Privacy Policy


0. Background information

This page provides users with information on the policies adopted by Creis Srl, with its registered office at Via Portile 4 – 36061 Bassano del Grappa (VI), regarding the collection, storage, use and, where applicable, dissemination, of all personal information concerning users obtained during the use of the services offered on the website

This privacy policy statement is subject to change and updates. Notice of any such changes or updates will be given in the newsletter, or they will be highlighted in specific sections of the site. It is recommended that you consult this privacy policy statement periodically.

The website is owned and operated solely by Creis Srl.

1. Data Controller 

The data controller is Creis Srl, VAT no. 03382660243, with its registered office at Portile 4 – 36061 Bassano del Grappa (VI) – Italy.

Data Controller’s Contact Point:

2. Types of Data Collected

The Data Controller hereby informs you that, in order to ensure the normal functioning of the site, it will process data that by nature can be defined personal data. “Personal data” means any information concerning a natural person who has been or may be identified, directly or indirectly, by reference to any other information.

The personal data processed through the site is as follows:

a) Browsing Data

During the normal functioning of the site, its information technology systems and software procedures acquire certain personal data, the transmission of which is inherent in the use of Internet communication protocols. Such information is not collected to be associated with identified data subjects, but by its nature it could nonetheless be used to identify users through further processing and association with data held by third parties. This category of data includes the IP addresses or domain names of the computers used by the users who connect to the site, the addresses in URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (success, error, etc.) and other parameters relating to the user’s operating system and information technology environment.

b) Common personal data

The user may be asked to provide common personal data to access certain of the site’s services. This personal data may include, but is not limited to: name, surname, e-mail address, telephone number, etc.

c) Special categories of personal data

Personal data included in the categories set out in Art. 9 of the Regulation (“special data”) may also be provided: “[…] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and […] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.”

d) Cookies

See the Cookie Policy at the following link

3. Purposes of processing

The data that you provide–including personal data and any special data–will be processed for the following purposes:

  1. providing the site’s content and services;
  2. responding to any contact requests received via e-mail or by filling in the specific form available from the “Contacts” page and all other pages of the site;
  3. assessing the projects sent voluntarily by users through the specific section of the site “Upload your project” or in any other manner;
  4. carrying out administrative and accounting activities generally. For the purposes of application of the provisions regarding the protection of personal data, processing carried out for administrative and accounting purposes includes that relating to the performance of organisational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, internal organisational activities, those functional to the fulfilment of contractual and precontractual obligations and informational activity pursue such purposes;
  5. collecting data for statistical purposes to improve the visitor’s experience within the site;
  6. sending promotional or marketing communications by e-mail.

4. Legal basis and obligatory or optional nature of processing

The legal basis of the processing of personal data for the purposes set out in section 3 (a-d) is that indicated in Art. 6(1)(b) of the Regulation, in that processing is necessary to provide the services or respond to the data subject’s requests. The collection of personal data for these purposes is optional, but failure to provide the data will render it impossible to activate the services provided by the site and respond to the user’s requests.

Providing special data (pursuant to Art. 9 of the Regulation) relating to the same purposes is optional and requires the data subject’s express consent.

The legal basis for the purposes set out in section 3(e,f) is Art. 6(1)(a) of the Regulation in that processing requires express, specific consent. Providing the data is entirely optional.

5. Methods of processing

Processing will be carried out in electronic form, and in any case using measures that ensure the utmost security, by specifically trained and engaged parties.

Data collected for the purposes set out in sec. 3(a-d) will be stored for the time strictly necessary to discharge the purposes in question, whereas for specific promotional and marketing purposes, the storage period is 24 months.

For information regarding purpose 3(e), see the specific cookie policy statement

Further information regarding the data storage period and criteria used to determine this period may be requested by contacting the data controller using the contact details indicated in point 3 of this policy statement.

6. Persons with access to personal data

The data subject’s personal data may be disclosed, for the purposes set out in section 3, to:

  1. parties that acting as data supervisors, i.e.: parties with which it is necessary to interact for the provision of services (e.g., hosting providers), or parties tasked with performing technical maintenance activities;
  2. parties, entities or authorities to which it is mandatory to disclose personal data by virtue or laws or orders of authorities;

In reference to the provisions of point a) of this section, please be advised that you may consult the updated list of Data Supervisors at the Data Controller’s offices, or request a copy of the list from the contact points indicated in section 1 of this document.

7. Transfers of personal data

The Data Subject’s personal data may be transferred outside the European Union. The Data Controller certifies that such transfers of data outside the EU will be based on an adequacy decision, the Standard Contractual Clauses approved by the European Commission or another appropriate legal basis that nonetheless ensures compliance with the Regulation.

8. Rights of data subjects

The data subject may at any time request from the Data Controller access to his or her Personal Data or the rectification or erasure of said Data, or object to their processing; he or she may request the limitation of processing in the cases set out in Art. 18 of the Regulation, as well as obtain the data concerning him or her in a structured, commonly used, machine-readable format, in the cases set out in Art. 20 of the Regulation.

For the exercise of the rights set out above, or for any questions or clarification regarding this privacy policy, the contact information provided in section 1 of this policy statement may be used.

Creis Srl will provide an adequate response within a period of no more than one month. In particularly complex cases, the term for a response, pursuant to the Regulation, may be three months. In any case, the data controller will inform the data subject within one month of the request, including to give notice of rejection in the cases specifically envisaged by the applicable legislation.

9. Rights to file a complaint with the supervisory authority 

Furthermore, pursuant to Art. 77 of Reg. (EU) 679/2016, if the data subject believes that his or her rights have been infringed upon, he or she may have recourse to the personal data protection authority and the ordinary judicial authority.

10. Language

Any translations of this document into languages other than Italian are provided for informational purposes only. In the event of discrepancies, the Italian version of this document is the only legally valid and binding version.