Website Information – Privacy Policy
www.bluebi.it

Articles 13 et seq. General Data Protection Regulation n. 2016/679 (“GDPR”)

Introduction

Dear User,

when you access and browse this website (hereinafter ‘Site’) some of your personal data are acquired, stored and managed (in technical terms ‘processed’), through the device you are using, including through the analysis and saving of the your IP address, browsing data, “cookies” and other online identifiers such as “pixels”. In light of these processing activities, in compliance with the applicable legislation which provides for the protection, confidentiality and security obligations on your data, Blue BI Srl clarifies below the purposes and means processed in its capacity as Data Controller.

Holder of the treatment

The personal data processing operations carried out following access and interaction with the Site will be carried out, as Data Controller, by Blue BI Srl , based in Milan (MI), via G. Frua n. 24, VAT number and CF 07515870967, who can be contacted at the following addresses:
• by writing an e-mail to privacy@bluebi.it ;
• by ordinary mail to the address of the indicated office.

Categories of data processed

The categories of data processed are as follows:
• information relating to the user’s navigation on the Site, including the so-called online identifiers and data relating to the devices used;

• personal identification and contact data such as name, surname, e-mail address and telephone number in case of use of the website functions;

• additional data in case of implementation of new functions.

Purpose, legal basis and storage time

Purpose

Legal basis

Retention time

Offering the navigation features of the Site, including access to its pages and access to content, courses and webinars

The processing is necessary for the performance of pre-contractual and contractual activities

Only for the period necessary to stay on the Site, and in any case for a maximum of 24 months

Response to contact requests or information sent by the user

Exercise of the legitimate interest of the Data Controller, aimed at maintaining relations with users of the Site

For a maximum of 10 years from the interaction with the interested party.

Management of spontaneous contacts relating to the “Work with us” section, for the purpose of establishing a working relationship

The processing is necessary for the performance of pre-contractual and contractual activities, and in some cases for the exercise of the legitimate interest of the Data Controller.

For a maximum period of 24 months from the end of the selection process, unless further storage needs are required.

Analysis of usage statistics and improvement of the Site’s functions

Consent of the user, or (in some cases) exercise of the legitimate interest of the Owner in monitoring the functionality of the Site

Until the expiration of the user ID stored longer, except for requests for cancellation or anonymization and in any case for a maximum of 24 months.

Learn more about how we process data

If the interested party wishes more information about the balance between the legitimate interests pursued by the Data Controller and the fundamental rights and freedoms of the natural person, he can contact them at the addresses indicated, having the right to receive feedback as soon as possible and in any case within the time limits set by law.

In the event of a dispute with the user or with third parties, or in the event of control by the competent Authorities, the storage may be extended until the expiry of the last applicable limitation period.

The data will not be disseminated in any way, except for the express and prior consent of the interested party and within the limits of the provisions of the law.

Consequences of failure to provide data

The provision of personal data indicated as mandatory is necessary to pursue the related purposes: not providing such data makes it impossible to proceed with the related processing.

The provision of other personal data is optional : not providing such additional data may result in the total or partial impossibility of accessing certain functions or features of the Site.

Automated decision-making processes

No processing of personal data is envisaged through automated decision-making processes in accordance with the provisions of current legislation, and in particular pursuant to art. 22, paragraphs 1 and 4, of the GDPR.

In any case, any automated processing will not have a legal effect for the interested party that concerns him or that significantly affects his person, except for the acquisition of a specific informed consent and in any case in compliance with the legal limits.

Categories of subjects that process personal data

Within the limits of the obligations, tasks or purposes indicated above, personal data may be processed, made available and / or communicated to:

• employees and / or collaborators of the Data Controller;

• third parties appointed as managers (in particular, suppliers of goods or services), including their employees and / or collaborators;

• Jurisdictional, administrative and / or public security authorities, in compliance with regulatory provisions.

The complete list of Managers and other third parties can be requested from the Data Controller at any time, using the references indicated.

Transfer of personal data outside the European Economic Area

Personal data may be transferred to countries outside the European Economic Area exclusively for technical needs, in any case to subjects based in countries recognized as “adequate” by the European Commission or through the stipulation of specific Standard Contractual Conditions in the text approved by the Commission. European.

Rights of the interested party

The interested party may, at any time, exercise the rights provided for by the European Regulation n. 2016/679. In particular, he has the right:
• to access your personal data;
• to obtain the rectification or cancellation of the same or the limitation of the treatment that concerns him;
• to oppose the treatment;
• to data portability;
• to revoke the consent, where provided: the revocation of the consent does not affect the lawfulness of the treatment based on the consent given before the revocation;
• to lodge a complaint with the supervisory authority.

For Italy, the supervisory authority is the Guarantor Authority for the protection of personal data, based in Rome.

The exercise of the aforementioned rights may take place by sending a request to the references of the Data Controller, as indicated above.

Last revision: March 17, 2022