Privacy Policy

The Data Controller

Processing methods


The processing of data in this site takes place for the purpose of pre-contractual negotiations, should users show interest in dealings with Contract (or in obtaining the catalogue that can be downloaded from the site). It takes place in order to manage the site and its functionality, and to ensure secure operation and maintenance. This is done for statistical purposes, using data, including aggregated or anonymous data, to improve the services and effectiveness of the site itself (through the use of Matomo software, on which more below). It also takes place to measure the flows or trends of social pages.

Types of data processed

Data categories

The categories of personal data are, by way of example:
– personal and identification data (name and surname, company name, company location, job position of the person requesting data or contact, email, telephone, including company);
– contact data (always anonymous IP address) e-mail address, and similar data) and browsing data.

Please refer to the privacy policy of the social network involved for the data processing.

Security and browsing data

The computer system acquires some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation.

Data are also processed for security purposes and/or to ascertain liability in the event of hypothetical computer crimes against the website or Contract (spam filters, firewalls, virus detection). In this case, the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the law, to block attempts to damage the site or harm other users, or in any case harmful or criminal activities. These data are not used for the identification or profiling of the user, nor are they cross-referenced with other data, but only used for the protection of the site and its users. Except in the case of liability investigations, personal data sent to Contract are not retained for longer than is necessary for the stated purpose.


Websites, including this one, may store or retrieve information on the browser in the form of cookies.

Cookies are small text files sent by websites and stored on the user’s computer, tablet, smartphone or other mobile device. They contain basic information about your Internet browsing and are recognised by your browser each time you visit the site. Cookies can also be first-party cookies if they are set by the site visited, or third-party cookies if they are sent from a site other than the one visited.

The information may relate to the user’s preferences or their device and is largely used to make the site work according to the user’s expectations. The information usually does not directly identify visitors/users, but can provide a more personalised web experience.

The use of so-called session cookies (which are not stored persistently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identification numbers (built from random numbers generated by the server) necessary to enable safe and effective browsing of the site.

Cookie Analytics (Matomo)

Contract S.r.l. uses Matomo. Data relating to the browser, IP address, and interactions with the site may be collected in order to fill in statistical reports on the number of site users and how they visit the site and thus improve it. The IP address is anonymised; data are not associated with other data held by Contract, nor received from social.

Linkedin Insight Tag

Contract uses Linkedin’s Insight Tag. The LinkedIn Insight Tag enables the collection of data about Linkedin members’ visits to the website, including URL, IP address, device and browser characteristics (User Agent), date and time. These are processed anonymously. LinkedIn do not share personal data with the website owner; only aggregate reports and (non-identifying) alerts about the website audience are provided.

Cookie consent collection

Contract S.r.l. will keep track of the User’s consent(s) via a special technical cookie, lasting six months. A consent log has been developed.

Social Media

Legal basis of processing

Personal data are processed for information or pre-contractual purposes and therefore to establish relationships: the provision of data is optional and based on consent. The processing is necessary for the execution of the contract and/or pre-contractual measures requested by the user, as well as to fulfil a legal obligation to which the data controller is subject (control authorities, litigation and the like).

Data for site security and prevention of misuse are processed on the basis of a legitimate interest of the Data Controller in the protection of the site and the users themselves. Please also refer to what is specified for browsing and security data in paragraph 4.1). Such processing may take place for:
– the operation and maintenance of the Contract site;
– preventing or detecting fraudulent activities or abuses detrimental to the platform, as well as exercising and protecting the Controller’s rights in court and handling litigation.

Social: Contract’s active or potential actions are publishing content, replying to comments or following other accounts, carried out directly on the platforms.

Processing for statistical purposes may consist of:
– analysis of the number of users and how they visit the site, of user behaviour on the site (these are carried out in aggregate and anonymous form, not cross-referenced with other data; the analysis is carried out using Matomo software);
– monitoring flows from links on social media by means of aggregated and very general internal analysis tools (number of clicks).
– aggregated data on global trends of social pages (anonymised analysis) provided by the platforms themselves.

These data are not cross-referenced.
Users may withdraw or change a consent already given at any time (via the cookie banner or browser settings).

Place and time of processing

The processing operations take place at the Contract s.r.l. headquarters and are handled by the staff of the office in charge of processing. They are also processed at the web hosting datacentre. The web hosting is responsible for processing data on behalf of the owner, it is located in the European Union and acts in accordance with European standards.

The processing time, in the case of pre-contractual negotiations, is for the time necessary to process the Users’ request, subject to the retention of the data provided for registration and account access to the platform, until the Users’ cancellation (except in the case of litigation).

The data collected during the site operation are kept for the time strictly necessary to perform the specified activities. Upon expiry, data will be deleted, unless there is no further purpose for retaining the data, such as for liability investigations or judicial activities or consents given.

Data access, communication

In addition to the Data Controller, in some cases, categories of employees involved in the organisation of the site or external parties may have access to the data. More specifically, the following may have access:
– internal staff and collaborators of the Data Controller, in their capacity as designated/person in charge and/or data processors;
– third-parties who perform outsourcing activities on behalf of the Controller, such as external parties who provide instrumental or support services, such as system administrators, IT companies, accountants, lawyers, marketing communication or social management agencies (i.e. for the provision of a specific service requested by the User or for the performance of security or site optimisation checks or for business management in relation to the activity requested).

Without the need for express consent, data may be disclosed by the Data Controller to Supervisory Bodies, Public Bodies, Control Authorities, Police Forces and Judicial Authorities, as well as to all those subjects to whom disclosure is compulsory by law – even upon request – for the fulfilment of the aforementioned purposes. These subjects will process the data in their capacity as autonomous data controllers.

Transfer of data to non-EU countries

Personal data are managed and stored on servers located within the European Union. Currently, Contract’s server is located in Italy. The data will not be transferred outside the European Union, except in the cases provided for in Article 49 GDPR, i.e. insofar as necessary for the performance of a contract signed between the interested party and the data controller or for the performance of pre-contractual measures taken at the request of the data subject.

Security Measures

Contract has implemented security measures to prevent data loss, illegal or incorrect use and unauthorised access. The site management software is updated and checked for viruses or hazardous items.

Rights of Interested Parties

Please submit your request to get more information.