Privacy Policy

With this privacy policy, the company Upar Italia Srl, in accordance with art. 13 GDPR 679/2016 - "European Regulation on the protection of personal data" (hereinafter: "GDPR"), communicates the methods and purposes of the processing of personal data and the related protections provided by Upar Italia Srl (hereinafter also "Upar") in order to guarantee the confidentiality and security of the same, for the use and enjoyment of the services provided through the App "Upar" (hereinafter also "App").

1. Data controller

The Data Controller is UPAR ITALIA SRL, with registered office in Corso A. De Gasperi, 343, Bari (C.F.-P.IVA 08693370721).

2. Nature and source of personal data processed

Upar processes the personal data that are acquired at the initiative of users for the purposes of joining, registering, requesting information and/or using the App and, in any case, in the interests of the latter, for the purposes of executing the contract signed with the same and, in any case, for the purposes of making the best use of the services of the App.

The data required for the registration and use of the App are provided directly by the Users by voluntarily filling in the registration/registration form in which they enter common data, such as First Name, Last Name, Date of Birth, Telephone Number, Home Address, Username, Email, Password, Company Name, Tax Code and other data relating to the User's personal details, including data and information relating to the User's car (such as model, colour, year of registration, number plate), as well as bank details provided voluntarily by the User for the purpose of using the App and always for the User's exclusive interest. model, colour, year of registration, number plate), as well as bank details voluntarily provided by the User for the purpose of using the App and always for the exclusive interest of the latter.

For the purposes set out in point 3, the Company does not normally need to collect "special categories of data" and "judicial data" (hereinafter, "sensitive" data) within the meaning of Art. 9 and 10 of the GDPR (meaning, by way of example, racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life and any criminal convictions, offences or security measures). It may happen that the data transmitted to the Company also include 'sensitive' data. In this case, the Company may only process 'sensitive' data that are relevant for the purposes of pursuing the interests of the Users, within the limits in which the acquisition of such information is strictly indispensable and does not conflict with the provisions of the Privacy Code, the GDPR, the Provisions and General Authorisations of the Guarantor Authority for the protection of personal data, D.Legislative Decree no. 276/2003, Law no. 300/1970 (so-called Workers' Statute), Law no. 135/1990, as well as the rules on equal opportunities or aimed at preventing discrimination.

Any 'sensitive' data transmitted will be deleted immediately in the absence of a written declaration of consent to their processing.

Browsing data: the computer systems and software procedures set up for the App acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected for the purpose of being associated with identified data subjects, but which by its very nature could, through processing and association with data processed by third parties, allow users to be identified. This category of data includes:

  1. IP addresses or domain names of devices used by users connecting to the App;
  2. addresses in URI (Uniform Resource Identifier) notation of the requested resources;
  3. time of the request;
  4. method used in submitting the request to the server;
  5. size of the file obtained in response from the server;
  6. numeric code relating to the status of the response given by the server,
  7. other parameters related to the user's device and computing environment.

For reasons related to the provision of the service, the user is required to make certain functions and resources of the mobile device accessible to the APP. Specifically:

  • information about the device and the installed operating system;
  • full network access;
  • camera and use of flash;
  • position: approximate, based on the network or precise, based on the intersection of data between the network and the GPS module;
  • storage space: reading, editing and deleting data in the device's memory.

As described in more detail below, some processing operations that are not essential for the use of the APP find their legal basis in the free consent of the person concerned; in these cases, it is not mandatory to give consent, but refusal to provide it means that certain functionalities cannot be used.

The software platforms responsible for the operation of the APPs (Apple Store, Google Play or Windows Phone Store) acquire, in the course of their normal operation, certain data relating to the user, the transmission of which is implicit in the use of internet communication protocols, smartphones and devices used. Upar is not involved in such processing and cannot be held responsible for it. It is therefore advisable to also refer to the privacy policies published on the aforementioned platforms.

Furthermore, Upar may collect anonymous information for the sole purpose of collecting statistical data on the number of users who have downloaded the APP or are users of it.


The APP offers functionalities that may involve the acquisition of location data (GPS, WiFI, GSM network). The processing of this data allows the user, for example, to use the service to locate car parks indicated by other users and to calculate the route to reach them.

Upar does not process this data in any way other than forwarding it to the operator of the Maps service installed on the device (e.g. Apple or Google, who will process it under the terms described in their own policies, to which please refer to ). Data may be collected when the APP is active and the User has activated the use of geolocation services. At any time, geolocation services can be deactivated by accessing the location permissions section of the User's device's operating system.

The nature of provision is optional; failure to provide it will result in the user being unable to use geolocation-based services.


The APP uses the following cookies:

Log files: Like many other websites/apps, this one also makes use of log files, i.e. it records the history of operations as they are performed. The information contained within the log files includes IP addresses, device type, Internet Service Provider (ISP), date, time, entry and exit page and number of accesses. All of this is used to analyse trends, administer the app, monitor user movement within the app and gather demographic data, IP addresses and other information. This data cannot be traced back to the identity of the user in any way.

Cookies: The App uses cookies to store information about visitors' preferences and pages visited by the user and to customise the content of the App according to the device being used and according to other information that device sends.

The App, in particular, uses the following cookies that can be de-selected, except for third-party cookies for which you will have to refer directly to the respective cookie selection and de-selection methods:

  1. Browsing or session technical cookies and strictly necessary for the operation of the App or to enable the User to take advantage of the content and services requested.
  2. Functionality cookies, i.e. used to enable specific features of the App and a set of selected criteria (e.g. language) in order to improve the service rendered.
  3. Technical cookies - analytics, which allow us to understand how the App is used by users; no information about the user's identity or any personal data is collected with these cookies. The information is processed in aggregate and anonymous form.
  4. Third-party cookies, i.e. cookies from sites, mobile applications or web servers other than that of Upar Italia Srl used for purposes specific to said third parties. It should be noted that such third parties are typically autonomous controllers of the data collected through the cookies they use; therefore, you should refer to their Personal Data processing policies, disclosures and consent forms (selection and de-selection of the respective cookies).

The App does not use its own profiling cookies, but those present are exclusively controlled by third parties such as Google, Facebook or Twitter.

3. Purpose and method of processing personal data

Personal data are collected and processed, in compliance with the general principles of correctness, lawfulness and transparency, for purposes related to the supply of goods and services that are the subject of the activity carried out by the owner, to allow the navigation of the App and the correct and complete execution of the Services requested from time to time to Upar Italia Srl, as well as, in general, activities related to the execution of the contractual relationship with the User and in order to answer and satisfy requests for assistance or information, including customer care services, always in the interest of the Users themselves.

Personal data voluntarily provided by Interested Parties/users of the App are processed in cases where:

  1. The data subject has consented to the processing of his or her personal data for one or more specific purposes;
  2. The processing is necessary for the performance of a contract to which the data subject is party;
  3. The data subject has consented to the processing of his or her personal data for one or more specific purposes;
  4. The processing is necessary in order to fulfil legal obligations to which the Controller is subject (e.g. financial statements, management of employee payrolls, storage for tax purposes or provision of information to public bodies, law enforcement agencies, or legitimised and authorised third parties);
  5. The processing is necessary for the pursuit of the legitimate interest of the data controller.

Data recorded during navigation are processed for the sole purpose of obtaining anonymous statistical information on the use of the App and to carry out checks on its correct functioning; they will be deleted after processing.

Data may also be processed in the event it is necessary to carry out checks to ascertain criminal liability arising from computer crimes against the App and/or third parties through the App.

The processing of the data by Upar will be carried out in such a way as to guarantee security and confidentiality and may be carried out using manual, computerised and telematic tools with logics strictly related to the purposes themselves and may involve consultation, registration, processing, interconnection, comparison with other data or other processing, in any case, in such a way as to guarantee the security and confidentiality of the data.

Specific security measures are taken in processing operations to prevent loss of data, their illegal or incorrect use and unauthorised access.

The data will be kept for the time strictly necessary for the performance of the contract between the parties and/or the activities related to the use of the App and the services connected thereto. With regard to the data contained in documents having accounting and fiscal relevance, it is specified that they are kept for the duration imposed by civil and fiscal regulations. This is without prejudice to the fact that data that are no longer required will be blocked and deleted when the retention periods imposed by law expire.

The provision of data is optional and is provided voluntarily by users in order to take advantage of Upar's services and for the purposes of using the App; however, a refusal to provide such data could lead to difficulties in the conclusion, execution and management of the contract, as well as make it impossible for the Company to provide the services through the App.

4. Categories of persons to whom the data may be disclosed

Again and exclusively for the purposes set out in point 3 above, the data provided may be disclosed to the following categories of persons:

  • to the Financial Administration, to social security and welfare institutions if necessary, to the Public Security Authority; to companies to be entrusted with the transmission, enveloping, transport and sorting services of communications addressed to the User; to transporters and other entities for ancillary services to the supply; to companies or entities or professionals for fraud control and debt collection; to banks and credit institutions in the context of the financial management of the company; to insurance companies; to professionals (such as lawyers, accountants, consultants, auditing firms, etc.), subject to the obligation of professional secrecy, entrusted with providing accounting, tax and legal consultancy services and safety at work regulations. ..), subject to the obligation of professional secrecy, entrusted with providing us with accounting, tax and legal consultancy services and workplace safety regulations.

Personal data may also be used for the purpose of sending commercial communications to Users via email and/or notification via App, unless an express refusal to receive such communications can be expressed at any time ("Soft Spam").

The personal data provided will be processed by Upar's employees and/or collaborators, who, to this end, have been appointed as "Authorised Processors", by signing a specific deed of appointment, and by external parties, declared as "Data Processors", in relation to the specific activities that may be performed and/or for which the Company has duly verified compliance with the regulations in force on the processing of personal data.

Personal data may also be communicated to third parties in order to verify and carry out any requests made by the User, for the purpose of using the App and, in general, in order to comply with obligations provided for by laws, regulations or EU legislation, or to perform obligations arising from a contract to which the interested party is a party or to fulfil, prior to the conclusion of the contract, specific requests of the latter.

Personal data will be stored and processed within the European Union. In the event that data is processed outside the European Union, such processing would only take place after appropriate safeguards have been put in place, as required by mandatory legislation.

5. Rights of the data subject

The data subject has the right to obtain from the Company:

  1. access to personal data and information relating thereto;
  2. information on the origin of personal data;
  3. an indication of the purposes or methods of processing;
  4. the identification data of the data controller and/or data processors;
  5. the identification data of the persons or categories of persons to whom the data are disclosed or who may become aware of them;
  6. the updating, rectification and supplementation of data;
  7. limitation of processing;
  8. the cancellation, transformation into anonymous form or blocking of data processed in breach of the law;
  9. a declaration that the persons to whom the data have been communicated and/or disseminated have been informed of the operations referred to in points (f) and (h);
  10. consultation of the data in a structured, commonly used and machine-readable format, which allows for the portability of the data to a different data controller.

6. The data subject's right to object

Among the rights granted to the data subject by the GDPR is the right to withdraw consent at any time and, therefore, to object in whole or in part to the processing of personal data concerning him or her.

The data subject may also lodge a complaint with the Data Protection Authority and/or other competent supervisory authority under European Regulation 679/2016.

For any requests, remarks and/or complaints, please send an e-mail to:

7. Giving and withdrawing consent to processing

Consent to processing will be requested by means of telematic methods suitable for guaranteeing full knowledge and understanding of the rights due to the data subject.

You have the right to revoke your consent to the processing of your personal data by sending an e-mail to: , with the following text: <<Cancellation of consent to the processing of all my personal data>>. Upon completion of this operation, your personal data will be removed from the archives as soon as possible.

Upar Italia S.r.l.