{"id":10831,"date":"2024-03-22T15:53:37","date_gmt":"2024-03-22T15:53:37","guid":{"rendered":"https:\/\/www.ma-xi.it\/privacy-policy\/"},"modified":"2025-11-14T10:19:06","modified_gmt":"2025-11-14T10:19:06","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/www.ma-xi.it\/en\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column]\n\t\t<div id=\"wd-691701ab9dde3\" class=\"title-wrapper wd-wpb wd-set-mb reset-last-child  wd-rs-691701ab9dde3 wd-title-color-default wd-title-style-default text-center  wd-underline-colored\">\n\t\t\t\n\t\t\t<div class=\"liner-continer\">\n\t\t\t\t<h4 class=\"woodmart-title-container title  wd-font-weight-700 wd-fontsize-xl\" >PRIVACY NOTICE<\/h4>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t<\/div>\n\t\t\n\t\t[vc_column_text css=&#8221;&#8221; woodmart_inline=&#8221;no&#8221; text_larger=&#8221;no&#8221;]pursuant to Article 13 of Regulation (EU) 2016\/679 (\u201cGDPR\u201d)<\/p>\n<p>This Privacy Notice describes the methods of processing personal data of users who interact with the website\u00a0<strong>maximobility.it<\/strong>\u00a0<wbr \/>and or the <strong>Maxi Mobility mobile application<\/strong>\u00a0(jointly referred to as the \u201cPlatforms\u201d).<\/p>\n<h3><strong>1. Data Controller<\/strong><\/h3>\n<p>The Data Controller is:<br \/>\n<strong>Maxi Mobility S.r.l. Societ\u00e0 Benefit<\/strong><br \/>\nRegistered Office: Via Cadore 13, 20135 Milan (MI), Italy<br \/>\nVAT No.: 12137830969<br \/>\nE-mail:\u00a0<strong><a rel=\"noopener\">info@ma-xi.it<u><\/u><u><\/u><u><\/u><u><\/u><\/a><\/strong><br \/>\n(hereinafter, the \u201cController\u201d).<\/p>\n<hr \/>\n<h3><strong>2. Categories of Data Processed<\/strong><\/h3>\n<p>The Controller processes users\u2019 personal data (\u201cData Subjects\u201d) such as:<\/p>\n<ul>\n<li><strong>Identification and contact data:<\/strong>\u00a0name, surname, e-mail, phone number, address.<\/li>\n<li><strong>Data required for the provision of Maxi Mobility services<\/strong>\u00a0(e.g. fleet configuration, vehicle availability, preferences).<\/li>\n<li><strong>Payment and transactional data<\/strong>\u00a0relating to purchased services or mobility fees, also in connection with external payment systems (e.g. Stripe, financial institutions, leasing companies).<\/li>\n<li><strong>Technical browsing data:<\/strong>\u00a0IP addresses, access logs, device identifiers, and data collected through cookies, as further detailed in the Cookie Policy.<\/li>\n<li><strong>Interaction data<\/strong>\u00a0with the Platforms, including contact forms and support requests.<\/li>\n<\/ul>\n<p>The Controller does not request or process special categories of personal data under Article 9 GDPR, unless strictly necessary and based on explicit consent.<\/p>\n<hr \/>\n<h3><strong>3. Purposes and Legal Bases for Processing<\/strong><\/h3>\n<div>\n<div>\n<table>\n<thead>\n<tr>\n<th><strong>Purpose<\/strong><\/th>\n<th><strong>Legal Basis<\/strong><\/th>\n<th><strong>Notes<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>a) Enable navigation and access to requested services<\/td>\n<td>Performance of pre-contractual or contractual measures (Art. 6(1)(b) GDPR)<\/td>\n<td>Includes access to reserved areas<\/td>\n<\/tr>\n<tr>\n<td>b) Manage mobility, rental, leasing, and support contracts, including administrative and accounting activities<\/td>\n<td>Contract performance (Art. 6(1)(b)) + Legal obligation (Art. 6(1)(c))<\/td>\n<td>Includes relations with financial partners<\/td>\n<\/tr>\n<tr>\n<td>c) Respond to contact and technical support requests<\/td>\n<td>Performance of pre-contractual measures (Art. 6(1)(b))<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>d) Fulfil tax, legal, and regulatory obligations<\/td>\n<td>Legal obligation (Art. 6(1)(c))<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>e) Send informational and\/or commercial communications, newsletters, and updates on Maxi services<\/td>\n<td>Consent of the Data Subject (Art. 6(1)(a))<\/td>\n<td>Optional and revocable at any time<\/td>\n<\/tr>\n<tr>\n<td>f) Protect the Controller\u2019s rights (e.g. in case of disputes)<\/td>\n<td>Legitimate interest (Art. 6(1)(f))<\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<hr \/>\n<h3><strong>4. Processing Methods<\/strong><\/h3>\n<p>Data are processed through electronic and\/or manual means, using appropriate technical and organizational measures to ensure security, integrity, and confidentiality.<\/p>\n<hr \/>\n<h3><strong>5. Data Disclosure and Recipients<\/strong><\/h3>\n<p>Data may be shared with:<\/p>\n<ul>\n<li>Employees and collaborators authorized by the Controller;<\/li>\n<li>IT and cloud service providers, hosting providers, CRM platforms (e.g. Odoo);<\/li>\n<li>Payment and leasing companies (e.g. Stripe, credit institutions, partner firms);<\/li>\n<li>Legal, tax, and administrative consultants;<\/li>\n<li>Public authorities where required by law.<\/li>\n<\/ul>\n<p>All such entities act as\u00a0<strong>Data Processors<\/strong>\u00a0or\u00a0<strong>independent Controllers<\/strong>, as applicable.<br \/>\nAn updated list of Data Processors is available upon request.<\/p>\n<hr \/>\n<h3><strong>6. Data Transfers Outside the EU<\/strong><\/h3>\n<p>Where the use of tools or suppliers entails transfers to non-EU countries, such transfers will comply with Articles 44\u201349 GDPR (e.g. through Standard Contractual Clauses or adequacy decisions).<\/p>\n<hr \/>\n<h3><strong>7. Data Retention Periods<\/strong><\/h3>\n<div>\n<div>\n<table>\n<thead>\n<tr>\n<th><strong>Data Type \/ Purpose<\/strong><\/th>\n<th><strong>Retention Period<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Contractual and administrative data<\/td>\n<td>10 years after contract termination (for accounting\/tax obligations)<\/td>\n<\/tr>\n<tr>\n<td>Contact data for commercial inquiries<\/td>\n<td>24 months from last contact<\/td>\n<\/tr>\n<tr>\n<td>Marketing\/newsletter data<\/td>\n<td>Until consent is withdrawn<\/td>\n<\/tr>\n<tr>\n<td>Technical browsing data<\/td>\n<td>As specified in the Cookie Policy<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<hr \/>\n<h3><strong>8. Data Provision<\/strong><\/h3>\n<p>Providing data required for contractual services is mandatory; failure to provide such data makes it impossible to deliver the requested services.<br \/>\nProviding data for marketing purposes is optional.<\/p>\n<hr \/>\n<h3><strong>9. Data Subject Rights<\/strong><\/h3>\n<p>Data Subjects may exercise the following rights:<\/p>\n<ul>\n<li>Right of access (Art. 15 GDPR)<\/li>\n<li>Rectification (Art. 16)<\/li>\n<li>Erasure (Art. 17)<\/li>\n<li>Restriction (Art. 18)<\/li>\n<li>Portability (Art. 20)<\/li>\n<li>Objection (Art. 21)<\/li>\n<li>Withdrawal of consent (Art. 7(3))<\/li>\n<\/ul>\n<p>Requests may be submitted to\u00a0<strong><a rel=\"noopener\">info@ma-xi.it<u><\/u><u><\/u><u><\/u><u><\/u><\/a><\/strong><\/p>\n<hr \/>\n<h3><strong>10. Complaint to the Supervisory Authority<\/strong><\/h3>\n<p>Data Subjects may lodge a complaint with the Italian Data Protection Authority:\u00a0<strong><a href=\"http:\/\/www.garanteprivacy.it\/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=http:\/\/www.garanteprivacy.it\/&amp;source=gmail&amp;ust=1763201818168000&amp;usg=AOvVaw08F6kyClbpt8GHcRW1gGHI\">www.garanteprivacy.<wbr \/>it<u><\/u><u><\/u><u><\/u><u><\/u><\/a><\/strong><\/p>\n<hr \/>\n<h3><strong>11. Updates<\/strong><\/h3>\n<p>This Privacy Notice may be updated from time to time. In case of substantial changes, the Controller will duly inform the Data Subjects.<\/p>\n<p><strong>Last update: November 2025<\/strong><\/p>\n<hr \/>\n<h3><strong>12. Biometric Processing and Facial Recognition<\/strong><\/h3>\n<p>The Controller informs users that, for certain functionalities of the digital mobility platform and rental service (\u201cService\u201d), an\u00a0<strong>optional facial recognition feature<\/strong>\u00a0may be provided to verify user identity during onboarding or prior to vehicle collection, as well as for fraud prevention and security checks.<\/p>\n<p><strong>Categories of Data Processed<\/strong><\/p>\n<ul>\n<li>Biometric data (facial template generated from images captured by the device\u2019s camera);<\/li>\n<li>Technical metadata (verification results, timestamps, confidence scores);<\/li>\n<li>Identification data linked to the user profile necessary for biometric matching.<\/li>\n<\/ul>\n<p>Raw images are not stored beyond the time strictly necessary to generate and verify the biometric template.<\/p>\n<p><strong>Legal Basis for Processing<\/strong><br \/>\nBiometric data are processed solely based on the\u00a0<strong>explicit consent<\/strong>\u00a0of the Data Subject pursuant to Art. 9(2)(a) GDPR. Consent is optional and may be withdrawn at any time without affecting the lawfulness of prior processing.<br \/>\nIf consent is not given or is withdrawn, users may rely on alternative authentication methods (e.g. document verification or OTP).<\/p>\n<p><strong>Processing Methods and Security Measures<\/strong><br \/>\nProcessing is carried out through automated systems with appropriate technical and organizational security measures.<br \/>\nWhere technically possible, biometric templates are processed and matched\u00a0<strong>directly on the user\u2019s device (\u201con-device\u201d)<\/strong>. Otherwise, processing takes place on secure servers located within the EU\/EEA.<br \/>\nBiometric data are encrypted both in transit and at rest, logically separated from other personal data, and accessible only to authorized personnel.<\/p>\n<p><strong>Retention Period<\/strong><br \/>\nBiometric templates are retained only for the time necessary to verify identity and, in any case,\u00a0<strong>no longer than 12 months<\/strong>\u00a0from the last biometric authentication or until consent is withdrawn.<br \/>\nAssociated technical logs and metadata are retained for a maximum of\u00a0<strong>24 months<\/strong>\u00a0for security, audit, and legal defense purposes.<\/p>\n<p><strong>Recipients and Service Providers<\/strong><br \/>\nProcessing may be supported by specialized biometric and liveness-detection providers appointed as\u00a0<strong>Data Processors<\/strong>under Art. 28 GDPR.<br \/>\nAn updated list of such providers is available upon request via\u00a0<strong><a rel=\"noopener\">info@ma-xi.it<u><\/u><u><\/u><u><\/u><u><\/u><\/a><\/strong>.<\/p>\n<p><strong>Data Transfers Outside the EU<\/strong><br \/>\nData are primarily processed within the European Economic Area (EEA). Where transfers to third countries are necessary,\u00a0<strong>EU Standard Contractual Clauses<\/strong>\u00a0and additional security safeguards will be implemented.<\/p>\n<p><strong>Data Subject Rights<\/strong><br \/>\nData Subjects may exercise their rights under Articles 15\u201322 GDPR at any time, including access, erasure, objection, and withdrawal of consent, as well as request the deletion of their biometric data.<br \/>\nRequests can be sent to\u00a0<strong><a rel=\"noopener\">info@ma-xi.it<u><\/u><u><\/u><u><\/u><u><\/u><\/a><\/strong>.<\/p>\n<p><strong>Minors<\/strong><br \/>\nBiometric functionalities are\u00a0<strong>not intended for individuals under 18 years of age<\/strong>\u00a0and must not be activated by minors.[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text css=&#8221;&#8221; woodmart_inline=&#8221;no&#8221; text_larger=&#8221;no&#8221;]pursuant to Article 13 of Regulation (EU) 2016\/679 (\u201cGDPR\u201d) This Privacy Notice describes the methods of processing<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-10831","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/pages\/10831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/comments?post=10831"}],"version-history":[{"count":5,"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/pages\/10831\/revisions"}],"predecessor-version":[{"id":10836,"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/pages\/10831\/revisions\/10836"}],"wp:attachment":[{"href":"https:\/\/www.ma-xi.it\/en\/wp-json\/wp\/v2\/media?parent=10831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}