Privacy Policy

Privacy Policy

With this notice, SmartWorkLab (hereinafter also the “Data Controller” or the “Company”), represented by its current legal representative at Ulica Rzeszowska 18 – 39-200 Dębica – Poland-REGON 62657120, outlines the procedures for acquiring user data visiting the website (here in after the “Site”) in accordance with national regulations and Articles 13 and 14 of EU Regulation no. 2016/679.

1. Data Controller, Subject, and Location of Processing

This notice is provided in accordance with current national and international laws to those navigating the Site, regardless of the methods and tools used. Following authorization for processing, the Data Controller will process the transmitted data in accordance with the Regulation and current national regulations, including any measures of the Supervisory Authority (i.e. the Data Protection Authority) if applicable. The data of the data subjects may be transferred to a country other than the one in which the data subject is located. For more information about the location of the processing, the data subject can always contact the Data Controller using the references in points 10 and 12 of this Notice.

2. Processing and Use Methods and Purposes

2.1. Data of data subjects are collected to update users on products marketed by the Data Controller. The data is collected and stored exclusively for the aforementioned purposes, both through the official website and through third-party platforms (Youtube, Facebook, Twitter, etc.). The data may be communicated to employees and trusted collaborators of the Data Controller present nationally or internationally. Acceptance of this notice legitimizes the data controller to communicate or disclose the collected data to third parties.

In any case, personal data is not communicated to third parties or disclosed without the prior consent of the data subject, except in cases expressly indicated by national regulations.

2.2. Any new and different data processing will be activated only after notifying users and data subjects of a new notice to obtain their specific consent, if required.

2.3. The Data Controller adopts all appropriate security measures, both organizational and technological, to prevent unauthorized access, modification, disclosure, or unauthorized destruction of data.

The processing is carried out with organizational methods related to the purposes indicated and agreed upon with the Data Protection Officer (DPO) if present, or with the data processing manager.

Detailed information on the purposes of processing and the data collected for each purpose can always be obtained by contacting the Data Controller at the references indicated in points 10 and 12 of this Notice.

2.3. Privacy protocols and standards used by the Company for the protection of personal data are based on the following principles:

2.3.1. Responsibility in Processing and Use

Data processing is managed over time by individuals identified within the company organization. In some specific cases, in addition to the Data Controller, other subjects involved in the organization of the Site (e.g., administrative, commercial, system administrators, hosting providers) may have access to the data. In any case, the data subject can always request an updated list of data processors from the Data Controller.

2.3.2. Transparency in Processing and Use

Data is collected and processed according to the principles expressed in this notice. Before acquiring and/or providing data, the data subject has the opportunity to consult the privacy notice and decide whether to give consent to their acquisition and storage. Consent is required and can also be implicitly given when data is acquired through automated procedures (technical or profiling cookies). In any case, the data subject can always request the concrete legal basis for each processing, specifying, in particular, whether it is based on law, on a contract, or necessary for the conclusion of a contract.

2.3.3. Relevance in Collection

Data is collected and processed in lawful and fair ways. They are recorded only for specific, explicit, and legitimate purposes identified in paragraph 2 of this document and not exceeding the specified purposes.

2.3.4. Verifiability Principle

The collected data is updated, organized, and stored in a way that gives all data subjects the opportunity to know which data has been collected and recorded, control its quality, and request any corrections, integrations, or deletions for violations of the law or to exercise all rights as per Article 9 of this notice, through the methods provided in Article 10.

2.3.5. Security Principle and Measures Adopted

  • Data collected and processed are protected to prevent unauthorized disclosure or alteration through technical and/or computer security measures designed to minimize the risks of unauthorized destruction, loss (even accidental), or access by unauthorized parties.
  • These measures are periodically reviewed and updated based on technical progress, the nature of the data, and the specific characteristics of the processing.
  • Third parties that perform any type of support activity for the provision of services by the Company, in relation to which they carry out processing operations of personal data, are designated data controllers and are required to comply with the security and confidentiality measures of the processing.
  • The acquired information may be disclosed to the following third parties: employees and collaborators managing activities related to the processing purposes, personnel responsible for site/farm/cloud maintenance.

3. Types of Data and Processing Methods

3.1. Among the data collected through the web domain and third-party platforms (Youtube, Twitter, Facebook, etc.), there may be: name, surname, phone number, purchase preferences, date of birth, email, connection IP, and any other information communicated directly by users using the links on the web page to get in touch with the company.

In general, the data can be:

  • a) Data voluntarily provided by users: Data collected and processed on the Site are necessary for the provision of services. Therefore, if consent is not given for the use of provided data (e.g., email, landline or mobile phone), they will not be used for advertising, direct sales, or interactive commercial communication purposes.
  • In case of voluntary email submission to the Data Controller’s addresses, the Controller will acquire the sender’s email references and any other information contained in the message. This data will be used to be contacted and to facilitate the execution of any requested services.
  • b) Browsing data: The automated procedures of the Site acquire some data, the transmission of which is implicit in the use of Internet communication protocols. Although this information is not intended to be associated with identified users, by their nature, if associated with other data held by third parties (e.g., internet service providers), they could allow the identification of users (e.g., IP addresses, domain names of the PCs used by users connecting to the Site, URL addresses of the requested resources, time of the request, numerical code related to the status of the response given by the server).
  • This data is used for statistical purposes to verify traffic on the Site and its correct functioning.
  • The Controller, or the designated managers, keep the record of the connections made for a limited period to comply with any requests from the judiciary, authorized to request it in the phase of ascertaining responsibility in case of computer crimes.

4. Cookie Policy

4.1. The Site uses cookies. Cookies are code snippets installed inside a browser that assist the Data Controller in providing services based on the described purposes. The possible use of cookies, unless otherwise specified, simply aims to provide the requested service to users, ensuring the usability of the website and enabling navigation between different pages. Some purposes of installing temporary markers may, however, require the consent of users. For informational purposes, the main categories of cookies are:

  • a) Technical and aggregate statistical cookies: Technical cookies have the function of allowing activities strictly related to the operation of a web space. Technical cookies used by the Data Controller can be divided into the following subcategories:
    • Navigation cookies, which allow saving users’ browsing preferences and optimizing the browsing experience.
    • Analytics cookies, which acquire statistical information about users’ browsing methods. This information is processed in an aggregated and anonymous form.
    • Functionality cookies – also third-party cookies, which activate specific functions of the Site and are necessary for the provision of services. These cookies do not require the prior consent of users for their installation and use.

Other types of cookies or third-party tools that may use them: Some of the services listed below may not require the consent of users and may be managed directly by the Data Controller, without the need for third-party subjects. If third-party services are present among these tools, they may perform tracking activities of users, even without the knowledge of the Data Controller. Specifically, the cookies used by the Data Controller are: navigation, analytics, functionality.

Control of cookie installation: In addition to what is indicated in this notice, interested parties can manage their cookie preferences through their browser, preventing, for example, the installation by third parties. Disabling all cookies may compromise the functioning of the Site. You can find information on how to manage cookies in your browser in the dedicated privacy policy sections of Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Windows Explorer.

The Data Controller informs that the User can use tools such as Your Online Choices (, through which it is possible to manage the tracking preferences of most advertising tools.

The Data Controller strongly recommends to users of the Site to use this resource in addition to the information provided in this notice.

For any other technical information related to cookies, in addition to what is indicated in this notice, please refer to:

5. Data Storage Methods

Data, including navigation data, will be stored, in compliance with GDPR, for the sole time necessary to fulfill the purposes of this notice, i.e., 2 years when processing is for marketing and/or promotional initiatives, and 10 years for other purposes.

6. Access to Data

6.1. Data processed by the Controller may be accessible to employees and collaborators of the same, as internal agents and/or responsible for internal processing and/or information systems. Access to data by these subjects will only occur if processing is necessary for the performance of their duties, performing only the operations necessary for the performance of these duties.

6.2. The Controller protects user information against unauthorized access, unlawful processing, accidental loss, destruction, damage, and retains the information for the period strictly necessary to achieve the purposes for which the data was collected.

7. Data Communication

7.1. Without the need for express consent under Article 6 letters b) and c) GDPR, the Controller may communicate data at the request of supervisory bodies (such as IVASS) or judicial authorities, as well as to those subjects to whom communication is mandatory by law to fulfill legal obligations or to assert or defend a right in court. These subjects will process the data as autonomous data controllers. Data will not be disclosed unless the requested service requires it.

7.2. If necessary, in relation to specific services or products requested, the Data may also be communicated to third parties acting as independent data controllers, performing functions strictly connected and instrumental to the provision of services, as without such communication, these services and products could not be provided.

7.3. Beyond the above, the Data Controller does not transfer personal data to third countries outside the EU or international organizations.


8.1. Personal data is stored by the Data Controller on a secure internet domain.


9.1. The data subject has the rights under Art. 15 GDPR, specifically the right to obtain:

  • confirmation of the existence of personal data concerning them, even if not yet recorded, and their communication in an intelligible form;
  • indication: a) of the origin of personal data; b) of the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic tools; d) of the identification details of the data controller, data processors, and the designated representative under Art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representatives in the territory of the State, data processors, or authorized persons;
  • the update, rectification, or, when interested, integration of data;
  • the erasure, anonymization, or blocking of data processed in violation of the law, including data that does not need to be retained for the purposes for which it was collected or subsequently processed;
  • certification that the operations referred to in points a) and b) have been made known, including their content, to those to whom the data has been communicated or disclosed, except where compliance with this is impossible or involves the use of means manifestly disproportionate to the protected right;
  • to object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/or traditional marketing methods by phone and/or postal mail. It is noted that the data subject’s right to object, as mentioned in the preceding point b) for direct marketing purposes through automated means, extends to traditional means, and the data subject still has the possibility to exercise the right to object only in part. Therefore, the data subject can decide to receive communications only through traditional methods or only automated communications or none of the two types of communication. It is noted that data subjects always have the right to object to the processing of their Data for direct marketing purposes, without the need to provide any justification.

If applicable, they also have the rights under Art. 15-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the supervisory authority.

9.2. Where permitted by law, the user may have the right to obtain a copy of the Data in our possession.

9.3. Before responding to any specific request, optional information such as:

  • identity verification;
  • additional details necessary to better respond to the request, may be required from the User.

9.4. The Data Controller will provide individual responses within an appropriate time frame and, in any case, within the time frame required by law. If the User wishes to exercise this right, they must contact us using the contact details provided in Articles 11 and 13 of this Policy.

10. EXERCISE OF RIGHTS PROCEDURE Users and data subjects can exercise the rights provided by EU Regulation 2016/679 at any time and free of charge by sending alternatively:

  • a registered letter with return receipt to the registered office in Milan, Via Benigno Crespi, 19 (20159).
  • a communication by email to the email address:

11. DATA CONTROLLER, DATA PROCESSOR, AND AUTHORIZED PERSONS The data controller is SmartWorkLab, with current headquarters at Ulica Rzeszowska 18 – 39-200 Dębica – Poland-REGON 62657120. The updated list of data processors and those authorized to process the data is kept at the operational headquarters and can be obtained through a specific request made in the manner indicated above.

12. CONTACTS Processing carried out through the website takes place at the operational headquarters of the Data Controller, indicated on the Site, or in any other location where the parties involved in the processing are located. For further information, the Data Controller can always be contacted. Any comments, questions, or requests regarding the use made by the Data Controller of User information should be sent to the email address: Pursuant to Art. 11 of this privacy policy, the Data may be processed by subjects appointed as both internal and external controllers, as well as by persons authorized to process the data responsible for managing the requested service and will be communicated or disclosed to third parties within the limits and for the purposes specified in the information.

13. FUTURE CHANGES TO THE PRIVACY POLICY The possible entry into force of new sector regulations, as well as the constant examination and updating of services to users, could lead to the need to change these methods. It is therefore possible that the privacy policy may undergo further changes over time, and we invite Data Subjects to periodically consult the specific section of the Site relating to the privacy policy. For this purpose, the information includes the update date at the bottom. It is specified that if the changes affect processing for which the legal basis is the data subject’s consent, the Data Controller will collect their consent again, where necessary.

14. REDIRECT TO THIRD-PARTY SITES The Site contains redirection plug-ins to other platforms or social networks (Youtube, Facebook, Linkedin, etc.). These plug-ins are provided for the convenience of Users and to facilitate the interconnection between different pages, also promoting the advertising of products marketed by the Data Controller. The Data Controller has no control over sites other than the one through which it promotes its own activity and their accessibility to the public. For this reason, the Data Controller will not be held responsible for data collected, disseminated, and processed by these sites and invites Users to read their respective privacy policies.

Shopping cart0
There are no products in the cart!
Continue shopping
Open chat
Do you need help?
How can I help you?