- 01
What is this document?
Through this privacy policy, drawn up in accordance with Article 13 of European Regulation No. 679/2016 (“General Data Protection Regulation” or “GDPR”) and in compliance with the principles contained therein, Aurea Hub S.r.l. intends to inform each user (“the User”) of the processing of personal data collected through the website https://www.aureahub.com/ (“Website”) and its application available for iOS and Android devices (“App”).
- 02
Owner and Contact Details
Aurea Hub S.r.l. (hereinafter referred to as “Aurea,” the “Company,” or “Controller,” for the purposes of Art. 4(7) GDPR), with registered office at Via Giosuè Carducci 18, 20123, Milan (MI), Italy.
For any request relating to this notice or the exercise of data-protection rights, write to help@aureahub.com.
- 03
Purpose of processing, Legal basis, Personal data processed, and Retention period
The Data Controller collects personal data for the following purposes, as specified below, where the legal basis and duration of data processing are also highlighted.
- A.
Registration, access to the App, and account management.
Data will be processed to allow authentication to the App, in order to enable your user experience.
- Personal data
- Personal information (first name, last name)
- Contact details (email address)
- Legal basis
Performance of contractual measures [Art. 6, 1, letter b) GDPR]
- Retention period
Until the account is deleted, except for data retention for legal purposes.
- B.
Management and fulfillment of requests for information and support.
Data provided will be processed to manage and respond to requests for technical support.
- Personal data
- Personal information (first name, last name)
- Contact details (email address)
- Legal basis
Execution of pre-contractual and/or contractual measures [Art. 6, 1, letter b) GDPR]
- Retention period
For the time required to respond.
- C.
Communications for marketing purposes.
Sending communications via email containing promotions and/or advertising related to products or services.
- Personal data
- Personal information (first name, last name)
- Contact details (email address)
- Legal basis
Consent [Art. 6, 1, letter a) GDPR]
- Retention period
Until consent is withdrawn and in any case no later than 24 months from the date of last contact.
- D.
Soft Spam.
Sending promotional communications related to products or services similar to those already purchased (Article 130, paragraph 4, Privacy Code).
- Personal data
- Personal information (first name, last name)
- Contact details (email address)
- Legal basis
Legitimate interest [Art. 6, 1 f) GDPR] relating to maintaining the commercial relationship.
- Retention period
Personal data will be stored for the time strictly necessary to achieve the legitimate interest and until the data subject objects to the processing.
- E.
Compliance with legal obligations.
Processing to comply with obligations arising from applicable laws, regulations, or EU legislation (e.g., tax, accounting) or to respond to authority requests.
- Personal data
- Personal information (first name, last name)
- Contact details (email address)
- Legal basis
Legal obligation [Art. 6, 1, letter c) GDPR]
- Retention period
In accordance with applicable regulations.
- F.
Complaint management and exercise of the right of defense.
Processing to ascertain, exercise, or defend a right and/or interest in or out of court.
- Personal data
- Personal information
- Contact details
- Legal basis
Legitimate interest [Art. 6, 1 f) GDPR] attributable to the need to ascertain, exercise, or defend a right and/or interest.
- Retention period
Personal data will be stored for the period necessary to defend or exercise the right.
- G.
Newsletter.
Periodic sending of informative and promotional updates via email.
- Personal data
- Personal information (first name, last name)
- Contact details (email address)
- Legal basis
Consent [Art. 6, para. 1, letter a) GDPR]
- Retention period
Until consent is withdrawn and in any case no later than 24 months after the last contact.
- H.
Cookie management and tracking tools.
Data processing using technical, analytical, and profiling tools (e.g., third-party cookies, pixels).
- Personal data
- Browsing data
- User preferences
- Legal basis
Consent for non-technical cookies [Art. 6, par. 1, lett. a) GDPR]; Legitimate interest for technical cookies [Art. 6, par. 1, lett. f) GDPR].
- Retention period
As indicated in the Cookie Policy and in any case in compliance with the retention periods of individual cookies.
- I.
Profiling activities.
Analysis of user preferences, behaviors, and interests through automated tools to offer personalized content or targeted communications.
- Personal data
- Usage data
- Browsing data
- Personal details and contact information
- Legal basis
Consent [Art. 6, para. 1, letter a) GDPR]
- Retention period
Until consent is withdrawn and in any case no later than 12 months after the last activity useful for profiling purposes.
- J.
Website Improvement.
Processing User data to enable navigation and consultation of the Website, as well as to improve your browsing experience.
- Personal data
- Website usage and interaction data
- Legal basis
Legitimate interest [Art. 6, 1 f) GDPR] attributable to the need for the Data Controller to allow the use of the Website and its improvement.
- Retention period
Not applicable (aggregated or anonymous data).
# Purpose Personal data Legal basis Retention period A. Registration, access to the App, and account management.Data will be processed to allow authentication to the App, in order to enable your user experience.
- Personal information (first name, last name)
- Contact details (email address)
Performance of contractual measures [Art. 6, 1, letter b) GDPR] Until the account is deleted, except for data retention for legal purposes. B. Management and fulfillment of requests for information and support.Data provided will be processed to manage and respond to requests for technical support.
- Personal information (first name, last name)
- Contact details (email address)
Execution of pre-contractual and/or contractual measures [Art. 6, 1, letter b) GDPR] For the time required to respond. C. Communications for marketing purposes.Sending communications via email containing promotions and/or advertising related to products or services.
- Personal information (first name, last name)
- Contact details (email address)
Consent [Art. 6, 1, letter a) GDPR] Until consent is withdrawn and in any case no later than 24 months from the date of last contact. D. Soft Spam.Sending promotional communications related to products or services similar to those already purchased (Article 130, paragraph 4, Privacy Code).
- Personal information (first name, last name)
- Contact details (email address)
Legitimate interest [Art. 6, 1 f) GDPR] relating to maintaining the commercial relationship. Personal data will be stored for the time strictly necessary to achieve the legitimate interest and until the data subject objects to the processing. E. Compliance with legal obligations.Processing to comply with obligations arising from applicable laws, regulations, or EU legislation (e.g., tax, accounting) or to respond to authority requests.
- Personal information (first name, last name)
- Contact details (email address)
Legal obligation [Art. 6, 1, letter c) GDPR] In accordance with applicable regulations. F. Complaint management and exercise of the right of defense.Processing to ascertain, exercise, or defend a right and/or interest in or out of court.
- Personal information
- Contact details
Legitimate interest [Art. 6, 1 f) GDPR] attributable to the need to ascertain, exercise, or defend a right and/or interest. Personal data will be stored for the period necessary to defend or exercise the right. G. Newsletter.Periodic sending of informative and promotional updates via email.
- Personal information (first name, last name)
- Contact details (email address)
Consent [Art. 6, para. 1, letter a) GDPR] Until consent is withdrawn and in any case no later than 24 months after the last contact. H. Cookie management and tracking tools.Data processing using technical, analytical, and profiling tools (e.g., third-party cookies, pixels).
- Browsing data
- User preferences
Consent for non-technical cookies [Art. 6, par. 1, lett. a) GDPR]; Legitimate interest for technical cookies [Art. 6, par. 1, lett. f) GDPR]. As indicated in the Cookie Policy and in any case in compliance with the retention periods of individual cookies. I. Profiling activities.Analysis of user preferences, behaviors, and interests through automated tools to offer personalized content or targeted communications.
- Usage data
- Browsing data
- Personal details and contact information
Consent [Art. 6, para. 1, letter a) GDPR] Until consent is withdrawn and in any case no later than 12 months after the last activity useful for profiling purposes. J. Website Improvement.Processing User data to enable navigation and consultation of the Website, as well as to improve your browsing experience.
- Website usage and interaction data
Legitimate interest [Art. 6, 1 f) GDPR] attributable to the need for the Data Controller to allow the use of the Website and its improvement. Not applicable (aggregated or anonymous data).
Privacy Policy
How Aurea protects your personal data.
Drafted under Article 13 of EU Regulation 679/2016 (GDPR). Aurea Hub S.r.l. — Data Controller — explains what data we collect via aureahub.com and the Aurea App, why we process it, on what legal basis, and for how long.
Last updated · May 2026
Questions about this document? Email help@aureahub.com.