obligations (communications for tax purposes, etc.).

Some Data (e.g. date of sending and receiving of encrypted files, type of smartphone used, etc.) will also be accessible to other members of the same community/team with special privileges.

6. Methods of processing the collected data

The Data is processed by the Data Controller with automated tools, with organizational methods and with logic strictly related to the purposes indicated. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

7. Place of data processing and transfer

​The data are processed within the European Union and will not be transferred outside the European Economic Area.

8. Storage period

The Data are processed and stored for the time required by the purposes for which they were collected.


(a)Data collected for purposes related to the execution of the contract between Alosys, as Owner, and the user of the Service, will be retained until the user's account is active and for two years following any deactivation; the data relating to the payments made and in general the accounting and tax data will be kept for ten years following the deactivation of the account;

(b)the contact data of the users necessary for the initiation of the registration process transmitted to us by other users will be deleted within two months of their receipt, in the event that these users do not register within the same period;

(c)any personal data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied;

(d)Alosys, as Data Controller, may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, personal data will be deleted. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

9. Your rights

The interested party will have the right, in relation to their data, to:

  • access your personal data,

  • request the cancellation or rectification of your personal data,

  • limit the processing of your personal data,

  • revoke the previously given consent at any time,

  • request portability,

  • object to the treatment.

In any case, the interested party can lodge a complaint with the Guarantor for the protection of personal data. To exercise the rights listed above, the interested party must submit a request using the following contact points through which the Data Protection Officer can also be contacted.

Requests should be addressed to the Data Controller at the following address which can be contacted the data protection officer possibly designated by the Data Controller.

10. Changes and updates to this privacy policy

This version of the information on the processing of personal data was updated on the day

The Data Controller reserves the right to make changes to this privacy policy at any time
informing users and making updated information available.

bottom of page