Privacy Policy

Read our Privacy and Data Protection Policy

 

This information is provided, in compliance with Articles 13 and 14 of Regulation (EU) 679/2016 (hereinafter: “Regulation” or “GDPR”), to users (hereinafter: “Users” or “User”) of the website www.thinkbright.biz, in desktop tablet and mobile version, (hereinafter: “Site”), owned by Luca Pacitto, Owner of the Processing of Personal Data (hereinafter: “Owner”), with registered office in Milan, and aims to describe the way in which the Site is managed with reference to the processing of personal data, as well as to allow Users to know the purposes and methods of processing of personal data.

The services offered by the Controller are intended for people over the age of 18. Should the Controller become aware of the processing of data of minors under 18 years of age, without valid consent of their parents or legal guardian, it reserves the right to unilaterally discontinue the use of the offered service as well as to delete the acquired data.

The interested party assumes responsibility for third-party data obtained, published or shared and guarantees that he/she has the right to communicate them, releasing the Owner from any liability to third parties.

This information is provided exclusively for the Site and does not concern other sites that can be reached by the User through links that may be present on the Site itself.

Principles applicable to the Processing of Personal Data

The Data Controller, pursuant to and for the purposes of the Regulations, makes known that the aforementioned legislation provides for the protection of individuals with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and fundamental rights.

Object of Processing

Below are specified the User’s data that may be processed by the Data Controller when using the Site.

Personal data is automatically acquired when visiting the Site:

Browsing Data. The Owner automatically collects data about the device (pc, tablet, cell phone or other mobile device) and connection used by the User including, for example, IP address, date and time of access, hardware and software information, event information about the device, crash data.

Site Usage Data. The Owner collects information about how the User has used the Site including, for example, pages and content viewed, searches performed, third-party applications on the Site that are used by the User, and links to third-party sites and applications that the User has clicked on. This data is collected even if the User has not logged in to the account created through the Site or has not created any account.

Personal Data provided directly by the User and Data required for the use of the account created on the Site

Required Data provided for account registration. The Owner collects information required on a mandatory basis for the creation of the User’s account on the Site. These are fields that, where not completed, do not allow you to continue with the account registration.

Mandatory data provided by filling out the “Contact Us Now” form. For the purpose of contact request, the User enters the following data (marked as mandatory through “*”) first name, last name, email. These are fields that, where not filled in, do not allow to continue with the contact request.

Optional data

Non-mandatory data provided for account registration.

Data provided through email inquiries. If the User explicitly and voluntarily requests information via email to the addresses indicated on the Site, the Data Controller acquires the User’s email address, first and last name and any personal data included in the communication.

Non-mandatory data provided by filling out the “Request an Insights Demo” form. Optionally, the User may enter data such as, but not limited to, company, telephone etc. in order to submit a contact request.

Personal data collected via cookies

The Owner uses cookies to collect data about the User’s activity via Site/App and his/her preferences, as well as other technical data about the User.

For more information on the use of cookies, the User can consult the cookie policy at the following link https://www.thinkbright.biz/cookie-policy/

Legal Basis of Processing

Personal data provided by Users are processed for the following purposes:

  1. A) to ensure the proper and secure operation of the Site;
  2. B) to enable Users to take advantage of the services rendered through the Site;
  3. C) to make possible the management and use of the restricted area on the Site;
  4. D) communicate to Users information related to their restricted area;
  5. E) resolve disputes that have arisen with Users;
  6. F) prevent, detect, mitigate, and investigate fraud, security breaches, and potentially prohibited or illegal activities;
  7. G) identify and resolve problems Users encounter in using the Site (e.g., blocked or non-functioning pages), and provide them with a better experience;
  8. H) to provide Users with industry information, news and trivia;
  9. I) marketing purposes.

The legal basis for the processing referred to in (A); (B); (C); (D) must be identified, pursuant to Article 6(1)(b) GDPR, in the fulfillment of contractual obligations and pre-contractual measures.

The legal basis for processing under E) and G) must be identified, pursuant to Art. 6, par.

1, l. f), GDPR in the legitimate interest of the Data Controller.

The processing referred to in (F) is based, pursuant to Art. 6(1)(l)(c) GDPR, on the fulfillment of a legal obligation to which the Data Controller is subject.

The legal basis for the processing under H) and I) must be identified, pursuant to Art. 6, para. 1, l. a) GDPR, in the consent freely given by the User.

Methods of Processing and Retention of Personal Data.

The Data Controller ensures that personal data are processed in full compliance with the Regulations and the laws in force in Italy, through manual, computerized or telematic systems. The processing may also be carried out through automated tools designed to store, manage and transmit the data.

The data collected and processed will be protected with physical and logical methods such as to minimize the risks of unauthorized access, dissemination, loss and destruction of data, pursuant to Articles 25 and 32 of the Regulations.

Data processing will last no longer than necessary to fulfill the purposes for which they were collected, such as storing search criteria, notifying and contacting professionals.

Users who have made a request through the forms on the Site may be contacted by the Data Controller to follow up on the requests made and be made aware of the opportunities offered by the solutions, products, data and services of ThinkBright.biz

Pursuant to Article 7 paragraph 3 of the Regulations, the interested party has the right to obtain at any time the revocation of consent to the processing. For the request of cancellation of their personal data, the interested party may send a request to the email address luca.pacitto@thinkbright.biz.  

If a request for deletion is not received by the Data Controller, the personal data will be kept for a period not exceeding 10 (ten) years, starting from the date of the last access to the Site.

Place of Processing

The data are processed and stored at the operational offices of the Data Controller (on paper and/or electronic media) and in any other place where the parties involved in the processing are located (e.g., on servers located within the European Union).The data subject has the right to obtain information regarding the legal basis for the transfer of data outside the European Union or to an international organization of public international law or constituted by two or more countries, as well as regarding the security measures taken by the Data Controller to protect the data during the transfer.

Should any of the transfers just described take place, the data subject may refer to the respective sections of this document and/or request information from the Data Controller by contacting him/her at the contact details given within this notice.

Recipients of Personal Data

The personal data collected may be processed by individuals or categories of individuals who act, pursuant to Article 28 GDPR, as Data Processors or, pursuant to Article 29 GDPR, authorized to process the data.

Outside of the aforementioned assumptions, personal data will not be disclosed except to parties, entities and Authorities to which disclosure is mandatory by virtue of provisions of law or regulation.

Transfer of Data to a Third Country or International Organization

The personal data collected through the Site may be transferred outside the national territory only and exclusively for the performance of the services requested through the Site, to provide the most appropriate responses to the requests made, to improve the services requested and in compliance with the specific provisions of the GDPR. Any transfer of data also outside the European Union will take place in any case in full compliance with the GDPR and possibly with the so-called Standard Contractual Clauses where necessary.

Rights of the Data Subject

The User has the right to request at any time:

confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, in a concise, transparent, intelligible and easily accessible form, in simple and clear language;

the indication:

(a) the origin of the personal data;

(b) the purposes and methods of processing;

(c) the legitimate interests pursued by the Controller or third parties;

  1. d) of any recipients or categories of recipients of the personal data;

(e) of whether the Controller intends to transfer personal data to a third country or international organization;

(f) the retention period of the personal data;

  1. g) the logic applied, as well as the importance and the expected consequences of such processing for the data subject, in case of processing carried out with the aid of electronic tools as part of an automated collection and/or profiling process;
  2. h) of the identification details of the Data Controller, the Data Processors, the Designated Representative, if any, and the Data Protection Officer (so-called DPO);
  3. i) of the subjects and categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees;

the possibility of lodging a complaint with a supervisory authority;

the updating, rectification or, when interested, the integration of data;

the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;

the restriction of processing;

the portability of personal data concerning him/her to another Data Controller;

revocation of consent to processing. On this point, it should be noted that the revocation of consent to data processing does not affect the lawfulness of the processing carried out until the revocation itself;

opposition, in whole or in part, for legitimate reasons, to the processing of personal data concerning him/her, even if pertinent to the purpose of collection.

To exercise these rights, the data subject maỳ contact the Data Controller at any time with a written request – without formalities – at luca.pacitto@thinkbright.biz

The Controller shall process the User’s requests no later than one month after receipt. In view of the complexity and number of requests received by the Controller, the aforementioned deadline may be extended by two months. In this case, within one month of receipt of the request, the Controller shall inform the User of the extension of the deadline and the reasons for it.

 The Data Controller:

The Data Controller is Luca Pciotti, with registered office in Milan

Email: luca.pacitto@thinkbright.biz

The Data Protection Officer (so-called DPO).

Pursuant to Article 37 GDPR, The Data Controller has appointed a Data Protection Officer who can be reached at the following email address luca.pacitto@thinkbright.biz

Changes

This Policy may be subject to change. If substantial changes are made to the use of data relating to the User by ThinkBright, it will notifỳ the User by posting them as prominently as possible on its pages.

Date last updated: February 26, 2025

Torna in alto