Privacy policy

Privacy policy of

Informative report on the protection of personal data in compliance with art. 13-14 of the GDPR Regulation (UE) 2016/679 (General Data Protection Regulation) and relevant implementing provisions

1. Data controller

The Data Controller of the processing of personal data acquired through this website is Ideabiella Srl Contact details: Via Torino 56 – 13900 Biella –

2. Data processing

Please be informed that:
• all personal data are processed fairly, lawfully and transparently, in compliance with the general principles laid down in the GDPR Regulation and the Privacy Code;
• personal data are collected and processed exclusively for the purposes specified in this informative report;
• the objective is to collect, process and use the lowest possible number of data;
• when collecting personal data, we make sure they are as accurate and updated as possible;
• if the acquired personal data are no longer necessary for the purposes for which they have been collected or we are not obliged to their retention by law, we will do everything to erase, destroy or anonymize them;
• specific safety measures are in place in order to prevent data loss, illegal or improper use and unauthorized access;
• personal data shall not be shared with, sold, or made available to subjects other than those specified in this Informative Report.

3. Collected data, purposes and legal basis of the processing

3.a. Law and contractual obligations– data processing necessary to fulfil a legal or contractual obligation to which the data controller is subject, or to perform a specific request of the data subject.
The information systems and software procedures, used to operate this website, acquire during normal operation certain personal data, whose transmission is implied in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users who connect to the website, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, time of the request, method used to submit the request to the server, size of the file obtained in reply, numerical code indicating the status of the response from server (successful delivery, error, etc.) and other parameters relative to the operative system and the user’s IT environment.
Personal data can be processed without the data subject’s consent to comply with the obligations arising from laws, regulations, codes or procedures approved  by the competent Authorities and Institutions.
Personal data shall also be processed for the purposes connected with the provision of services by the Company during website navigation, namely:

  • provision of the services requested by the user when browsing the website, including data collection, retention and processing for the purposes of the establishment and operating and technical management;
  • management of relations with the authorities and public institutions to fulfil specific requests, legal obligations or special procedures.
    These data – whose supply is necessary for the operative service performance – will be processed also with the aid of electronic instruments, recorded in appropriate data banks and used exclusively in relation to the Website navigation.
    ​Since the aforementioned data are necessary for maintaining and providing all the services connected with the Website navigation, failing to communicate them will make the supply of such services impossible.

b. Defence of a right before a court
Personal data shall also be processed anytime there is the necessity to  establish, exercise or defend a legal claim of the Data Controller or of companies or other entities related to the Controller before a court.
c. Legitimate interest of the Data Controller
The Data Controller shall be entitled to process the personal data without the data subject’s consent, in the following cases:

  • extraordinary transactions of merger, sale or transfer of business branch, to carry out all the operations necessary to the transfer due diligence and preliminary activities. It is understood that  only the strictly necessary data will be processed for the above mentioned purposes, by aggregating/rendering them anonymous so far as possible;
  • data analysis and verification, mostly in anonymous and aggregate  form, in connection with the Controller’s activities and their communication to entities related to the Controller at trade fairs;
  • anonymous and aggregate analysis of the use of the services provided to identify users’ habits and preferences, to improve the services supplied and to satisfy users’ specific requirements, for the purpose of implementing activities for improving the services offered.

4. Retention period of personal data

The personal data shall be kept for a period of time not exceeding the period necessary for the purposes for which data have been collected and processed in compliance with legal obligations.

5. Cookies

The use of session cookies (not persistent) is limited to the strict minimum necessary for a safe and efficient browsing of websites. The storing of session cookies in users’ terminal equipment or browsers is under the user’s control, whereas on the servers at the end of HTTP sessions, cookies information remain recorded in the services’ logs, for the relevant retention times.

6. Nature of data processing

Since the aforementioned data are necessary for maintaining and providing all the services connected with the Website navigation, failing to communicate them will make the supply of such services impossible.

7. Categories of recipients of the personal data

All collected and processed data can be disclosed only for the purposes specified above and only to the following categories of recipients: persons who, due to specific contractual obligations can manage the website and persons (employees and/or collaborators of the Data Controller) who have been expressly authorized to the personal data processing.

8. Data subject’s rights

In terms of the (GDPR) European Regulation 679/2016 and national legislation, and within the limits and in accordance with the procedures provided for by the applicable law, a data subject has the right:
to obtain confirmation as to whether or not personal data concerning him exist (right to access);
to be informed of the source of the personal data;
to obtain communication in intelligible form;
to be informed of the logic, methods and purposes of the processing;
to obtain updating, rectification, integration, erasure, anonymization, blocking of data that have been processed unlawfully, including those data whose retention is no longer necessary for the purposes for which they have been collected;
where there is the expressed consent to personal data, to obtain from the Data Controller his personal data in a structured form readable by a data processor and in a format commonly used by electronic devices;
the right to bring a compliant before a Supervisory Authority.
The rights referred to above may be exercised by making a request via e-mail to the Data Controller.

9. Updating

This Informative Report may be subject to periodic revision, also in consideration of the reference legislation and case law. Any significant changes thereto shall be adequately reported in the website homepage for a reasonable period of time. In any case, the data subject is invited to regularly consult this Informative Report.