BOOM PRIVACY POLICY
With this Privacy Policy, CRIF S.p.A. intends to describe the methods of managing the website (the “Website”) with reference to the processing of the personal data of users who access it in accordance with the provisions of art. 13 of the EU Regulation on the protection of personal data no. 679/2016 (GDPR).
Following access to and consultation of the Website, data relating to identified or identifiable persons may be processed.
The Controller for the processing of the collected personal data is CRIF S.p.A., with registered office located at Via Fantin 1/3, Bologna (BO), Italy.
Users can contact the Controller at the above mailing address or via the following e-mail addresses: e-mail: dirprivacy@crif.com and certified e-mail: crif@pec.crif.com
The processing of data collected with reference to those who access the Website is mainly carried out at the CRIF S.p.A. headquarters, and in any case in accordance with the provisions of the GDPR and all other applicable laws.
Personal data is processed only by specially trained employees or contractors with appropriate technical skills, and who are appointed and authorized to perform the processing, or by subjects appointed as processors.
The data will be processed lawfully and fairly, guaranteeing its security and confidentiality, according to the provisions of the GDPR and all other applicable laws. Personal data will be processed using electronic and, in any case, automated equipment.
With reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, and other parameters related to the user’s operating system and computing environment. The optional and voluntary sending of e-mails to the addresses indicated on the Website or by filling out the appropriate contact form involves the acquisition of the user’s personal data, as indicated therein, which is necessary to respond to user requests.
In addition, specific social media buttons/widgets may be present on the Website in the form of social network icons (e.g. LinkedIn, etc.) and icons for other web services (e.g. YouTube, etc.). These buttons allow users browsing the Website to access the specific social media sites in one click. In such cases, the social networks and web services acquire data regarding the user, while the Controller will not share any browsing information or user data acquired through its website with the social networks and web services that can be accessed through the social media buttons/widgets. These services create “third-party cookies”. For more information, please consult the Website Cookie Policy.
User data may be processed for:
The user's personal data will be processed on the basis of one or more of the following legitimacy conditions. In particular, processing carried out for the purposes referred to in:
letters A. and B. above, which have as their legal basis the need to fulfill the requests for the provision of a service or to respond to a user request. Such processing is therefore strictly necessary and connected to a pre-contractual phase at the request of the data subject and/or contractual or in order to provide feedback to a specific user request according to art. 6(1)(b) of the GDPR. In this regard, the personal information collected from time to time through the Website is necessary. If the user decides not to provide the information, it will not be possible to provide the service or proceed with the requests.
letter C. above, which has as its legal basis, to a proportionate and necessary extent, the legitimate interests of the Controller in accordance with art. 6 (1)(f) of the GDPR, consisting of improving the performance and verifying the proper functioning of the Website. In this regard, we also invite you to consult the Website Cookie Policy.
letter D. above: the Newsletter service will be activated only after a quotation and the specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.
letter E. above: the Controller will process the user’s data for this purpose exclusively following the prior and specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.
The user has the right to withdraw consent for the marketing purposes referred to in letter E. at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal and has the right to oppose the processing for marketing purposes referred to in letter E., including in part, or with reference to the marketing information and offers, and the advertising and promotional material regarding services (including third-party) through automated methods.
letter F. above: for this purpose, the Controller will process the user’s data required for registration to the Community and related events in order to establish the legal relationship between the parties on the basis of art. 6(1)(b) of the GDPR and for purposes related to the events themselves such as marketing, newsletters, etc. on the basis of specific consents previously issued by the data subject on the corresponding registration forms.
The Controller, for the same purposes as set out in this Privacy Policy and/or for purposes strictly functional to the services provided by the Website, may communicate the user’s data to parties such as:
This type of service has the function of hosting data and files that enable the Website to function and perform data processing in order to enable the Website to be browsed by users.
Such subjects will act as Processors according to art. 28 of the GDPR. The user can ask the Controller for an up-to-date list of Processors at any time.
Generally, the data of Website users will not be transferred outside the European Union. However, it is possible that such a transfer may occur following the implementation of features on the Website (e.g., social media buttons, link to third-party sites). For each service requested by the CRIF S.p.A. customer, a special information notice will be provided with the details of transfer, as well as the possibility for the user to check the information notices of third-party controllers. In any case, in relation to services provided by CRIF S.p.A., if personal data is transferred outside the European Union, the transfer will be carried out in accordance with the provisions of the GDPR and all other applicable laws, with suitable guarantees concerning personal data protection. In addition, this transfer may occur on the basis of the individual service provided by CRIF S.p.A. or as a result of the installation of third-party cookies. For each service requested by the CRIF S.p.A. customer, a special information notice will be provided with the details of the transfer, and within the Cookie Policy the user is also given the opportunity to check the information notices of third-party controllers and to opt-out if desired. In any case, in relation to services provided by CRIF S.p.A., if personal data is transferred outside the European Union, the transfer will be carried out in accordance with the provisions of the GDPR and all other applicable laws (as will be specified in the specific information notices).
CRIF S.p.A. shall process and retain the browsing data for the time required by the purposes for which the data was collected. Therefore:
As for browsing data, the Controller will delete this information 12 months after the last online interaction that occurred in relation to the Controller’s communications or the content published on the Website for which the Controller has direct evidence of this interaction (e.g. clicks, opening, response).
For details about the use of Cookies on this Website, please refer to the Cookie Policy.
We hereby inform you that, pursuant to articles 15-22 of the GDPR, the user can exercise the following rights: the right to access his or her personal data in accordance with art. 15 of the GDPR, ask for the amendment or deletion of the data, or restriction of its processing. The data subject also has the right to oppose the processing as well as the right to portability in the cases set out in articles 20 and 21 of the GDPR. In addition, users can withdraw their consent at any time, it being understood that the withdrawal of consent does not affect the lawfulness of the processing carried out up to the point of withdrawal.
In such cases, you can exercise your rights by contacting the Controller using the following contact details: e-mail: dirprivacy@crif.com and certified e-mail: crif@pec.crif.com
The data subject can also submit a complaint to the Italian Data Protection Authority, following the instructions through the link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
For any questions regarding the processing of your personal data, you can contact the Data Protection Officer by e-mailing: dirprivacy@crif.com; certified e-mail: crif@pec.crif.com
The Controller reserves the right to amend this Privacy Policy at any time, informing users on this page and, if possible, on the Website. Therefore, please consult this page regularly, referring to the date of updating at the bottom of the page.