Privacy policy | Clear Global

1. Data controller

The data controller is:

Clear S.r.l. S.B.
Largo San Giuseppe 3, 16121 Genova (GE), Italy
VAT number: IT 02892600996
Email: administration@clearsrlsb.com

For any question relating to this policy or to the processing of your personal data, write to us at the email address above. We will respond within the time limits prescribed by the GDPR (ordinarily within one calendar month).

2. Categories of personal data we process

We may process the following categories of personal data, depending on how you interact with the website:

Contact and enquiry data - name, professional email address, company name, country, and the content of any message you send us via the contact form or enquiry forms on service pages.
Qualifying and project-scoping data - information about your organisation's current compliance status, applicable standards, and project scope, as entered in our qualifying forms. This data is professional/commercial in nature and does not ordinarily constitute special category data under Article 9 GDPR.
Usage and analytics data - IP address (anonymised or pseudonymised), browser type and version, operating system, referring URL, pages visited, time on page, and approximate geographic location (country or city level). This data is collected via analytics tools and, where required by applicable law, only after you have given your consent via the cookie consent mechanism.
Communication data - records of email correspondence and any notes taken during introductory calls or consultations, to the extent that such records contain personal data.

We do not knowingly collect personal data from individuals under the age of 18. This website is directed exclusively at business professionals. If you believe that a minor has submitted personal data to us, please contact us immediately.

3. Purposes and legal bases for processing

The table below sets out the purposes for which we process personal data and the corresponding legal basis under Article 6 GDPR.

Purpose	Legal basis (Art. 6 GDPR)
Responding to enquiries submitted via contact or qualifying forms	Art. 6(1)(b) - performance of pre-contractual steps taken at your request; or Art. 6(1)(f) - our legitimate interest in responding to business enquiries
Providing consultancy services under an agreement with you or your organisation	Art. 6(1)(b) - performance of a contract to which you are party
Sending service-related communications (project updates, deliverable notifications)	Art. 6(1)(b) - performance of a contract
Sending marketing communications and newsletters (where you have opted in)	Art. 6(1)(a) - consent
Website analytics to understand usage patterns and improve the website	Art. 6(1)(a) - consent (where cookies are used); or Art. 6(1)(f) - legitimate interest (for server-side or aggregated analytics not requiring cookies)
Compliance with legal obligations (tax, accounting, regulatory)	Art. 6(1)(c) - compliance with a legal obligation
Establishing, exercising, or defending legal claims	Art. 6(1)(f) - legitimate interest

Where we rely on legitimate interests (Article 6(1)(f)), we have carried out a balancing test and concluded that our interests do not override your fundamental rights and freedoms. You may request a copy of our legitimate interest assessment by contacting us.

4. How long we keep your data

We retain personal data only for as long as necessary for the purposes described above:

Enquiry data (no contract concluded): up to 24 months from the date of last contact, after which data is deleted unless a legitimate interest in retention continues to exist.
Client data (contract concluded): for the duration of the contractual relationship and for 10 years thereafter, in accordance with Italian civil and fiscal law requirements (Articles 2220 and 2946 of the Italian Civil Code).
Marketing communications: until you withdraw consent or object, whichever is earlier.
Analytics data: in accordance with the retention settings of the analytics tool in use and, in any event, no longer than 26 months unless a shorter period is required by applicable law.
Legal and compliance records: as required by applicable law, typically 10 years.

At the end of each retention period, personal data is securely deleted or anonymised.

5. Recipients of your data

We may share personal data with the following categories of recipient, each of whom acts as a data processor under a written data processing agreement (or, where applicable, as an independent controller):

Cloud infrastructure and hosting providers - for the storage of website data and client project files.
Email service providers - for delivering messages you send via the contact form and for any email marketing you have opted into.
Analytics service providers - for collecting and reporting on website usage data.
Scheduling and calendar tools - if you book a call via an integrated booking widget, your scheduling data will be processed by the relevant tool provider.
Professional advisers - including lawyers, accountants, and auditors who are bound by obligations of professional secrecy.
Competent authorities - where we are required by law to disclose personal data to a regulatory authority, court, or other competent body.

We do not sell, rent, or trade personal data to third parties for marketing purposes.

6. International transfers

Some of our service providers are established outside the European Economic Area (EEA). Where personal data is transferred to a country that the European Commission has not recognised as providing an adequate level of protection, we ensure that appropriate safeguards are in place. These safeguards typically take the form of:

Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Article 46(2)(c) GDPR; or
An adequacy decision applicable to the recipient country or the specific recipient organisation.

You may request a copy of the relevant transfer mechanism by contacting us at administration@clearsrlsb.com.

7. Your rights

Under the GDPR and the Codice Privacy, you have the following rights in relation to your personal data. To exercise any of these rights, write to us at administration@clearsrlsb.com. We will respond within one calendar month (which may be extended by a further two months in complex cases, with notice to you).

Right of access (Art. 15 GDPR): you have the right to obtain confirmation of whether we process personal data about you and, if so, to receive a copy of that data together with information about how it is used.
Right to rectification (Art. 16 GDPR): you have the right to have inaccurate personal data corrected, and to have incomplete data completed.
Right to erasure / ‘right to be forgotten’ (Art. 17 GDPR): you have the right to request the deletion of your personal data where, for example, the data is no longer necessary for the purpose for which it was collected, you withdraw consent (where processing was based on consent), or you successfully object to processing based on legitimate interests.
Right to restriction of processing (Art. 18 GDPR): you have the right to request that we restrict the processing of your data in certain circumstances, for example while we investigate an objection you have raised.
Right to data portability (Art. 20 GDPR): where processing is based on consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to object (Art. 21 GDPR): you have the right to object, on grounds relating to your particular situation, to processing based on our legitimate interests. You have an absolute right to object to the use of your data for direct marketing at any time.
Right not to be subject to solely automated decision-making (Art. 22 GDPR): we do not make decisions that produce legal or similarly significant effects on you solely by automated means.
Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

8. Right to lodge a complaint

If you consider that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Italy, the competent authority is:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma, Italy
Website: garanteprivacy.it

You may also lodge a complaint with the supervisory authority in the EU/EEA country of your habitual residence, place of work, or the place where the alleged infringement occurred.

9. Cookies

This website uses cookies and similar tracking technologies. Please refer to our Cookie policy for full details of the cookies used, their purposes, and how to manage or withdraw your consent.

10. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encrypted data transmission (HTTPS), access controls, and regular review of our security practices. No method of transmission over the internet is entirely secure; however, we take commercially reasonable steps to protect the personal data you provide to us.

11. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, the services we offer, or applicable law. Where changes are material, we will take reasonable steps to notify you, for example by posting a prominent notice on the website or, where we hold a current email address for you, by sending you a notification. The version number and date at the foot of this document indicate when the policy was last revised.