Privacy Policy
This privacy notice is provided pursuant to Article 13 of EU Regulation 2016/679 (the “Regulation”) and is addressed to those who visit the website www.cdcsrl.it (the “Site”).
In accordance with the principles of the Regulation, the processing of the user’s personal data is based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, confidentiality, as well as the accountability principle outlined in Article 5 of the Regulation.
This privacy notice does not apply to the processing carried out by the controllers of websites or platforms to which the Site may link. Please refer to the privacy policy provided by the respective controllers for information regarding the processing of personal data carried out by them.
Data Controller
The Data Controller is CDC Srl, with its registered office at Corso Emanuele Filiberto, 8, 23900 Lecco (LC) – Tax Code/VAT No. IT01479350132 (the “Controller”).
The Controller can be contacted at the following email address: .
Processed Data
Browsing Data
The software responsible for the operation of the Site acquires, during its normal course of operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature, it could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters related to the user’s operating system and computing environment. These data are generally used to obtain anonymous statistical information on the use of the Site to ensure its proper functioning and to identify anomalies and/or misuse. The data may be used to ascertain liability in case of hypothetical cybercrimes against the Site or third parties.
Data Voluntarily Provided, Directly or Indirectly, by the User
Unless otherwise specified in specific notices contained herein, this privacy notice also applies to the processing of data voluntarily entered by the user in communications requesting information and contact.
Purpose of Data Processing
The user’s personal data will be processed for the following purposes.
a) Ensure Usability of the Site: Allow navigation on the Site and manage the Site’s security, and respond to specific requests; the legal basis for this processing is provided by Article 6(1)(b) of the Regulation, as it is instrumental in offering a service to the user or responding to a request from the user.
b) Fulfill Legal Obligations: Comply with any obligations set forth by applicable laws, regulations, or community legislation, or satisfy requests from authorities pursuant to Article 6(1)(c) of the Regulation;
c) Send Emails About the Controller’s Services: Carry out email marketing activities for services similar to those requested, pursuant to Article 130, paragraph 4 of Legislative Decree No. 196/2003 (“Privacy Code”), unless the user explicitly refuses to receive such communications, which they may express at any time;
d) Statistics: For statistical purposes, in such a way that the user’s identity cannot be traced, and therefore it is not subject to privacy regulations.
Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access pursuant to Article 32 of the Regulation.
4. Data Transmission
For the purposes indicated above, personal data may be communicated to the following categories of recipients (the “Recipients”):
– Entities that typically act as data processors pursuant to Article 28 of the Regulation, namely: individuals, companies, or professional firms that provide assistance and consultancy to the Controller;
– Entities appointed to perform technical maintenance activities of the Site and the information system;
– Service providers used by the Controller to achieve the purposes indicated above (e.g., website developers, server hosting providers, mailing list services, electronic communication systems); always in compliance with the principle of data minimization, limiting processing to only the personal data strictly necessary to achieve the specific purpose;
– Entities, bodies, or authorities to which it is mandatory to communicate the user’s personal data by virtue of legal provisions or orders from authorities;
– Persons Authorized by the Controller, pursuant to Article 29 of the Regulation, who have committed to confidentiality or have an adequate legal obligation of confidentiality.
Personal data will not be shared with entities outside the European Economic Area. In the event that it is necessary to transfer personal data to Recipients outside the European Economic Area, the transfer will be carried out in compliance with Articles 44-49 of the Regulation.
5. Data Retention Period
Personal data processed to ensure the usability of the Site will be retained for the time strictly necessary to achieve the aforementioned purposes of ensuring navigation security and to respond to information requests.
Personal data processed to fulfill legal obligations will be retained for the duration specified by the relevant obligation or applicable legal norm.
To send emails about the Controller’s services, the user’s personal data will be processed until the user opposes the processing.
To communicate information related to the company’s activities through other means of communication, the user’s personal data will be processed until the user revokes consent.
In any case, the Controller reserves the right to retain personal data for the period of time provided for and permitted by Italian law to protect its interests (Article 2947(1)(3) of the Italian Civil Code).
6. Rights of the Data Subject
The user has the right at any time, pursuant to Articles 15 to 22 of the Regulation, to revoke the consents given without prejudice to the lawfulness of the processing carried out before the revocation, to obtain confirmation of the existence or non-existence of personal data concerning them and to know its content and origin, verify its accuracy or request its integration or updating, or rectification; to request the deletion of personal data concerning them in the cases provided for by Article 17 of the Regulation; the user has the right to request the restriction of processing in the cases provided for by Article 18 of the Regulation, where technically feasible; to obtain in a structured, commonly used, and machine-readable format the personal data concerning the user, in the cases provided for by Article 20 of the Regulation; as well as to object to their processing in the cases provided for by Articles 21 and 22 of the Regulation.
In any case, the user always has the right to lodge a complaint with the competent supervisory authority (GDPR), pursuant to Article 77 of the Regulation, if they believe that the processing of their personal data is contrary to the applicable law.
The Controller reserves the right to modify or update the content of this privacy policy, in whole or in part, also due to changes in applicable legislation.
The Controller therefore encourages the user to regularly visit this section to read the updated version of the privacy policy.