Following access to and consultation of the Website, data relating to identified or identifiable persons may be processed.
The Controller for the processing of the collected personal data is CRIF S.p.A., with registered office located at Via Fantin 1/3, Bologna (BO), Italy.
The processing of data collected with reference to those who access the Website is mainly carried out at the CRIF S.p.A. headquarters, and in any case in accordance with the provisions of the GDPR and all other applicable laws.
Personal data is processed only by specially trained employees or contractors with appropriate technical skills, and who are appointed and authorized to perform the processing, or by subjects appointed as processors.
The data will be processed lawfully and fairly, guaranteeing its security and confidentiality, according to the provisions of the GDPR and all other applicable laws. Personal data will be processed using electronic and, in any case, automated equipment.
With reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, and other parameters related to the user’s operating system and computing environment. The optional and voluntary sending of e-mails to the addresses indicated on the Website or by filling out the appropriate contact form involves the acquisition of the user’s personal data, as indicated therein, which is necessary to respond to user requests.
User data may be processed for:
The user's personal data will be processed on the basis of one or more of the following legitimacy conditions. In particular, processing carried out for the purposes referred to in:
letters A. and B. above, which have as their legal basis the need to fulfill the requests for the provision of a service or to respond to a user request. Such processing is therefore strictly necessary and connected to a pre-contractual phase at the request of the data subject and/or contractual or in order to provide feedback to a specific user request according to art. 6(1)(b) of the GDPR. In this regard, the personal information collected from time to time through the Website is necessary. If the user decides not to provide the information, it will not be possible to provide the service or proceed with the requests.
letter D. above: the Newsletter service will be activated only after a quotation and the specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.
letter E. above: the Controller will process the user’s data for this purpose exclusively following the prior and specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.
The user has the right to withdraw consent for the marketing purposes referred to in letter E. at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal and has the right to oppose the processing for marketing purposes referred to in letter E., including in part, or with reference to the marketing information and offers, and the advertising and promotional material regarding services (including third-party) through automated methods.
letter F. above: for this purpose, the Controller will process the user’s data required for registration to the Community and related events in order to establish the legal relationship between the parties on the basis of art. 6(1)(b) of the GDPR and for purposes related to the events themselves such as marketing, newsletters, etc. on the basis of specific consents previously issued by the data subject on the corresponding registration forms.
This type of service has the function of hosting data and files that enable the Website to function and perform data processing in order to enable the Website to be browsed by users.
Such subjects will act as Processors according to art. 28 of the GDPR. The user can ask the Controller for an up-to-date list of Processors at any time.
CRIF S.p.A. shall process and retain the browsing data for the time required by the purposes for which the data was collected. Therefore:
As for browsing data, the Controller will delete this information 12 months after the last online interaction that occurred in relation to the Controller’s communications or the content published on the Website for which the Controller has direct evidence of this interaction (e.g. clicks, opening, response).
We hereby inform you that, pursuant to articles 15-22 of the GDPR, the user can exercise the following rights: the right to access his or her personal data in accordance with art. 15 of the GDPR, ask for the amendment or deletion of the data, or restriction of its processing. The data subject also has the right to oppose the processing as well as the right to portability in the cases set out in articles 20 and 21 of the GDPR. In addition, users can withdraw their consent at any time, it being understood that the withdrawal of consent does not affect the lawfulness of the processing carried out up to the point of withdrawal.
In such cases, you can exercise your rights by contacting the Controller using the following contact details: e-mail: firstname.lastname@example.org and certified e-mail: email@example.com
The data subject can also submit a complaint to the Italian Data Protection Authority, following the instructions through the link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524