Have an account? Sign in

Terms and conditions

Data Controller


Types of Data collected

Among the Personal Data collected by Off-Way, either independently or through third parties, there are: email; User ID; name; surname; phone number; Data communicated during the use of the service; city; various types of Data; gender; geographic location; image; Usage Data; Cookies; Camera Permission; Social Media Account Permission; Photo Gallery Permission; date of birth; profile image. Complete details on each type of collected data are provided in the dedicated sections of this privacy policy or through specific informational texts displayed before the data collection itself. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of Off-Way. If not otherwise specified, all the Data requested by Off-Way is mandatory. If the User refuses to communicate them, it might be impossible for Off-Way to provide the Service. In cases where Off-Way indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequences on the availability of the Service or on its operation. Users who have doubts about which Data is mandatory are encouraged to contact the Data Controller. The possible use of Cookies - or other tracking tools - by Off-Way or by third-party service providers used by Off-Way, unless otherwise specified, has the purpose of providing the Service requested by the User, as well as additional purposes described in this document and in the Cookie Policy, if available. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through Off-Way and guarantees to have the right to communicate or disseminate them, releasing the Controller from any liability to third parties.

Data processing methods and location

Processing methods

The Data Controller adopts appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Controller, in some cases, other subjects may have access to the Data involved in the organization of DRBM Ltd (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Controller. The updated list of Processors can always be requested from the Data Controller.

Legal basis for processing

The Data Controller processes Personal Data relating to the User in the event that one of the following conditions exists:

  • the User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be authorized to process Personal Data without the User's consent or another of the legal bases specified below, until the User objects ("opt-out") to such processing. This is not applicable, however, if the processing of Personal Data is regulated by European legislation on the protection of Personal Data;
  • processing is necessary for the performance of a contract with the User and/or for the execution of pre-contractual measures;
  • processing is necessary to comply with a legal obligation to which the Controller is subject;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • processing is necessary for the pursuit of the legitimate interests of the Controller or third parties.
However, it is always possible to ask the Controller to clarify the concrete legal basis of each processing, and in particular to specify whether the processing is based on the law, provided for by a contract, or necessary to conclude a contract.


The Data is processed at the operational headquarters of the Controller and in any other place where the parties involved in the processing are located. For further information, please contact the Controller. The User's Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information about the processing location, the User can refer to the section concerning details about the processing of Personal Data. The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization of public international law or consisting of two or more countries, such as the UN, as well as the security measures adopted by the Controller to protect the Data. The User can verify whether one of the aforementioned transfers is taking place by examining the section of this document concerning details about the processing of Personal Data or by requesting information from the Controller using the contact information provided at the beginning.

Retention period

The Data is processed and stored for the time required for the purposes for which it was collected. Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until such contract has been fully performed.
  • Personal Data collected for purposes related to the legitimate interests of the Controller will be retained until such interests are fulfilled. The User can obtain further information about the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.

When processing is based on the User's consent, the Data Controller may keep the Personal Data for a longer period until such consent is revoked. Additionally, the Controller may be obliged to retain the Personal Data for a longer period to comply with a legal obligation or an order from an authority. At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiration of this term, the right of access, deletion, rectification, and the right to data portability cannot be exercised anymore.

Purpose of Processing Collected Data

The User's Data is collected to allow the Controller to provide the Service, fulfill legal obligations, respond to requests or executive actions, protect its rights and interests (or those of Users or third parties), identify any fraudulent or malicious activity, as well as for the following purposes: Access to third-party service accounts, Registration and authentication, Management of productivity-related activities, Beta Testing, Contacting the User, Social functionality, Management of contacts and sending messages, Tag management, Online data collection and surveys, Hosting and backend infrastructure, Interaction with social networks and external platforms, Infrastructure monitoring, Permissions for access to Personal Data on the User's device, Registration and authentication provided directly by Off-Way Remarketing and behavioral targeting, Backing up and managing backups, Statistics, Displaying content from external platforms, Content and functionality performance testing (A/B testing), and Advertising. To obtain detailed information on the processing purposes and the Personal Data processed for each purpose, the User can refer to the "Details on the processing of Personal Data" section.

Facebook permissions requested by Off-Way

DRBM Ltd may request some Facebook permissions that allow it to perform actions with the User's Facebook account and collect information, including Personal Data, from it. This service allows Off-Way to connect with the User's account on the social network Facebook, provided by Facebook Inc. For more information on the permissions that follow, refer to the Facebook permissions documentation and Facebook's privacy policy. The requested permissions are as follows:

Basic information

The basic information of the User registered on Facebook, which usually includes the following Data: id, name, picture, gender, and localization language, and in some cases, Facebook "Friends." If the User has made further Data publicly available, it will be available.

Access to private data

Allows access to the User's and friends' private data.

Permissions for access to Personal Data on the User's device

Depending on the specific device used by the User, Off-Way may request some permissions to access the User's Data on the device itself, as described below. Such permissions must be provided by the User before any information can be processed. Following release, permission can be revoked by the User at any time. To revoke permissions, the User can use system settings or contact the Owner at the addresses indicated in this document. The procedure for controlling permissions may vary depending on the device and software used by the User. Please consider that revoking one or more permissions may have consequences on the proper functioning of Off-Way. In case the User grants the permissions indicated below, the related Personal Data may be subject to processing (access, modification, or removal) by Off-Way.

Social media account permission

Used to access the User's social media accounts such as Facebook and Twitter.

Camera permission

Used to access the video camera or capture images and videos from the device.

Photo gallery permission

Allows access to the User's photo gallery.