WEBSITE’S PRIVACY STATEMENT
IMPORTANT: if a user’s age is below 18, it is mandatory that a parent or guardian of his reads and approves this statement before the user can visit the website and use its services.
- Data subjects’ rights
- Browsing data
- Data processing after a request for contact
- Processing related to the service of business information for the italian territory
Some definitions from the EU Regulation 2016/679
(decides why, how and by whom the data will be processed)
After visiting this website and using its services, information concerning an identified or identifiable natural person may be processed.
Besides browsing data, for example, data may be collected when:
- Other services are used through platforms
- A contact is requested
The controller (being the subject which determines the purposes and means of the processing of personal data and holds the responsibility to process the data or to have someone else process them correctly) is
INSIDE-INTELLIGENCE & SECURITY INVESTIGATIONS SA
Via Serafino Balestra, 27 – 6900 LUGANO (Svizzera), in this document referred to as “INSIDE”.
The controller for the data processing related to the services on the Italian Territory is INSIDE S.r.l. – Via Monte di Pietà, 21 – 20121 MILANO – Which appointed a Processor (RPD-DPO) who may be contacted at the email address [email protected]
Personal data are processed by INSIDE – INTELLIGENCE & SECURITY INVESTIGATIONS SA according to the Swiss federal law on data protection (https://www.admin.ch/opc/it/classified-compilation/19920153/index.html) and, for data subjects that may be in the EU territory, according to the EU Regulation 2016/679 (https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=celex%3A32016R0679).
DATA SUBJECTS’ RIGHTS
As for the processing mentioned in this document, data subjects (website users) have the right:
- To Request the Controller to access the personal data, to correct or delete them, or to limit the processing of data about them or to object to their processing
- If the processing is carried out by automated (computer-based) means, and after their consent, to receive their personal data in a format that is structured, of common use and readable by an automatic device, and/or to obtain direct transmission to another controller, if that is technically possible.
- To revoke their consent at any moment (without this nullifying the lawfulness of the consent-based processing before the revocation). This obviously applies to a processing carried out on the base of the prerequisite.
- To file a complaint to an authority responsible for the territory; for Italy: Garante per la protezione dei dati personali – Piazza di Monte Citorio n. 121 00186 ROMA – fax: (+39) 06.69677.3785 – Phone: (+39) 06.696771 – email: [email protected] – certified email: [email protected];
Requests shall be presented to INSIDE – INTELLIGENCE & SECURITY INVESTIGATIONS SA using the contact module in the website, or by writing to the email address [email protected], taking into account the fact that it will not be possible to reply to requests that do not allow for the certain identification of the requesting subject, especially if such requests are made by phone.
BROWSING DATA – data processed in relation to the browsing of the website
Computer systems and software procedures necessary for the functioning of this website acquire, throughout their ordinary activity, some personal data whose transmission is part of the use of the Internet Communication Protocols.
This information is not collected in order to be associated with identified subjects, but, for its nature, it might – after processing and comparison with data held by third parties-enable to identify the users.
This category of data includes, for example, IP addresses, or domain names of computers operated by users that browse the website, Uniform Resource Identifiers (URI) of elements requested, the request time, the method used to submit a request to the server, the dimension of files received as a reply, the numeric code showing the response from the server (successful, error et cetera) and other parameters about the operating system and the user’s computer environment, such as the type and version of the browser used, type and versions of plug-ins, mobile identification code (IDFA or AndroidID) and other parameters related to your operating system and the computer environment. These data, without any specific consent to use for other purposes, are only meant to be used in order to obtain statistic information about the browsing of the website, and to verify its correct functioning.
The data may be used to ensure responsibilities in case of potential cybercrimes against the site, and, only in this case, specific procedures may be activated in order to identify the author.
The legal basis of the processing of these data consists on the legitimate interest of the Controller, that is the protection of data security, the good functioning of the website, and the improving of the service standards.
METHODS AND BODIES IN CHARGE OF THE PROCESSING
Personal data are processed through automated systems for the time necessary to reach the scope for which they are collected. Processing related to the web services in this website are taken care of by personnel appointed by the Controller or by third parties, if responsible according to Article 28 of the EU Regulation 2016/679, that carry out the technical administration and maintenance of the website and related systems. Specific security measures are respected to prevent data loss, Illegal or incorrect use of them, as well as unauthorized access.
No data originating from the web service is released
Personal data provided by users that request information material (answers to questions et cetera) are used with the sole purpose of providing the service requested and are communicated to third parties only when this is necessary.
DATA VOLUNTARILY PROVIDED BY THE USER
Except what is specified about browsing data, the user is free to provide personal data requested during the navigation in order to request information material or other communications. If he does not provide the information requested, the information requested may not be delivered.
When the user browses a part of the website that request the collection of personal information, a link to this document will be presented to him/her and, if necessary, his consent will be requested too.
Optional, clear and voluntary sending of email to the addresses provided in this websites implies the acquisition of the sender’s email address, in order to fulfill his/her requests, and the acquisition of other personal data within the email message that, except specific needs that shall be communicated, will be stored for the time necessary to fulfill the requests.
Below is specific information concerning the website’s pages that provide particular on-demand requests or through which further personal data may be acquired.
DATA PROCESSING AFTER A REQUEST FOR CONTACT
Personal data spontaneously provided by the user through the contact form or through the email addresses made available on the website:
- Are processed by mostly automated tools in order to:
- Ensure a clear and timely response, and satisfy the requests of the user (legal basis for the processing: legitimate interest and subject’s consent in case of “special” personal data ).
- Comply with obligations deriving from laws, norms and regulations from the European Community, and with decisions from the judicial authorities (legal basis for the processing: coincident with the purpose)
- Post and email addresses and phone numbers provided may be used to send communications or information about special offers about products and services provided by the Controller, obviously after the user’s consent. He will however maintain the right to object to this processing at any time (legal basis for the processing: legitimate interest of the controller in the promotion of its product/services and user’s consent).
- The data may be forwarded or made available to:
- Bodies that can access them according to laws, norms and regulations from the European Community, within the limit of the laws themselves.
- Other related companies (parent-subsidiary) for purposes of administration/accounting in order to fulfill the user’s requests.
- Other bodies providing services for purposes related to the fulfilling of the user’s requests, within the limits of the information strictly necessary to carry out their duties – business partners, whose collaboration is necessary in order to provide the services requested. These will operate as autonomous controllers and in compliance with their privacy statements that they shall make available.
- Personal data may be transferred to bodies out of the European Economic Space, towards the country where the subject is located exclusively if necessary to fulfill his requests and in compliance with the regulation to be applied in the specific case.
In the forms, the fields whose filling is optional are marked. In the absence of the other information, it will not be possible to fulfill the user’s requests.
If, upon contact request, the subject communicates specific categories of data such as those identified by art. 9 comma 1 of the EU Regulation 2016/679 (such as: data revealing race or ethnicity, political opinions, religious or philosophical beliefs, membership to unions, genetic data, biometric data that may identify a natural person, data about a subject’s health, sexual life or sexual orientation ), then a specific consent may be requested for them to be processed. Without such consent, it could be impossible to fulfill the user’s requests, since such information, without explicit consent, may be processed only to defend a right in a court, or in order to verify the presence of a right to be defended in a court.
The data, except specific needs communicated by the subject, will be stored for the time necessary to fulfill the subject’s requests and to comply with the law.
If the subject has a contract with the Controller, the data will be stored for the duration of the contract, if they are related to the contract itself. At the end of the contract, the storage will continue only if the law provides this and in compliance with the norms on the storage of administrative papers.
PROCESSING RELATED TO THE SERVICE OF BUSINESS INFORMATION FOR THE ITALIAN TERRITORY
INSIDE S.A. provides a business information service to third parties (clients) through the portal at the address https://intelligenceinside.com. Clients may request this service for needs connected to the protection of their rights/interests and/or the establishing or management of business/contract relationships or for purposes of due-diligence.
A similar service is provided on the Italian Territory by INSIDE S.r.l. – Via Monte di Pietà, 21 – 20121 MILANO – as Controller and, under certain circumstances, as a Processor according to the art. 28 of the EU Regulation 2016/679, appointed by the client, already known to the subject due to the existing relations between the two (see statements above).
As stated above, INSIDE S.r.l. appointed a Processor (RPD-DPO)that may be contacted at the address [email protected]
The BUSINESS INFORMATION SERVICE consists on carrying out, on behalf of clients, activities of collection, analysis, evaluation, processing and communication of information derived from publicly available sources, form sources accessible by anyone or directly accessed by the subject, such as to provide a service of further information to third parties. It can be carried out only by people having a license issued by a Prefecture according to article 134 of R.D. n. 773/1931.
This Privacy Statement is published according to the CODICE DI CONDOTTA PER IL TRATTAMENTO DEI DATI PERSONALI IN MATERIA DI INFORMAZIONI COMMERCIALI (Deliberazione del 12 giugno 2019, n. 127) whose text can be found at this link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9119868 which, on article 5 comma 3, states that suppliers with a yearly revenue related to business information lower than 300 000 euros can provide this statement only through a communication on their website.
CATEGORIES OF SUBJECTS TO WHOM THIS STATEMENT IS ADDRESSED
- Any natural person about whom we are requested to provide business information
- Bodies having a legal and/or economic relation with the natural person about whom we are requested to provide business information (*)
- Bodies having a legal and/or economic relation with the juridical person or association or body about which we are requested to provide business information (*)
(*) It should be assumed that a legal and/or economic relation between two or more bodies exists when one or more of the following situations occurs (art. 3 of the above-mentioned Codice di Condotta to which one may refer for further details:)
- The subject’s participation in a company through ownership or control (direct or indirect) of shares, or right to vote, equal or greater than the level stated in article 8, below.
- His/her ability to exercise significant power in the administration, direction, management and control in a company, due to his/her role in it.
WHAT DATA ARE PROCESSED
- Data regarding the capital, economic and financial aspects, credit, industrial and productivity-related aspects, excluding the special data categories listed in article 9, paragraph 1 of the EU Regulation 2016/679, that is “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited”
- Data regarding criminal convictions and crime, derived from publicly available sources.
- Data regarding criminal convictions and crime released during the six months prior to the receiving of the service request from the client, without the possibility to modify the content of such information-except updates if necessary- nor to use them in order to express evaluations.
- Evaluations and judgments, even expressed in terms of probability and prediction, expressed as a consequence of analysis and statistic processing or evaluation by specialized analysts, even on the basis of a classification by category or pre-determined groups or overall analysis of data collected.
- Further information necessary to verify solvency or trustworthiness (usually considering other companies or bodies with which the subject had or is currently having any relation) such as the so-called payment behavior, the amount of credit or debt, when requirements about information and consent acquisition (when necessary) were met.
ORIGIN OF THE DATA
In order to provide the service, the following data will be processed:
- Data provided by the client: name, address, phone number, e-mail, information on the kind of business relation existing or to be established et cetera;
- Data/documents that may be directly provided by the subject during contacts occurred with INSIDE;
- Data from publicly available sources, that is public records, lists, acts or documents accessible by anyone according to the laws in force, including as an examples, but not as limitation:
- Company Register, financial statements, lists of owners, chamber of commerce certificates or papers, actions or facts related to bankruptcy or other insolvency procedures, or the computer-based register of protests at Chambers of Commerce and the related consortium company InfoCamere;
- Real estate actions, prejudicial matters and cadastral acts (such as mortgage registrations or deletions, foreclosure registrations or deletions, injunctions, court records, and related annotations) form the registers of the Agenzia delle Entrate (among which real estate records and the Cadastral Office), of the Pubblico registro automobilistico and of the Population Register.
- Data from publicly available sources that may be accessed by anyone, among which, as example but not exclusively, daily newspapers, news organizations, telephone books and related online services, websites.
- Third parties when this is possible and in compliance with the law in force.
WHY THE DATA ARE PROCESSED (purpose of the process)
The processing has the purposes listed below; for each of those, the “legal basis”making them possible is specified between square brackets [the “legal basis” are the conditions of lawfulness stated by the the EU Regulation 2016/679 at articles 6 and 9 , in other words, the lawful categories of purposes]:
- Providing services of business intelligence to our client, so that he will be able to evaluate a subject from an economic and business standpoint; in some cases, the client may request the information as lists of subjects (listed by sector or categories), for an eventual us for purposes of marketing, trade and advertisement, with the client still having to comply with the obligations concerning information and consent acquisition from the subject for the processing thet the client will carry out. [legal basis: legal-contractual compliance, art. 6 c.1 lett. b-c-].
- Fulfilling potential requests from the subject [legal basis: legitimate interest of the subject corresponding with the object of the request, art. 6 c.1 lett. f-].
- Producing evaluations and judgments, even expressed in terms of probability and prediction, even on the basis of a classification by category or pre-determined groups, made available by business databases administrators (scoring and/or rating from external subjects) [legal basis: legal-contractual compliance, art. 6 c.1 lett. b-c-].
- Defending or exercising a right of the client, of INSIDE, or of third parties. [legal basis: legitimate interest of the subject corresponding with the object of the request, art. 6 c.1 lett. f- , at.9 c.2 lett f].
WHY THE DATA MAY BE PROCESSED (legal basis for the processing)
The data may be processed:
- as they are contained in publicly available sources or made public by the the subject him/herself (art. 9, c.2, lett. -e), EU Regulation 2016/679);
- as they are necessary to enable the defense of a legitimate interest by the Controller, such as monitoring, fraud prevention, security and trustworthiness of the services provided, security and correctness of business relations and economic and financial activities between these and the subject, as well as the protection of the related rights, (art. 6, c. 1, lett. -f, EU Regulation 2016/679);
- for the data that may be acquired directly from the subject, with his/her consent (art. 6, c.1, lett. –a, EU Regulation 2016/679)
HOW AND BY WHOM THE DATA MAY BE PROCESSED (the way in which the data may be processed)
When it comes to the above-mentioned purposes, the processing may occur via paper and computer-based instruments and will include – in full compliance with the above-mentioned CODICE DI CONDOTTA – all the operations or series of operations necessary to the processing, including communications mentioned at point 8.
More specifically, the information:
- May be collected manually and electronically, both directly and indirectly, from public bodies or private suppliers (providing a business intelligence service themselves), both in Italy and abroad, based on specific agreements with these and, however, in compliance with the ways and limits to access, use and make public acts and the data they contain, as determined by the law in force.
- May be integrated and used to write reports or dossiers according to the kind of service requested by the client.
The data may be processed on behalf of the Controller, but only by bodies specifically authorized and trained, or by companies/advisors, named Processors according to art. 28, EU Regulation 2016/679, that need to access the data for carrying out services necessary to the processing activities addressed in this document (for example administration or maintenance of computer systems, local partners et cetera) always and only within the limits of what is strictly necessary in order to carry out the necessary tasks.
HOW LONG THE DATA IS STORED
The data may be stored for the time in which they are accessible and published on publicly available sources, in order to facilitate the fulfillment of the service and with the obligation to update them. With the exception of stricter limits specifically provided by the law in force, data from public sources and regarding negative events may be stored complying with the following time limits:
- Information regarding bankruptcy or proceedings for a time limit not greater than 10 years from when the bankruptcy procedure started; after this time, the above mentioned data may be further used by the supplier only if in the presence of information regarding a more recent bankruptcy or a new proceeding activated on account of the subject researched or of another connected body, in which case, the processing can continue for a maximum of 10 years from the respective starts.
- Information regarding prejudicial deeds or negative cadastral records (mortgages and foreclosures) for a time limit not greater than 10 years from the date when they were copied, except deletion before such limit , in which case, a note attesting the deletion will be stored for two years.
With regard to what is stated above, INSIDE did not create its own database of business information; as a consequence, after the client will have received the information requested, except specific requirements, INSIDE will not store the information beyond the time necessary to prove the correctness of its work.
TO WHOM THE DATA MAY BE COMMUNICATED (“recipients”)
Personal data will not be released but, upon specific request, will only be sent or made available to:
- the client, being a public or private body in Italy or abroad, requesting a business information service to the supplier;
- bodies that may access the data as provided by the law, by regulation or law from the European Community, within the limits provided by these laws
- other bodies having business relations with INSIDE, which need to access some data for purposes connected to the providing of the business intelligence service, such as local partners or advisors
- other suppliers of business intelligence or private investigation companies, requiring access to such data for the above-mentioned purposes, even upon request from third parties.
Transmitting the data to other countries
As mentioned above, personal data will be transmitted to bodies that may be located outside the European Union, in particular to the country or countries:
- Where the clients are located
- Where the subject is located
The transmission will always be carried out in full compliance with the law, and may be done exclusively when the legal requirements mentioned above are met.
WHEN COMMUNICATING THE DATA IS MANDATORY
The communication of the data that might be requested by INSIDE directly to the subject is, obviously, optional.
Without such data, INSIDE might not be able to complete the information report in the best way, with a clear disadvantage to all parties.
Some definitions from the EU Regulation 2016/679
Personal Data: any information relating to an identified or identifiable natural person
“special” Personal data, REQUIRING A HIGHER DEGREE OF PROTECTION AND PARTICULAR ATTENTION are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (art. 9 EU Regulation 2016/679)
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data subject: a natural person to whom personal data refer
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor (appointed according to art. 28 of the EU Regulation 2016/679) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Legal basis of the processing: the legal principle according to which the personal data processing mentioned above can be carried out, usually corresponding to the declared purpose.
European Economic Area (EEA): EU member states, Norway, Iceland, Liechtenstein.