1 March 2026

Privacy policy

PRIVACY POLICY

Flatmates S.r.l., with registered office at Viale Pasubio, 5 – 20154 Milan (Italy), acting as Data Controller, protects your personal data provided during your browsing and use of this website, ensuring confidentiality and compliance with applicable data protection regulations.

As required by Article 13 of the EU General Data Protection Regulation (GDPR), Flatmates informs you that your personal data collected through this website is processed by electronic and/or telematic means for the purposes set out below.

1. TYPES OF PERSONAL DATA PROCESSED

The IT systems and software procedures used to operate this website collect, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

The following personal data may be processed:

Browsing data: this category includes IP addresses or domain names of computers and terminals used by users, URI/URL addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the server's response status, and other parameters relating to the user's operating system and IT environment. Such data are also processed to: obtain statistical information on service usage; monitor the correct functioning of the services offered.

Data provided by the user: such as your email address and any other personal data contained in a message sent using the "contact us" function;

Cookies and other tracking tools: for details of the cookies used by this site, please refer to the full Cookie Policy.

2. PURPOSES AND LEGAL BASIS FOR PROCESSING

Your personal data will be processed for the following purposes:

a) to enable the use of this website and to carry out the maintenance and technical support necessary for its proper functioning;

b) to allow the Data Controller to receive, manage and respond to emails sent via the "contact us" function.

The legal basis for the processing referred to in letter a) is: Art. 6(1)(f) GDPR: 'processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party'.

The legal basis for the processing referred to in letter b) is: Art. 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

3. METHODS OF PROCESSING

Personal data are collected directly by the Data Controller or by third parties expressly authorised by the Data Controller, or communicated by the Data Controller to such third parties for the purposes set out in point 2.

Personal data will be processed primarily by electronic means by persons both internal and external to the Data Controller's organisation, duly authorised and instructed in accordance with the GDPR.

The Data Controller periodically carries out checks to ensure that no unnecessary personal data are processed, collected, stored or retained.

4. RECIPIENTS OF PERSONAL DATA

Personal data processed for the purposes referred to in point 2 may be communicated to:

internal staff of the Data Controller's organisation, duly authorised for the relevant processing activities;

external parties acting as Data Processors on behalf of Flatmates, such as: IT service and support companies; IT infrastructure and solution providers; web service providers.

The updated list of Data Processors is kept at the Data Controller's registered office and is available upon written request by email.

Your personal data may be communicated to public bodies, organs and authorities acting as independent Data Controllers, in compliance with applicable laws or binding provisions.

Under no circumstances will your personal data be communicated to other categories of third parties or be subject to dissemination.

5. TRANSFER OUTSIDE THE EU/EEA

The Data Controller does not transfer your personal data outside the European Economic Area.

Your personal data will be managed and stored on servers of the Data Controller and/or duly appointed Data Processors located within the European Union.

Notwithstanding the above, some of your personal data derived from the use of cookies and other tracking tools may be shared with recipients located outside the EEA. The Data Controller ensures that such data will be processed in compliance with applicable data protection law, based on an adequacy decision or the standard contractual clauses approved by the European Commission.

6. RETENTION PERIOD / DATA RETENTION

Your personal data will be processed by the Data Controller for the time necessary to achieve the purposes for which they were collected.

With regard to the purpose referred to in point 2(a), browsing data are not retained on the Data Controller's systems for more than seven (7) days (subject to any need for investigation of offences by the judicial authority).

With regard to the purpose referred to in point 2(b), your personal data will be processed and retained for the time necessary to fulfil the information requests and in any event for a period not exceeding [___].

Upon reaching the above deadlines, the Data Controller will proceed to delete your data. Longer retention periods may apply in the presence of specific legal obligations.

7. YOUR RIGHTS

Under EU Regulation 2016/679, you have the right to: