ONEBIP SERVICE’S PRIVACY POLICY

This Privacy Policy constitutes the disclosure on personal data processing, provided according to article 13 of the Regulation (UE) 2016/679 “General Data Protection Regulation” (“GDPR”), to all users which come across the payment pages (the “Service”) or the website of Onebip S.R.L., a company with registered offices in Via Roberto Lepetit 8/10 – 20124 Milan (the “Data Controller” or the “Company”). Let us stress the fact that we are committed to protecting your privacy, keeping the personal data you share with us secure. It is also important for us to clearly explain to you how we collect, use, disclose and otherwise process your personal data. We keep reasonable physical, electronic and procedural security measures to protect your personal data and we have used and will continue to use commercially reasonable efforts to ensure their protection.

1. WHAT DOES THIS PRIVACY POLICY COVER?

This Privacy Policy covers the processing by the Company of personal data collected through the use of the Service, and does not apply to processing of personal data by third parties, including any third party providers of digital content which Users may acquire through the use of the Service or functionalities thereof (hereinafter, the “Merchants”).

2. WHAT DATA WILL BE PROCESSED?

During the processing of the Service we might acquire on our own, or receive from third parties (Merchants, Mobile Network Operators, aggregators or technical hubs) the following data:

  • Nature and price of the digital good
  • Mobile phone number (or “MSISDN”)
  • Name, Address and Birthdate in certain cases
  • Mobile Network Operator or Internet Access provider name
  • IP Address
  • Text of the SMS’s exchanged during the opt-in phase of the Service
  • Information about your operating system and the device used for the purchase
  • E-mail address (only in the case you provided it while contacting our Customer CareSupport)We do not collect other forms of data that imply identification of Users (e.g. name, surname address, gender, tax identification or social security numbers, preferences and behavioral data). We do not collect at any stage sensitive personal data (e.g. information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, as well as data concerning a natural person’s sex life or sexual orientation).

3. WHY AND HOW DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data to provide you with the Service described in the Terms of Use to carry out any and all activities connected with such Service or functionalities thereof (such as, for example, customer care services) through the Onebip website, the Onebip Platform and the Onebip Portal. In particular, we process your personal data in order to:

  • Provide you with the Service or functionalities you requested or when using Onebip through third-party websites and apps;
  • Monitor, track and record data regarding all relevant transactions, to allow the delivery and billing of the contents requested and assure cross-device compatibility;
  • Prevent and identify possible fraudulent behavior;
  • Provide you with any necessary technical or customer care support service;
  • Manage any possible complaints, litigation and requests from authorities and regulatorybodies.We process your personal data mostly by electronic means, although it is possible that some of your personal data may be processed in hard copy documents (such as, for example, invoices).The data acquired in the provision of the Service will not be used for marketing purposes and profiling; in case in future the Company would engage marketing or profiling activities, you will be asked an explicit consent.

4. WHO HAS ACCESS TO YOUR DATA?

We adopt all necessary measures to ensure that your personal data shall remain safe, private and confidential at all times. We limit access to your personal data on a “need to know basis” by our own employees to individuals who are authorized for the proper processing of such data and any employee found violating our standards of security and confidentiality will be subject to our disciplinary processes.

Your personal data may be communicated to third parties for rendering the Service or to carry out activities which are ancillary and instrumental to the Service. In particular, and exclusively for the purposes described above, your personal data may be communicated to:

  • The Merchants, for delivery of the digital service, invoicing and customer support;
  • Your mobile network operator and/or internet access provider, for invoicing and customersupport;
  • Companies that are providing us the access to mobile network operator infrastructure (Aggregators and technical hubs)
  • Companies which render services of customer support on our behalf;The exchange of personal information is limited to what is strictly necessary to perform the Service and the ancillary activities; data are normally transferred in encrypted form and are shared in clear with third parties only if the sharing in encrypted form impedes the provision of the Service or the ancillary activities.Furthermore, we may make your personal data available to other third parties in the following limited circumstances:· When we are compelled to do so by a governmental agency, court or other entity (e.g., to respond to subpoenas, court orders or legal process);· In legal proceedings, if we believe your actions violate any law, regulation, any term or condition of the Terms of Use, including, without limitation, this Privacy Policy, or any of Additional Terms or if you threaten the rights, property or safety of us, our parent, subsidiaries or affiliated companies, our Service, any of our operational service providers, suppliers, advertisers, customers, Users or Merchants; or
  • In the event of a bankruptcy, merger, acquisition, transfer of control, joint venture or other business combination involving us.

5. DO YOU HAVE TO SUBMIT YOUR PERSONAL DATA TO US? WHAT IF YOU DECIDE NOT TO?

Your submission of personal data for the purposes described in Section 3 above is not mandatory, you are by no means under any legal obligation to disclose such information to us. However, if you do not provide us with the personal data requested, in particular with your MSISDN, we will not be able to provide you with the Service or any functionality thereof.

6. DATA LOCATION AND RETENTION

Your information are stored in our databases located in Ireland, Italy and Austria.
Temporary data like technical information used to process the transaction are deleted from our database within 3 days.
Information about the transactions, including nature and price of the digital good, MSISDN, IP address, Mobile Network Operator or Internet Access provider name, text of the SMS’s exchanged during the opt-in phase and information about operating system and the device used for the purchase, are stored in our databases for 5 years to comply with tax and corporate laws and to demonstrate the execution of the Service in case of request by public authorities.
Under certain circumstances the legal duty of storing the transaction can be extended up to 10 years.

7. USE OF “COOKIES” What are cookies?

Cookies are small text files that are placed on your computer by websites that you visit. A cookie can be thought of as an internet user’s identification card, which tell a web site when the user has returned. They were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user’s browsing activity (clicking particular buttons, logging in etc.). Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser.

What is a session cookie?

A session cookie, also known as an in-memory cookie or transient cookie, exists only in temporary memory while the user navigates the website. Web browsers normally delete session cookies when the user closes the browser. Unlike other cookies, session cookies do not have an expiration date assigned to them, which is how the browser knows to treat them as session cookies.

What is a persistent cookie?

Instead of expiring when the web browser is closed as session cookies do, persistent cookies expire at a specific date or after a specific length of time. This means that, for the cookie’s entire lifespan (which can be as long or as short as its creators want), its information will be transmitted to the 

server every time the user visits the website that it belongs to, or every time the user views a resource belonging to that website from another website (such as an advertisement).

How to change cookie settings on your browser

Most internet browsers accept cookies automatically, but you can change the settings of your browser prevent automatic acceptance or erase them.
You can find here more information:
Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
Safari: https://support.apple.com/kb/PH17191?locale=en_US
Firefox: http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies 
Android: https://support.google.com/chrome/answer/95647?hl=en-GB&co=GENIE.Platform%3DAndroid&oco=1

Onebip cookies

These cookies allow Onebip to improve the quality of the Service delivered by storing some information needed to restore the Service in case of interruption (e.g. loss of internet connection, closing down the payment pages) and to handle multi session payments.
You may opt out of these cookies, but by doing so you might be no longer be able to use Onebip Service pages or your user experience can be impaired.

Session cookies are deleted upon closing of browser, persistent cookies have an expiration time of 1 year from the date of creation.

8. YOUR RIGHTS

You should know that you have the following rights with respect to the information (including personal data) that you provide us:

  • You can have a direct access to your transaction list over selfcare.onebip.com and you have the right to request us to inform you about the personal data we have stored about you.
  • You have the right to request us to amend any incorrect data that we have stored about you.
  • You have the right to data portability, which means that upon request, we will transfer yourdata to you in an electronically processable format.
  • You have the right to ask the deletion of your personal information from our systems in such circumstances we will proceed to remove all data except those that we are obliged to keep to comply with laws (in particular tax laws) and regulations. In such case we will undertake our best effort to encrypt and anonymize the information where possible.
  • You have the right to lodge a complaint to the Italian Personal Data Protection Authority (“Autorità Garante per la protezione dei Dati Personali”) in the event that you are of the opinion that a breach of data security has occurred. You can contact the authority here .

You can exercise the aforementioned rights at any time.

If you have any questions about our data security please do not hesitate to contact Us at

privacy[at]onebip.com