Privacy policy

Information to Data Subjects – Privacy & Cookie Policy of the Website 

Art. 13 and seq. General Data Protection Regulation no. 2016/679 (“GDPR”)

scope of this privacy & cookie policy


Dear User,
when you access and navigate on this website (hereinafter ‘Website’) some of your personal data is acquired, stored, and managed (in technical terms ‘processed’) through the device you are using, also by analyzing and saving your IP address, browsing data, ‘cookies’ and other online identifiers such as ‘pixels’. 

In light of these processing activities, in compliance with the applicable legislation that requires the protection, confidentiality and security obligations on your data, CLOROFILLA clarifies below the purposes and means defined in its capacity as Data Controller.

Data Controller


Data processing operations will be performed as Data Controller by CLOROFILLA S.r.l., with legal seat in Milan (Italy), via Podgora 12/A, VAT no. IT 05299040963, that can be contacted at the following addresses:


– by writing an e-mail to [email protected];


– by hard mail, at the address of the legal seat as provided above.

Categories of data processed


The categories of data processed through the Website are:

– information related to the User’s browsing activities, including the so-called online identifiers and data related to the device in use;

– personal identification data and contact data (i.e. name, surname, work e-mail address, work telephone number) in case of registration to User’s private account;

– company affiliation, job title,

– other categories of data, in case of further implementation of purposes on the Website.

Purposes, legal basis and data retention periods



Legal basis

Data retention period


User access to the pages of the Website and to its

Performance of pre-contractual and contractual activities

For the duration the user remains on the Website, and in any case for a maximum of 24 months after it.


Feedback to contact requests or information inquiries sent by the user

Exercise of legitimate interest, aimed at maintaining relations with Users of the Website

For a maximum of 10 years from the last interaction between the user and the Data Controller.


Registration, access and use of a User’s personal account, including subsequent interaction with features and tools offered by the Website and the eCommerce platform

Performance of pre-contractual and contractual activities, and (where applicable) fulfilment of a legal obligation

For a maximum of 10 years after the User has requested deletion of his/her personal account.


Analysis of the usage statistics and improvement of the functionality of the Website

User consent and, where applicable, exercise of the legitimate interest of the Data Controller, aimed at improving its services

Until the expiry of the online ID (cookie or other technology as stored), save for User’s requests of cancellation and/or anonymization activities.


User subscription to the newsletter and subsequent management of related communications

User consent

For a maximum of 24 months from the User’s registration, except for consent renewal or cancellation requests.


Access to white papers and other resources offered by the Data Controller jointly with Website’s sponsors

Performance of contractual activities (access to a resource by virtue of personal data sharing)

For a maximum of 10 years from the last interaction between the user and the Data Controller, save for cancellation request.

Other information on how we process personal data


If the User wish to receive further information about the balance between the legitimate interests pursued by the Data Controller and the fundamental rights and freedoms of the natural person, he/she can contact the Data Controller at the addresses indicated, and in particular at the e-mail address provided, having the right to receive adequate feedback as soon as possible and in any case within the time required by law.
In the event of litigation with the User or with third parties, or control of the competent Authorities, the conservation may be extended until the expiry of the last applicable prescription period.
The User’s personal data will not be disseminated in any way, except for the acquisition of express and prior consent or within the limits of what is provided for or imposed by law.

Consequences of failure to provide data


The provision of personal data from time to time indicated as mandatory is necessary to pursue the related purposes: not providing such data makes it impossible to proceed with the related processing.
The provision of other personal data is optional: failure to provide such additional data may make it impossible to access all or part of the Website’s functions or characteristics.

Automated decision-making processes


With the expression “automated decision-making processes” the legislation indicates (art. 22 GDPR) “any form of automated processing of personal data” that it uses to evaluate certain aspects of the person, and in particular “to analyze or predict (…) the professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements” of the user in their capacity as ” Data Subject”. 

The Website does not process any personal data through automated decision-making processes as described above, except where expressly indicated and based on User’s express and informed consent.

Categories of subjects that process data on behalf of the Data Controller


Within the limits of the obligations, tasks or purposes indicated above, personal data may be made available and / or communicated to:

– employees and / or collaborators of the Data Controller;

– other third parties who provide management, maintenance or intervention services on the Site and / or on other tools used by the Data Controller;

– Judicial, administrative and / or public security authorities.

The complete list of Data Processors and other third parties to whom the data are made available and / or communicated can be requested from the Data Controller at any time, at the indicated references.

Transfer of data outside the European Economic Area


Personal data shall be transferred to countries outside the European Economic Area for technical purposes, in any case to subjects based in countries recognized as “adequate” by the European Commission or that have stipulated specific Standard Contractual Clauses based on the text approved by the European Commission. Where necessary, the Data Controller has performed an assessment over the impact of such processing activities and the risks related to transfers to non-adequate countries.

Rights of the Data Subject


The User, as a “Data Subject” according to the GDPR, can at any time exercise the rights attributed to him by the European Regulation n.2016/679.

In particular, the User has the right to:

– access his/her personal data;

– obtain the correction or cancellation of the same or the limitation of the processing that concerns him/her;

– oppose the processing;

– obtain his/her data portability, where provided by the law;

– withdraw consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the revocation;

– lodge a complaint with the supervisory authority.

For Italy – as the Data Controller’s home state – the supervisory authority is the “Autorità Garante per la protezione dei dati personali” based in Rome (

The exercise of the aforementioned rights can take place by sending a request to the Data Controller’s references and in particular to the e-mail address indicated above.


What are cookies and other tools used by the Website


Cookies are small text files that are transmitted from the Website to the devices of Users who visit it, and which are then retransmitted to the Website on subsequent visits; they may have different characteristics and be used for different purposes, both by the Website’s Data Controller and by third parties who provide technical services to the Data Controller or directly to the User.

This Website uses different types of cookies, in compliance with the “Guidelines for cookies and other tracking tools” as issued by the Italian Data Protection Authority with general provision no. 231 of 10 June 2021.
Cookies can be divided between “first-party” cookies, if installed directly from the Website, and “third-party” cookies, if they provide access to features and services offered by third parties with respect to the Owner.

Some of the cookies used by this Website are “technical” – being installed automatically following the opening of the Website – and therefore do not require the user’s consent. 

Technical cookies can be “session” cookies, if they are deleted from the device when the browser and / or the navigation tab is closed, or “persistent” cookies, if they remain in the device’s memory even after the Website is closed.
The Website might also use cookies, both first and third party, classified as “profiling”, with the user’s consent, through which the browsing experience and access to the Data Controller’s offerings are personalized and improved.
Further tools, classifiable as “online identifiers” according to the GDPR, can also be used within the Website, which allow analysis and monitoring of its functions and allow the user access to specific services.

Details of the tools implemented by the Website


The specific and complete list of cookies used by the Website, both first and third party, can be requested to the Data Controller at the address mentioned above. 

Herebelow the Data Controller provides a list of third-party tools implemented by the Website:

  • Google Analytics (provided by Google Ireland Ltd.)
  • Hotjar (provided by Hotjar Ltd.)
  • Facebook Pixel, if present in a page (provided by Meta Platforms Ireland Ltd.)
  • LinkedIn Insight Tag (provided by LinkedIn Ireland Unlimited Ltd.)

How to manage cookie settings


To revoke the consent to the installation and usage of cookies, the user can interact with the banner available on the Website’s homepage.

The user can also seek further information on the following websites:

The provision of all cookies can always be deactivated by the user by adjusting the browser settings. It should be noted, however, that intervening on these settings could render the Website unusable if the browser blocks cookies that are technically indispensable for the provision of our services. 

In any case, each browser has different settings for deactivating cookies. The links to the instructions for the most common browsers are as follows:


Last updated on: 20 October 2022