Privacy policy

This policy statement describes the methods of website management with respect to the processing of the personal data of users who visit it, together with practices for processing data transmitted by users to the Data Controller through this site.
This statement is made pursuant to Article 13 of Legislative Directive No. 196/2003 – the Code for the Protection of Personal Data – to those who interact with the web services of the company Contactlab, with offices at Via Natale Battaglia 12 – 20127 Milan (Italy), which can be accessed telematically through the web address, the homepage of the Contactlab website.
The statement applies exclusively to the Contactlab website in question and not to other websites which users may access through links.

The “data controller”

Following a visit to or voluntary registration with this website, data, including sensitive data or data that could reveal the health of identified or identifiable persons, may be processed. The “controller” of the data processing is Contactlab, Via Natale Battaglia 12 – 20127 Milan (Italy), email:, Tax and VAT Code: 09480090159.

Persons and entities responsible for processing and places of data processing

Processing connected with the web services of this website takes place at the offices of the Data Controller as indicated above and on the server located at the INET server farm of the BT Italia Group located at Via Darwin 85, 20019 Settimo Milanese (Milan).

Data will be processed by Contactlab using its own personnel in its marketing, commercial, administration, system administration and programming departments, according to objectives to be established on the basis of requests from the persons concerned. For the purposes of server housing, INET S.p.a., with offices at Via Darwin 85, in Settimo Milanese (Milan), has been appointed by Contactlab as the Entity Responsible for Processing. A list of other entities responsible for processing is available from the Data Controller and may be requested by email from:

Method of processing

Personal data is processed, including by automatic and electronic means, for the time necessary to achieve the purposes for which it has been collected.

Specific security measures have been implemented in order to prevent data loss, unlawful or improper use and unauthorized access. These measures include the secure https protocol for some confidential parts of the website and its applications, and protection against unauthorized access to the servers and other processors.

Personal data provided by users who register or request information (reports, newsletters, responses to inquiries and similar) is solely used for the purpose of performing the service, or responding to enquiries, and is forwarded to third parties who are not appointed by the Data Controller as persons or entities responsible for processing (subject to the consent of the person concerned) only in cases where it is necessary for such purposes.

Types of data processed

Surfing data

During normal operation, the computer systems and software procedures used by this website acquire some personal data, the transmission of which is implicit in the use of internet communication protocols.

This is information that is not collected in order to be associated with particular persons, but which by its nature could, through processing and combination with data held by third parties, enable users to be identified.

This category includes: IP addresses and domain names of computers utilized by users to connect to the website, addresses of requested resources in Uniform Resource Identifier (URI) notation, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the state of the response given by the server (successful conclusion, error and similar) and other parameters relating to the user’s operating system and informatics environment.

This data is used solely to obtain anonymous statistical information on the use of the website and to verify that it is functioning correctly (also see the paragraph about Cookies). The data could be used by the appropriate authorities to ascertain responsibility in suspected cases of computer-related crime resulting in damage to the site.

Personal data provided voluntarily by the client may also be processed.


Cookies are text files that are saved on your computer and are read by our remote servers, or the third-party servers that we use as part of our service. The use of permanent cookies or session cookies (that are not stored permanently on the user’s computer and are deleted when the browser is closed) is strictly limited to managing the technical service provision as requested by users, and to the transmission of session identifiers (based on random, server-generated numbers) which are necessary to enable secure and efficient exploration of the site and its applications.

The so-called ‘session cookies’ used on this website avoid the use of other IT techniques that are potentially prejudicial to the confidentiality of a user’s browsing.

Where user consent is provided (and excepting those cookies which are strictly necessary for technical reasons, collecting statistics and data-aggregation purposes) this website makes use of certain systems – cookies and beacons – that analyze user browsing to create visit statistics, or improve the provision of content, and may be used to determine targeted advertising on web pages.

The systems used are IntelligenceFocus and Google Analytics, the latter being a web analysis service provided by Google Inc. (“Google”). Like other systems, Google Analytics uses “cookies”, which are text files that are stored on your computer to enable the website to analyze how users use the site. Information generated by the cookie when your use the website (including your IP address) will be transmitted to and stored by Google servers in the United States. Google will use this information to trace and examine your use of the website, to compile reports on the activities of the website for the website operators, and to provide other services related to the activities of the website and Internet use. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on behalf of Google. Google will not associate your IP address with any other data possessed by Google.

No other use is made of cookies for the transmission of information of a personal nature, nor will other persistent cookies or other user tracing systems be used. Note that you can set your browser software (for example, Firefox, Internet Explorer, Safari, Chrome) so that it will not accept cookies, even technical ones, thereby activating so-called ‘anonymous navigation’. In this way, no information will be processed through these systems.

Social Plug-ins

The “social sharing buttons” found on the site allow the user to make use of social network registrations, such as LinkedIn, to register more quickly for services offered by Contactlab. These social platforms may also save cookies on the user’s computer through our own site (third party cookies) for the purpose of gathering information about the navigation of the user. For further information about how LinkedIn uses cookies and for information about the relevant privacy policy please click here.

Information collected through third party SDK services

Software Development Kits (SDKs) and similar technologies collect information that apps record and/or read on your devices. Usually, these technologies allow their owners to analyze the use of applications, to avoid malfunctions and enhance a user’s experience. Contactlab uses SDKs and similar technologies from third parties, which normally track personal data in the name of, or on behalf of Contactlab as data controllers, to provide the related services. However, in certain instances, it may happen that services provided by Contactlab imply access by third party suppliers to personal data and other pieces of information stored on your device, even for purposes other than simply providing the service.  With reference to any further processing, the third parties act as autonomous data owners, and for this reason, we list links to their privacy policy pages regarding treatment of your data, as well as to those policies which Contactlab has stated, as data controller. If you wish to opt-out those data activities, please refer to the relevant company privacy policies and opt-out procedures.

Web Push Notifications: These notifications are dispatched to users who have subscribed to them, with the aim of informing the users whenever new content is posted on this web site. You can unsubscribe at any time, by clicking the icon that appears at the bottom of each page of the site. This service is provided by the third party supplier OneSignal. Please click here to visit their privacy policy page.

Live Chat: This service allows users to chat in real time with our staff, to ask information or help about the site. This service is provided by the third party supplier Please click here to visit their privacy policy page.

Optional provision of data other than navigation data

Apart from what has been specified with respect to navigation data, users are free to provide the personal data as shown in application/registration forms (in some cases with a separate, specific request for informed consent for any processing that requires it) or in any case, as indicated in contacts with Contactlab that are made to request information, or other communications (such as the management of personal contact requests for quotes, or information about the services offered by Contactlab). The optional, explicit or voluntary sending of email to the addresses included in this site, or through registration or communication forms, involves the subsequent acquisition of the sender’s address, necessary for responses to requests, and of any other personal data contained in the messages. Specific summary information and requests for consent will regularly be posted or displayed on the pages of the site dedicated to particular services (e.g. subscription to newsletters, registration, requests for services). Failure to provide consent could in some cases render the request unobtainable.

In cases where the user registers or subscribes to specific Contactlab services through social network plug-in technologies (for example, LinkedIn), users consent to the communication of profile/account data from said social network to Contactlab, insofar as this is necessary for the management of the registration/subscription to the Contactlab service in question.

Rights of persons concerned

Those to whom the personal data refers have the right at any time to obtain confirmation of the existence or otherwise of such data, to be informed of its content and origin, to verify its accuracy or request that it be supplemented, updated or corrected (Article 7 of Legislative Decree No. 196/2003).

The said Article also provides that those concerned have the right to request that data processed in violation of law be deleted, transformed into an anonymous form or be frozen and in all cases to object to its processing on legitimate grounds.

All requests should be sent to the postal address of the Data Controller or by email to