Privacy Policy
Contract S.r.l., with registered office in Pero – Breda di Piave (TV Italy), Via Giuseppe Toniolo n. 20/A Zip code 31030 hereby sets out, pursuant to EU Regulation 679/2016 and Legislative Decree n. 196/2003, as amended by Legislative Decree n. 101/2018, the methods for processing the personal data of users browsing Contract website from the address: www.contractsrl.com, which corresponds to the home-page of the website.
The Data Controller
The data controller is Contract S.r.l., with registered office in 31030 Pero di Breda di Piave (TV-Italy), via Toniolo n. 20/A, as also identified on the website, in the person of its pro tempore legal representative.
Processing methods
Personal data are processed by automated tools -but also on paper- with organisational and logical methods related to the purposes set out in this document.
Purpose
The processing of data in this site takes place for the purpose of pre-contractual negotiations, should users show interest in dealings with Contract (or in obtaining the catalogue that can be downloaded from the site). It takes place in order to manage the site and its functionality, and to ensure secure operation and maintenance. This is done for statistical purposes, using data, including aggregated or anonymous data, to improve the services and effectiveness of the site itself (through the use of Matomo software, on which more below). It also takes place to measure the flows or trends of social pages.
Types of data processed
Data categories
The categories of personal data are, by way of example:
– personal and identification data (name and surname, company name, company location, job position of the person requesting data or contact, email, telephone, including company);
– contact data (always anonymous IP address) e-mail address, and similar data) and browsing data.
Please refer to the privacy policy of the social network involved for the data processing.
Security and browsing data
The computer system acquires some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation.
Data are also processed for security purposes and/or to ascertain liability in the event of hypothetical computer crimes against the website or Contract (spam filters, firewalls, virus detection). In this case, the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the law, to block attempts to damage the site or harm other users, or in any case harmful or criminal activities. These data are not used for the identification or profiling of the user, nor are they cross-referenced with other data, but only used for the protection of the site and its users. Except in the case of liability investigations, personal data sent to Contract are not retained for longer than is necessary for the stated purpose.
Cookies
Websites, including this one, may store or retrieve information on the browser in the form of cookies.
Cookies are small text files sent by websites and stored on the user’s computer, tablet, smartphone or other mobile device. They contain basic information about your Internet browsing and are recognised by your browser each time you visit the site. Cookies can also be first-party cookies if they are set by the site visited, or third-party cookies if they are sent from a site other than the one visited.
The information may relate to the user’s preferences or their device and is largely used to make the site work according to the user’s expectations. The information usually does not directly identify visitors/users, but can provide a more personalised web experience.
The use of so-called session cookies (which are not stored persistently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identification numbers (built from random numbers generated by the server) necessary to enable safe and effective browsing of the site.
Cookie Analytics (Matomo)
Contract S.r.l. uses Matomo. Data relating to the browser, IP address, and interactions with the site may be collected in order to fill in statistical reports on the number of site users and how they visit the site and thus improve it. The IP address is anonymised; data are not associated with other data held by Contract, nor received from social.
Linkedin Insight Tag
Contract uses Linkedin’s Insight Tag. The LinkedIn Insight Tag enables the collection of data about Linkedin members’ visits to the website, including URL, IP address, device and browser characteristics (User Agent), date and time. These are processed anonymously. LinkedIn do not share personal data with the website owner; only aggregate reports and (non-identifying) alerts about the website audience are provided.
Cookie consent collection
Contract S.r.l. will keep track of the User’s consent(s) via a special technical cookie, lasting six months. A consent log has been developed.
Social Media
Contract has an account on Linkedin and Instagram social networks/media.
The interested party may choose whether entering personal data on said socials, accessing them to reach the part/section where Contract is present; this may entail users to accept or choose data processing rules set out by the companies that own the social network, and carried out by them. Logging-in into social networks, posting or uploading data or photos or anything else on said social networks is carried out by the interested party.
Linkedin
Contract has an active Linkedin account, which can be reached at the following address:
https://www.linkedin.com/company/contractsrl/
The use of social and data processing may take place for:
– posting corporate information content online, or interacting with users on said content
The service is offered by LinkedIn Ireland Unlimited Company (‘LinkedIn Ireland’) Wilton Place,
Dublin 2, Ireland (VAT number: IE 9740425P).
For further information on Linkedin, please check here (https://it.linkedin.com/legal/privacy-policy)
Instagram
Contract has its own active Instagram page, which can be found at the following address:
https://www.instagram.com/contract.srl/
Social media use and processing take place with the aim of:
-publishing content of an informative and/or promotional nature or interacting with users on such content or to respond to their requests.
For further information on Instagram, please check here https://help.instagram.com/155833707900388
YouTube
Contract has a front-page video on YouTube.
Contract only receives data on video viewing reports, which are also publicly available.
Social Button
Social buttons are the ‘buttons’ on the site that depict the icons of social networks (LinkedIn and Instagram) and that allow you to interact with a ‘click’ directly with the social platforms. The social buttons on this site are links to the above social network accounts.
However, we provide links where users can view the privacy policy on data management by the social networks to which the buttons refer:
Linkedin
Instagram
Disable cookies (opt-out)
It is possible to change the way your browser uses cookies by customising the security settings in the browser’s configuration options (configuration depends on the type of operating system, the type of browser used and its version).
It is also possible to choose not to allow any type of cookie: failure to consent to certain types of cookies may have consequences for navigation on the site and use of the related services we are able to offer.
Third-party cookies cannot be controlled; if consent has already been given, it is necessary to delete cookies via the browser or by requesting opt-out directly from the third-party or via the website: http://www.youronlinechoices.com/en/yourchoice
If you want to know more, please go to the following sites:
– http://www.youronlinechoices.com/
– http://www.allaboutcookies.org/
See also the following ‘social button’ and cookiepolicy.
Legal basis of processing
Personal data are processed for information or pre-contractual purposes and therefore to establish relationships: the provision of data is optional and based on consent. The processing is necessary for the execution of the contract and/or pre-contractual measures requested by the user, as well as to fulfil a legal obligation to which the data controller is subject (control authorities, litigation and the like).
Data for site security and prevention of misuse are processed on the basis of a legitimate interest of the Data Controller in the protection of the site and the users themselves. Please also refer to what is specified for browsing and security data in paragraph 4.1). Such processing may take place for:
– the operation and maintenance of the Contract site;
– preventing or detecting fraudulent activities or abuses detrimental to the platform, as well as exercising and protecting the Controller’s rights in court and handling litigation.
Social: Contract’s active or potential actions are publishing content, replying to comments or following other accounts, carried out directly on the platforms.
Processing for statistical purposes may consist of:
– analysis of the number of users and how they visit the site, of user behaviour on the site (these are carried out in aggregate and anonymous form, not cross-referenced with other data; the analysis is carried out using Matomo software);
– monitoring flows from links on social media by means of aggregated and very general internal analysis tools (number of clicks).
– aggregated data on global trends of social pages (anonymised analysis) provided by the platforms themselves.
These data are not cross-referenced.
Users may withdraw or change a consent already given at any time (via the cookie banner or browser settings).
Place and time of processing
The processing operations take place at the Contract s.r.l. headquarters and are handled by the staff of the office in charge of processing. They are also processed at the web hosting datacentre. The web hosting is responsible for processing data on behalf of the owner, it is located in the European Union and acts in accordance with European standards.
The processing time, in the case of pre-contractual negotiations, is for the time necessary to process the Users’ request, subject to the retention of the data provided for registration and account access to the platform, until the Users’ cancellation (except in the case of litigation).
The data collected during the site operation are kept for the time strictly necessary to perform the specified activities. Upon expiry, data will be deleted, unless there is no further purpose for retaining the data, such as for liability investigations or judicial activities or consents given.
Data access, communication
In addition to the Data Controller, in some cases, categories of employees involved in the organisation of the site or external parties may have access to the data. More specifically, the following may have access:
– internal staff and collaborators of the Data Controller, in their capacity as designated/person in charge and/or data processors;
– third-parties who perform outsourcing activities on behalf of the Controller, such as external parties who provide instrumental or support services, such as system administrators, IT companies, accountants, lawyers, marketing communication or social management agencies (i.e. for the provision of a specific service requested by the User or for the performance of security or site optimisation checks or for business management in relation to the activity requested).
Without the need for express consent, data may be disclosed by the Data Controller to Supervisory Bodies, Public Bodies, Control Authorities, Police Forces and Judicial Authorities, as well as to all those subjects to whom disclosure is compulsory by law – even upon request – for the fulfilment of the aforementioned purposes. These subjects will process the data in their capacity as autonomous data controllers.
Transfer of data to non-EU countries
Personal data are managed and stored on servers located within the European Union. Currently, Contract’s server is located in Italy. The data will not be transferred outside the European Union, except in the cases provided for in Article 49 GDPR, i.e. insofar as necessary for the performance of a contract signed between the interested party and the data controller or for the performance of pre-contractual measures taken at the request of the data subject.
Security Measures
Contract has implemented security measures to prevent data loss, illegal or incorrect use and unauthorised access. The site management software is updated and checked for viruses or hazardous items.
Rights of Interested Parties
Pursuant to European Regulation 679/2016 (GDPR), the Data Subject may exercise, in relation to the processing of data, the rights provided for (Articles 15-21), including:
– receive confirmation of the existence of the data and access to their content (access rights);
update, amend and/or correct the data (right of rectification);
– request the deletion or restriction of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected (right to be forgotten and right to restriction);
object to the processing (right to object);
– withdraw consent, where given, without prejudice to the lawfulness of the processing based on the consent given before withdrawal;
– lodge a complaint with the Supervisory Authority (Garante per la protezione dei dati personali garanteprivacy.it);
– receive an electronic copy of the data concerning him/her as a Data Subject, when such data have been rendered in the context of the contract, and request that such data be transmitted to another data controller (right to data portability).
Requests should be addressed to:
– by e-mail to info@contractsrl.com
– or by mail
Update and Revision
This document is dated 10th November 2023; it is subject to revision as often as required by law or for checks carried out by Contract or made necessary by further implementations of the site.