Privacy Policy

BOOM PRIVACY POLICY

With this Privacy Policy, CRIF S.p.A. intends to describe the methods of managing the website (the “Website”) with reference to the processing of the personal data of users who access it in accordance with the provisions of art. 13 of the EU Regulation on the protection of personal data no. 679/2016 (GDPR).

  1. Controller and contact details

Following access to and consultation of the Website, data relating to identified or identifiable persons may be processed.

The Controller for the processing of the collected personal data is CRIF S.p.A., with registered office located at Via Fantin 1/3, Bologna (BO), Italy.

Users can contact the Controller at the above mailing address or via the following e-mail addresses: e-mail: dirprivacy@crif.com and certified e-mail: crif@pec.crif.com

  1. Location of data processing

The processing of data collected with reference to those who access the Website is mainly carried out at the CRIF S.p.A. headquarters, and in any case in accordance with the provisions of the GDPR and all other applicable laws.

Personal data is processed only by specially trained employees or contractors with appropriate technical skills, and who are appointed and authorized to perform the processing, or by subjects appointed as processors.

  1. Methods of data processing

The data will be processed lawfully and fairly, guaranteeing its security and confidentiality, according to the provisions of the GDPR and all other applicable laws. Personal data will be processed using electronic and, in any case, automated equipment.

  1. Categories of personal data processed

With reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, and other parameters related to the user’s operating system and computing environment. The optional and voluntary sending of e-mails to the addresses indicated on the Website or by filling out the appropriate contact form involves the acquisition of the user’s personal data, as indicated therein, which is necessary to respond to user requests.

In addition, specific social media buttons/widgets may be present on the Website in the form of social network icons (e.g. LinkedIn, etc.) and icons for other web services (e.g. YouTube, etc.). These buttons allow users browsing the Website to access the specific social media sites in one click. In such cases, the social networks and web services acquire data regarding the user, while the Controller will not share any browsing information or user data acquired through its website with the social networks and web services that can be accessed through the social media buttons/widgets. These services create “third-party cookies”. For more information, please consult the Website Cookie Policy.

  1. Use of the Website and purposes of the processing

User data may be processed for:

  1. the performance of operations that allow browsing of the Website pages or Website registration. The Controller, like most web page owners, needs to process personal information relating to users collected automatically or provided by the users themselves through the navigation or use of the Website in order to allow them to browse and use the site. Therefore, this Privacy Policy refers exclusively to the Website and does not refer to any other online sites, pages or services that can be accessed through hyperlinks published on the Website.
  2. the performance of the operations strictly necessary to provide the services, to purchase them, or to respond to any requests made by the user through the appropriate contact form on the home page of the Website.
  3. statistical processing of aggregated data in relation to the Website services.
  4. provision of the Newsletter service. By specifically selecting the relevant check box, the user consents to receiving updates on the activities of the Controller through the Website; the user data will also be added to the Website mailing list so that the user can receive the relative Newsletter. Users can decide not to receive the Newsletter at any time through the opt-out link at the bottom of each message and/or by exercising the right to withdraw consent.
  5. direct marketing activities and marketing communications for products and services of CRIF S.p.A. and other CRIF Group companies. If, following specific selection of the relevant check box, the user consents to receiving information, marketing communications, direct sales, and market research on the products or services provided through the Website, the user’s information will be processed for this purpose. Such communications may be sent through the use of traditional tools (telephone/mail) and automated tools (e-mail, fax, SMS, etc.), always on the basis of the preferences previously expressed by the user. After the initial telephone/e-mail contact, if the user decides not to subscribe to any service or to purchase any product or states that he/she does not want to be contacted again, the Controller will cancel the user’s details. Likewise, users can decide not to receive any marketing communications at any time by using the opt-out link at the bottom of each message and in any case exercising the relative right to withdraw consent.
  6. F. registration and membership of the BOOM Community. In accordance with the conditions set out in the following link [upcoming feature], companies, professionals and individuals can benefit from a series of events/training courses/promoted initiatives, and BOOM newsletters and benefit from discounted rates.

 

  1. Legal basis for data processing

The user's personal data will be processed on the basis of one or more of the following legitimacy conditions. In particular, processing carried out for the purposes referred to in:

letters A. and B. above, which have as their legal basis the need to fulfill the requests for the provision of a service or to respond to a user request. Such processing is therefore strictly necessary and connected to a pre-contractual phase at the request of the data subject and/or contractual or in order to provide feedback to a specific user request according to art. 6(1)(b) of the GDPR. In this regard, the personal information collected from time to time through the Website is necessary. If the user decides not to provide the information, it will not be possible to provide the service or proceed with the requests.

letter C. above, which has as its legal basis, to a proportionate and necessary extent, the legitimate interests of the Controller in accordance with art. 6 (1)(f) of the GDPR, consisting of improving the performance and verifying the proper functioning of the Website. In this regard, we also invite you to consult the Website Cookie Policy.

letter D. above: the Newsletter service will be activated only after a quotation and the specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.

letter E. above: the Controller will process the user’s data for this purpose exclusively following the prior and specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.

The user has the right to withdraw consent for the marketing purposes referred to in letter E. at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal and has the right to oppose the processing for marketing purposes referred to in letter E., including in part, or with reference to the marketing information and offers, and the advertising and promotional material regarding services (including third-party) through automated methods.

letter F. above: for this purpose, the Controller will process the user’s data required for registration to the Community and related events in order to establish the legal relationship between the parties on the basis of art. 6(1)(b) of the GDPR and for purposes related to the events themselves such as marketing, newsletters, etc. on the basis of specific consents previously issued by the data subject on the corresponding registration forms.

  1. Categories of recipients of personal data

The Controller, for the same purposes as set out in this Privacy Policy and/or for purposes strictly functional to the services provided by the Website, may communicate the user’s data to parties such as:

  • Hosting and back-end infrastructure

This type of service has the function of hosting data and files that enable the Website to function and perform data processing in order to enable the Website to be browsed by users.

  • Website Administration (administration, sales and legal personnel, and system administrators).
  • Newsletter Service
  • Statistics
    The services contained in this section allow the Controller to monitor and analyze the traffic data for the Website. The Controller uses this service in order to perform aggregated analysis of its users in anonymous form and thus improve Website performance. All statistical services are used by the Controller through an integration that anonymizes the IP address of the user.

Such subjects will act as Processors according to art. 28 of the GDPR. The user can ask the Controller for an up-to-date list of Processors at any time.

  1. Transfer of personal data

Generally, the data of Website users will not be transferred outside the European Union. However, it is possible that such a transfer may occur following the implementation of features on the Website (e.g., social media buttons, link to third-party sites). For each service requested by the CRIF S.p.A. customer, a special information notice will be provided with the details of transfer, as well as the possibility for the user to check the information notices of third-party controllers. In any case, in relation to services provided by CRIF S.p.A., if personal data is transferred outside the European Union, the transfer will be carried out in accordance with the provisions of the GDPR and all other applicable laws, with suitable guarantees concerning personal data protection. In addition, this transfer may occur on the basis of the individual service provided by CRIF S.p.A. or as a result of the installation of third-party cookies. For each service requested by the CRIF S.p.A. customer, a special information notice will be provided with the details of the transfer, and within the Cookie Policy the user is also given the opportunity to check the information notices of third-party controllers and to opt-out if desired. In any case, in relation to services provided by CRIF S.p.A., if personal data is transferred outside the European Union, the transfer will be carried out in accordance with the provisions of the GDPR and all other applicable laws (as will be specified in the specific information notices).

  1. Retention period

CRIF S.p.A. shall process and retain the browsing data for the time required by the purposes for which the data was collected. Therefore:

  • any data collected for purposes essential to the execution of a contract between the Controller and the user will be retained until the execution of the contract/request is complete and for the duration of the processing;
  • when the processing is based on user consent, such as for the subscription to marketing communications, the Controller can retain the personal data for a maximum period of 5 years unless such consent is withdrawn beforehand;
  • when the processing is based on user consent, such as for subscription to the Newsletter, the Controller can retain the personal data for a maximum period of 24 months unless consent is withdrawn beforehand;
  • in addition, the Controller may be obliged to retain the personal information for a longer period in compliance with a legal obligation or to retain it based on its legitimate interests for the management of any ongoing litigation or pre-litigation.

As for browsing data, the Controller will delete this information 12 months after the last online interaction that occurred in relation to the Controller’s communications or the content published on the Website for which the Controller has direct evidence of this interaction (e.g. clicks, opening, response).

  1. Cookies

For details about the use of Cookies on this Website, please refer to the Cookie Policy.

  1. Data subject rights

We hereby inform you that, pursuant to articles 15-22 of the GDPR, the user can exercise the following rights: the right to access his or her personal data in accordance with art. 15 of the GDPR, ask for the amendment or deletion of the data, or restriction of its processing. The data subject also has the right to oppose the processing as well as the right to portability in the cases set out in articles 20 and 21 of the GDPR. In addition, users can withdraw their consent at any time, it being understood that the withdrawal of consent does not affect the lawfulness of the processing carried out up to the point of withdrawal.

In such cases, you can exercise your rights by contacting the Controller using the following contact details: e-mail: dirprivacy@crif.com and certified e-mail: crif@pec.crif.com

The data subject can also submit a complaint to the Italian Data Protection Authority, following the instructions through the link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524

  1. Data Protection Officer

For any questions regarding the processing of your personal data, you can contact the Data Protection Officer by e-mailing: dirprivacy@crif.com; certified e-mail: crif@pec.crif.com

  1. Amendments to this Privacy Policy

The Controller reserves the right to amend this Privacy Policy at any time, informing users on this page and, if possible, on the Website. Therefore, please consult this page regularly, referring to the date of updating at the bottom of the page.