4 years ago

Privacy Policy

Website Privacy Policy

Visiting this website may result in processing data relating to identified or identifiable natural persons. 

The handling of personal data of data subjects in Europe is in compliance with EU Regulation 2016/679 (“GDPR”) . This Privacy Policy hereby provides you with the additional information requested by GDPR. 

The data controller is Scytale S.r.l. (hereinafter: “Scytale”, “we”, “us”). Personal data is processed by us when you have provided your consent, for example when you provide us with your email address – Art. 6 (1) (a) GDPR, or as necessary: for allowing you to access and browse the website content; for performing a contract or for taking steps at your request, before entering a contract – art. 6 (1) (b) GDPR, to fulfil our legal obligations – art. 6 (1) (c) GDPR,  for allowing us to process personal data when it’s necessary for our legitimate interests (for example in order to maintain the integrity of our IT systems and the continuity of our business) – art. 6 (1) (f) GDPR.

We put in place measures to guarantee that your data are kept up-to-date and processed securely.

We retain your personal data for as long as is necessary for the purposes for which we obtained it, in accordance with the data minimisation principle.

We have appointed a Data Protection Officer (DPO) with the following email address: scytale-dpo@chino.io  

Here below we provide you with some general information regarding the processing of personal data on our website. Specific information about processing activities of Scytale other than the ones associated with this website will be provided separately.


Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Your personal data and our website

Our website is an important communication tool for us. Here we communicate news and information about our products to the public.

Some of the services offered on our website require the processing of your personal data.

We process personal data collected on our website (such as identification data, contact details and professional or employment-related information) for the following purposes:

To enable you to have access to our website and its services

When you browse our website, we collect certain technical information, e.g. IP addresses. Data is processed for allowing you to access and browse the website content, based on Art. 6(1) (b) of GDPR.

To contact and communicate with you

We collect the information you provide us via contact forms to communicate with you and answer your questions. This data may include your contact information and your professional or employment-related information. Data is processed on the basis of  performing a contract or for taking steps at your request, before entering a contract – art. 6 (1) (b) GDPR and based on our legitimate interest to interact and communicate with you, according to art. 6(1) (f) GDPR.

Direct marketing

We may use your contact details, including your email or telephone number, to send you marketing communications relating to our services and similar products. Your data will be processed in accordance with Article 6 (1) (a) of the GDPR. You can revoke your consent at any time by emailing us. Your personal data will be stored for this purpose until you decide to revoke your consent.

We do not reuse the information for another purpose that is different to the one stated. We will never divulge your personal data to third parties for direct marketing purposes. We will not use your personal information for direct marketing purposes without your consent.

Under certain conditions outlined in law, we may disclose your information to third parties, if it is necessary and proportionate for lawful, specific purposes.

As a rule, we do not keep your personal information for longer than necessary for the purposes for which we collected it.


For the use of our website, we only store strictly necessary cookies. Necessary cookies are essential for the website to function properly as they ensure basic functionalities and security features of the website, anonymously. Specifically, we use Google recaptcha service in order to identify bots and to protect the website against malicious spam attacks. You can set your browser to permit or refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more detailed information about the cookies we use, see our Cookies Policy.

The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users and to maintain the integrity of our IT systems and the continuity of our business.

Sharing of Personal Data

We will only share your personal data in connection with the provision of our services.

In general, we do not disclose the Personal Data about you to third parties without your consent or otherwise as specified in this Policy.

In certain circumstances we may disclose or share your Personal Data with third parties only in the ways described in this Policy, including as follows:

  • In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your Personal Data (i) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (ii) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (iii) as otherwise required or permitted under any applicable law, rule, or regulation, (iv) in good faith, to protect or defend the our rights or property and other users, and (e) if we involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data;
  • third party service providers: we may use third party service providers to provide certain data processing services for us (acting as our authorised data processors). When acting as our authorised data processors, they are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

International transfers

We do not transfer your personal data outside the European Economic Area (EEA).

Data processing operations that are carried out via third party providers established outside of the geographical area upon mentioned can be carried out partially or completely in the countries of the respective branch only on the basis of an adequacy decision of the European Commission or, in case of no adequacy decision in place, in accordance with standard contractual clauses approved by the European Commission and appropriate safeguards adopted according to the GDPR and applicable data protection laws.

Data security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

We have adopted appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We keep your data safe by adopting the best practices and highest standards in terms of security.

We take various steps to protect your Personal Data from unauthorised access, use or modification and unlawful destruction and disclosure, for example:

  • we adopt encryption technology to transfer and store your Personal Data; 
  • we limit the access to your Personal Data on a strict need-to-know basis;
  • we put in place physical, electronic, and procedural safeguards in line with industry standards.

Please be aware that, despite our efforts, we do not warrant or guarantee that unauthorised access will never occur as no method of transmitting or storing information is completely secure.

All data handling is GDPR (General Data Protection Regulation) compliant.

Data Subjects Rights

You have specific rights when it comes to the processing of your personal data by us.

  • When your personal data is processed by Scytale, you have the right to know about it.
  • You have the right to access the information and have it rectified without delay if it is inaccurate or incomplete.
  • You can ask to have it blocked under certain circumstances.
  • You can also object to it, in certain circumstances, on grounds relating to your specific situation.
  • You can request that any of the above changes be communicated to other parties to whom your data have been disclosed.
  • You also have the right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law.
  • You have the right to receive your personal data in a standardised format in case you wish to transfer it to another controller (data portability).
  • You have the right to complain at any time if you believe your data protection rights have been breached.

These rights are outlined in Chapter III of GDPR.

How to exercise your data protection rights.

If Scytale is processing your personal data and you would like to exercise your data protection rights, please send us a written request by e-mail to our DPO at  scytale-dpo@chino.io  

In principle, we cannot accept verbal requests (telephone or face-to-face) as we may not be able to deal with your request immediately without first analysing it and reliably identifying you.

Your request should contain a detailed, accurate description of the data you want access to. When there are reasonable doubts regarding your identity, you might be asked to provide a copy of a document, which will help us to verify your identity. It can be any document such as your ID card or passport. Should you provide any other documents, personal details such as your name and your address should be in clear in order to be able to identify you, while any other data such as a photo or any personal characteristics, may be blacked out.

Our use of the information on your identification document is strictly limited: the data will only be used to verify your identity and will not be stored for longer than needed for this purpose.

Scytale contact details

Full name of legal entity: Scytale S.r.l.

DPO email address:  scytale-dpo@chino.io

Email address: information@scytale.tech   

Postal address: Via Cremona 24/6 – Mantova (46100)

Changes to the privacy policy and our duty to inform you of changes

We may modify and revise this Policy from time to time. Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. 

Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App. We therefore encourage you to review it from time to time to stay informed of how we are processing your data.

This version was last updated on 19th of September  2022.