PRIVACY POLICY

Privacy notice as per article 13 Reg. EU 2016/679 (GDPR) – Policy on the processing of personal data collected from the data subject

WHY THIS INFORMATION

In compliance with the provisions of Reg. EU 2016/679 (European Regulation on the protection of personal data – GDPR) we provide you with the required information regarding the processing of your personal data. This privacy policy should not be considered valid for other websites that may be consulted via links on the websites in the domain of the Controller, who is not to be considered in any way responsible for third party websites. This privacy policy is provided pursuant to art. 13 of GDPR and is also inspired by the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC with regard to cookies, as well as the Provision of the Supervisory Authority for the protection of personal data of 08/05/2014 with regard to cookies and EDPB 5/2020 Guidelines on consent pursuant to Regulation (EU) 2016/679 adopted on 04/05/2020.

 

Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. (C26, C27, C30)

 

Navigation data: The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI / URL (Uniform Resource Identifier/ Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

 

Data communicated by the interested party: The optional, explicit and voluntary sending of messages to the contact addresses, as well as the compilation and forwarding of the forms on the website of the Data Controller, involves the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in communications.

 

Specific information: Specific information could be presented on the pages of the website, in relation to particular services or processing of the provided data.

 

Cookies and other technologies: For more information on cookies and other used technologies, please refer to the Cookies Policy in the footer of this website.

 

  1. DATA CONTROLLER

Pursuant to art. 4 and 24 of GDPR, the Data Controller is LB Research Srl, Via Lombardia, 81 – 22063 Cantù (CO), Italy, in the person of the legal representative. Phone: +39 031 734 908, e-mail contact privacy@lbresearch.it

 

  1. DATA PROTECTION OFFICER (DPO)

Pursuant to art. 37 – 39 of GDPR, the Data Controller has appointed the Data Protection Officer (DPO), who can be contacted at: dpo@lbresearch.it.

 

  1. PURPOSES OF THE PROCESSING

Personal data will be processed for the following purposes:

  • website navigation: the data, necessary for the use of web services, are also processed for the purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.) and to check the correct functioning of the offered services;
  • possible completion of the data collection form in the “contact us” area;
  • possible completion of the data collection form in the “careers” area.

 

  1. LEGAL BASES OF THE PROCESSING

The data processing will take place in compliance with the conditions of lawfulness pursuant to art. 6 of the GDPR:

  • on the performance of a contract or the implementation of pre-contractual measures taken at the data subject’s request;
  • on the basis of the processing necessary for the purposes of the legitimate interests pursued by the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject who require the protection of personal data do not prevail and also taking into account reasonable expectations nourished by the data subject at the time and in the context of the collection of personal data, when the data subject can reasonably expect that processing for this purpose will take place (Recital 47).

For information, you can write to dpo@lbresearch.it.

 

  1. RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS

The provided personal data will be disclosed to recipients that will process the data as Processors (art. 28 of GDPR) and/or as natural persons acting under the authority of the Data Controller and the Data Processor (art. 29 of GDPR), for the above-indicated purposes and to third parties. More precisely, the data will be disclosed to:

  • parties that provide services identified and authorized, located in Italy;
  • subjects that provide services for the IT and communication network management (e-mail included), located in Italy;
  • firms or companies with support and consultancy relationships, located in Italy;
  • competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request;
  • in case of administrative accounting purposes, the data may be transmitted to commercial information companies for the assessment of solvency and payment habits and/or to subjects for credit recovery purposes, located in Italy.

The parties belonging to the aforesaid categories perform the function of Data Processor or operate in complete autonomy as separate Data Controllers. See specific information in dedicated areas with data collection forms.

The list of Data Processors is constantly updated and available by writing to the e-mail address privacy@lbresearch.it

 

  1. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION AND GUARANTEES

The personal data will not be transferred to countries belonging to the European Union and to countries outside the EU. The website is based in Italy.  Please refer to specific privacy notices in dedicated areas with data collection forms.

 

  1. DATA RETENTION PERIOD OR CRITERIA FOR CALCULATING THE PERIOD

The process will be carried out by authorized subjects, with methods and tools aimed to guarantee maximum security and confidentiality. In compliance with the provisions of art. 5 paragraph 1 letter e) of GDPR, the collected personal data will be stored in a form that allows to identify the data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. Specifically, the personal data will be processed for a time period equal to the minimum necessary, as indicated in Recital 39 of GDPR, that is until the termination of existing contractual and pre-contractual relationships, without prejudice to a further retention period that may be imposed by law as also required by Recital 65 of GDPR. Please refer to specific privacy notices in dedicated areas with data collection forms. The timing is determined on the basis of the criteria that the interested party can have information about by writing to dpo@lbresearch.it

 

  1. RIGHTS OF THE DATA SUBJECTS

The data subject may assert the rights as expressed in art. 15 et seq. of GDPR, by contacting the Data Controller or the DPO at the e-mail address dpo@lbresearch.it. You have the right, at any time, to request access to personal data (art. 15), rectification (art. 16), erasure (art. 17), restriction of processing (art. 18). The Data Controller communicates (art. 19) any rectification, erasure or limitation carried out for the processing to each of the recipients to whom the personal data have been transmitted. Upon request, the Data Controller informs the data subject about these recipients. Moreover, when applicable, for data collection forms in dedicated areas, you have the right to data portability (art. 20) and in this case they will be provided to you in a structured format, commonly used and readable, by an automatic device. When applicable, you have the right to object (art. 21), at any time, to the processing of data based on legitimate interest, as well as in the cases provided for data collection forms in dedicated areas, to revoke any consent given without prejudice to the lawfulness of the processing based on consent before revocation, by writing an e-mail dpo@lbresearch.it. There is no automated decision making. According to art. 77 of GDPR, in case the data subject believes that the processing of personal data carried out by the Data Controller is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State where you usually reside or work or in the place where the alleged violation of the regulation has occurred. You can lodge a complaint with the Garante Privacy (https://www.garanteprivacy.it/), or take the appropriate judicial offices (the latter also for the legal entity contracting party and not just for natural persons).

 

  1. PROVISION OF DATA

The disclosure of personal data is not a legal obligation. Failure to provide personal data will make impossible to use the Data Controller services.

 

  1. CHANGES TO THE PRIVACY POLICY

The Data Controller reserves the right to modify, update, add or remove parts of this privacy notice. In order to facilitate this verification, the notice will contain an indication of the update date of the information.

 

Updated on: 20 December 2022