This information notice describes how the website manages the processing of personal data of users visiting the website, and how it processes data sent by the user to the Data Controller via this website.
This information is provided in accordance with article 13 of Regulation (EU) No 2016/679 – General Data Protection Regulation (“Regulation”) for those who interact with the website services of the company Contactlab with its registered office at Via Natale Battaglia 12 – 20127 Milan (Italy), accessible online via the address: www.contactlab.it – the Contactlab website home page.
In accordance with the provisions of the Regulation, the processing carried out by Contactlab will be governed by the principles of lawfulness, fairness and transparency, limited purposes and storage, data minimisation, accuracy, integrity and confidentiality.
The information provided here applies only to the website in question and not to other websites which may be visited by the user via links.
Data Controller and Personal Data Protection Officer
After visiting this website, or upon voluntary registration on this website, data regarding identified or identifiable individuals can be processed which may be sensitive or relate to health conditions. The “Data Controller” is Contactlab, Via Natale Battaglia 12 – 20127 Milan (Italy), email firstname.lastname@example.org, cf/PI 09480090159.
The Data Protection Officer (hereinafter, “DPO”) can be contacted at the following address: email@example.com
Personal data subject to processing
After visiting the website, we inform the user that Contactlab will process their personal data, which may consist of identifying information such as a name, an online ID or one or several elements of their physical, economic, cultural or social identity which can be used to identify the user in question or make them identifiable (hereinafter referred to solely as “personal data”).
Personal data are processed, with the assistance of automated and electronic systems, for the period of time strictly necessary to fulfil the purpose for which they have been collected.
Specific security measures are observed to prevent data loss, misuse or illegitimate or unauthorised access, including the https security protocol for some reserved parts of the website and applications, and protection against improper access to servers and other computers used.
The personal data provided by the users which are saved or entered to request informational material (forms, newsletters, responses to queries, etc.) are used only to carry out the service requested and are only disclosed to third parties which have not been appointed as data supervisors or processors by the Data Controller when deemed necessary (prior to consent from the interested party).
Types of data processed
During their normal operations, IT systems and software procedures in place for the correct functioning of the website acquire some personal data which are automatically sent when using internet communication protocols.
This information is not collected in order to be associated with a specific individual, but by its very nature it could be used to identify users through processing and association with data held by third parties.
This category of data includes IP addresses or domain names of the computers used to connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the state of the data response from the server (successful, error, etc.) and other information relating to the user’s operating system and IT environment.
These data are only used to produce anonymous statistical information on the use of the website and to check that it is functioning correctly (see also the paragraph on Cookies). These data may be used by the competent authorities to ascertain liability in the event of cybercrimes committed against the website.
Personal data voluntarily provided by the user can also be processed.
Cookies are text files which are stored on your computer and are read remotely by our servers or third party servers which we use. The use of permanent technical cookies or session cookies (i.e. those which are not permanently saved on the user’s computer and disappear when the browser is closed) is strictly limited to the technical provision of the service requested by the user and the sending of session IDs (made up of random numbers generated by the server) which is necessary to enable secure and efficient browsing of the website and its applications.
The technical cookies used on this website avoid the need to use other IT techniques which could potentially compromise the confidentiality of the user’s browsing history.
This website also uses some systems – cookies and beacons – with the prior consent of the user (apart from cookies which are strictly necessary for technical reasons or statistical purposes with aggregated data), which analyse the user’s browsing patterns to produce statistics on their visits or to improve the content offered and potentially position targeted advertising on the website. The systems currently used are IntelligenceFocus and Google Analytics. The latter is an online analysis service provided by Google, Inc. (“Google”). Google Analytics, like other systems, uses “cookies”. The information generated by the cookies on how you (i.e. your IP address) use the website are sent to and stored by the Google servers in the USA. Google uses this information to monitor and examine your use of the website, to produce reports on the activities of the website for the website operators and provide other services relating to the activities of the website and internet use. Google can also transfer this information to third parties if it is required to do so or if these third parties process this information on behalf of Google. Google will not associate your IP address with any other information which it possesses.
Cookies are not used in any other way to send personal information, and no other permanent cookies or user tracking systems of any other type are used. You can change the settings on your internet browser (e.g. Firefox, Internet Explorer, Safari, Chrome) so that it does not accept cookies, including technical cookies, by activating anonymous browsing. In this case, no information will be processed by these systems.
Social plug-ins are displayed on the website to allow the user to use their registration information from social networks, such as LinkedIn, to request registration/subscription to services offered by Contactlab.
These platforms can save cookies on the user’s device via the website (third party cookies) to collect information on the user’s browsing history.
Information collected through third party SDK services
Option to provide data other than browsing data
Apart from the browsing data discussed above, the user may provide personal data on registration/subscription forms (some of which have a specific separate consent request form for the processing which they require) or when contacting Contactlab to request information or during other communications (e.g. managing personal contact requests for quotes or information on the services offered by Contactlab). The optional, explicit and voluntary sending of email to addresses shown on this website, or through contact forms, leads to the acquisition of the sender’s email address, which is necessary to respond to the request, as well as any other personal data which may be contained in the message.
In particular, the user’s personal data, entered into various forms available on the website, will be processed in order to respond to the request sent by the user and/or for the purpose of sending a regular newsletter and/or informational material and/or whitepapers/reports requested and/or subscription to events/webinars, and the downloading of other content. Although sending this data is optional, if data is not entered, it is impossible to fulfil the request. Data sent in this way can be processed, including by electronic systems, only for the period of time strictly necessary for the purposes indicated, by appointed individuals in the commercial, editorial and administrative departments.
Data sent in this way can also be used by the Data Controller to inform the user of developments or new editions of newsletters, whitepapers, reports, events and webinars, and related initiatives, excluding promotional or commercial content. Any further processing, for various purposes, will be subject to specific information and consent requests on a case by case basis: for instance, in the event of profiling or processing for promotional direct marketing purposes using automated systems (sms, mms, email, fax, autoresponder, social network messaging) and non-automated systems (phone calls with operators or mail). For processing carried out for the purposes of directly sending their own advertising materials or for direct sales or to carry out their own market research or commercial communications regarding products or services of the Data Controller similar to those which were purchased, ContactLab can use, without requiring consent from the user, email and postal addresses in accordance with and within the restrictions of article 130, paragraph 4 of the Italian Personal Data Protection Code and the Provision issued by the Italian Data Protection Authority on 19 June 2008. The legal basis of the processing of your data for this purpose is set out in article 6, paragraph 1, letter f) of the Regulation. The user may object to this processing at any time, either initially or following communication, simply and free of charge by writing to the email address: firstname.lastname@example.org, and shall receive an immediate response confirming that this type of processing will no longer be used (article 15 of the Regulation).
If the user requests registration/subscription to specific Contactlab services by using social network plug-ins (e.g. LinkedIn), they give their consent to the communication of data from their own profile/account on the social network to Contactlab, insofar as is necessary to manage the registration/subscription.
Data supervisors, processors and location of data processing
Personal data may be shared with: parties which typically act as data processors as per article 28 of the Regulation, meaning: i) individuals, companies or professional firms which provide assistance and consultancy to the Data Controller with regard to accounting, administration, legal matters, tax, finance and credit collection related to the provision of Services; ii) parties with which it is necessary to interact in order to provide the Services (e.g. hosting providers) iii) or parties appointed to carry out technical maintenance work (including the maintenance of network equipment and electronic communication networks); (jointly “recipients”); the list of processors which process data can be requested from the Data Controller or the DPO by writing to the following address: email@example.com; parties, bodies or authorities, independent data processing controllers to which it is compulsory to send the user’s personal data in accordance with the provisions of the law or orders of the authorities; individuals authorised by the Data Controller to process the personal data as per article 29 of the Regulation necessary for carrying out activities which are strictly connected to the provision of Services, and which undertake to uphold their confidentiality or which have an adequate legal confidentiality obligation.
Transfer of personal data
Regarding the possible transfer of Data to Third countries, the Data Controller highlights that the processing will be carried out in accordance with the conditions set out by the legislation in force, including, for instance, the consent of the interested party, the adoption of the Standard Clauses approved by the European Commission, the selection of parties which are members of international programmes for the free circulation of data (e.g. EU-USA Privacy Shield) or operators in Countries deemed secure by the European Commission. Further information can be requested from the Data Controller using the contact information given above.
The personal data processed will be stored for the period of time strictly necessary to fulfil the purposes for which they were collected in accordance with the principles of minimisation and limitation of storage as per article 5.1.e) of the Regulation. Further information regarding the duration of data storage and the criteria used to determine this duration can be requested by writing to the Data Controller or the DPO at the following address: firstname.lastname@example.org
Rights of the interested party
In accordance with articles 15 and subsequent of the Regulation, the user has the right at any moment to request access to their personal data, to correct or delete them, to limit their processing in those cases set out in article 18 of the Regulation, to obtain, in a structured and understandable format, legible from an automatic device, data about them, in those cases set out in article 20 of the Regulation. At any time, the user can withdraw the consent given, as per article 7; file a complaint with the competent data protection authority as per article 77 of the GDPR (Provision issued by the Italian Data Protection Authority) in accordance with article 77 of the Regulation, if they believe that their personal data is being processed in breach of the regulations in force.
The user can submit an objection to the processing of their personal data as per article 21 of the GDPR providing reasons to justify this objection. The Data Controller reserves the right to assess such a request, and to refuse it if there are legitimate binding reasons for continuing with the processing which prevail over the interests, rights and freedoms of the user.
Requests should be made in writing to the Data Controller or the DPO at the following address: email@example.com