Privacy Policy -

PRIVACY POLICY CERTIBLOK PLATFORM

1. DATA CONTROLLER AND CONTACT INFORMATION

This privacy policy is provided by CERTIBLOK S.R.L. (Tax Code and VAT No. IT02633560228 – PEC certiblok@legalmail.it – email info@certiblok.com), headquartered in Trento (TN), Piazza della Libertà, 14.

2. PERSONAL DATA AND PURPOSES OF PROCESSING

2.1 In accordance with the provisions of Regulation (EU) 2016/679, Legislative Decree 196/2003 (as amended by Legislative Decree 101/2018), rulings and guidelines from the Data Protection Authority, and in general, data privacy regulations, this online service processes navigation and platform usage data (as well as any other information derived from cookies and similar tools). Additionally, purchasing the service and registering for the reserved area involves the processing of user identification data (first and last name), encrypted passwords, contact details (email address), and, in relation to purchasing the service, bank details or other payment system-related data (as well as, if applicable, tax identification number, residence address, and phone number).

2.2 The collection of common personal data through the service purchase form (such as first name, last name, email, and possibly PEC, residence, tax ID, bank data, or other payment system details and SDI) may be necessary for the execution of the contract for the purchase of products/services offered on the site, specifically the software platform to which this website refers. This includes payment operations, invoicing, and customer contact (functionally related to contract execution).

2.3 The common personal data entered via the registration form and managed for the use of the reserved area (personal details, contact information, password) are necessary for accessing the platform’s services.

2.4 The offered service includes the ability to store, process, and transmit digital content (text files or other types) uploaded by the user to the platform, communicate with other users, and organize an internal system within the platform using personal data. These data, along with the user’s processing of them through platform functionalities, will be stored using a decentralized cloud system, controlled via smart contracts on blockchain, preventing access to any party other than the user and those with whom they choose to share them. Regarding the use of the service, the Data Controller will only process data concerning the file sizes managed by different users on the platform and user access logs. This processing is essential for providing the service but does not involve handling the content of the files managed by users on the platform. Therefore, since Certiblok S.R.L. does not process the content uploaded by the user, it does not act as a “data processor” and assumes no liability regarding any third-party personal data managed by the user through the platform.

2.5 In any case, the collected personal data may also be processed to comply with legal obligations and to defend the Data Controller or third parties in legal or equivalent proceedings (to the extent strictly necessary for such purposes).

2.6 This online service also uses “cookies” (or similar tools) to collect, store, and process data for providing specific website services, as well as for statistical analysis and personalized marketing. The types of cookies, their characteristics and functions (including whether they are first- or third-party cookies), their expiration periods, and details for their classification/disabling are specified in the Cookie Policy.

3. PROCESSING METHODS AND LEGAL BASES

3.1 Processing may be carried out with or without electronic or automated tools, always in compliance with data protection regulations, particularly Article 32 of Regulation (EU) 2016/679, which mandates the adoption of appropriate technical and organizational security measures. Processing is carried out by appointed and authorized personnel and/or designated data processors, always under the supervision and instructions of the Data Controller.

3.2 The legal bases for processing are:

User consent (Article 6(a) of Regulation (EU) 2016/679) for data collected/managed through registration in the reserved area of this website.
Execution of contractual obligations (Article 6(b) of Regulation (EU) 2016/679) in case of purchasing the paid version of the platform.

3.3 For personal data collected during the purchase of the service, the legal basis for processing is the contract execution with the user (Article 6(b) of Regulation (EU) 2016/679).

3.4 Regarding the file size managed by the user and access logs, processing is based on user consent (Article 6(a) of Regulation (EU) 2016/679) and, for the paid version, contract execution (Article 6(b) of Regulation (EU) 2016/679).

3.5 For legal obligations (such as tax regulations), processing is based on compliance with these obligations (Article 6(c) of Regulation (EU) 2016/679). For defending rights in court, processing is based on the legitimate interest of the Data Controller, public interest, and right of defense (Article 6(e) and Articles 9(f) and 9(g) of Regulation (EU) 2016/679).

3.7 Regarding cookies, processing is based on the legitimate interest of the Data Controller, ensuring compliance with Articles 13 of Regulation (EU) 2016/679 and 122 of Legislative Decree 196/2003 (as specified in the Data Protection Authority’s decision of May 8, 2014).

4. DATA PROVISION

4.1 Providing personal data for purchasing products/services on this website is contractually mandatory and necessary for contract conclusion. Refusal to provide this data, or providing incorrect data, will make it impossible to carry out the mentioned activities.

4.2 For registration in the reserved area, providing data is optional for the free version and contractually mandatory for paid versions. However, processing is necessary for delivering platform services. Refusal to provide this data will prevent the execution of related activities.

5. DATA RETENTION PERIOD

5.1 If processing is based on user consent, data will be retained until consent is withdrawn, or until the service is terminated for any reason. The user may revoke consent at any time.

5.2 For processing based on contractual measures, data will be retained for 10 years from the termination/conclusion of the contractual relationship, except for specific legal obligations.

5.3 Data related to file sizes and access logs will be retained only for the time necessary to provide the service.

5.4 Data collected through cookies will be stored based on the expiration periods indicated in the Cookie Policy, and marketing-related activities will not exceed 12 months.

6. DATA DISCLOSURE AND TRANSFER

6.1 Personal data may be disclosed to consultants, legal professionals, service providers, and public/private entities for legal and contractual compliance. Data will not be disclosed to the public.

7. INTERNATIONAL DATA TRANSFER

The Data Controller uses email, cloud storage, and payment service providers that may involve data transfers outside the European Economic Area (EEA), particularly to the United States. These transfers comply with EU adequacy decisions (Data Privacy Framework) or Standard Contractual Clauses (SCCs) under Article 46 of Regulation (EU) 2016/679.

8. USER RIGHTS

Under Regulation (EU) 2016/679, users have rights including access, rectification, erasure, portability, restriction, and objection to data processing. Users can also file complaints with the Data Protection Authority if they believe their data has been processed unlawfully.

Company

About us
Privacy Policy
Cookie Policy
Terms of use

Plans

Free
PROFESSIONAL
BUSINESS
COMPANY
ENTERPRISE

Functions

Expiration Date
Shares
Audit Room
Versions

Resources

Book a demo
Join us
Blog
FAQ
Area Stampa

Member of