This notice is given also pursuant to Article 13 of GDPR EU Regulation EU No. 679/2016 and to Privacy Code as modified by Legislative Decree No. 101/2018. for those who interact with the web services electronically accessible from the website:
This information is applicable solely for the site above and does not apply to other websites which are linked to it.
The Data Controller and Processor
Persons using this website may be subject to the processing of data that identifies them.
The data controller or responsible party for this data processing is Exploit Srl, registered office in via Via Provinciale Valdinievole Nord, 74 Bientina, Pisa.
Data provided in connection with the service provided on this website will be not be communicated unless the interested party has provided the relevant permission.
Personal data subject to processing
a) Information deriving from use of the website (browsing)
IT systems and software integral to the functioning of the site obtain some personal data as part of their normal operation, the use of which is part of internet communication protocols.
This information is not collected in order to identify the user, but due to its nature could identify the user through association with other data stored by third parties.
This category includes IP addresses or the domain data of computers used by individuals to connect to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to carry out the request to the server, the size of the file received in response, the code indicating the response status (success, error, etc.) and other parameters relating to the operating system of the user device.
This data is used only to collect anonymous statistical information and to check that the website is working correctly.
b) Data provided voluntarily by the user
These are personal data provided (such as name, surname, telephone number and email address) voluntarily by the user also through the compilation of forms or requests for information or by interacting with our Bot Platform Facebook Messanger.The optional, explicit and voluntary sending of email to the addresses available on the website allows the recipient to record the email address of the sender (necessary to reply to the email), including any other personal details provided within the message. Information summarising these processes will be shown progressively on the relevant pages of the website for specific, upon-request services.
Based on their type and use, there are various categories of cookies:
Cookies which are strictly necessary. These are cookies which are necessary for the correct functioning of the website and are used to manage the login process and to access any personalised/reserved areas of the website. The lifespan of the cookies is limited to the session – when the browser is closed the cookies are deleted. The public part of the website can be used normally.
Cookies for analysis and performance. These cookies are used to collect and analyse the traffic and usage data of the website anonymously. These cookies provide information without identifying the user, for example, to reveal if the same user connects at different times. They also allow the system to be monitored, and improve performance and usability. Disabling these cookies will not compromise the functionality of the website.
No cookies able to profile users are used on this website.
No cookies for the transmission of personal information are used on this website.
The site uses technical cookies, for both the domain and the user session. Session cookies are used to transmit numerical information generated by the server, necessary for the secure and effective browsing of the website. Session cookies are deleted when the browser is closed and the related data is deleted from the system.
Domain cookies are used:
– To recognise a registered user when they return to the website, without requiring the user to login every time they visit
– To carry out anonymous statistical analysis on visits to pages containing particular items
The cookies used on this website avoid techniques which might compromise the security of user browsing and do not allow for the collection of data which could identify the user.
How can I disable cookies?
The functionality of cookies, and options to limit or block them, can be changed using the settings on your internet browser.
It is also possible to consult the following website (in English) for further information about managing or deleting cookies, depending on the type of browser you use.
To delete cookies from the browser on your smartphone or tablet, refer to the instruction manual of the device.
List of third party cookies on
The following list shows the third party cookies on and their related use. These cookies are the direct and exclusive responsibility of the third party/parties.
Google Analytics: collects and analyses statistical information about access and visits to the website.
Facebook and Twitter: allow users to share content across their respective platforms.
Lawful basis for data processing
In relation to personal data as of letter a) of the present notice, your personal data is processed automatically by the company Exploit S.r.l to permit browsing of the same; in such case, the processing is performed based on legal obligation, as well as on the basis of legitimate interest of the company to guarantee the correct functioning and safety of the website, and therefore it your express consent is not necessary.
In relation to personal data as of letter b) of the present notice, the processing is done with the purpose to provide feedback to your request, that is, to send relevant information, promotional and advertising material of the company Exploit S.r.l via postal service, also e-mail and related obligations. In these cases, except for the exceptions below, your consent is not necessary as the processing is based and has lawful basis in the execution of precontractual services that you requested, namely in the legitimate interest of the company Exploit S.r.l to perform direct marketing. The consent is, therefore, requested (and issued through selection of the appropriate box) exclusively for sending advertising, promotional and information communications via newsletter and WhatsApp. Consent, expressed by responding “I accept” to the welcome message of our Chatbot, is also required to be able to process the personal data of the user of the Facebook Messanger Bot Platform for the purpose of sending advertising, promotional and information communications relating to Exploit S.r.l. Consent for sending the newsletter can also be issued with the procedure c.d. “Double opt-in”, for which, once the form has been filled and the request has been sent, a click is required in the confirmation email sent automatically to the new contact. Failure to give consent does not exclude the possibility to use the main services that are requested.
The personal data collected through the Facebook Messanger Bot Platform are also processed to measure user involvement with the Platform itself (for example, to know how you use our Platform, when you use it and if the conversation is to your liking) and, from this analysis, derive consumption trends and models. This helps Exploit S.r.l to get to know the users of the Platform better and to adapt the Platform to the preferences thus identified by the users. The processing of this data is always based on the user’s consent expressed by responding “I accept” to the welcome message of our Chatbot.
Obligation of provision of personal data
Subject to the specifications made with regards to navigation data, users are free to provide the personal data through the request forms in the website (for example, to request delivery of information materials and other communications). Just as it is free to provide data by interacting with the Facebook Messanger Bot Platform. Failure to provide such data may make it impossible to obtain what is requested, that is, to receive information and advertising material.
The processing of personal data is carried out using automated tools relative to access data of the website pages.
The processing of personal data takes place in full compliance of dispositions to guarantee the safety and confidentiality, as well as, among others, the exactness, the upgrade and the relevance of the personal data with respect to the declared purposes.
The information listed here is processed automatically and collected in an exclusively aggregated form in order to verify the correct functioning of the website, and for security reasons. Such information will be processed according to the legitimate interests of Exploit S.r.l.
As a security measure, the data automatically stored may also include personal data like IP addresses which may be used in accordance to applicable laws, to block attempts to hack the site or other users, or any other harmful or illegal activity. However, such data is never used to identify or profile the user, but exclusively to protect the site and its users. Such information shall be processed based on the legitimate interest of the Data Controller.
The information that users of the website deem to make public through the services and tools rendered available to them, is provided by the user knowingly and voluntarily, exempting this website from all liability regarding any violation of laws. It is up to the user to verify that they have permission to provide the personal data of third parties or content protected by national and international regulations.
Duration of data retention
Without prejudice the navigation data as of letter a) is not retained for more than 30 days, the processing of personal data takes place for the time strictly necessary to obtain the purposes for which the same had been collected, except, in any case, of eventual opposition of the interested party, in accordance to Article 21 paragraph 2 GDPR, for the personal data processing for direct marketing. The personal data processed exclusively on basis for consent shall be stored until revocation of the same consent. Even the personal data acquired and processed through our Facebook Messanger Bot Platform will be kept until the consent is revoked, also manifested through the appropriate unsubscription procedure.
Specific security measures are observed to prevent the loss of data, illicit or incorrect use, and unauthorized access. In addition, the Controller may be obliged to retain Personal Data for a longer period, in accordance with a legal obligation or by order of an authority.
At the end of the storage period Personal Data will be deleted. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to portability of the data may no longer be exercised.
Recipients of personal data
Without prejudice to communication sent to fulfil legal obligations, the data may be disclosed to subject authorized to the processing of subjects involved in the organization (administrative, commercial, marketing, legal, system administrator personnel) or external parties (such as third-party technical service providers, couriers, hosting providers, IT companies) also appointed, if necessary, Person in charge of Processing by the Data Controller.
Personal data are not transferred to non-EU countries or organizations.
Rights of data subjects
The Regulation confers the exercise of specific rights listed below:
to obtain confirmation of whether your personal data is being processed and, if so, obtain access to such data (Article 15, right of access);
the rectification of inaccurate personal data or the integration of incomplete personal data (Article 16, right of rectification);
the cancellation of your data, if there is one of the reasons provided for by the Regulation (Article 17, right to be forgotten); In the case of personal data processed as part of the activity of the Facebook Messanger Bot Platform, the cancellation will be made within 90 days of the relevant request, also made through the unsubscription procedure;
the limitation of the processing when one of the hypotheses provided for by the Regulation (Article 18, limitation right), occurs;
to receive, in a structured format, of common use and readable by an automatic device, the personal data that you have provided to us and where applicable to transmit it to another Data Controller (Article 20, Right to data portability);
objection to personal data processing (Article 21, right to object);
the right not to be subjected to a decision based solely on automated processing, including profiling (Article 22, automated decisional process regarding natural persons);
in case of processing based on consent, the right to unconditionally object the consent with the same modalities with which it was given, without making the processing illegal until that moment.
Exercise of rights
To exercise the rights of personal data processing, you can contact the Data Controller:
Via Provinciale Valdinievole Nord, 74, 56031 Bientina PI
Tel. 0587 714495
Without prejudice to any other administrative and legal action, the interested party has the right to lodge a complaint with the competent supervisory authority.
For more information, see the institutional website of the Italian Data Protection Authority: www.garanteprivacy.it.
Amendments to the Document
The document has been updated on 21/07/2019 to comply with the relevant regulations, and in compliance with EU Regulation No. 2016/679 and the Privacy Code as modified by Legislative Decree No. 101/2018.