User Privacy Policy (GDPR)
INTRODUCTION
Dear user,
MAPA SURVIVAL, o.p.s. (hereinafter referred to as the "company") believes that the protection of personal data is a fundamental value for its activities and strives to provide you with all the information that will help you protect your privacy and control the use of your data in connection with the various services we offer and the interactions you may have with us. Here you will find information on how to manage your personal data. We will explain what personal data we collect and why, how we use it, whether we share it with other companies, how you can manage your personal data, and the measures we take to protect your privacy.
These policies apply to the personal data we collect when you use our services. For example, when you browse our website, subscribe to newsletters, or register with our system as a supporter or member of a virtual club, request a club card, or communicate with us via the website, email, or phone, answer a questionnaire, or receive our promotional messages and participate in market research (as explained below) (hereinafter collectively referred to as "services").
These policies provide information about the processing and management of your personal data. Mapa Survival, o.p.s. processes your personal data in accordance with Regulation (EU) 2016/679 (hereinafter referred to as the "GDPR Regulation" or "Regulation") and applicable personal data protection regulations.
INTRODUCTION
Dear user,
MAPA SURVIVAL, o.p.s. (hereinafter referred to as the "company") believes that the protection of personal data is a fundamental value for its activities and strives to provide you with all the information that will help you protect your privacy and control the use of your data in connection with the various services we offer and the interactions you may have with us. Here you will find information on how to manage your personal data. We will explain what personal data we collect and why, how we use it, whether we share it with other companies, how you can manage your personal data, and the measures we take to protect your privacy.
These policies apply to the personal data we collect when you use our services. For example, when you browse our website, subscribe to newsletters, or register with our system as a supporter or member of a virtual club, request a club card, or communicate with us via the website, email, or phone, answer a questionnaire, or receive our promotional messages and participate in market research (as explained below) (hereinafter collectively referred to as "services").
These policies provide information about the processing and management of your personal data. Mapa Survival, o.p.s. processes your personal data in accordance with Regulation (EU) 2016/679 (hereinafter referred to as the "GDPR Regulation" or "Regulation") and applicable personal data protection regulations.
DATA WE PROCESS
When you use our services, we process some of your personal data. You can find all the information below.
Type and source of personal data. When you use our services, we may process the following personal data (i.e., data relating to identified or identifiable individuals):
- personal data, contact information, and data related to your user profile – such as your first name, last name, address, phone number, email address, your preferences, and account login details. You provide this data by filling out online forms or during a phone call, for example when requesting support or registering for the application, including a profile picture if you choose to upload one;
- product or service data – such as the date, code, type, and product line or service category.
- data we collect while you browse the website ("browsing data"), such as your IP address, URLs, the time of your request, the method used to send the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment. The transmission of this information relies on the use of internet communication protocols, which are used to perform the aforementioned activities. This information is not collected for the purpose of being associated with identified individuals, but due to its nature, it could allow for the identification of users through association and processing with third-party data. This information is collected through cookies that we use on our website. Therefore, we invite you to read our cookie policy;
When you use our services, we process some of your personal data. You can find all the information below.
Type and source of personal data. When you use our services, we may process the following personal data (i.e., data relating to identified or identifiable individuals):
- personal data, contact information, and data related to your user profile – such as your first name, last name, address, phone number, email address, your preferences, and account login details. You provide this data by filling out online forms or during a phone call, for example when requesting support or registering for the application, including a profile picture if you choose to upload one;
- product or service data – such as the date, code, type, and product line or service category.
- data we collect while you browse the website ("browsing data"), such as your IP address, URLs, the time of your request, the method used to send the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment. The transmission of this information relies on the use of internet communication protocols, which are used to perform the aforementioned activities. This information is not collected for the purpose of being associated with identified individuals, but due to its nature, it could allow for the identification of users through association and processing with third-party data. This information is collected through cookies that we use on our website. Therefore, we invite you to read our cookie policy;
You provide data, depending on the circumstances, directly when registering, visiting our website, communicating with the chatbot, activating an account, requesting a service or activating interactive features (audio or video) on products, when participating in our campaigns, writing a product review, or downloading or using an application. We may also use data obtained from social media, such as Facebook, if you choose to use social media to facilitate access to our applications ("social login"). If you decide to use social media, we encourage you to carefully review the privacy policies and terms of service of each of these services/products before using them.
Your data may be processed so that we can:
- respond to your request for assistance or respond to your enquiries regarding our services. If we ask you to fill out a form to submit your request, please remember that the information entered in the fields marked with an asterisk is mandatory, as we would not be able to accept or process your request without this information;
- to fulfil obligations arising from applicable laws, regulations, or EU legislation (e.g., tax and accounting obligations); (the purpose stated in point (e) is defined as a "legitimate purpose");
– conduct research and development activities aimed at analysing and improving the services and/or products offered, including for the purposes of anonymising and/or aggregating your personal data;
- conduct activities focused on your satisfaction using questionnaires to determine the level of satisfaction with products, services, and assistance
- provide you with marketing communications via email about services and/or products in accordance with Article 130(4) of Legislative Decree No. 196/2003, as amended (hereinafter referred to as the "Personal Data Protection Code"), without prejudice to your right to refuse the sending of such communications at any time;
- send you commercial and promotional communications (including newsletters) with your consent, invite you to participate in research and surveys, invite you to initiatives and events organised by the company, including by automated means such as email, SMS, instant messaging, push notifications, and also through telephone calls made by an operator;
- with your consent to provide your data to our partners and receive commercial and promotional communications from our partners.
- analyse, with your prior consent, which must be provided in accordance with the cookie usage methods, your online activities on the websites, including using data collected from other company or third-party websites, through user tracking tools as described in our cookie policy, and improve your browsing experience.
- if it is possible to send you communications for marketing purposes according to these policies, and because we want to ensure that we only send you communications that are of interest to you, to perform non-invasive segmentation...
The processing of your personal data for the purposes of legitimate business interest and legitimate marketing interest is carried out in accordance with Article 6(f) of the European General Data Protection Regulation 2016/679, with the aim of pursuing the company's interest, which is equally balanced with your interest, as the processing of personal data is limited to what is strictly necessary for carrying out the described activities.
Processing for the purposes of legitimate business interest and legitimate marketing interest is not mandatory, and you can object to it in the ways described in this policy and request further information about the company's balance tests. However, if you object to such processing, your data may not be used for the purposes of legitimate business interest and legitimate marketing interest unless the company demonstrates the existence of overriding compelling legitimate grounds or the necessity of their use for the establishment, exercise, or defence of legal claims.
Ultimately, processing for marketing purposes is based on:
Regarding section 4(k), Article 130 of the Personal Data Protection Act allows the company to send marketing communications about services and/or products via email unless you object to such communications;
as regards section 4(l) and (m), on your consent;
Regarding section 4(n), your consent obtained in the manner described in the cookie policy.
Data processing for marketing purposes is not required. However, if you refuse or withdraw your consent, you will not receive the commercial communications listed in section 4(k) to (n). You can withdraw your consent at any time using the methods described in this notice.
We will primarily process your data through secure recording, search, analysis, and archiving tools using systems that provide security guarantees in accordance with industry standards.
We will process your data primarily using IT systems and analytical tools. We take measures to ensure compliance with the principles of fairness, lawfulness, and transparency required by applicable data protection laws (including the GDPR) and protect your privacy through technical and organisational security measures that provide an appropriate level of security to prevent the loss, misuse, and improper use of your data and unauthorised access to it.
Your data will be stored for the period strictly necessary to achieve the purpose for which it was collected. In any case, the following storage conditions will apply:
- For the purposes of contractual and legitimate business interest, the data will be stored for a period equal to the duration of the services you requested and for 3 years thereafter, without being.
- respond to your request for assistance or respond to your enquiries regarding our services. If we ask you to fill out a form to submit your request, please remember that the information entered in the fields marked with an asterisk is mandatory, as we would not be able to accept or process your request without this information;
- to fulfil obligations arising from applicable laws, regulations, or EU legislation (e.g., tax and accounting obligations); (the purpose stated in point (e) is defined as a "legitimate purpose");
– conduct research and development activities aimed at analysing and improving the services and/or products offered, including for the purposes of anonymising and/or aggregating your personal data;
- conduct activities focused on your satisfaction using questionnaires to determine the level of satisfaction with products, services, and assistance
- provide you with marketing communications via email about services and/or products in accordance with Article 130(4) of Legislative Decree No. 196/2003, as amended (hereinafter referred to as the "Personal Data Protection Code"), without prejudice to your right to refuse the sending of such communications at any time;
- send you commercial and promotional communications (including newsletters) with your consent, invite you to participate in research and surveys, invite you to initiatives and events organised by the company, including by automated means such as email, SMS, instant messaging, push notifications, and also through telephone calls made by an operator;
- with your consent to provide your data to our partners and receive commercial and promotional communications from our partners.
- analyse, with your prior consent, which must be provided in accordance with the cookie usage methods, your online activities on the websites, including using data collected from other company or third-party websites, through user tracking tools as described in our cookie policy, and improve your browsing experience.
- if it is possible to send you communications for marketing purposes according to these policies, and because we want to ensure that we only send you communications that are of interest to you, to perform non-invasive segmentation...
The processing of your personal data for the purposes of legitimate business interest and legitimate marketing interest is carried out in accordance with Article 6(f) of the European General Data Protection Regulation 2016/679, with the aim of pursuing the company's interest, which is equally balanced with your interest, as the processing of personal data is limited to what is strictly necessary for carrying out the described activities.
Processing for the purposes of legitimate business interest and legitimate marketing interest is not mandatory, and you can object to it in the ways described in this policy and request further information about the company's balance tests. However, if you object to such processing, your data may not be used for the purposes of legitimate business interest and legitimate marketing interest unless the company demonstrates the existence of overriding compelling legitimate grounds or the necessity of their use for the establishment, exercise, or defence of legal claims.
Ultimately, processing for marketing purposes is based on:
Regarding section 4(k), Article 130 of the Personal Data Protection Act allows the company to send marketing communications about services and/or products via email unless you object to such communications;
as regards section 4(l) and (m), on your consent;
Regarding section 4(n), your consent obtained in the manner described in the cookie policy.
Data processing for marketing purposes is not required. However, if you refuse or withdraw your consent, you will not receive the commercial communications listed in section 4(k) to (n). You can withdraw your consent at any time using the methods described in this notice.
We will primarily process your data through secure recording, search, analysis, and archiving tools using systems that provide security guarantees in accordance with industry standards.
We will process your data primarily using IT systems and analytical tools. We take measures to ensure compliance with the principles of fairness, lawfulness, and transparency required by applicable data protection laws (including the GDPR) and protect your privacy through technical and organisational security measures that provide an appropriate level of security to prevent the loss, misuse, and improper use of your data and unauthorised access to it.
Your data will be stored for the period strictly necessary to achieve the purpose for which it was collected. In any case, the following storage conditions will apply:
- For the purposes of contractual and legitimate business interest, the data will be stored for a period equal to the duration of the services you requested and for 3 years thereafter, without being.
Your data will be stored for the period strictly necessary to achieve the purpose for which it was collected. In any case, the following storage conditions will apply:
- For the purposes of contractual and legitimate business interest, the data will be stored for a period equal to the duration of the services you requested and for 3 years thereafter, without prejudice to cases where storage for a longer period is required for potential legal proceedings and in the event of disputes, requests from competent authorities, or in accordance with applicable regulations. Audio and video files converted into appliance commands and stored for maintenance and troubleshooting purposes will be kept for a maximum of 3 months;
- for marketing purposes under Section 4(k) and (l), and for the purposes of legitimate marketing interest under Section 4(o), data is stored for a period equal to the duration of the requested service and for 1 year from the last contact with you, which includes, but is not limited to, the use of a product or service provided by the company.
– for marketing purposes according to point (m), the data is stored for a period equal to the duration of the requested service and for 24 months from the last contact, after which your consent will no longer be considered temporarily valid;
- for marketing purposes, as per point (n), data is processed for the period specified in our cookie policy.
COMMUNICATION AND DATA DISSEMINATION
For contractual purposes, your data may be transferred to authorised company employees who have been duly informed and trained, or to third-party employees acting on behalf of the company and under its instructions as data processors. Third-party service providers fall into the following categories: (i) providers of support and advisory services to the company, also provided through call centers, referring to activities (among others) in the technology, accounting, administrative, legal, and insurance sectors, (ii) IT service providers (hosting providers, cloud service providers, CRM, e-shops, etc.), digital, marketing, or strategic consulting service providers, and IT maintenance service providers; (iii) providers who assist us with support services; (vi) entities and bodies whose right to access data is explicitly recognised by law, regulations, or provisions issued by the competent authorities.
If social media is used to access applications or digital assistants and platforms in connection with the company's products, your personal data may be shared with the providers of these services. In such cases, they will act as independent data controllers in accordance with the provisions of their privacy policies and terms of service, which you should read.
Your Right to Control
The law gives you the right to control how your data is processed and, if necessary, to restrict its use. You can exercise these rights at any time free of charge by contacting our company and writing to the contact details provided at the beginning of this policy. The company will do everything possible to ensure you can exercise your rights.
You can find all the information below.
Data Subject Rights
According to Articles 15 and following of the Regulation, you have the right to:
to obtain confirmation of the existence of your personal data, to access their content, and to obtain a copy of them (right of access);
update, modify, and/or correct your personal data (right to rectification);
to request the erasure or restriction of the processing of personal data in the cases provided for in the Regulation, including where the data have been processed unlawfully or where their retention is no longer necessary for the purposes for which the data were collected or otherwise processed (right to erasure and right to restriction);
to withdraw consent to data processing at any time, if it was given, without affecting the lawfulness of processing based on consent before its withdrawal. This revocation can be done by changing the settings on your personal page or in writing to the administrator addresses listed in the contacts of this policy (right to revoke consent);
within the limits of the provisions of the Regulation, to receive a copy of the data you have provided in a structured, commonly used, and machine-readable format and to request the transfer of this data to another data controller, where technically feasible (right to data portability);
to object to processing in the cases provided for in the Regulation (right to object).
Specifically, you can object at any time, free of charge, in whole or in part:
for legitimate reasons, to the processing of your personal data, even if it is related to the purpose for which it was collected;
against the processing of your personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the company, or for the pursuit of the company's legitimate interest, including profiling;
against the processing of your personal data if it is carried out for the purpose of sending advertising or direct sales materials or conducting market research or commercial communication (direct marketing), including profiling to the extent that it is related to it.
In accordance with Article 2 of the Act on.
- For the purposes of contractual and legitimate business interest, the data will be stored for a period equal to the duration of the services you requested and for 3 years thereafter, without prejudice to cases where storage for a longer period is required for potential legal proceedings and in the event of disputes, requests from competent authorities, or in accordance with applicable regulations. Audio and video files converted into appliance commands and stored for maintenance and troubleshooting purposes will be kept for a maximum of 3 months;
- for marketing purposes under Section 4(k) and (l), and for the purposes of legitimate marketing interest under Section 4(o), data is stored for a period equal to the duration of the requested service and for 1 year from the last contact with you, which includes, but is not limited to, the use of a product or service provided by the company.
– for marketing purposes according to point (m), the data is stored for a period equal to the duration of the requested service and for 24 months from the last contact, after which your consent will no longer be considered temporarily valid;
- for marketing purposes, as per point (n), data is processed for the period specified in our cookie policy.
COMMUNICATION AND DATA DISSEMINATION
For contractual purposes, your data may be transferred to authorised company employees who have been duly informed and trained, or to third-party employees acting on behalf of the company and under its instructions as data processors. Third-party service providers fall into the following categories: (i) providers of support and advisory services to the company, also provided through call centers, referring to activities (among others) in the technology, accounting, administrative, legal, and insurance sectors, (ii) IT service providers (hosting providers, cloud service providers, CRM, e-shops, etc.), digital, marketing, or strategic consulting service providers, and IT maintenance service providers; (iii) providers who assist us with support services; (vi) entities and bodies whose right to access data is explicitly recognised by law, regulations, or provisions issued by the competent authorities.
If social media is used to access applications or digital assistants and platforms in connection with the company's products, your personal data may be shared with the providers of these services. In such cases, they will act as independent data controllers in accordance with the provisions of their privacy policies and terms of service, which you should read.
Your Right to Control
The law gives you the right to control how your data is processed and, if necessary, to restrict its use. You can exercise these rights at any time free of charge by contacting our company and writing to the contact details provided at the beginning of this policy. The company will do everything possible to ensure you can exercise your rights.
You can find all the information below.
Data Subject Rights
According to Articles 15 and following of the Regulation, you have the right to:
to obtain confirmation of the existence of your personal data, to access their content, and to obtain a copy of them (right of access);
update, modify, and/or correct your personal data (right to rectification);
to request the erasure or restriction of the processing of personal data in the cases provided for in the Regulation, including where the data have been processed unlawfully or where their retention is no longer necessary for the purposes for which the data were collected or otherwise processed (right to erasure and right to restriction);
to withdraw consent to data processing at any time, if it was given, without affecting the lawfulness of processing based on consent before its withdrawal. This revocation can be done by changing the settings on your personal page or in writing to the administrator addresses listed in the contacts of this policy (right to revoke consent);
within the limits of the provisions of the Regulation, to receive a copy of the data you have provided in a structured, commonly used, and machine-readable format and to request the transfer of this data to another data controller, where technically feasible (right to data portability);
to object to processing in the cases provided for in the Regulation (right to object).
Specifically, you can object at any time, free of charge, in whole or in part:
for legitimate reasons, to the processing of your personal data, even if it is related to the purpose for which it was collected;
against the processing of your personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the company, or for the pursuit of the company's legitimate interest, including profiling;
against the processing of your personal data if it is carried out for the purpose of sending advertising or direct sales materials or conducting market research or commercial communication (direct marketing), including profiling to the extent that it is related to it.
In accordance with Article 2 of the Act on.
Specifically, you can object at any time, free of charge, in whole or in part:for legitimate reasons, to the processing of your personal data, even if it is related to the purpose for which it was collected;against the processing of your personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the company, or for the pursuit of the company's legitimate interest, including profiling;against the processing of your personal data if it is carried out for the purpose of sending advertising or direct sales materials or conducting market research or commercial communication (direct marketing), including profiling to the extent that it is related to it.In accordance with Article 2 of the Personal Data Protection Act, in the event of your death, the aforementioned rights regarding your personal data may be exercised by persons with a legitimate interest or acting as your representative or for family reasons worthy of protection. You can explicitly prohibit the exercise of some of the aforementioned rights by your legal successors by sending a written declaration to the company at the email address below. The declaration can subsequently be revoked or amended in the same manner.
This is to inform you that data deletion requests are subject to legal and regulatory obligations regarding document retention.
To exercise your rights, you can send an email to sekretariat@cnacc.eu or write to the address provided in the company's contacts at any time.
To the attention of the Data Protection Officer (DPO).
When contacting us, you should provide your name, email address, postal address, and/or phone number(s) to ensure we can properly fulfil your request.
If you believe your data has not been processed in accordance with the law, or if you object to its use, you can lodge a complaint with the supervisory authority of the Member State where you reside, work, or where the alleged infringement occurred. FURTHER INFORMATION - LINK - MINORS
This website contains links to third-party websites; therefore, we encourage you to read their privacy policies to understand how and for what purposes your data is processed through these websites.
Regarding the individual services offered by the company, we encourage you to review the relevant privacy policies, where you will find all the information about the processing of your data.
The company's websites, applications, and products are not intended for minors. If you are a minor, you cannot register as a user on the website or in the app, nor can you otherwise provide us with your personal data. If we discover that we have unintentionally obtained a minor's personal data, we will delete it immediately.
Policy Update
These privacy policies may be updated over time, and therefore the company will indicate the date of the last update at the bottom of these policies.
Last updated: February 1, 2026
This is to inform you that data deletion requests are subject to legal and regulatory obligations regarding document retention.
To exercise your rights, you can send an email to sekretariat@cnacc.eu or write to the address provided in the company's contacts at any time.
To the attention of the Data Protection Officer (DPO).
When contacting us, you should provide your name, email address, postal address, and/or phone number(s) to ensure we can properly fulfil your request.
If you believe your data has not been processed in accordance with the law, or if you object to its use, you can lodge a complaint with the supervisory authority of the Member State where you reside, work, or where the alleged infringement occurred. FURTHER INFORMATION - LINK - MINORS
This website contains links to third-party websites; therefore, we encourage you to read their privacy policies to understand how and for what purposes your data is processed through these websites.
Regarding the individual services offered by the company, we encourage you to review the relevant privacy policies, where you will find all the information about the processing of your data.
The company's websites, applications, and products are not intended for minors. If you are a minor, you cannot register as a user on the website or in the app, nor can you otherwise provide us with your personal data. If we discover that we have unintentionally obtained a minor's personal data, we will delete it immediately.
Policy Update
These privacy policies may be updated over time, and therefore the company will indicate the date of the last update at the bottom of these policies.
Last updated: February 1, 2026