GDPR, Cookie & Privacy Policy

Types of Data collected

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: email address, Cookies, Usage Data, first name, last name and phone number.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Corp Assess. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

The Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application. All Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without any consequences on the availability or the functioning of the service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Any use of Cookies - or of other tracking tools - by this Application or by the owners of third party services used by this Application serves the purpose of providing the service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.

Mode and place of processing the Data

Methods of processing

The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

Definitions

The data protection declaration of Corp Assess is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

• Personal data: Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
• Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
• Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
• Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Place

The Data is processed at the Data Controller's operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.

Retention time

The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.

The use of the collected Data

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Managing contacts and sending messages, Analytics and Contacting the User.

The Personal Data used for each purpose is outlined in the specific sections of this document.

---

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

---

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.

The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System logs) or use for this purpose other Personal Data (such as IP Address).

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

The rights of Users

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
• the existence of the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may at any time contact the Data Controller or the Data Processor or another employee of the controller.

Right to erasure (Right to be forgotten)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
• The personal data have been unlawfully processed.
• The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
• The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by Corp Assess, he or she may at any time contact our Data Protection Officer or another employee of the controller. The Data Protection Officer of Corp Assess or another employee shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The Data Protection Officer of Corp Assess or another employee will arrange the necessary measures in individual cases.

Legal basis for the processing

A GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.

Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Services provided by this website

The use of Data for additional purposes by the Data Controller, or for services for which it is necessary to collaborate with third parties, listed below, may in some cases require the free and specific consent of the User or the Interested Party.

Geolocation (This Website)

This Website may collect, use, and share User location Data in order to provide location-based services. Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, your location Data may be tracked by this Site.

Purpose of the information collected and Services utilized on the website

The purpose of the treatment of the personal information, the personal information collected and any suppliers of third party services involved are mentioned hereinafter.

The services contained in this section, provided by third parties, are used to track User behavior and, in case of profiling, they can require the User's express consent.

What are cookies?

This website uses cookies to collect information. Cookies are small data files which are placed on your computer or other mobile or handheld device (such as smart 'phones' or 'tablets') as you browse this website. They are used to 'remember' when your computer or device accesses this website. The cookies are essential to the effective operation of our website and to enable to you shop with us online. Cookies are also used to tailor the products and services offered and advertised to our customers, both on this website and elsewhere.

Information collected

Some cookies collect information about browsing and purchasing behaviour by people who access this website via the same computer or device. This includes information about pages viewed, products purchased and the customer journey around a website. We do not, however, use cookies to collect or record information on users' name, address or other contact details. Corp Assess is able to use cookies to monitor individual customer browsing and purchasing behaviour but third parties are not able to identify customers using cookies.

Who sets the cookies?

The cookies stored on your computer or other device when you access this website are set by Corp Assess, our suppliers who partner with us to help deliver a high quality website and on-line shopping experience, and other third parties. Some cookies are set by or on behalf of Corp Assess and are necessary to enable customers to a make purchases on our website.

Cookies may also be set by third parties who participate with us in affiliate marketing programmes. None of these third parties collect any personal data from which they would be able to identify individual customers.

What are cookies used for?

The main purposes for which cookies are used are:-

1. For technical purposes essential to effective operation of website, particularly in relation to on-line transactions.
2. To drive marketing, particularly banner advertisements and targeted updates which are explained in more detail elsewhere in the Privacy Policy.
3. To enable Corp Assess to collect information about the browsing and shopping habits and activities of customers, including to monitor the success of campaigns, competitions etc.
4. To enable Corp Assess to meet its contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.

How do I disable cookies?

If you want to disable cookies you need to change your website browser settings to reject cookies. How to do this will depend on the browser you use and we provide further detail below on how to disable cookies for the most popular browsers:-

For Microsoft Internet Explorer:

1. Choose the menu "tools" then "Internet Options"
2 Click on the "privacy" tab
3 Select the setting the appropriate setting

For Mozilla firefox:

1. Choose the menu "tools" then "Options"
2 Click on the icon "privacy"
3 Find the menu "cookie" and select the relevant options

For Opera 6.0 and further:

1. Choose the menu Files > "Preferences"
2 Privacy

What happens if I disable cookies?

This depends on which cookies you disable, but in general the site may not operate properly if cookies are switched off. If you only disable 3rd party cookies you will not be prevented from making purchases on this site. If you disable all cookies you will be unable to complete a purchase on this site.

Personal information

Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.

Browsing Details

Details collected automatically from the site, including the IP addresses or domain names of the computers utilized by the users who connect to the site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of provenance, the features of the browser and the operating system utilized by the visitor, the various time details per visit (for instance the time spent on each page) and the details about the path followed within the site with special reference to the sequence of pages visited, other parameters about the operating system and the user's IT environment.

User

Means the individual user of the Site's services or products

Interested Party

Indicates the subject to which the Personal Data refers, using the services or the products of the site.

Data Processor

The natural person, legal person, public administration or any other organization, association or organization designated by the Data Controller for the Personal Data processing system.

Data Controller

The natural person, legal person, public administration or any other organization, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Site.

Legal information

This privacy statement has been prepared in fulfillment of the obligations under Art. 10 of EC Directive n. 95/46/EC, and under the provisions of Directive 2002/58/EC, as revised by Directive 2009/136/EC, on the subject of cookies.

This privacy statement applies solely to the Site and is not meant to refer to other sites whose links are possibly contained therein.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

Information about this privacy policy

The Data Controller is responsible for this privacy policy, prepared starting from the modules provided by Iubenda and hosted on Iubenda's servers.