This is a general information notice provided to all visitors to the website (“Website”) in accordance with the EU Data Protection Regulation No. 679/2016 (GDPR) and all other applicable laws.
If users decide to use specific services, a specific and detailed privacy notice will be provided to them in accordance with articles 13 and/or 14 of the GDPR, and specific consent to the processing of personal data will be requested, if necessary.
1. Controller and contact details
Following access to and consultation of the Website, data relating to identified or identifiable persons may be processed.
The Controller for the processing of the collected personal data is CRIBIS D&B S.r.l., with registered office at Via dei Valtorta 48, Milan, 20127, Italy (“CRIBIS”).
Users can contact the Controller at the above mailing address or via the following e-mail address: firstname.lastname@example.org
2. Location of data processing
The processing of data collected with reference to those who access the Website is mainly carried out at the CRIBIS head office, as communicated to the Italian Data Protection Authority and in accordance with the provisions of the GDPR and all other applicable laws.
In any case, personal data is processed only by specially trained employees or contractors with appropriate technical skills, and who are appointed and authorized to perform the processing.
3. Methods of data processing
The data will be processed lawfully and fairly, guaranteeing its security and confidentiality, according to the provisions of the GDPR and all other applicable laws. Personal data will be processed using electronic and in any case automated equipment.
Categories of personal data processed
With reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the server request, and other parameters related to the user’s operating system and computing environment.
The optional and voluntary sending of e-mails to the addresses indicated on the Website or by filling out the appropriate contact form involves the acquisition of the user’s personal data, as indicated therein (e.g., first name, last name, e-mail address, telephone number, company, VAT no., address, zip code, city, ), which is necessary to respond to user requests. In addition, business information may be processed for the purposes set out in (f) below.
In addition, specific social buttons/widgets are present on the Website in the form of social network icons (e.g., Facebook, LinkedIn, etc.) and icons for other web services (e.g., YouTube, GoogleMaps, etc.). These buttons allow users browsing the Website to access the specific social media sites in one click. In such cases, the social networks and web services acquire data regarding the user, while the Controller will not share any browsing information or user data acquired through its website with the social networks and web services that can be accessed through the social media buttons/widgets. These services create “third-party cookies”. Below are links to the privacy policies of the most commonly used social networks and of the websites that the buttons link to:
- Facebook social widgets (Facebook, Inc.)
Facebook social widgets provide ways of interacting with the Facebook social network, provided by Facebook, Inc.
Personal data collected: Cookies and Usage Data.
- Twitter Tweet button and social widgets (Twitter, Inc.)
The Twitter Tweet button and social widgets provide ways of interacting with the Twitter social network, provided by Twitter, Inc.
Personal data collected: Cookies and Usage Data.
- LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn social buttons and widgets provide interaction with the LinkedIn social network, provided by LinkedIn Corporation.
Personal data collected: Cookies and Usage Data.
YouTube is a service managed by Google Inc. for displaying video content, enabling the Application to integrate this content into its pages (google.com/policies/privacy/)
5. Use of the Website and purposes of the processing
User data may be processed for:
- the performance of the operations strictly necessary to provide the services or to respond to and/or manage any requests made by the user through the appropriate contact form on the home page of the Website as well as making an appointment for the sales force if necessary.
- statistical processing of aggregated data in relation to the Website services.
- direct marketing activities and marketing communications for products and services of CRIBIS D&B S.r.l. and other CRIF Group companies. If, following specific selection of the relevant check box, the user consents to receiving information, marketing communications, direct sales, and market research on the products or services provided through the Website, the user’s information will be processed for this purpose. Such communications may be sent through the use of traditional tools (telephone/mail) or automated tools (e-mail, fax, SMS, etc.), always on the basis of the preferences previously expressed by the user. After the initial telephone/e-mail contact, if the user decides not to subscribe to any service or to purchase any product or states that he/she does not want to be contacted again, the Controller will cancel the user’s details. Likewise, users can decide not to receive any marketing communications at any time by using the opt-out link at the bottom of each message and in any case exercising the relative right to withdraw consent.
- the voluntarily issue of comments, and interviews (quotes) by the user on CRIBIS services and products. In this case, the Controller may process personal data such as first name/name, last name, image, company position, etc. For such processing, the Controller will issue a special disclaimer and privacy notice in advance.
6. Legal basis for data processing
The user's personal data will be processed on the basis of one or more of the following legitimacy conditions. In particular, processing carried out for the purposes referred to in:
letters (a) and (b) above, which have as their legal basis the need to fulfill the requests for the provision of a service or to respond to a user request. Such processing is therefore strictly necessary and connected to a pre-contractual phase at the request of the data subject and/or contractual or in order to provide feedback to a specific user request according to art. 6 par. 1(b) of the GDPR. In this regard, the personal information collected from time to time through the Website is necessary. If the user decides not to provide the information, it will not be possible to provide the service or proceed with the requests.
letter (c) above: the Newsletter service will be activated only after a quotation and specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.
letter (e) above, which requires the prior and specific consent of the user for use of the user’s details by the Controller. This consent is optional and does not affect the provision of any additional services requested.
The user has the right to withdraw consent for the marketing purposes referred to in letter (e) at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal and has the right to oppose the processing for marketing purposes referred to in letter (e), including in part, or with reference to the marketing information and offers, and the advertising and promotional material on services through automated methods.
letter (f) above, which will be carried out in full compliance with the Code of Conduct and applicable legislation and respecting the interests and rights and fundamental freedoms of the data subjects, pursuant to art. 6, (1)(f) of the Regulation.
letter (g) above, which is based on the explicit, optional, and voluntary consent of the data subject in accordance with article 6(1)(a) of the GDPR.
7. Categories of recipients of personal data
- Hosting and back-end infrastructure
This type of service has the function of hosting data and files that enable the Website to function and perform data processing in order to enable the Website to be browsed by users.
- Shipping and logistics
- Site Administration (administration, sales, marketing and legal personnel, and system administrators)
- Newsletter service
- Contact management: checks referred to in letter (f) in the context of any business relationships established and any appointments for the sales force and marketing communications
This type of service allows use of user data for marketing communication purposes in a variety of forms as specified above.
- Google AdSense (Google Inc.)
Google AdSense is an advertising service provided by Google Inc.
This service uses the “Doubleclick” cookie, which tracks the use of the Website and user behavior in relation to advertisements, and to the products and services offered.
Users can choose not to use the Doubleclick cookie at any time by deactivating it: how to managing cookies.
- Facebook Audience Network (Facebook, Inc.)
Facebook Audience Network is an advertising service provided by Facebook, Inc. For an understanding of Facebook’s use of data, please refer to the Facebook Data Policy.
To allow Facebook Audience Network to work, the Website may use certain mobile device identifiers (including Android Advertising ID or Advertising Identifier for iOS) or cookie-like technologies.
One of the ways in which Audience Network proposes advertising messages to the user is to use the latter’s advertising preferences. Users can control the sharing of their advertising preferences within the Facebook Ad settings.
- Facebook Remarketing (Facebook, Inc.)
Facebook Audience Network is a remarketing and behavioral targeting service provided by Facebook, Inc. that links user activity on the Website with the Facebook advertising network.
The services contained in this section allow the Controller to monitor and analyze the traffic data for the Website. The Controller uses this service in order to perform aggregated analysis of its users in anonymous form and thus improve Website performance. All statistical services are used by the Controller through an integration that anonymizes the IP address of the user, including:
Google Analytics with IP anonymization, which is a free statistical service provided by Google Inc.
Personal data collected: Cookies and Usage Data.
The user can ask the Controller for an up-to-date list of Processors at any time.
8. Newsletter and contact form
The Website will periodically send users who have given their prior consent, or made an express request in this regard, a Newsletter to:
- send updates, information materials, communicate initiatives of CRIBIS D&B S.r.l. and other CRIF Group companies, etc.
The Newsletter is managed by Diennea Magnews, appointed by the Controller as Processor pursuant to art. 28 of the GDPR, and the e-mail address is stored on the servers of CRIF S.p.A. (parent company of CRIF Group of which CRIBIS D&B S.r.l. is part of) and Diennea Magnews, and, periodically, in the backups made by the Website.
Diennea Magnews will share information with the Controller about users who open the Newsletter and click on the links contained within it. This information is used to verify whether or not the content of the Newsletter is of interest to users. However, the user e-mail addresses are not transferred to any other party, for any reason (unless the user has authorized it).
Users can decide not to receive the Newsletter at any time through the opt-out link at the bottom of each message and/or by exercising the right to withdraw consent.
9. Transfer of personal data
10. Retention period
CRIBIS shall process and retain the browsing data for the time required by the purposes for which the data was collected. As regards the purposes of the processing, the following retention periods shall apply:
- any data collected for purposes essential to the execution of a contract between the Controller and the user will be retained until the execution of the contract/request is complete and for the duration of the contractual relationship.
- when the processing is based on user consent, such as for the subscription to marketing communications, the Controller can retain the personal data for a maximum period of 5 years unless such consent is withdrawn;
- when the processing is based on user consent, such as for subscription to the Newsletter, the Controller can retain the personal data for a maximum period of 12 months unless consent is withdrawn;
- in addition, the Controller may be obliged to retain the personal information for a longer period in compliance with a legal obligation or to retain it based on its legitimate interests for the management of any ongoing litigation or pre-litigation.
As for browsing data, the Controller will delete this information 12 months after the last online interaction that occurred in relation to the Controller’s communications or the content published on the Website for which the Controller has direct evidence of this interaction (e.g. clicks, opening, response).
12. Data subject rights
We hereby inform you that, pursuant to articles 15 – 22 of the GDPR, users can exercise the following rights: the right to access their personal data, ask for the amendment or deletion of the data, or restriction of the processing. User also have the right to oppose the processing, as well as the right to portability. In addition, the user can withdraw his or her consent at any time, it being understood that the withdrawal of consent does not affect the lawfulness of the processing carried out up to the point of withdrawal. In any case, for each service requested by the CRIBIS client, a special information notice will be provided with details of the rights that can be exercised and the ways in which to exercise them.
In such cases, you can exercise your rights by contacting the Controller using the following contact details: CRIBIS D&B Srl, via dei Valtorta 48, 20127, Milan, Italy or writing to the following e-mail address: email@example.com
The data subject can also submit a complaint to the Italian Data Protection Authority, following the instructions through the link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
Data Protection Officer
For any questions regarding the processing of your personal data, you can contact the Data Protection Officer by e-mailing:
firstname.lastname@example.org; certified e-mail: email@example.com