Privacy Policy

This privacy policy is to provide all the information on the processing of personal data carried out by Certilogo S.p.A. when the User accesses and navigates this site (as indicated below) - Version no. 2 dated March, 30 2023


1. INTRODUCTION – WHO WE ARE?

Certilogo S.p.A. with registered offices in Milano – Via Cernaia 2, 20121, Tax Code/VAT No. 05258270965 (hereinafter, “Controller”), manager of the website www.certilogo.com (hereinafter, the “Website”), in its capacity as data controller in relation to personal data pertaining to the users using the Website (hereinafter, the “Users”) hereby provides the privacy policy pursuant to art. 13 of the Regulation EU 2016/679 of the Council of 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).

2. HOW TO CONTACT US?

The Controller takes into the utmost consideration the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users may contact the Controller at any time, using the following methods:
- Sending a registered letter with return receipt to the registered offices of the Controller: Via Cernaia 2, 20121 – Milan (Italy);
- Sending an electronic mail message to the Data Protection Officer (RPD or DPO) of the Controller, whose contact details are as follows: the company Shibumi S.r.l. in the person of Mr. Lapo Curini Galletti (e-mail: privacy@certilogo.com).

3. WHAT DO WE DO? - PROCESSING PURPOSES

By browsing the Website, the User can keep up to date with the services and activities developed and/or promoted by the Controller, request information to the Controller, send requests and/or subscribe to the Controller’s newsletter service.

In connection with the activities that may be carried out through the Website, the Controller collects personal data relating to Users.

This Website and the services eventually offered through the Website are reserved to subjects over the age of 18 years old. Hereby, the Controller does not collect personal data pertaining to subjects under the age of 18 years old. At request of the Users, the Controller will promptly delete all the personal data, involuntary collected, pertaining to subjects under the age of 18 years old.

Particularly, the personal data of the Users will be lawfully processed for the following purposes:

a) contractual obligations and provision of the requested service, i.e., to allow the navigation of the Website and to execute the specific requests of the User, including generic, commercial and press requests, received by the Controller.
The User’s data collected by the Controller for these purposes include:

  • providing access to the Website: all personal data whose transmission is implicit in the use of Internet communication protocols, that the computer systems and software procedures used to operate the Website acquire during their normal functioning: the IP addresses or domain names of the computers used by the Users, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.) and other parameters relating to the operating system and the User's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to allow its correct operation;

  • info request section – contact form: name, surname, e-mail address, as well as all the information and personal data voluntarily entered by the User in the appropriate field (if any). The User’s personal data will be processed by the Controller for the exclusive purpose of ascertaining the User’s identity (also by validating the email address), thus avoiding possible fraud or abuse, and contacting the User for service reasons only in order to follow up on the User’s request;
  • section download of documents: name, surname, e-mail address, as well as all the information and personal data voluntarily entered by the User in the appropriate field (if any).. The User’s personal data will be processed by the Controller for the exclusive purpose of ascertaining the User’s identity (also by validating the email address), thus avoiding possible fraud or abuse, and contacting the User for service reasons only in order to follow up on the User’s request;
b) administrative and accounting purposes, i.e., to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;

c) legal obligations, i.e., to comply with obligations imposed by law, an authority, a regulation or European legislation.
Unless the User gives the Controller a specific and optional consent to the processing of his/her data for the further purpose provided for in paragraph 4 below, the User’s personal data will be used by the Controller for the exclusive purpose of contacting the User solely for service reasons based on the User’s request (e.g., to send the information requested by the User), as better specified above. Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances will the Controller make Users personal data accessible to other Users and/or third parties.

The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to contact the Controller for the purposes indicated on the Website through the appropriate sections provided by the Controller on the Website.
The personal data that are necessary for the pursuit of the processing purposes described in this paragraph 3 are indicated with an asterisk in the forms provided by the Controller on the Website.

4. FURTHER PROCESSING PURPOSES

Marketing (sending information and advertising material, direct sales and commercial communication)
Some of the User’s personal data may also be processed by the Controller for marketing purposes (sending of informative and advertising material, direct sales and commercial communications), or so that the Controller may contact the User by e-mail, to propose to the User the purchase of products and/or services offered by the Controller and/or third party companies, to present offers, promotions, commercial opportunities relating to the sector of activity of the Controller and/or the clients or partners of the Controller.
By filling in the forms on the Website, the User may express his/her consent to the receipt of marketing (receipt of informative, advertising, direct sales and commercial communication material).
It will also be possible to give the consent by filling in the newsletter subscription form, available on the Website and, in this case, the data necessary for the pursuit of the processing purposes described in this paragraph 4 are indicated with an asterisk in the forms provided by the Controller on the Website.

In the event of lack of consent, the possibility of contacting the Controller for the purposes indicated on the Website through the appropriate sections provided by the Controller, as better indicated in paragraph 3 above, is not affected in any way.
In case of consent, the User may revoke it at any time by making a request to the Controller in the manner indicated in paragraph 8 below.

You may also easily object to further promotional communications by email by clicking on the opt-out link in each promotional email. Once your consent has been withdrawn, you will receive an e-mail confirming that your consent has been withdrawn.


The Controller informs that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (e.g., the formation of contact lists already completed shortly before the receipt by the Controller of the request for objection) the User will continue to receive some further promotional messages. If you continue to receive promotional messages after 24 hours of exercising your right to object, please report the problem to the Controller using the contact details set out in paragraph 8 below.

5. LEGAL BASIS FOR PROCESSING

Contractual obligations and provision of the service (as described in paragraph 3(a) above): the legal basis consists of art. 6, paragraph 1(b) of the Regulation, i.e., the processing is necessary for the performance of a contract to which the User is a party or for the performance of pre-contractual measures taken at the User’s request.
Administrative and accounting purposes (as described in section 3(b) above): the legal basis consists of art. 6, paragraph 1(b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures taken at the request of the User.
Legal obligations (as described in paragraph 3(c) above): the legal basis is art. 6, paragraph 1(c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Controller is subject.
Further processing purposes: for processing relating to marketing activities (as described in paragraph 4 above), the legal basis is art. 6, paragraph 1(a) of the Regulation, i.e., the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Controller asks the User to provide specific free and optional consent to pursue such processing purpose.

6. PROCESSING METHODS AND DATA RETENTION PERIOD

The Controller shall process the Users’ personal data by means of manual and computerized tools, with logic strictly related to the purposes thereof and, in any case, in such a way as to guarantee the security and confidentiality of the data.
Browsing data are kept for no longer than 24 months (except where judicial authorities need such data for establishing the commission of criminal offences). The personal data of the Website’s Users collected through the forms available on the Website will be stored for the time strictly necessary to fulfil the primary purposes illustrated in paragraph 3 above, or in any case as long as necessary to protect the interests of both the Users and the Controller under civil law, and in any case:
  • no more than 24 months for data collected through the info request section – contact form;
  • no more than 24 months for data collected through the Website’s section for the download of documents,
unless the User has also given the Controller his/her free and optional consent to process his/her personal data for marketing purposes.

In the case referred to in paragraph 4 above, Users’ personal data will be stored for the time strictly necessary to fulfil the purposes set out therein and, in any case, until Users revoke their consent and no longer than 24 months from the moment in which the User gave his/her consent.

7. TRANSMISSION AND DISSEMINATION OF DATA

The User’s personal data may be transferred outside the European Union, and, in this case, the Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate guarantees) of the Regulation.
The personal data of the Users may be disclosed to the employees and/or collaborators of the Controller in charge of managing the Website and the Users’ requests. These subjects, who have been instructed in this sense by the Controller pursuant to art. 29 of the Regulation, will process the data of the Users exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of the Applicable Law.
Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Controller in their capacity as Data Processors, such as, by way of example, suppliers of IT and logistics services functional to the operation of the Website, suppliers of outsourcing or cloud computing services, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller in the manner indicated in paragraph 8 below.

8. RIGHTS OF THE DATA SUBJECTS

Users may exercise their rights granted by the Applicable Law by contacting the Controller as follows:
  • Sending a registered letter with return receipt to the registered offices of the Controller: Via Cernaia 2, 20121 – Milan (Italy);
  • Sending an electronic mail message to the Data Protection Officer (RPD or DPO) of the Controller, whose contact details are as follows: the company Shibumi S.r.l. in the person of Mr. Lapo Curini Galletti (e-mail: privacy@certilogo.com).
Pursuant to the Applicable Law, the Users have:

  1. the right to withdraw consent at any time, if the processing is based on their consent;

  2. the right of access to personal data;
  3. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure (“right to be forgotten”);

  4. the right to object:
  • in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
  • in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
5. if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/).

***
The Controller is not responsible for updating all links that can be viewed in this cookie policy, therefore whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to such link.