Privacy policy

Information on the processing of personal data pursuant to article 13 of the Regulation (eu) 679/2016 (general data protection regulation – gdpr)

The data controller is Viceversa S.r.l., Via Bernardo Quaranta 40, 20139, Milan

The information in this Privacy policy is provided by Viceversa Srl (hereinafter also Viceversa), which manages the web application Viceversa (hereinafter also the Platform), in relation to the personal data collected through the Platform and consequently processed.

The Platform is freely accessible through the site www.portal.goviceversa.com.

The use of the functions of the Platform by the User is free, but the use of some services may be linked to the stipulation of a contract between Viceversa and the company/business/organization in the name and on behalf of which the User uses the services of the Platform.

For further information on the use of services, please refer to the Terms of Service (ToS), which describe the terms for the use of the Platform and the services available through it.

This Privacy Policy contains information on how Viceversa collects and processes the personal data provided by the User, possibly also referable to third parties.

Contacts

For any information, clarification or further information regarding the personal data protection policies adopted by Viceversa, you can write a message to the email address: [email protected] 

Viceversa’s role

Viceversa processes the data of the Platform Users as Data Controller (pursuant to the GDPR), in relation to the processing of personal data relating to the same Users, which is necessary to provide the requested services and for the correct functioning of the Platform.

Otherwise, Viceversa may act as Data Processor (pursuant to the GDPR), if to use the services of the Platform, the User requests Viceversa to access their business accounts on other platforms for the analysis of commercial and financial data. In this case, any personal data relating to natural persons whose data are stored in the User’s business accounts are processed by Viceversa exclusively for the analysis, reporting and monitoring of aggregate financial and commercial information.

In these cases, therefore, when the User associates their profile on the Viceversa Platform with their business accounts on other platforms to use the services provided by Viceversa, the User authorizes Viceversa to process certain financial and commercial information related to these business accounts, including any personal data of third parties. 

Viceversa uses this information exclusively to provide the services requested or contracted with the User, to allow the User to manage the insight and performance data relating to the performance of its online commercial and financial activity.

When and how Viceversa processes personal data

From the first moment in which the User interacts with the Platform, Viceversa processes their personal data. 

In some cases, this personal data and other information will be requested from the User to use the Platform’s services; in other cases, the information and personal data are collected automatically by the Platform, such as, for example, the navigation data of technical cookies. In this regard, it is advisable to consult the cookie policy of Viceversa.

The purposes for which Viceversa processes personal data

The current legislation on the protection of personal data permits the use of personal data only for specific and well-defined purposes, provided that there is a suitable legal basis for the processing. 

The following is the list of purposes for which Viceversa processes personal data:

  1. To enable the correct functioning of the Platform, or guarantee the full functionality of the services that the User can avail of through the platform;
  2. Where the User is registered and/or has a contract with Viceversa, to allow them to carry out the login and authentication for access to their reserved area and the use of the services;
  3. To allow the User to associate their business accounts to allow the Platform to provide performance data analysis and reporting services, as required by the Terms of Service (ToS).
  4. To allow Viceversa to propose questionnaires to evaluate the quality of the services provided through the Platform.
  5. To allow Viceversa to collect information about the use of the Platform and for the control, management and correct functioning of the services.
  6. To allow Viceversa to improve the provision of the services provided through the Platform, through the execution of analyses on errors or malfunctions, as well as to understand how Users interact with the services.

What personal data Viceversa collects and processes 

The personal data processed by Viceversa through the Platform must be distinguished as:

1. Personal data relating to the User (“User Data”) and

2. Personal data relating to third parties, other than the Platform User (“Third-Party Data”). 

Personal data relating to the User

Subject to the existence or otherwise of the contractual relationship with Viceversa, some personal data provided by the User during the use of the services or the creation of a Platform account are processed:

  1. name, surname, email address, organization/company to which they belong and their role;
  2. device type, device ID, operating system version, IP address, default language indications and analysis of the use of the Platform. 

Data relating to third parties (“Third-Party Data”) 

In the event that the User provides information and personal data regarding other people, Viceversa undertakes to use them exclusively to execute the services requested and provided through the Platform. When the User transmits this information and personal data, through the association with the Platform of the business accounts to which the User has access, the same User confirms that they have the right to process such information and personal data and to authorize Viceversa to process them on their behalf, in accordance with this Privacy Policy and with the legislation on the protection of personal data, including the GDPR.

The following data may be collected, including: customer id, addresses, information relating to the order or products/services purchased, shipping, payment and shipping locations. These data may vary depending on the type of business account that the User connects to the Platform, therefore they do not depend on Viceversa.

It should be noted that access to the business accounts made available by the User involves the collection of big data stored in these same accounts. 

Such information may also include Third-Party Personal Data, depending on the type of platform to which that business account linked by the User allows access, which may vary in terms of its nature and the service offered.

It is understood that the activity of Viceversa and the Platform does not mainly involve the use of personal data, but only information related to the performance relating to the information stored in the business account to which the User has provided access for the use of the services offered through the Viceversa Platform.

All Third-Party Data is not related to persons directly identifiable by Viceversa. In any case, we apply strict security measures to process Third-Party Data, for example, the immediate masking of the data relating to the “customer id” to process the information necessary to provide the analysis and statistics used to provide the services requested through the Platform.

The Platform, in addition, simultaneously with the collection of information from the business accounts connected by the User, proceeds to the automatic discard of data (including any personal data) not necessary for the provision of the services requested through the Platform.

In addition, through their profile, the User can dissociate their business accounts from the Platform at any time. 

In this way, where necessary, the User can limit the use of Third-Party Data. However, this may make it impossible to provide the User with certain services through the Platform, to provide which it is necessary to process the data stored by other platforms and which are accessible through business accounts.

The User can contact Viceversa to receive more information about the personal data processed through the contact details in the “our contact information” section of this Privacy Policy.

Legal basis of processing

  1. Provision of the services requested by the User through the Platform

The processing of personal data is aimed at the analysis and production of the evaluations and reporting requested by the User and obtained through the Viceversa Platform.

Legal basis for this processing of personal data: Execution of a contract or provision of a service requested by the User

  1. Security and improvement of the Platform

Performance analysis, performance testing, User feedback analysis and questionnaires. Legal basis for this processing of personal data: Legitimate interest of the data controller

In relation to the legitimate interest, as a legal basis for the processing of personal data, Viceversa guarantees that the execution of the processing of personal data is carried out in full respect of the rights and freedoms of the data subjects. For further information regarding the evaluations and security measures adopted, the User can contact Viceversa at the addresses present in this Privacy Policy.

Recipients or categories of recipients of the personal data

The personal data of the data subject may be communicated to:

  • specifically authorized collaborators and employees of the Data Controller, within the scope of their duties; 
  • Viceversa Capital Limited;
  • IT service providers who interact with the operation of the Platform or who are used by Viceversa for the management of administrative and accounting activities related to the execution of the contract and the provision of services through the Platform requested by the User, in particular Google Cloud Platform. For further information, the User can directly consult the Privacy Policy of Google Cloud Platform: https://policies.google.com/privacy.
  • IT service providers that interact with the operation of the Platform or that are used by Viceversa for the provision of the Services, which process the data as Data Processors, if the conditions are met. These include, in particular:

Fabrik: used for the API connection to Viceversa customers’ checking accounts. The customer independently connects their current accounts by accepting Fabrik’s terms and conditions regarding the sharing and use of data; 

  • Funding Service Purpose: use the data to check trends/cash flows for the purpose of evaluating and subsequently approving the application; 
  • Purpose of Pulse Service: to show the customer graphs/tables/KPIs related to their cash flows 

GoCardless: used for the API connection to Viceversa customers’ checking accounts. The customer independently connects their current accounts by accepting Fabrik’s terms and conditions regarding the sharing and use of data; 

  • Funding Service Purpose: use the data to check trends/cash flows for the purpose of evaluating and subsequently approving the application; 
  • Purpose of Pulse Service: to show the customer graphs/tables/KPIs related to their cash flows; 

PrestaTech: used to analyze the banking transactions obtained by connecting to the company’s checking accounts through the providers described above.

  • Funding Service Purpose: Categorization of banking transactions for analysis and application approval purposes; 
  • Purpose of Pulse Service: categorization of banking transactions to provide an overview to Viceversa customers regarding their financial data; 

DocuSign: used for the electronic signature of all contractual/legal documents between Viceversa and its customers. 

  • Funding Service Purpose: electronic signature for contracts; 
  • Purpose of Pulse Service: none; 

SWAN: used for the creation and submission of SDDs (SEPA Direct Debits) through which Viceversa recovers the investment made. 

  • Funding Service Purpose: payment of invoices via SDD
  • Purpose of Pulse Service: none; 

MOLLIE: used for the creation and submission of SDDs (SEPA Direct Debits) through which Viceversa recovers the investment made. 

  • Funding Service Purpose: payment of invoices via SDD; 
  • Purpose of Pulse Service: none; 

Stripe: used to make the capital available to the Viceversa customer. A prepaid virtual card is made available with a total balance equal to the amount of the contractually agreed tranche, net of commissions. To activate the card, the customer must complete a KYC process requested directly by Stripe. 

  • Funding Service Purpose: KYC and creation of the card with available balance;
  • Purpose of Pulse Service: payment by card for activation of the subscription; 

OpenAI: used for chatbots within the Platform with the aim of facilitating information gathering and internal communication. Also planned to be used for chatting with customers as a customer support function. 

Any communication of data at the request of the judicial or public security authorities, in the manner and in the cases provided for by law, remains unaffected. 

Where personal data is processed

The personal data collected by Viceversa through the Platform is processed at the Milan office and at the offices or in the servers managed by the recipients indicated in the previous paragraph. 

Should it be necessary for the transfer of personal data for the provision of the Services to the recipients indicated in Countries or international Organizations outside the EU, for which an adequacy decision has not been made, Viceversa undertakes to take adequate measures to ensure that the rights of the data subjects to processing continue to be protected and to ensure that the recipients of the personal data offer adequate measures in compliance with the legislation in force. 

Data retention period

Viceversa retains the information and personal data of the User for the time necessary to provide the services through the Platform and for the entire duration of any contractual relationship with the company/business/organization in the name and on behalf of which the User uses the Platform’s services. At the end of the effectiveness of the contract and/or the related services provided through the Platform, Viceversa deletes the User’s account and related personal data (including any personal data of third parties) within 2 years from the last registered activity. 

Rights of the data subject

The data subject has the right to access their personal data, to request their correction, updating and deletion or limitation, if incomplete, erroneous or collected in violation of the law, as well as to oppose the processing for legitimate reasons or obtain portability of the data.

Specifically, the data subject is entitled to receive confirmation as to the existence or non-existence of their personal information, even if it has not yet been recorded, and to its communication in intelligible form.

The data subject has the right to obtain: 

  1. the updating, correction or integration of their data; 
  2. the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes of the processing;
  3. the limitation of processing, when the conditions are met; 
  4. the attestation that the previous operations have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
  5. the portability of the data concerning them, where the conditions are met. 

The above rights are exercised with a request to Viceversa, by sending an email message to the email address [email protected]

To find out about their rights, lodge a complaint and always be kept up to date on the legislation on the protection of individuals with regard to the processing of personal data, the data subject can contact the personal Data Protection Authority, by consulting the website at the following address http://www.garanteprivacy.it/.

Last updated: April 2025