Log In

PRIVACY POLICY

Last updated: 08/01/2026

1. Introduction

This Privacy Policy describes how Project Lab Srls, owner of the platform Retrived (“Retrived”, “we”, “us”, “our”), collects, uses, stores and protects personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Italian data protection laws.

Retrived is a B2B SaaS platform designed to manage lost-and-found items for hospitality businesses, while also involving end users (guests/consumers) who may interact with the service and make payments.

2. Data Controller

Project Lab Srls
Via dei Mirissa 11/8
34149 – Trieste (TS) – Italy
VAT number: IT01313650325
REA: TS – 203215
Email: info@retrived.com

Project Lab Srls acts as:

  • Data Processor when processing guest data on behalf of hospitality partners
  • Independent Data Controller for its own operational, legal, security, analytics and marketing purposes

No Data Protection Officer (DPO) has been appointed, as not required under current regulations.

3. Categories of Data Subjects

Retrived processes personal data relating to:

  • Hospitality businesses (hotels, B&Bs, accommodations)
  • Authorized representatives of such businesses
  • End users / guests using the service to recover lost items
  • Paying users completing shipping or service payments

4. Categories of Personal Data Processed

4.1 Hospitality businesses

  • Company name
  • Contact person name
  • Email address
  • Telephone number
  • Business address
  • Operating hours
  • Billing and fiscal data

4.2 End users (guests)

  • First and last name
  • Email address
  • Telephone number
  • Shipping address
  • Information relating to lost items

4.3 Customs and international shipments (extra-EU)

For shipments outside the European Union, additional data may be required exclusively for customs clearance purposes, in compliance with Italian customs regulations.

Such data may include:

  • Italian tax code (codice fiscale), where available
  • Alternatively, when required by customs authorities:
    • Passport or identity document
    • Date of birth
    • City of birth

These data are:

  • requested only when strictly necessary
  • processed solely for customs and legal compliance
  • not used for marketing or profiling purposes

Personal data are processed for the following purposes:

PurposeLegal Basis
Provision of the Retrived platform and servicesArt. 6(1)(b) GDPR – performance of a contract
Management of lost-and-found processesArt. 6(1)(b) GDPR
Shipping and logistics coordinationArt. 6(1)(b) GDPR
Customs clearance for extra-EU shipmentsArt. 6(1)(c) GDPR – legal obligation
Payments and billingArt. 6(1)(b) GDPR
Customer support and communicationsArt. 6(1)(b) GDPR
Platform security and fraud preventionArt. 6(1)(f) GDPR – legitimate interest
Analytics and service improvementArt. 6(1)(f) GDPR
Marketing communications (where applicable)Art. 6(1)(a) GDPR – consent

6. Payments

Payments may be processed through:

  • PayPal
  • Stripe
  • Bank transfer

Retrived does not store or process credit or debit card details directly.
Payment data are handled exclusively by the selected payment service providers, acting as independent data controllers.

7. Cookies and Tracking Technologies

Retrived uses:

  • Technical cookies (necessary for platform operation)
  • Analytics cookies
  • Marketing and profiling cookies

Technologies and tools may include:

  • Google Analytics
  • Google Tag Manager
  • Meta Pixel
  • Email marketing platforms
  • Cloudflare (security and performance)

Detailed information is available in the Cookie Policy, while cookie preferences are managed via a dedicated cookie banner.

8. Data Storage and Hosting

Personal data are hosted on secure cloud infrastructure provided by Amazon Web Services (AWS), with servers located within the European Union.

Where applicable, appropriate safeguards such as Standard Contractual Clauses (SCCs) are adopted in accordance with GDPR requirements.

9. Data Retention

Personal data are retained only for the time necessary to:

  • provide the requested services
  • comply with legal, accounting and tax obligations
  • manage disputes and enforce contractual rights

Customs-related documents are retained only for the minimum period required by applicable laws.

10. Data Recipients

Personal data may be shared with:

  • Hospitality partners (as data controllers)
  • Shipping and logistics providers
  • Payment service providers
  • Cloud and IT service providers
  • Public authorities where required by law

All recipients are selected in accordance with GDPR principles of necessity and proportionality.

11. Data Subject Rights

Data subjects may exercise the following rights:

  • access to personal data
  • rectification or erasure
  • restriction or objection to processing
  • data portability
  • withdrawal of consent (where applicable)
  • lodging a complaint with the competent supervisory authority

Requests can be sent to: info@retrived.com

12. Security Measures

Retrived adopts appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, alteration or disclosure.

13. Changes to This Policy

This Privacy Policy may be updated from time to time.
The latest version will always be available on the Retrived website.