This Privacy Policy describes how we collect, use, process, and protect your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable national laws.
1. Introduction
This Privacy Policy describes how we collect, use, process, and protect your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable national laws.
Please read this policy carefully to understand our privacy practices. If you do not accept the data processing methods described herein, we ask that you do not use our service.
2. Data Controller
Company Name: Cofactor Group S.r.l.
Registered Office: Corso Italia 22, 20122 Milano (MI), Italy
Office Address: Via Santa Maria Valle 4, 20123 Milano (MI), Italy
P.IVA and Tax ID: 14680680965
Email: [Insert name and contact details if appointed]
Data Protection Officer (DPO): [Insert name and contact details if appointed]
For any questions regarding the processing of your personal data or to exercise your rights, please contact us using the details above.
3. Personal Data Collected
3.1 Data Provided Directly by You
We collect the following data that you provide voluntarily:
- First and last name
- Email address
- Phone number (if provided)
- Personal profile information
- Content you create or share on the platform
- Messages and communications sent through our service
3.2 Data Collected Automatically
While you navigate our site, we automatically collect:
- IP address
- Browser type and operating system
- Pages visited and time spent on each page
- Timestamps of your actions
- Device information
- Navigation and interaction data
3.3 Data Obtained from Third Parties
If you authenticate through Microsoft 365 (OAuth), we collect authorized data from the identity provider, including your name, email, and profile information provided by the Microsoft service.
4. Cookies and Tracking Technologies
4.1 Matomo Analytics
We use Matomo (formerly known as Piwik), an open-source web analytics tool, to understand how users interact with our site. Our Matomo installation is hosted at https://analytics.sinetinformatica.it/.
Data Collected by Matomo:
- Visited page URLs
- IP address (anonymized if configured)
- Referrer (traffic source)
- Screen resolution
- Browser language
- Matomo cookies (session ID and visitor ID)
- Click and scroll data
4.2 Matomo Privacy Configuration
Our Matomo instance is configured with privacy in mind:
- IP anonymization - the last 2 octets of IP addresses are anonymized
- Respect for Do Not Track (DNT) signals from browsers
- Automatic exclusion of logged-in users' data (if configured)
4.3 Technical Cookies
We use technical cookies necessary for:
- Maintaining your authenticated session
- Remembering your preferences
- Improving site security and functionality
- Analyzing platform usage
4.4 Cookie Management
You can control cookies through your browser settings. Disabling analytical cookies (such as Matomo) does not affect site functionality but may limit our ability to improve your experience.
You can also opt out of Matomo tracking by visiting your browser's privacy settings or by using Matomo's opt-out feature.
5. Legal Basis for Processing
We process your data based on the following legal grounds:
- Consent (Art. 6 GDPR, para. 1 lit. a): For analytical and marketing cookies
- Contract Performance (Art. 6 GDPR, para. 1 lit. b): To provide services and manage your account
- Legal Obligation (Art. 6 GDPR, para. 1 lit. c): To comply with tax and security laws
- Legitimate Interest (Art. 6 GDPR, para. 1 lit. f): To improve security and user experience
6. Purposes of Processing
Your personal data is used for the following purposes:
- Providing and maintaining our service
- Authenticating users and managing account access
- Analyzing usage statistics (via Matomo)
- Improving platform quality and security
- Service communications and important notifications
- Detecting and preventing fraudulent or harmful activities
- Responding to legal requests
7. Data Sharing
7.1 Parties with Access to Your Data
Your personal data is accessible to:
- Authorized employees and consultants of our company
- Service providers (hosting, email, analytics) subject to data processing agreements
- Public authorities if required by law
7.2 We Do Not Sell Your Data
We never sell, rent, or exchange your personal data with third parties for marketing purposes without your explicit consent.
7.3 International Data Transfers
Your data is stored and processed within the EU. Any transfers outside the EU comply with EU-approved Standard Contractual Clauses.
8. Data Retention Periods
We retain your personal data for as long as necessary to:
- Account Data: Throughout your registration period plus 30 days after account deletion
- Analytical Data (Matomo): Up to 6 months (configurable)
- Access Logs: Up to 90 days
- Legal Obligation Data: For the period required by applicable law (typically 7 years for tax data)
After the retention period, data is permanently deleted or anonymized.
9. Your GDPR Rights
Under the GDPR, you have the following rights:
9.1 Right of Access (Art. 15)
You have the right to request and obtain a copy of your personal data that we process.
9.2 Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete data.
9.3 Right to Erasure (Art. 17)
You can request deletion of your data in certain circumstances.
9.4 Right to Restrict Processing (Art. 18)
You can request restriction of data processing in specific cases.
9.5 Right to Data Portability (Art. 20)
You can request your data in a structured format and transfer it to another service.
9.6 Right to Object (Art. 21)
You can object to processing of your data for specific purposes, including marketing.
9.7 Right Not to Be Subject to Automated Decision Making (Art. 22)
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
9.8 Exercising Your Rights
To exercise any of these rights, contact us at [Insert name and contact details if appointed] providing:
- A copy of a valid identity document
- A clear description of your request
We will respond within 30 days (extendable to 60 days for complex requests).
10. Data Security
We implement technical and organizational security measures to protect your data:
- SSL/TLS encryption for data transmission
- Encryption of sensitive data at rest
- Limited data access (principle of least privilege)
- Regular backups and disaster recovery
- Security monitoring and regular audits
- Staff training on data protection
However, no system is completely secure. If we discover a data breach, we will notify you promptly in accordance with legal obligations.
11. Children's Privacy
Our service is not intended for children under 16 years of age. We do not knowingly collect data from children below this age. If we discover that we have collected data from a minor, we will delete it promptly. Parents or guardians who believe their child has provided personal data to us can contact us immediately.
12. External Links
Our site may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We recommend reading their privacy policies before providing personal data.
13. Changes to This Privacy Policy
We reserve the right to modify this privacy policy at any time. Material changes will be communicated through:
- Email to registered users
- Prominent notice on our site
- Request for new consent if necessary
Continued use of the service after modifications constitutes acceptance of the updated privacy policy.
14. Contact and Complaints
14.1 Contact Us About Privacy
For any questions or concerns regarding this privacy policy, please contact us at:
Email: [Insert name and contact details if appointed]
14.2 Data Protection Authority
If you believe your GDPR rights have been violated, you have the right to lodge a complaint with the competent data protection authority in your country. For more information on how to contact your data protection authority, visit the European Data Protection Board (EDPB).
Data Protection Authority in Italy: Garante per la Protezione dei Dati Personali