Privacy Policy — VibTrack

01

Data Controller

REISER S.r.l. Via Tanaro, 4/7 — 20045 Lainate (MI), Italy
C.F. / P.IVA: 03446230967
Email: info@reiser.it · PEC: reiser@pec.it

The Data Controller is the legal entity that determines the purposes and means of processing the personal data of Users who visit this website and/or fill in the contact form.

02

Types of Personal Data Collected

Among the personal data collected by this website, either independently or through third parties, the following are included:

2.1 Data Voluntarily Provided by the User — Contact Form

Data collected	Purpose of collection
First and last name	Contact identification
Company name	Business context qualification
Email address	Sending a response to the contact request

Providing such data is optional but necessary in order to receive a response to the request. Failure to provide it prevents the request from being processed. The User assumes responsibility for any third-party personal data shared through the contact form.

2.2 Automatically Collected Data

Through the tracking tools indicated in section 5, the website automatically collects the following data:

Usage data (IP address, browser type, operating system, pages visited, visit duration, referral URL);
Number of users and session statistics;
Data collected via cookies and similar tracking technologies (see Cookie Policy).

Unless otherwise specified, all data requested by the website is necessary. Data marked as optional may be omitted without affecting the availability of the service.

03

Methods and Place of Processing

3.1 Processing Methods

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data. Processing is carried out using IT and telematic tools, with organizational procedures strictly linked to the stated purposes.

In addition to the Data Controller, access to data may be granted to: authorized internal staff (administrative, commercial, marketing, technical) and external parties appointed as Data Processors pursuant to Art. 28 GDPR (hosting providers, technical service providers, communication agencies). The updated list of Data Processors may be requested from the Data Controller.

3.2 Place of Processing

Data is processed at the Data Controller's operational offices and on the hosting provider's servers (Hetzner Online GmbH, Germany). Some third-party services (Google LLC) process data in the United States. For such non-EEA transfers, Google LLC adheres to the Standard Contractual Clauses (SCC) approved by the European Commission, pursuant to Art. 46 GDPR.

04

Purposes of Processing and Legal Bases

User data is collected for the following purposes, each with its corresponding legal basis pursuant to Art. 6 GDPR:

Purpose	Legal basis (Art. 6 GDPR)
Response to contact requests submitted via form	Express consent of the User — Art. 6.1.a
Commercial and pre-contractual lead management	Execution of pre-contractual measures — Art. 6.1.b
Statistical analysis of web traffic (GA4)	Express consent of the User — Art. 6.1.a
Measurement of campaign performance (GTM/Ads)	Express consent of the User — Art. 6.1.a
System security and server maintenance (Hetzner logs)	Legitimate interest of the Data Controller — Art. 6.1.f
Compliance with legal obligations	Legal obligation — Art. 6.1.c

ℹ️ The Data Controller does not carry out processing for direct marketing purposes without the User's prior explicit consent.

05

Details on Data Processing by Third-Party Services

5.1 Tag Management

This type of service allows the Data Controller to centrally manage the tags and scripts required on this website. As a result, User data flows through these services and may be stored.

Service	Company	Processing country	Data processed
Google Tag Manager	Google LLC	USA (SCC pursuant to Art. 46 GDPR)	Usage data, identifying cookies

Google privacy policy: policies.google.com/privacy

5.2 Statistics and Traffic Analysis

The services in this section allow the Data Controller to monitor and analyze traffic data and track User behavior.

Service	Company	Processing country	Data processed
Google Analytics 4	Google LLC	USA (SCC pursuant to Art. 46 GDPR)	Usage data, cookies, anonymized IP addresses, session statistics

Google Analytics 4 is configured with active IP anonymization. Data is processed in aggregated and pseudonymized form. Opt-out: tools.google.com/dlpage/gaoptout

Google Analytics privacy policy: support.google.com/analytics/answer/6004245

5.3 Display of Content from External Platforms

This type of service allows content hosted on external platforms to be displayed directly on the website's pages. These services may collect traffic data even when the User does not directly interact with them.

Service	Company	Processing country	Data processed
Google Fonts	Google LLC	USA (SCC pursuant to Art. 46 GDPR)	IP address, technical browser data

Google Fonts, if loaded locally (auto-hosted), does not transmit data to Google. Privacy policy: developers.google.com/fonts/faq/privacy

5.4 Hosting and Infrastructure

Service	Company	Processing country	Data processed
Web server / hosting	Hetzner Online GmbH	Germany (EU)	System logs, usage data, IP

Hetzner Online GmbH operates data centers physically located in Germany and subject to European data protection regulations.

06

Cookie Policy

This website uses tracking tools (cookies and similar technologies). Below is a classification of the cookies used:

Category	Typical duration	Purpose and services involved
Technical / strictly necessary cookies	Session / persistent	Website operation. Do not require consent (Art. 122 D.Lgs. 196/2003).
Third-party analytical cookies	Up to 2 years	Google Analytics 4 (anonymized traffic statistics). Require consent.
Tag management cookies	Session / persistent	Google Tag Manager (container for other tags). Require consent.

The cookie banner displayed on first access to the website allows the User to accept, reject, or customize their preferences by category. Consent may be withdrawn at any time through the banner settings (link available in the website footer).

For complete information, please refer to the full Cookie Policy.

07

Data Retention Period

Data type	Retention period
Contact form data (first name, last name, company, email)	24 months from the date of the request, except for litigation defense needs or legal obligations
Data collected by Google Analytics 4	14 months (recommended and configurable setting in GA4)
GA4 analytical cookies (_ga, _ga_*)	2 years from the date of setting
Hetzner server system logs	Up to 12 months, according to the Hetzner Online GmbH policy
User cookie preferences	6–12 months (banner cookie expiry date)

After the indicated periods, data will be deleted or anonymized, unless different regulatory obligations apply. Data collected for purposes related to the performance of a contract will be retained until the contract is completed. Data processed based on consent will be retained until that consent is withdrawn.

08

User Rights (Arts. 15–22 GDPR)

Within the limits provided by law, the User has the right to:

Art. 15 GDPR

Access

Access personal data and obtain information on processing.

Art. 16 GDPR

Rectification

Obtain the rectification of inaccurate or incomplete data.

Art. 17 GDPR

Erasure (right to be forgotten)

Obtain the erasure of personal data.

Art. 18 GDPR

Restriction

Obtain the restriction of processing in certain cases.

Art. 20 GDPR

Portability

Receive personal data in a structured, readable, and portable format.

Art. 21 GDPR

Objection

Object to processing, in particular for direct marketing purposes.

Art. 7.3 GDPR

Withdrawal of Consent

Withdraw consent at any time, without prejudice to the lawfulness of prior processing.

Art. 77 GDPR

Complaint

Lodge a complaint with the competent supervisory authority (Garante Privacy).

⚖️ Where processing is carried out for direct marketing purposes, the User may object at any time, free of charge and without providing any reason.

To exercise your rights, contact the Data Controller: info@reiser.it or PEC reiser@pec.it. The Data Controller will respond within 30 days (Art. 12 GDPR), with the possibility of a further 60-day extension for particularly complex cases.

09

Consent in the Contact Form

The contact form requires the User's explicit and documented consent before submitting data, through a NON pre-selected checkbox. The text in the form:

10

Data Transfers to Third Countries

Google LLC services involve the transfer of personal data to the United States, a country not deemed adequate by the European Commission pursuant to Art. 45 GDPR. Such transfers are legitimized by the Standard Contractual Clauses (SCC) adopted by the European Commission with Decision 2021/914/EU, pursuant to Art. 46.2.c GDPR.

Google LLC participates in the EU-US Data Privacy Framework (adequacy recognized by the European Commission Decision of 10 July 2023), which provides additional safeguards for transatlantic transfers.

The User has the right to obtain information on the safeguards adopted by contacting the Data Controller.

11

Security Measures (Art. 32 GDPR)

The Data Controller adopts technical and organizational measures appropriate to the risk, including:

Access to the website exclusively via HTTPS with an active SSL/TLS certificate;
Hosting server physically located in Germany (Hetzner Online GmbH), subject to European regulations;
Access to contact form data limited to authorized and trained REISER staff;
Use of Google Analytics 4 with active IP anonymization;
System logs protected against unauthorized access;
Periodic review of the security measures in place.

12

Changes to This Privacy Policy

The Data Controller reserves the right to modify this privacy policy at any time, notifying Users on this page and updating the date at the bottom. Where changes concern processing based on consent, new consent will be requested where necessary. Users are advised to periodically consult this page.

13

Contact and Complaint to the Supervisory Authority

For any request relating to the processing of personal data:

REISER S.r.l. Email: info@reiser.it · PEC: reiser@pec.it
Via Tanaro, 4/7 — 20045 Lainate (MI)

The User also has the right to lodge a complaint with the competent supervisory authority:

Garante per la protezione dei dati personali Piazza Venezia, 11 — 00187 Roma
Website: www.garanteprivacy.it
Email: garante@gpdp.it · PEC: protocollo@pec.gpdp.it

14

Definitions

Term	Definition
Personal Data	Any information that, directly or indirectly, identifies or makes identifiable a natural person (Art. 4.1 GDPR).
Usage Data	Automatically collected information: IP, browser, OS, pages visited, session duration, referral URL, technical device parameters.
Tracking Tool	Any technology (cookie, web beacon, pixel, script, fingerprinting) that enables tracking of the User by collecting or storing information on their device.
Data Controller	The entity that determines the purposes and means of processing (REISER S.r.l.).
Data Processor	A third party that processes data on behalf of the Data Controller (e.g. Hetzner Online GmbH, Google LLC).
Consent	A freely given, specific, informed, and unambiguous expression of the User's wishes (Art. 4.11 GDPR).
EEA	European Economic Area: EU + Norway, Iceland, Liechtenstein.
SCC	Standard Contractual Clauses: standard contractual clauses approved by the European Commission for non-EEA data transfers (Decision 2021/914/EU).

📋 Document prepared pursuant to Regulation (EU) 2016/679 (GDPR) and D.Lgs. 196/2003 as amended by D.Lgs. 101/2018. Updated with reference to the European Commission Decision of 10 July 2023 on the EU-US Data Privacy Framework. Periodic review is recommended and, prior to first publication, validation by a legal professional specializing in data protection is advised.