Privacy Policy – AstroOrder

Last Updated: 02/12/2025

This policy describes how personal data of users using the "AstroOrder" software (hereinafter, the "Software") is processed.

1. Data Controller

The Data Controller is Marco Palaferri, based in Rome, Italy.
For any privacy-related requests, you can contact the Controller at the email address: contact@fishpoints.net.

2. Types of Data Processed

In the context of using the Software and related services, only the following data is processed:

  1. Email Address: Used for license issuance and management, as well as for any service communications.
  2. Hardware ID: A device identifier generated in an anonymous/pseudonymized form, used solely to associate the license with one or more devices and to prevent unauthorized activations. The Hardware ID does not allow direct identification of the user.
  3. IP Address: Automatically collected by network systems and servers managing license activation and verification, for security purposes, abuse prevention, technical logging, and access control.

The Software does not collect or send to servers any images processed by the user (e.g., astrophotography frames), nor any other personal content not strictly necessary for license management.

3. Purpose and Legal Basis of Processing

The data listed above is processed for the following purposes:

  1. Contract Execution: The email address and Hardware ID are processed to activate, verify, and manage the Software license, check the number of activations, handle any technical issues related to the license, and send communications strictly functional to the contractual relationship. The legal basis for processing is the execution of a contract to which the user is a party, pursuant to Art. 6, para. 1, lit. b) of the GDPR.
  2. Security and Abuse Prevention: The IP address and Hardware ID are processed for security reasons, prevention of fraudulent use of the Software, license term violations, anomalous access, or potentially harmful activities, as well as for creating technical logs. The legal basis is the legitimate interest of the Controller to protect their software and infrastructure, pursuant to Art. 6, para. 1, lit. f) of the GDPR.

Data is not used for direct marketing, commercial profiling, or advertising purposes, nor is it transferred to third parties for such purposes.

4. Methods of Processing

Processing is carried out using IT and telematic tools, adopting appropriate technical and organizational measures to ensure data security, minimizing the quantity and retention period.

The Hardware ID is stored only as necessary for managing activations and license checks and is not used to track detailed usage of the Software beyond strictly necessary controls.

5. Recipients and Third Parties

For service provision and payment management, the Controller uses the following third parties:

  1. FastSpring: Payment platform and Merchant of Record that manages Software license sales, payment processing, invoicing, and tax compliance related to the transaction. FastSpring directly processes user payment data (such as credit card details or tax information) as an independent data controller. Users can consult FastSpring's privacy policy directly on the FastSpring website.
  2. Hosting Provider: The database and any backend for license management reside with a hosting provider chosen by the Controller. This provider processes data on behalf of the Controller exclusively for the purpose of providing hosting and infrastructure services, as a data processor, according to contractual agreements and agreed security measures.

Data may be disclosed to competent authorities only where required by law or by orders of judicial or administrative authorities.

6. Data Retention

Data is retained for the time strictly necessary for the purposes for which it was collected.

Specifically, data related to licenses, emails, and Hardware IDs are retained for the entire duration of the contractual relationship and subsequently for the period necessary to fulfill legal obligations and protect the Controller's rights in case of disputes. Logs related to IP addresses and security are retained for a limited period, proportionate to security and diagnostic needs, unless further retention is required due to security incidents or litigation.

At the end of the retention periods, data will be deleted or irreversibly anonymized.

7. User Rights

The user, as the data subject, has the right to:

  1. Obtain confirmation of the existence or non-existence of personal data concerning them;
  2. Access their personal data and request rectification or updating if inaccurate or incomplete;
  3. Within the limits provided by law, request deletion of data, limitation of processing, or object to processing based on legitimate interest;
  4. Where applicable, receive personal data in a structured, commonly used, and machine-readable format (data portability).

To exercise these rights, you can send a request to the email address contact@fishpoints.net.

The user also has the right to lodge a complaint with the Data Protection Authority or other competent supervisory authority.

8. Extra-EU Data Transfers

If some data is processed or stored by providers operating outside the European Union, the Controller will adopt appropriate measures provided by the GDPR (e.g., standard contractual clauses or other recognized suitable instruments) to ensure that the level of data protection is equivalent to that guaranteed within the EU.

9. Changes to Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy at any time. Relevant changes will be published on the official AstroOrder website or communicated through the Software. Continued use of the Software after the publication of changes implies acceptance of the new processing conditions.