Website Information – Privacy Policy Art. 13 and seq. General Data Protection Regulation no. 2016/679 (“GDPR”) | |||
Introduction: scope of this privacy & cookie policy | Dear User, when you access and navigate on this website (hereinafter ‘Website’) some of your personal data is acquired, stored, and managed (in technical terms ‘processed’) through the device you are using, also by analyzing and saving your IP address, browsing data, ‘cookies’ and other online identifiers such as ‘pixels’. In light of these processing activities, in compliance with the applicable legislation that requires the protection, confidentiality and security obligations on your data, Blue BI S.r.l. clarifies below the purposes and means defined in its capacity as Data Controller. | ||
Data Controller | Data processing operations will be performed as Data Controller by Blue BI S.r.l., with legal seat in Milano (MI), via G. Frua n. 22, VAT n. 07515870967, that can be contacted at the following addresses:
The Data Controller has appointed a Privacy Manager who can be contacted at the e-mail provided. | ||
Categories of data processed | The categories of data processed through the Website are:
The data marked with an asterisk (*) are mandatory to carry out the related processing. | ||
Purposes, legal basis and data retention periods | Purposes | Legal basis | Data retention period |
User access to the pages of the Website and to its functionality | Performance of pre-contractual and contractual activities | For the duration the user remains on the Website, and in any case for a maximum of 24 months after it. | |
Feedback to contact requests or information inquiries sent by the User | Legitimate interest of the Data Controller, to maintain relations with the User | For a maximum of 10 years from the last interaction between the User and the Data Controller. | |
Management of spontaneous contacts relating to the “Work with us” section, for the purpose of establishing a working relationship | Performance of pre-contractual and contractual activities | For a maximum period of 24 months from the end of the selection process, unless further storage needs arise | |
Analysis of the usage statistics and improvement of the functionality of the Website | User consent or, in some specific cases, performance of the legitimate interest of the Data Controller | Until the expiry of the online ID retained for the longest time, unless User’s requests of cancellation and/or anonymization activities, and in any case for a maximum of 24 months. | |
Other information on how we process personal data | If the User wishes to receive further information about the balance between the legitimate interests pursued by the Data Controller and the fundamental rights and freedoms of the natural person, he/she can contact the Data Controller at the addresses indicated, and in particular at the e-mail address provided, having the right to receive adequate feedback as soon as possible and in any case within the time required by law. In the event of litigation with the User or with third parties, or control of the competent Authorities, the conservation may be extended until the expiry of the last applicable prescription period. The User’s personal data will not be disseminated in any way, except for the acquisition of express and prior consent or within the limits of what is provided for or imposed by law. | ||
Consequences of failure to provide data | The provision of personal data marked with an asterisk (*) is mandatory: not providing such data makes it impossible to proceed with the related processing. The provision of other personal data is optional: failure to provide such additional data may make it impossible to access all or part of the Website’s functions or characteristics. | ||
Automated decision-making processes | No processing of personal data by means of automated decision-making processes is carried out in accordance with current legislation, and in particular with Article 22(1) and (4) of the GDPR. Any automated processing will not have a legal effect on the data subject or significantly affect him/her unless specific informed consent is obtained and in any case within the limits of the law. | ||
Categories of subjects that process data on behalf of the Data Controller | Within the limits of the obligations, tasks or purposes indicated above, personal data may be made available and / or communicated to:
The complete list of Data Processors and other third parties to whom the data are made available and / or communicated can be requested from the Data Controller at any time, at the indicated references. | ||
Transfer of data outside the European Economic Area | Personal data shall be transferred to countries outside the European Economic Area for technical purposes, in any case to subjects based in countries recognized as “adequate” by the European Commission or that have stipulated specific Standard Contractual Clauses based on the text approved by the European Commission. If necessary, the Data Controller carried out a Transfer Impact Assessment concerning the risks arising from the transfer of personal data to countries considered not adequate. | ||
Rights of the Data Subject | The User, as a “Data Subject” according to the GDPR, can at any time exercise the rights attributed to him/her by the aforementioned European regulation. In particular, the User has the right to:
For Italy – as the Data Controller’s home state – the supervisory authority is the “Autorità Garante per la protezione dei dati personali” based in Rome (www.gpdp.it). The exercise of the aforementioned rights can take place by sending a request to the Data Controller’s references and in particular to the e-mail address indicated above. | ||
Last update on: 15th April 2024 |