Privacy Policy Notice

At Extrared, we care about your privacy. In compliance with current regulations, here is everything you need to know about how your data is managed.

Information for site users and customers of the company Extrared s.r.l.

This notice is addressed to all those who interact with Extrared s.r.l.

This page describes how personal data of users who browse and subscribe to the services on our previously described websites is processed, as well as those who interact via web, email, or other telematic tools with our organization.

1) Identity of the Data Controller.

Data Controller: the company Extrared s.r.l., with its registered office in Pontedera (PI), Via Salvo D’Acquisto 40/P; pec: extraredsrl@legalmail.it, hereinafter also referred to as “The Company.”

The company that develops and manages the website, qualified and designated as the Data Processing Manager, is Extrared s.r.l., headquartered in Pontedera (PI), Via Salvo D’Acquisto 40/P

The list of all data processors is available at the company headquarters.

Extrared s.r.l. acts on its own behalf and on behalf of other companies controlled by and/or affiliated with Extrared s.r.l.

The processing is always based on principles of lawfulness and fairness in compliance with all current regulations, and appropriate security measures are adopted to protect the data.

2) Purpose of Processing.

A) Personal data we collect through telematic/phone services

  1. Personal data for newsletter subscriptions, where we request simple contact details (name, surname, phone, email, and requested service) via forms on various pages of our website, subject to consent;
  2. Personal and contact data for event registrations organized by Extrared s.r.l., collected via forms on our website or external specialized sites linked automatically for form completion;
  3. Personal contact data for information on our activities and services through contact forms on the website or the integrated site chat;
  4. Personal data obtained through information requests sent via email to various addresses with the @extrared.it domain suffix (e.g., info@extrared.it, jobs@extrared.it, etc.), or to the PEC address;
  5. Personal data obtained from calls made by potential customers seeking information or clarifications about products/services offered by Extrared s.r.l.

These data may be used, with explicit consent, for sending newsletters, commercial information, advertising material, direct sales purposes, market research, or interactive commercial communication.

All data are minimized to those contained in the forms available in the relevant sections of the website.

B) Personal data we collect for providing our services

  1. Personal data for the creation and execution of the contractual relationship and for compliance with related legal obligations (Art. 6 letter b GDPR) obtained during commercial negotiations with the customer and during the provision of services.

These data may be used, with explicit consent, for sending newsletters, commercial information, advertising material, direct sales purposes, market research, or interactive commercial communication.

Providing data is necessary to achieve the stated purposes, and failure to provide data would prevent the establishment of the contractual relationship. Moreover, consent is not required by law for the processing related to these purposes.

C) Personal data from CURRICULA management.

Extrared s.r.l. reserves the right to evaluate curricula received either spontaneously or following job postings for potential candidacies.

Applicants are kindly requested to adhere to the following rules when submitting curricula in electronic format:

  1. comply with the European format when drafting their curriculum;
  2. submit the curriculum in PDF format;
  3. avoid including sensitive data (e.g., health status, religious, philosophical, or political beliefs) that are irrelevant to the job offer;
  4. give consent for processing sensitive data relevant to establishing a working relationship (e.g., belonging to protected categories).

Extrared s.r.l. will provide appropriate information to candidates during any interviews.

Data processing related to curricula management will include activities strictly related to evaluation, recruitment, or selection for collaboration, fixed-term or permanent employment, internships, or theses.

D) Data voluntarily provided through EMAIL submission.

The optional, explicit, and voluntary sending of emails to various addresses with the @extrared.it domain suffix (e.g., info@extrared.it, jobs@extrared.it, etc.), or to PEC addresses, involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.

E) Visitor Profiles:

During visits to our offices, events, conferences, meetings, private parties, or events organized by third parties where we participate as sponsors or guests, we will record event details, the date, the number of guests, and the personal and contact information (email and phone) of speakers, participants, visitors, and organizers.
Specifically, during events, photo/video recordings may be made for promotional purposes through our official social channels (e.g., Facebook, X, LinkedIn, Instagram) and the company’s blog and website. Images and videos will be considered free of charge, with no claims for future use, and will not be used in contexts that could harm personal dignity or decency. Explicit consent will be requested for photo/video use.

F) Information we collect from third parties

For event organization or in specific cases where beneficiaries are offered entry packages or service subscriptions, we collect personal and contact data (email) from third parties. Beneficiaries are guaranteed the right to deletion.

Similarly, we may collect personal data from social media services based on your settings on such platforms. These may be added to our records and shared with others as outlined in this notice.

G) Browsing Data

The IT systems and software procedures responsible for the website’s functionality collect certain personal data as part of their operation, implicitly transmitted via internet communication protocols. These data are not collected to identify users, but they could, through processing and association with data held by third parties, identify users.

This category of data includes IP addresses, domain names of the computers used by users, URI (Uniform Resource Identifier) addresses of requested resources, request times, methods used to submit requests, response file sizes, numeric status codes (e.g., success, error), and other parameters related to the user’s operating system and IT environment.

These data are used exclusively to obtain anonymous statistical information on website usage, verify its proper functioning, and are deleted immediately after processing (see our cookie policy). They could also be used to ascertain responsibility in the event of cybercrimes against the website.

3) Processing Methods

Your personal data is processed as specified in Art. 4 No. 2 GDPR, including collection, recording, organization, storage, consultation, elaboration, alteration, selection, extraction, comparison, usage, interconnection, blocking, communication, deletion, and destruction of data. Data is processed in both paper and electronic/automated formats, ensuring logical, physical, and confidentiality security.

4) Nature of Personal Data

The processing includes your personal, common data related to the activities specified above. Any particular, sensitive, or health-related data will be minimized, only collected, used, and stored when necessary and relevant to the purpose, with informed consent.

5) Mandatory or Optional Data Provision.

Except for browsing data, users are free to provide personal data. Failure to provide data prevents access to certain services, such as newsletters, reserved site areas, premium content, or contractual relationships. Voluntary newsletter registration via data entry implies explicit consent to data processing per this notice (explicit acceptance will still be requested).

Users may refuse to provide browsing data by disabling cookies as per the separate cookie policy. Disabling cookies may affect website functionality.

6) Scope of Communication and Data Dissemination

The data transmitted to any of the companies within the Extra Group is processed by all companies of the Extra Group. The Extra Group processes the data exclusively through officially authorized personnel trained in confidentiality and personal data security.

We disclose your data to third parties only in the following circumstances:

  1. During events, the participant list, containing only the name, surname, and company name (excluding other contact details such as email or phone numbers), is communicated to the main sponsor for our legitimate interest in ensuring proper and profitable funding of activities and their commercial success, also in the interest of the participants. The same information may be published on our website and through other tools and communication channels (e.g., non-exhaustive examples include magazines, both print and online, press releases, news agencies, etc.).
  2. Upon order of a public authority.

Each of these disclosures of information to third parties will only be made under conditions of confidentiality, ensuring that the information is used solely for the purposes for which it was disclosed.

7) Data Processing Location and Transfer of Personal Data to a Third Country

The management and storage of personal data will take place on servers located within the European Union, and the data will not be transferred outside the European Union.

In certain situations, when users are redirected to external sites to perform specific services (e.g., for non-exhaustive examples, event registration or accessing the social media channels of the Extra Group companies linked from the website), registration occurs on external servers, and each of these services has its own policies, which may deviate from what is stated here and may transfer data outside the European Union.

8) Methods and Duration of Personal Data Retention

The data controller will process personal data:

  1. For the entire duration of subscription services and newsletter registration;
  2. For 10 years for accounting documentation retention purposes in accordance with Article 2220 of the Civil Code;
  3. For 10 years for marketing purposes, unless consent is revoked and newsletters are canceled.

9) Data Subject's Right of Access (Article 15 GDPR EU 679/2016)

The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, if so, to access the personal data and the following information:

  1. The purposes of the processing;
  2. The categories of personal data concerned;
  3. The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular if they are recipients in third countries or international organizations;
  4. The period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. The existence of the data subject's right to request from the data controller rectification or erasure of personal data, or restriction of processing of personal data concerning them, or to object to such processing;
  6. The right to lodge a complaint with a supervisory authority;
  7. The existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

10) Withdrawal of Consent

Pursuant to Article 6 of GDPR 679/16, the data subject may withdraw their consent at any time.

11) Other Rights of the Data Subjects

With reference to the following articles of GDPR 679/2016: Article 16 "Right to Rectification," Article 17 "Right to Erasure," Article 18 "Right to Restriction of Processing," Article 20 "Right to Data Portability," Article 21 "Right to Object to Automated Decision-Making," the data subject may exercise their rights by:

  1. Sending a registered letter with return receipt to the data controller at the following address: Extrared s.r.l., Via Salvo D’Acquisto 40/P – 56025 Pontedera – PI;
  2. Or by sending a certified email (PEC) to: extraredsrl@legalmail.it.

Any personal data breaches, pursuant to Article 33 "Notification of a Personal Data Breach to the Supervisory Authority," can be reported to the email address: privacy@extrared.it.

Requests for data processing information can also be sent to the above-mentioned DPO at their email address dpo@extrared.it, as required by the GDPR.

12) Filing Complaints

The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.

13) Automated Decision-Making

The data controller does not carry out any processing involving automated decision-making, including profiling, that could have a significant impact on the rights and prerogatives of the data subjects. The only automated process conducted involves filtering the information we provide to make it more relevant to the interests of the visitor to our website.

14) Information Not Included in This Policy

Further information regarding the processing of personal data may be requested from the data controller at any time using the contact details provided.

15) Changes to This Privacy Policy

The data controller reserves the right to make changes to this privacy policy at any time by notifying users on this page. Please check this page often, referring to the date of the last modification at the bottom. If the changes to this privacy policy are not accepted, the user is required to cease using this application and may request the data controller to remove their personal data. Unless otherwise specified.

16) Minors' Privacy

Our website is directed at a general audience and does not offer services aimed at children. If we discover that a minor has provided us with personal data without parental or guardian authorization, we will immediately delete such information.

17) External Links

If pages of this website or sections of our applications contain links to other sites, they are not bound by this Privacy Policy. We recommend carefully reading the privacy policy available on those external sites and reviewing their procedures for collecting, using, and disclosing personal information.

18) Defense in Legal Proceedings

The user’s personal data may be used by the data controller for defense in legal proceedings or in preparatory stages leading to possible litigation, due to misuse of the site or related services by the user. This includes cases of legal citations, court orders, or other legal actions, for the purpose of establishing or exercising the rights granted to us by law, defending ourselves against potential legal actions, or for other legal purposes. The user acknowledges that the data controller may be required to disclose personal data at the request of public authorities.

19) Legal References

This privacy policy is drafted in compliance with the obligations of GDPR 679/16, Article 10, Directive 95/46/EC, as well as Directive 2009/136/EC regarding cookies.

Last updated: 20/01/2025