Privacy Policy
EVIDE Governance Lab — lab.certifywebcontent.com
Information on personal data processing pursuant to EU Regulation 2016/679 (GDPR).
1. Data Controller
Informatica in Azienda — Dott. Emanuel Celano
Via Vaccaro 5, 40132 Bologna, Italy — VAT IT02137271207
Email: info@informaticainazienda.it
2. Nature of the Processing Context
3. Data Collected
| Category | Data | Purpose |
|---|---|---|
| Registration data | First name, last name, email address, WhatsApp number, professional domain, job role, motivation statement | Identity verification, access management, research context qualification |
| Access credentials | Lab Code (unique pseudonymous identifier), session data | Authentication, quota management, API access control |
| Research activity data | Intake session UUIDs, governance payload hashes, timestamps, API call logs, buffer event logs | Research record, governance architecture validation, evidentiary lifecycle documentation |
| Technical data | IP address, browser type, access timestamps | Platform security, abuse prevention |
No data is used for commercial profiling, advertising, or any purpose outside the research scope of the Lab.
4. Legal Basis
- Art. 6(1)(b) GDPR — performance of the access agreement accepted at registration.
- Art. 6(1)(f) GDPR — legitimate interest of the controller in platform security and abuse prevention.
- Art. 89 GDPR — processing for scientific and research purposes, with appropriate safeguards.
5. Data Retention
- Registration data: retained for the duration of active Lab access and for 24 months after access termination.
- Research activity data (intake hashes, session UUIDs, buffer event logs): retained indefinitely as part of the research record. These records constitute the forensic observation history of the experimental environment and cannot be deleted without compromising the integrity of the research dataset.
- Technical access data: retained for 12 months.
6. Data Subject Rights
As a data subject under GDPR, you have the following rights:
- Right of access to your personal data (Art. 15)
- Right to rectification of inaccurate data (Art. 16)
- Right to erasure, subject to the research exemption under Art. 17(3)(d) and Art. 89
- Right to restriction of processing (Art. 18)
- Right to object to processing (Art. 21), subject to research exemptions
- Right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali, www.gpdp.it)
To exercise your rights, write to: info@informaticainazienda.it
Please note: the right to erasure and the right to object may be limited with respect to research activity records (intake sessions, buffer event logs, evidentiary hashes) where erasure would render the research dataset incomplete or compromise its forensic integrity. This limitation is expressly permitted under GDPR Art. 17(3)(d) and Art. 89(2).
7. Account Termination and Data
Account termination -- whether requested by the researcher or decided unilaterally by the Lab administrator -- results in the immediate deactivation of access credentials. Registration data (name, email, WhatsApp) will be anonymized or deleted within 30 days of termination.
Research activity records (intake session hashes, UUIDs, buffer event logs) are retained as part of the research dataset and are not deleted upon account termination, consistent with the research exemption described above.
8. Data Transfers
Personal data is stored on servers located in Italy (Aruba S.p.A., Italian datacenter). No data is transferred outside the European Economic Area, except where required by law.
9. Cookies
The Lab uses only technically necessary cookies:
- Session cookie (evidelab_session): manages authentication. Duration: session.
- Language cookie (lang): stores selected language. Duration: 30 days.
No analytics, advertising, or tracking cookies are used.
10. Changes to This Policy
This policy may be updated at any time. The current version is always available at this URL. Continued use of the Lab after any update constitutes acceptance of the revised policy.
Via Vaccaro 5, 40132 Bologna, Italia — P.IVA IT02137271207
Email: info@informaticainazienda.it
Supervisory Authority: Garante per la Protezione dei Dati Personali