Privacy policy

Through this privacy notice (or the “Notice”), drawn up in accordance with Article 13 of European Regulation No. 679/2016 (“General Data Protection Regulation” or “GDPR”), Illucere s.r.l. aims to inform each user (“User”) regarding the processing of personal data collected via the website www.twinklypro.com (the “Website”). For the purposes of this Policy, the User is considered a data subject (“Data Subject”).

1. Data Controller and contact details of the data controller 

Illucere S.r.l., with its registered office in Mestrino (PD), Via Primo Maggio 1 – 35035 (hereinafter also referred to as “Illucere”, the “Company” or the “Data Controller”, for the purposes of Article 4(7) of the GDPR) can be contacted at the following email address: privacy@illucere.com.


2. Data processed and methods of processing

Illucere will process the personal data (“Personal Data” or simply “Data”) provided by the Data Subject or lawfully collected from the Data Subject, as further specified below:

  • Identification data (i.e. first name and surname, company name, role held within the company)
  • Contact details (i.e. email address)
  • Browsing data and data relating to the Data Subject’s browsing activity on the Website, such as, for example, the date and time of browsing, data relating to interactions with the Website, data relating to browsing patterns and page views, the name of the Internet Service Provider, and data relating to the location from which the Website is accessed. This data will be anonymised and, therefore, cannot be directly linked to the Data Subject. Further information regarding the procedures carried out for the collection, via cookies and/or other tracking technologies, of information provided whilst browsing the Website is set out in the cookie policy available on the Website
  • More generally, any Data contained in the contact forms on the Website.


Your Personal Data is processed using automated and/or manual IT and telecommunications tools designed to ensure appropriate security measures to prevent unauthorised access, disclosure, loss, misuse, unlawful or unauthorised use of the data.


3. Purposes of processing, legal basis and retention period

The Data Controller processes your Personal Data for the purposes specified in more detail below, on the relevant legal basis and for the periods indicated below.

Purposes of processing Legal basis Retention period Provision of data is
optional (“O”) or
mandatory (“M”)
To enable the user to browse the Website Implementation of pre-contractual and contractual measures (Article 6(1)(b) of the GDPR) For a period equal to the duration of the provision of the requested services M
To process requests submitted via the “Project Enquiry”, “Request a demo”, “Become a partner”, “Technical Support”, “Press & Media” and “Something else” forms Performance of pre-contractual and contractual obligations pursuant to Article 6(1)(b) of the GDPR For the time necessary to process the request M
Sending commercial information by email or post regarding products and services similar to those purchased (so-called ‘soft spam’) Legitimate interest of the Data Controller in offering the customer beneficial services likely to be of interest to the data subject pursuant to Article 6(1)(f) of the GDPR; Article 130(4) of Legislative Decree 196/2003 Until you object, if applicable O
Contacting the data subject (via email), following an expression of interest via the Website, to receive information on commercial offers (so-called ‘leads for follow-up’) Performance of pre-contractual and contractual measures pursuant to Article 6(1)(b) of the GDPR The data provided will be used following the granting of consent and will be deleted within 12 months of the date on which consent was granted M
Prevention of fraudulent activities to the detriment of Illucere carried out via the Website The Data Controller’s legitimate interest in avoiding harm or breaches of its rights and interests pursuant to Article 6(1)(f) of the GDPR For the time strictly necessary to fulfil the Data Controller’s legitimate interest O
Conducting market research and analysis relating to the products/services provided, in order to improve and develop Illucere’s services. In accordance with the principle of data minimisation, these activities will be carried out using your Personal Data only where necessary to ensure the reliability and accuracy of the activities; where possible, we will also anonymise or aggregate the data before using it The Data Controller’s legitimate interest in providing services that comply with market standards and industry best practice pursuant to Article 6(1)(f) of the GDPR The time required to carry out the analyses and produce the relevant results O
Handling of complaints and activities relating to pre-litigation, legal defence and the exercise of Illucere’s rights before the judicial authorities, or responding to requests from public authorities The Data Controller’s legitimate interest in ensuring the protection of its rights pursuant to Article 6(1)(f) of the GDPR 10 years from the conclusion of the complaint or proceedings M


4. Nature of the provision of data and consequences of any refusal

In the case of Personal Data provision indicated as mandatory, any refusal to provide the Personal Data necessary for the aforementioned purposes will make it objectively impossible for the Company to finalise and perform the contract.


5. Recipients or categories of recipients of Personal Data

The User’s personal data will be processed by the Data Controller’s internal staff specifically authorised in accordance with Article 29 of the GDPR.

Personal data may also be disclosed to the following external parties:

i. providers of internet services, IT services, applications, management systems or software used by the Data Controller;

ii. consultants, agents and other service providers who carry out activities on behalf of the Data Controller in the banking, insurance, financial, legal, tax, graphic design and email delivery sectors;

iii. public bodies, competent sectoral authorities and judicial authorities to whom such data must be disclosed by law or by order of the Authority.


These parties act as independent data controllers or data processors. In the latter case, the Data Controller has entered into a specific agreement in accordance with Article 28 of the GDPR. The list of data processors is available on request from the Data Controller at the email address privacy@illucere.com.


6. Place of Data Processing

The Data Controller guarantees that, should it use the services of cloud service providers established outside the EEA, the processing of Personal Data by such providers will be carried out in accordance with applicable law (i.e. through appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for by the GDPR).


7. Rights of the Data Subject

The Data Subject may exercise all the rights provided for in Articles 15–21 of the GDPR at any time and without unjustified restrictions by contacting the Data Controller at the email address privacy@illucere.com. Requests are submitted free of charge and processed by the Data Controller within 30 days.

In particular, the Data Subject may:

  • Obtain confirmation as to whether processing is taking place (Article 15);
  • Obtain the rectification of inaccurate or incomplete data (Article 16);
  • To have the data erased without undue delay (Art. 17);
  • Restrict the processing to only part of the personal data (Art. 18);
  • To receive a copy of the Personal Data held by the Data Controller, in a commonly used and machine-readable format; to have the data transferred without hindrance to another Data Controller (Art. 20);
  • To object at any time to the processing of Personal Data (Art. 21);
  • With regard to processing purposes based on consent, to withdraw consent at any time.



8. Complaints

The Data Subject may at any time lodge a complaint with the competent authority (the Data Protection Authority), in accordance with Article 77 of the GDPR, if they believe that the Data Controller is processing their Personal Data in breach of applicable legislation.


9. Amendments

The Data Controller reserves the right to amend and update this Privacy Policy in response to any new national or European legislation on the protection of personal data.