You are here: Home / Privacy notice

Privacy notice

Web Privacy Policy

This Web site is owned and managed by Carbofin S.p.A., Via D’Annunzio 2 - Genoa, acting as the personal data Controller.
This Information statement:

  • describes the site management procedures associated with personal data processing and is issued pursuant to Art. 13 of L.D. 196/2003 (Personal data processing code) to whomever interacts with our Web services;
  • only applies to this site and not to any other Web sites visited by the user by clicking on a link.

1. Data processing place
The data associated with the Web services of this site are processed at the Controller's premises and are taken care of by specifically appointed technicians.
Any other staff members occasionally entrusted with maintenance operations are bound to confidentiality by a written agreement.

2. Data collection
Data may be collected through the site:

  • by explicit request, when the user visits the site; data may include name, address, phone number, e-mail address, etc.

This information is prompted for when accessing the reserved area, asking for information on a service, filling in forms, etc.
Should the user visit a section of the site requiring the acquisition of personal data, an explicit prompt is displayed and the user is asked to give his consent.

  • through the acquisition, during normal operation, of some personal data whose transmission is inherent in the use of the Internet communication protocols.

This information is not collected to be associated with any identified persons, but due to its very nature, through processing and association with data owned by third parties, it might allow users to be identified. No personal user data are acquired by the site for this purpose.

3. Cookies
Detailed information on cookies and on their usage within this site can be found in our "Cookie Policy".

4. Log Files
The Log Files are archives automatically recording traffic data, that is the tasks performed by the users connecting to our site online. Besides being necessary for administrative purposes (e.g. for invoicing, in case of services provided for a fee), this information is kept for no more than 6 months (as provided for by art. 132 of the Privacy Code, as subsequently amended and integrated), for unlawful act investigation and suppression purposes.

5. Information sent by the person involved on his own free will
The voluntary sending of e-mails to the addresses specified on this site, even through the available services, necessarily results in the disclosure of the sender's address and of any other personal data included in the message. This information shall exclusively be used to provide the requested service. Should data be used for other purposes, for any reason whatsoever, we'll take all the required measures according to the intended use and in compliance with the regulations in force (information statement and, if necessary, request for the consent of the person involved).

6. Connection to other sites
The site contains links to third-party sites. When the user clicks on these links he enters an environment that is outside the control of our organisation, that is not responsible for the contents the user might have access to, nor for the relevant privacy procedures.
This information statement doesn't extend to the privacy procedures implemented by the linked sites. We recommend that you carefully review the procedures followed by each visited site: other sites may independently send cookies to their users, collect data or request personal information.

7. Nature of the processed data
Besides the data mentioned above, necessary to ensure the supply of the requested services and to fulfil the associated  obligations, the following data types are also collected:

  • e-mail address data;
  • traffic data not strictly necessary for service provision (log files, user operation monitoring).  never collects any data that might be regarded as sensitive (art. 4 paragraph d – L.D. 196/03) or of a judicial nature (art. 4 paragraph e – L.D. 196/03). Should the user voluntarily disclose any such data in connection with a service request, we are going to delete them, unless they are accompanied by the relevant consent to their processing.

8. Processing purpose
The term "processing purpose" indicates the reason why data are collected. Depending on the purpose in question, in some cases we need to obtain the consent of the person involved before we can proceed with data collection and processing.
If needed, we'll explicitly ask for this consent, allowing the user to grant it for all data processing tasks or for some of them only.

9. Purposes for which consent is not needed

  • Navigation data. – These data are only used to get anonymous statistics on site usage  and to verify that the site is working properly; they are deleted immediately after processing. Data might be used for investigation purposes in case of computer crimes against the site: except for this case, data on Web contacts are never kept for more than seven days.
  • Personal data voluntarily provided by users  when asking for a service. – These data shall only be used for their intended purpose and as long as needed to provide the requested services; in any case, they shall be disclosed to  third parties only if necessary for this purpose.
  • Traffic data processing. - They don't allow any personal identification and are used on an aggregate, non-individual basis, to analyse user behaviour, in order to understand how visitors use the site and to gauge the interest aroused by the various pages. This allows to enhance the site contents, to streamline their consultation and to customise ads.

10. Purposes for which consent is needed
Processing of data filed inside the terminal equipment of a user for legitimate purposes.
These are data that are required for technical storage, and are used for as long as needed to transmit the communication or to provide a specific service requested by the user himself (cookie). Processing is required to:

  • manage the user services, further enhance and customise the experience of site users (e.g. in case of subscription to a mailing-list, etc...)
  • manage Web browsing through:
  • restricted access areas: to browse the site, users need to register, by entering a username and a password (to ensure that users don't have to enter their username and password whenever they access a new page, we send them a cookie, containing a code that specifies the pages the visitor is authorised to display; the code in question shall then be recognised every time the user visits the site);
  • smart forms: they are Web pages prompting the users to fill in a form every time they are accessed (to avoid repeatedly requesting the same information we resort to a cookie, that stores the data in question on the hard disk of the user; the browser shall then send the cookie to the Web server every time the user accesses the site).

11. Processing procedure
Data are processed automatically, using appropriate tools and procedures to guarantee their safety and confidentiality. Processing may include all the operations or the set of operations required to collect, record, organise, keep, consult, process, modify, select, extract, compare, use, interconnect, lock, delete and destroy the data as provided for by art. 4, paragraph 1, letter a), and necessary for the processing in question, including their communication and disclosure to the parties as specified in the relevant section of this document.

The above data, besides, shall be:
a)   processed legitimately and correctly;
b) collected and recorded for clear, explicit and legitimate purposes , and used in other processing operations under conditions that are not in contrast with the above purposes;
c)   accurate and if necessary updated;
d)  relevant, comprehensive and not exceeding the limits of the purposes for which they are collected or later processed;
e)   kept in such a form as to allow the identification of the person concerned only as long as necessary to achieve the purposes for which they have been collected or processed, as provided for by art. 11 of L.D. 196/03.

Specific safety measures shall be taken to prevent loss of data, illegitimate or improper use and unauthorised access.

12. Personal data safety
All personal data collected on the site are protected against unauthorised access, use or disclosure. Data can only be accessed by specifically appointed staff members, using special authentication credentials, and we have implemented all the safety measures required to protect them against access by unauthorised staff members, both locally and online. All the personal data we receive, in fact, are kept in a safe and controlled environment. To this purpose we have worked out a set of physical, electronic and organisational processes aimed at protecting the collected information, including the use of firewalls/antivirus software and the protection of connections through SSH and HTTPS encryption.

13. Guarantees for users and keeping of traffic data
We pay special attention to the safety of the services we offer, taking care to protect:

  • the integrity of traffic data;
  • the integrity of electronic communications.

These guarantees are not only provided by the above-mentioned procedures, but also by appropriate tools and by continuous system monitoring. Should any high-risk situations arise, besides, all the users, where possible, shall be informed that network safety is at risk. This information shall also be sent to the Watchdog, as provided for by paragraph 3 of art. 32.

14. Guarantees for users and keeping of traffic data
In compliance with articles 124 and 132 of the Privacy Code, traffic data are kept as follows:

- Log file

15. Sharing of information
The personal data collected online are not transferred, sold or leased to any third parties and can be communicated and/or circulated only as specified under "communication and circulation".

16. Mandatory or optional data provision
Except for browsing data, the user is free to decide whether he wishes to provide any data prompted for while browsing our site or not. Should the user fail to provide them  we may be unable to supply the requested services.

17. Communication and circulation
No data from the Web service are communicated or circulated. However we may need to resort to external parties to fulfil our obligations (e.g. other consultants, technicians, etc.); in this case the data in question may also be communicated to these parties, for the sole purpose of fulfilling our obligations. The data in question may also be viewed by processing operators and managers appointed by the Company.

18. Rights of the person concerned
The subjects the personal data refer to have the right, at any time, to get a confirmation of the existence or non-existence of the data in question and to be informed about their content and origin, verify their accuracy or request their integration, update or amendment pursuant to art. 7 of the L.D. 196/03. Pursuant to the same article they have the right to request the deletion, the anonymisation or the freezing of the data processed illegitimately, as well as to object to:

  • the processing of the personal data concerning them, although they are relevant to the purpose of the collection, for any legitimate reasons;
  • the processing of the personal data concerning them for the dispatching of advertising materials , in any case.


19. Changes to the policy
This Privacy Policy regulates the procedures to be followed when processing the personal data provided during site browsing. The possible coming into force of new industry regulations, as well as the constant review and update of user services, might result in the need to modify the procedures in question. As a consequence, our policy might be subject to changes along time; therefore we recommend that our visitors periodically check this page.
20. Data processor

The responsible for the personal data process is the Carbofin  Responsible Person according to L.D. 196/2003 (Personal data processing code).