Website Navigation Privacy Policy

(art. 13 Reg. UE 2016/679)

Exelab S.r.l., as the Data Controller, provides this privacy notice to describe the processing of personal data related to the navigation of its website www.exelab.com, in compliance with Article 13 of Regulation (EU) 2016/679 (GDPR).

This privacy notice explains how the website manages the processing of personal data of users who visit and interact with its services. It applies only to this website and not to other websites that may be accessed via external links.

This privacy policy is also based on Recommendation No. 2/2001 issued by the Article 29 Data Protection Working Party on 17 May 2001, which establishes minimum requirements for online personal data collection, particularly regarding:

The nature, timing, and methods of information that data controllers must provide to users when they access web pages, regardless of the purpose of the connection.

The purpose of this privacy policy is to transparently provide information on the data collected by this website and how it is used.

Purpose of Processing

The Data Controller processes personal data for the following purposes:

To manage the website and enable user navigation;
To analyze user interactions and evaluate website usage;
To assess user preferences during website navigation;
To send commercial information—including banners—about services offered;
To ensure proper website maintenance and compliance with applicable legal obligations;
To detect and address any unlawful activities affecting the Data Controller or users.

The legal basis for processing is as follows:

Purpose (a) is based on the legitimate interest of the Data Controller in ensuring the proper management of the website.
Purposes (b), (c), and (d) are based on user consent, explicitly and specifically granted for each type of cookie at the time of website navigation.
Purposes (e) and (f) are based on compliance with legal obligations.

Categories of Personal Data Collected and Processed

The Data Controller collects the following types of personal data:

User identification data, such as IP address and computer domain names;
Information on user activities while browsing the website;
Data related to user preferences and browsing behavior.

The website’s IT systems and software procedures automatically collect certain data during normal operation. This data transmission is inherent in Internet communication protocols. While this data is not collected to identify users, it could be used for this purpose through processing and association with third-party data.

This category of data includes:

IP addresses or domain names of computers accessing the website;
URI (Uniform Resource Identifier) addresses of requested resources;
Request timestamps;
The method used to submit a request to the server;
File sizes of server responses;
Numerical codes indicating server response status (success, error, etc.);
Other parameters related to the user’s operating system and IT environment.

This data is used exclusively to generate anonymous statistical reports on website usage and to monitor the proper functioning of the website. The data is immediately deleted after processing. However, such data may be used to investigate cybercrimes affecting the website.

The Data Controller also uses cookies. For details on cookie usage, please refer to the Cookie Policy.

Users may voluntarily provide personal data for other services (e.g., the contact form). In such cases, specific privacy notices are available in the corresponding data collection forms.

Data Processing Location

The processing of data related to web services occurs on HubSpot, Inc. servers and is carried out exclusively by technical personnel of the hosting company.

No data collected from website navigation is disclosed or publicly shared.

Data Processing Methods

Personal data is processed using electronic tools in compliance with data protection regulations and in accordance with the technical and organizational security measures required under Article 32(1) GDPR, ensuring data integrity, confidentiality, and availability.

Source of Data Collection

The data is collected directly from the data subject.

Categories of Data Recipients

The following parties may have access to users' data:

Employees of the Data Controller, specifically from the administrative and IT departments, who have been authorized and trained for this purpose.
External entities managing the website, who will be designated as Data Processors under Article 28 of the GDPR and will be provided with specific instructions.

In particular, personal data may be communicated to:

The company managing the website.

Data disclosure to these recipients is necessary for fulfilling contractual obligations related to website services.

The Data Controller ensures that it only collaborates with service providers offering adequate data protection guarantees. A list of appointed Data Processors is available at the company and can be reviewed upon request to the Data Controller.

Transfer of Personal Data

Personal data is not transferred outside the European Union or to international organizations.

Data Subject Rights

Under Articles 15-22 GDPR, you have the right to:

Access your personal data;
Rectify inaccurate or incomplete data;
Request erasure of personal data;
Restrict processing in specific cases.

Additionally, you have the right to:

Object to processing if based on the legitimate interest of the Data Controller and you believe your fundamental rights and freedoms are being violated;
Withdraw consent at any time for processing activities requiring it;
Exercise the right to data portability, which allows you to receive your personal data in a structured, commonly used, and machine-readable format.

Data Controller Contact Information

To exercise your rights, you may contact:

Exelab S.r.l,
Via Angelo Poliziano, 43 – 00184 Rome (RM), Italy
Email: privacy@exelab.com
PEC: exelab@pec.it

The Data Controller will respond to your request within the timeframes set by law.