By visiting the Site, or by using the Service, you accept the privacy practices described in this Policy.
Data subjects have the right to object to the processing of their Personal Data carried out for our legitimate interests or for marketing purposes. Please refer to the section “Rights of the data subjects” for more information.
Registered address: Galleria Polidoro 7 - 43121 - Parma - Italy
VAT N. IT02531310346
Fabulabs S.p.a. is the “controller” of the personal data provided by Users and Visitors.
When Users or Visitors use the Service, they may provide, and we may collect Personal Data. Personal data is any information which identifies a person, whether directly (for example name and surname) or indirectly (for example, information about the use of our Services). Visitors and Users may provide us with Personal Data in various ways on the Service. For example, when they register for an Account, use the Service, request that we publish their business listing or send us customer service requests.
We collect the following Personal Data:
3.1 Information provided by Users and Visitors
3.2 “Automatically Collected" Information
We track the use of the Site through cookies and other similar technologies so that we can provide important features and functionality of the Service, monitor the use of the Site and provide a more personalized experience.
We also may use these technologies to collect information regarding a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is collected on an aggregate level from all Users and Visitors.
3.3 Information provided by Integrated Services
3.4 Information from Other Sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
Information about companies, professionals, associations, when not provided directly by the company and/or professional, is gathered from various public sources, including company websites, professional registers, leaflets, etc. This information is processed for the purposes of publishing the company listings in our directory and providing the best possible service to Users and Visitors.
We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:
We use Personal Data to:
4.2 Improvements to the Service
We use the information to:
Should this purpose require MisterWhat to process Personal Data, then the data will only be used in anonymized or aggregated form.
4.3 Cookies and tracking technologies
We use automatically collected information and other information collected on the Service through cookies and similar technologies to:
We also may use tracking technologies to collect information regarding how Visitors or Users interact with the email messages we send, to get information like the time and day they opened our emails and the type of device they used to open them. We use this information to analyze the effectiveness of our email communication in order to improve it and to provide a better and more personalized service.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify Visitors or Users.
We use Personal Data to:
4.6 Enquiries, complaints and disputes
We use Personal Information to help us respond to any enquiries or complaints, or deal with any disputes which may arise while we provide our products and services, in the most effective way.
4.7 Fraud prevention and compliance with legal obligations
Under certain circumstances, we use Personal Data to the extent required in order to enable us to comply with our legal obligations, for example to investigate, detect and prevent fraud. This may require us to provide Personal Data to law enforcement agencies or officials, if they request it.
4.8 Internal training
We may use Personal Data for internal training purposes, so that our staff has the skills needed to provide our Visitors and Users with the best possible experience. For example, if a User or Visitor contacts us by email, we may use their email for training purposes to improve our customer support.
4.9 Market research and analysis
We may use Personal Data to better understand the needs of our Users. We may also invite some Users to take part in surveys or market research. If a User accepts our invitation, we will use the feedback to improve our products and services.
4.10 Internal records and accuracy
Like any company, we process Personal Data to administer and maintain our internal records. For example, we process Personal Data to verify that the information we have about a User is accurate.
The General Data Protection Regulation (GDPR) lists several legal grounds for the lawful processing of Personal Data, and requires us to only process Personal Data if we satisfy one or more legal grounds.
We rely on a number of different legal grounds for the processing of Personal Data:
The data subject has given consent to the processing of his or her personal data for one or more specific purposes
In some cases we process Personal Data after obtaining a User’s or Visitor’s consent to do so for the purposes of:
Processing is necessary for the performance of a contract to which the data subject is party
It is necessary for us to process Personal Data, and information about the business that a User represents, for the performance of the contract between us and Visitor/User, and to provide the Service.
Data processing is necessary to:
If a Visitor or User chooses not to give some or all the aforementioned information, this may affect our ability to provide our products and services to them.
Processing is necessary for compliance with our legal obligations
Under certain circumstances, we may process Personal Data to comply with our legal obligations, for example to investigate, detect and prevent fraud.
Processing is necessary for the purposes of our legitimate interests
To consider this as lawful basis for processing, a business must have legitimate interests which are not overridden by individuals' interests, rights or freedoms.
Collecting and processing Personal Data is necessary for our legitimate business interests, which are:
We may process Personal Data based on our legitimate interests except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
We have assessed these aspects carefully and, on balance, we believe that our interests described above are balanced with the fundamental interests, rights or freedoms of the data subjects.
Where we think there is a risk that one of the fundamental interests or freedoms of a Visitor or User may be compromised, we will not process their data unless there is another lawful legal basis for doing so (if we have obtained their consent to the processing or to comply with our legal obligations or if processing is necessary for the performance of a contract with them).
Except as described in this Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without the consent of the applicable Visitor or User. We may disclose information to third parties if a Visitor or User consent to us doing so, as well as in the following circumstances:
6.1 Unrestricted Information
Any information that a User voluntarily chooses to include in a Public Area of the Service, such as a public profile page or business listing, will be available to any Visitor or User who has access to that content.
6.2 Service Providers
We may provide Personal Data to our service providers, who provide us with certain services and act as "processors" of Personal Data on our behalf. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions.
6.3 Law Enforcement
We may disclose Personal Data:
6.4 Change of Ownership
In some cases, the Personal Data we collect for the above purposes may be transferred outside the European Economic Area (EEA), and such destinations may not have laws protecting Personal Data to the same extent as in the European Economic Area. Data protection law requires us to ensure that where we or our "processors" transfer Personal Data outside the European Economic Area, it is processed securely and protected from unauthorized access, loss, destruction, unlawful processing, and any type of processing that is not consistent with the purposes outlined in this Policy.
We will comply with GDPR requirements providing adequate protection for the transfer of personal information outside of the European Economic Area (EEA).
The table below lists the third parties to whom we currently disclose Personal Data. The table also explains how these organizations use Personal Data, if they are our "processors" (they process the data on our behalf, and only in line with our instructions), or if they are "controllers" (they use Personal Data for their own purposes, after receiving them). The table indicates if the treatment is performed outside the EEA, and the safeguards that are used to protect Personal Data if this is the case.
This information may be updated periodically.
Why we share Personal Data
Where Personal Data is processed
Safeguards that are used to protect Personal Data outside the EEA
Service providers acting as “Processors”
OVH hosts our data.
N/D – processing is taking place within the EEA.
Provides email delivery services.
SendGrid uses data centers all over the world to provide its services.
SendGrid's GDPR Data Processing Addendum, signed between Sendgrid and Fabulabs S.p.a., states that:
“To the extent that SendGrid processes (or causes to be processed) any Personal Data originating from the EEA in a country that has not been designated by the European Commission as providing an adequate level of protection for Personal Data, the Personal Data shall be deemed to have adequate protection (within the meaning of EU Data Protection Legislation) by virtue of SendGrid's self-certification to the Privacy Shield. SendGrid shall agree to apply the Privacy Shield Principles when processing (or causing to be processed) any EEA or Swiss Personal Data under this Agreement.” The contract also lists a number of additional security measures and GDPR obligations that Sendgrid is subject to under the Agreement.
Monitoring and aggregate analysis of website traffic through Google Analytics.
Please refer to https://policies.google.com/technologies/partner-sites
for more information on how Google uses information from sites or apps that use its services
Google is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and is committed to GDPR compliance across its services.
For more information:
Other organizations we share Personal Data with, acting as "Controllers”
Traffic monetization through targeted online advertising (Google AdSense).
See “Google” above”
As a consequence of our use of Google products, some of the ad technology providers listed below may receive your Personal Data. Ad technology providers (including Google and other ad networks and vendors) use data about users, for example, for the purposes of ads personalization and measurement. These ad technology providers have provided Google with information about their compliance with the GDPR.
|Adobe Advertising Cloud||https://www.adobe.com/privacy/general-data-protection-regulation.html|
|advanced STORE GmbH||https://www.ad4mat.com/en/privacy/|
|BDSK Handels GmbH & Co. KG||https://www.xxxlutz.de/ocms/privacy|
|Dentsu Aegis Network||https://www.dentsu.com/termsofuse/data_policy.html|
|FUSIO BY S4M||https://www.s4m.io/privacy-policy/|
|Havas Media France - DBi||https://www.centraltag.com/commercial/policy/index.action|
|Integral Ad Science||https://www.integralads.com/privacy-policy|
|Marketing Science Consulting Group, Inc.||https://mktsci.com/privacy_policy.htm|
|MBR Targeting Gmbh||https://privacy.mbr-targeting.com|
|Nordic Factory Solutions AB||https://www.bannerflow.com/privacy|
|Omnicom Media Group||https://www.omnicommediagroup.com/disclaimer.htm|
|On Device Research||https://ondeviceresearch.com/GDPR|
|Oracle Data Cloud||https://www.oracle.com/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html|
|RN SSI Group||https://www.valuedopinions.co.uk/privacy|
|TACTIC™ Real-Time Marketing||https://tacticrealtime.com/privacy/|
|The Trade Desk||https://www.thetradedesk.com/general/privacy-policy|
|travel audience – An Amadeus Company||https://travelaudience.com/product-privacy-policy/|
|usemax (Emego GmbH)||https://www.usemax.de/?l=privacy|
We only retain the Personal Data for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.
The retention period may vary depending on the type of data. To determine retention periods, we consider a variety of factors, such as:
We securely delete Personal Data from our systems when they are no longer needed.
The GDPR provides the following rights for individuals:
1. Right to be informed
2. Right of access
Data subjects have the right to obtain:
3. Right to rectification
Data subjects have the right to have inaccurate Personal Data rectified, or completed if it is incomplete.
4. Right to erasure ("right to be forgotten")
Data subjects have the right to request the deletion or removal of their Personal Data, if:
This is not a general right to erasure; there are exceptions.
5. Right to restrict processing
In certain circumstances, data subjects have the right to restrict the processing of their Personal Data. When processing is restricted, we are permitted to store the Personal Data, but not use it.
6. Right to data portability
Data subjects have the right to receive their Personal Data in a structured, commonly used and machine readable format.
7. Right to object
Data subjects have the right to object to the processing of their Personal Data in certain circumstances (when data is being used for direct marketing, or when processing is based upon our legitimate interests).
8. Right to withdraw consent to processing
If data subjects have given their consent to the processing of their Personal Data for a particular purpose (for example, direct marketing), they have the right to withdraw their consent at any time.
9. Minors and children’s privacy
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 16, and we do not knowingly collect Personal Data from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an Account on the Service, then you may alert us (see ‘How to contact us’ below’) and request that we delete that child’s Personal Data from our systems.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information that Visitors and Users transmit to us or that is stored on the Service, and Visitors and Users use the Site at their own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If a User or Visitor believes that their Personal Data has been compromised, they should contact us as set forth in the “How to contact us” section.
If we learn of a security systems breach, we will inform Visitors and Users and the authorities of the occurrence of the breach in accordance with applicable law.
Please contact us with any questions or comments about this Policy, Personal Data, or if you would like to exercise your data protection rights, or if you have any concerns or complaints about this Policy or your Personal Data, by sending an email to: