Information provided pursuant to art. 13 of the European Regulation 2016/679 (GDPR).
This information is provided to users of the website www.claritergroup.com (hereinafter: “Site”) and has the purpose of describing the methods of managing the Site with reference to the processing of personal data, as well as allowing to know the purposes and methods of processing personal data by the Joint Data Controllers.
The information and data provided or otherwise acquired as part of the use of the various services on the website www.claritergroup.com will be processed in compliance with the provisions of the GDPR and the confidentiality obligations.
The collection and subsequent processing of such data will be carried out by all the companies of the Clariter group (Joint Controllers) jointly.
Joint controllers of the treatment
IOA Holding S.r.l., parent company of the group of companies (“Clariter Group”) with registered office in Rome (RM), Via Rubicone n.8 – 00198, VAT number n.11479091008, in the person of its pro tempore legal representative (“IOA” or the “Holding”), together with:
- Clariter S.r.l.., with registered office in Via Rubicone n.8 – 00198, VAT number n.11169311005, a company controlled by IOA Holding S.r.l.;
- Clariter Academy S.r.l., with registered office in Via Rubicone n.8 – 00198, VAT number n.16285531006, a company controlled by IOA Holding S.r.l.;
- Grupo Clariter España SL, with registered office in calle Calabria, 149 Entresuelo 1ª, 08015 Barcelona (ES), NIF: ES B06958029 company controlled by IOA Holding S.r.l.;
- Grupo Clariter LDA, with registered office in Campo Grande, nº 28, 5º A/D, 1700-093 Lisboa (PT), NIPC: PT 515187453, a company controlled by IOA Holding S.r.l.;
- Clariter LTD, with registered office in 38 Craven Street, London, WC2N 5NG, England (UK), VAT: GB 189755244, a company controlled by IOA Holding S.r.l.;
are joint controllers of the processing of your personal data (IOA and the Subsidiaries, jointly, the “Joint Controllers” and each of them, respectively, a “Joint Controller”).
The Joint Controllers have concluded a joint controllership agreement pursuant to article 26, GDPR, in order to regulate the mutual roles and responsibilities with reference to the joint controllership of the personal data of active and potential customers and/or their contact persons of the Subsidiaries treated in the context of centralized activities and/or carried out in collaboration between the latter and the Holding (“Agreement”).
It follows that your personal data, possibly provided by you in the context of the commercial relationship between you (or the organization for which you are a contact person) and the Subsidiaries, will automatically be jointly owned with the other Joint Controllers.
The essential content of the Agreement, upon specific request, is available to you at the headquarters of each Joint Controller.
The Joint Controllers can be reached at the addresses listed above and at the following contacts:
firstname.lastname@example.org specifying the company of the group with which you intend to get in touch.
Data Protection Officer
The Joint Controllers have designated the DPO appointed at Group level as their “Data Protection Officer”.
The DPO can be contacted at email@example.com, or by writing to: Data Protection Officer
IOA Holding S.r.l.
Via Rubicone No. 8
00198 – Rome (RM)
Based on the co-ownership agreement pursuant to art. 26 of the Regulation – Joint Controllership Agreement, stipulated between the aforementioned companies, the respective roles and responsibilities regarding compliance with the obligations deriving from these Regulations have been determined. If you wish to know the essential content of the agreement, you can contact the parent company at the address: firstname.lastname@example.org.
The data processing treatments that are carried out will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and conservation, minimization of data, accuracy, integrity, and confidentiality.
By processing of personal data, we mean any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other available form, comparison or interconnection, limitation, cancellation, or destruction.
Definition of personal data and information relating to processing activities
For the purpose of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (“Data”).
In the context of the activities related to the establishment and subsequent management of the contractual relationship with you/with the organization of which you are the contact person, the Joint Controllers collect and process the following categories of Data:
- personal and identification data (e.g., name, surname, tax code, VAT number);
- contact data, such as residence or domicile address, e-mail address, telephone number;
- company/study, sector, working role, function;
- bank details (e.g., IBAN code, credit card number, etc.), other information necessary for payment and/or invoicing purposes (where applicable);
in general, any other information necessary for the establishment and subsequent execution of the contract or for ancillary or functional activities, including those collected in the context of any creditworthiness checks and for fraud prevention.
The provision of data is entirely voluntary; any refusal to provide the indicated information could prevent the Joint Controllers from following up your requests, hindering, depending on the case, the establishment or subsequent management of the contractual relationship with you or with the organization of which you are the contact person.
In any case, the Joint Controllers undertake to ensure that the information collected and used is appropriate for the purposes indicated below, and that this does not lead to an intrusion of your personal sphere.
The personal data being processed
The personal data being processed will consist, for example, of an identifier such as name and surname, e-mail address, physical address, telephone numbers (hereinafter only “Personal Data”).
In particular, the Personal Data specifically processed through the Site are as follows:
- Navigation data
The computer systems and software procedures used to operate the Site during their operation, acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information, through processing and association also with data held by third parties, could allow users to be identified. This category of data includes, for example, the IP addresses or domain names of the computers used to connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc. ) and other parameters relating to the User’s operating system and IT environment. These data are used to obtain statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses.
The data could be used to ascertain responsibility in the event of suspected computer crimes against the Site or third parties.
- Data provided by the interested party
These Data are provided voluntarily by the User when registering on the Site.
- Other data
Data relating to the use of the Site by the User may also be collected, such, as for example the pages visited, the actions performed, for statistical purposes, on the basis of the legitimate interest of the Joint Controllers to verify the functionality and security of the service.
Cookies. For Cookies, please refer to the specific information published. The processing of data through cookies takes place on the basis of the consent given by the users.
Purposes of processing and legal bases
The Joint Controllers inform that collected data of the interested parties will be processed lawfully pursuant to art. 6 of the GDPR, and with specific consent where necessary, exclusively for the following purposes:
- develop studies, research, market statistics and preferences regarding the rendered services;
- exercise and protect the rights and interests of the Joint Controllers, also in court, with reference to the relationship with the interested parties;
- respond to requests for assistance or information received via e-mail;
- respond to requests for assistance or information, received by filling in the appropriate forms;
- trace the authors of any offenses, in case of anomalous behavior by Users (e.g. for the prevention of fraud, the Controller can implement a control system that involves the detection and analysis of user behavior on the site associated with the processing of Personal Data, including the IP address, ascertained through ordinary controls on the Site or at the request of the competent authorities;
- perform the obligations established by laws or regulations;
- provide for all possible accounting and tax obligations;
- send information and/or offers about promotional services relating to own products and initiatives (or of affiliated and/or controlled companies) and of third parties (commercial partners and outsourcers) via newsletters which may be deemed of interest to the User, without this determining the transfer of personal data to third parties;
- check the correct functioning of the IT platforms, installations, infrastructures and information systems.
- to receive and manage orders, provide products and services, process payments;
For the purposes 1. 4. and 5. the legal basis is the execution of the contract of which the interested party is a part or the execution of pre-contractual measures at the same request;
For purposes 2. 3. 6. and 10. the legal basis is the pursuit of the legitimate interest of the Joint Data Controllers; in this case: for the purpose 2. the legitimate interest consists in understanding the use of the Site by the Users; for purposes 3. and 6. the legitimate interest consists in the right to defense of the Joint Controllers; for the purpose 10. the legitimate interest consists in verifying the security and reliability of systems;
For purposes 7. and 8. the legal basis is the legal obligation to which the data controller is subject.
For the purpose 9. the legal basis is the consent of the interested party.
Mandatory or optional nature of data provision
The registration procedure on the Site requires the User to enter the following personal data: e-mail, name, surname, country, province, city, address, house number, zip code, mobile phone number. In some cases, to take advantage of specific services, the tax code and the related administrative and banking data may be requested.
The provision of data and the related processing for the purposes above indicated are strictly functional to registration on the Site and the execution of the services offered by the Site itself.
Consequences of refusing to provide/process data
Any refusal by the User to provide one or more personal data will make it impossible to register and therefore to make full use of the service offered by the Joint Controllers.
Recipients of personal data
The Personal Data that will be provided may be known and used by the collaborators of the Joint Controllers in charge of managing the Site and the requests of the Users, for the sole purpose of carrying out the activities that constitute the reason for which the data were collected.
The Personal Data of the Users may also be communicated to third parties, entrusted with the lawful processing on behalf of the Joint Controllers, in the capacity of Data Processors.
A list of data processors and persons authorized to process it is always available at the headquarters of the Joint Controllers.
The Joint Controllers may make use of third-party suppliers in the fulfillment and delivery phase of the orders placed and to process the related payments (eg: Banks, Stripe). These third-party suppliers will process the personal data necessary for the performance of their activities as independent data controllers.
The Joint Controllers may disclose personal data if required to do so by law or if they believe in good faith that such disclosure is reasonably necessary to:
- comply with legal process;
- apply the terms established by the General Conditions of Use;
- protect the rights, property or safety of Clariter group companies, www.claritergroup.com, its users and the public.
Data processing and sharing
The processing of the user’s personal data is carried out at the offices of the Joint Controllers of the specified treatment.
The Joint Controllers may disclose aggregate statistics on Site visitors, customers and sales for the purpose of describing the services offered to potential partners, advertisers, sponsors and other reputable third parties, and for other legitimate purposes, with the provision that such statistics will not include information that allows the identification of the interested parties.
Your personal data will be shared with authorized data processors in the CRM, e-commerce, Finance and Legal departments of the Joint controllers belonging to the Clariter Group and acting as joint data controllers. Furthermore, such data may be shared with agents or commercial structures or contractors (including payment management companies; sub-contractor companies of the services offered, legal, tax and auditing consultants), who assist the Joint Controllers in providing the services rendered on the Site, processing operations, satisfying requests for information, receiving and sending communications, updating marketing lists, analyzing data, providing assistance services or other activities from time to time.
Your information may be shared with other companies and organizations for identity checks and anti-fraud purposes, to the extent permitted by applicable laws.
The Joint Controllers belonging to the Clariter Group may be required to disclose or share personal information and/or information about you in order to comply with any legal obligations. Disclosure of personal information may be made when necessary to prevent fraud or computer crime or to protect the Site or the rights, property or personal safety of any person.
Recipients of personal data may act as independent data controllers, data processors or authorized processors. The user can contact the Joint Controllers of the specified treatment at any time, using the contact details indicated, also for the purpose of receiving an updated list of data controllers or requesting further information on the recipients of their data.
Personal Data Transfers
Data are processed and stored in the EU. Except for the impossibility of controlling the permanence of the data disseminated on the network or on other resources beyond the control of the Joint Data Controllers, data will be kept for the period strictly necessary to allow the management of the Site, except for those whose conservation is justified by contractual obligations, by law, by the protection of rights or interests.
The information you provide may be transferred to our other locations and/or to named third parties in the circumstances described above (see Data Sharing section), including outside the European Economic Area (EEA), and may be processed by personnel outside the European Economic Area working for such third parties or for us or one of our suppliers. This includes personnel involved in, among others, processing payment details and providing support services. The countries/regions concerned may not have similar data protection laws to the European Economic Area. Where we transfer information about you, we take all reasonable steps to ensure that such data are subject to adequate safeguards,
Personal data security
The specified Joint Controllers give great importance to the security of all information associated with the users of the Site. For this purpose, security measures are taken to protect against the loss, misuse and alteration of any personal data which is in the control of the Joint Controllers belonging to the Clariter Group. For example, security and privacy policies are periodically reviewed and improved as necessary, and only authorized personnel may have access to personal information. While we cannot guarantee that any loss, misuse or alteration of information will never occur, every reasonable effort is made to prevent such events from occurring. About that, it must be considered that the transmission of information over the internet is never completely secure. In fact, it is not possible to guarantee the security of information sent via the Site while it is in transit on the Internet and any sending of the same is done at your own risk. Once the user’s information has been received, strict procedures and security features are implemented by the Joint Controllers to prevent unauthorized access.
For example, the user is advised to close their browser at the end of the user session to prevent other subjects from having access to their personal information where the user uses a shared computer or a computer in a public place.
Retention period and criteria used to determine it
The Joint Data Controllers keep the data and contents:
- for as long as the User maintains an account on the www.claritergroup.com website and for the period of 12 (twelve) months following its cancellation in the event that no purchases have been made. In the event that the user who has canceled has made purchases, the necessary information will be kept in compliance with the obligation to keep the tax documentation, for 10 (ten) years from the last purchase made;
- for the time necessary to protect its rights in the event of a potential violation of the terms or a dispute concerning the contents and/or the User’s account;
- indefinitely, without reference to the User’s personal data;
- for the processing of data relating to the e-mails provided following the subscription to the newsletter.
Rights of the interested party
The subjects to whom the personal data refer, as interested parties, in compliance, within the limits and conditions established by the legislation on the protection of personal data, with regard to the treatments covered by this Information, with regard to the exercise of the rights of the interested parties (Articles 15 to 22 of the GDPR) have the right to ask the Data Controller(s):
- access to their data;
- the verification and rectification of their data;
- the revocation of the consent previously given at any time;
- opposition to the processing of their data;
- the limitation of the treatment;
- the deletion or removal of their personal data;
- the exercise of the right to portability.
The interested party also has the right to lodge a complaint with the competent personal data protection supervisory authority or take legal action, in the event that he believes that the processing that concerns her/him violates the rules of the GDPR, pursuant to art. 77 of the GDPR.
To exercise their rights, Users can send a request to the following email address:email@example.com
It is possible also to contact the Data Protection Officer at the following email address: firstname.lastname@example.org.