Privacy Policy

This Privacy Policy explains how personal data is processed when you browse the Connection website, contact the company, request information, or submit a job application.

Data controller

The data controller is CONNECTION SNC / Connection Innova, with registered office in Piazza Palmiro Togliatti, 50018 Scandicci (FI), Italy, VAT No. IT07160910480, REA 660492.

For privacy requests you can contact: [email protected].

Personal data we process

Depending on how you interact with the website, we may process:

• identification and contact data you provide, such as name, surname, email address, phone number, company or venue details, municipality, and message contents;
• business-request data relating to quotes, demos, appointments, product interest, or support requests;
• recruitment data contained in job applications and attachments you choose to send, such as CVs and cover letters;
• technical data generated by website use, such as IP address, browser and device information, requested pages, date/time of access, and basic security logs;
• browser performance and aggregate usage data processed through Cloudflare Web Analytics / RUM where you have consented to analytics, such as page-performance measurements, resource timing, landing page, and referrer information, as described in Cloudflare’s documentation;
• first-party data linked to the origin of a contact request, such as the form page URL, referrer, referring domain, and campaign parameters present in the URL at the time of submission;
• analytics or marketing measurement data, only where you have consented to optional tracking technologies;
• data relating to privacy choices or requests you send to us.

Please do not include special-category data or unnecessary personal information in free-text fields or CV uploads unless it is strictly necessary.

Purposes and legal bases

We process personal data for the following purposes:

• to respond to contact requests, information requests, and appointment requests: Article 6(1)(b) GDPR (pre-contractual steps requested by the data subject) and, where applicable, Article 6(1)(f) GDPR (legitimate interest in handling business communications);
• to understand, on a first-party basis, which pages or campaigns generate contact requests without activating optional third-party technologies in the absence of consent: Article 6(1)(f) GDPR;
• to manage incoming job applications and evaluate candidates: Article 6(1)(b) GDPR for pre-contractual steps and Article 6(1)(f) GDPR for recruitment management;
• to ensure website security, prevent abuse, maintain service continuity, and store privacy choices: Article 6(1)(f) GDPR;
• to monitor website performance, diagnose reliability issues, and review aggregate website-usage measurements through Cloudflare Web Analytics / RUM where you have consented to analytics: Article 6(1)(a) GDPR;
• to comply with legal obligations, regulatory requests, or enforce legal claims: Article 6(1)(c) GDPR and, where relevant, Article 6(1)(f) GDPR;
• to carry out optional analytics and marketing measurement where you have given consent: Article 6(1)(a) GDPR;
• where a specific processing activity requires consent, on the basis of Article 6(1)(a) GDPR. Consent may be withdrawn at any time, without affecting processing already carried out before withdrawal.

Newsletter and promotional emails

As of the latest update date of this Privacy Policy, the website does not operate an active newsletter signup workflow or automatically enroll users in promotional email communications.

If a dedicated newsletter service is introduced in the future, collection will take place only through a specific signup point and this Privacy Policy will be updated to state expressly the processing purpose, categories of data used, legal basis, any providers involved, retention periods, consent-withdrawal method, and unsubscribe instructions.

Providing data

Providing the data marked or requested as necessary in forms is required if you want us to review and answer your request. If you do not provide that data, we may be unable to respond or process the request.

Providing optional information in free-text fields is voluntary.

Recipients of personal data

Personal data may be processed by authorized internal personnel and by service providers acting on our behalf, such as:

• hosting and infrastructure providers;
• website maintenance and technical support providers;
• email and communications providers;
• contact-form infrastructure providers used to receive and deliver website inquiries and protect the form against abuse or spam, such as Cloudflare Pages Functions, Cloudflare Turnstile, and our email delivery provider;
• website infrastructure, security, and performance-measurement providers, such as Cloudflare including Cloudflare Web Analytics / RUM where enabled;
• optional analytics, marketing, and embedded-content providers, such as Google, Meta, or other third-party providers activated only where the relevant consent has been given;
• recruitment or professional advisors, where relevant;
• public authorities or legal advisors when disclosure is required by law or necessary to protect rights.

These recipients process data under contractual or legal confidentiality obligations and only to the extent necessary for the relevant purpose.

International transfers

The website is intended for users in the EU and Italy. If one of our service providers processes personal data outside the European Economic Area, we will rely on a lawful transfer mechanism under Chapter V GDPR, such as an adequacy decision or the European Commission’s Standard Contractual Clauses, together with supplementary measures where required. This may concern, in particular, infrastructure, security, or optional-service providers such as Google, Meta, or Cloudflare.

You may request information about the safeguards used for international transfers, or how to obtain a copy of them, by writing to [email protected], unless those safeguards are already made available directly by the relevant provider.

Retention periods

We do not keep personal data longer than necessary for the stated purposes. In particular:

• contact, quote, and appointment requests are generally kept for the time needed to manage the request and for up to 12 months after the last relevant contact, unless a longer retention period is required by law or needed to establish, exercise, or defend legal claims;
• recruitment data is generally kept for the current selection process and, unless a longer retention period is justified by law, for up to 12 months after the process closes;
• technical logs and security events are kept for the period reasonably necessary to ensure security, investigate incidents, and meet legal obligations;
• provider-managed performance and aggregate-usage analytics are kept for the period made available by the relevant provider’s service configuration and policies, and in any case no longer than reasonably necessary for the stated purpose;
• data connected to legal obligations may be kept for the period required by applicable law.

Your rights

Under GDPR, you may have the right to:

• obtain confirmation that your personal data is being processed and access that data;
• request rectification of inaccurate or incomplete data;
• request erasure of data when the legal requirements are met;
• request restriction of processing in the cases provided by law;
• object to processing based on legitimate interests, where your particular situation justifies it;
• receive the personal data you provided to us in a structured, commonly used, machine-readable format, where the legal conditions for portability are met;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with the competent supervisory authority.

If the controller is established in Italy, the competent supervisory authority is generally the Garante per la protezione dei dati personali.

To exercise your rights, contact [email protected].

Automated decision-making

This website does not describe or offer automated decision-making producing legal or similarly significant effects under Article 22 GDPR.

Cookies and third-party content

For information about cookies and similar technologies, please read the separate Cookies Policy.

Where you consent, the website may activate Google Analytics, Cloudflare Web Analytics / RUM, and Meta Pixel for optional measurement activities and may load Google Maps on the contact page. Consent may also be given directly in the contact form for the limited purpose of registering that submission as a measured conversion. Without the relevant consent, Google Analytics, Cloudflare Web Analytics / RUM, Meta Pixel, and Google Maps remain disabled, except that Google Maps can stay locally blocked until you activate it. According to Cloudflare’s documentation, Cloudflare Web Analytics / RUM does not use cookies or browser storage and Cloudflare states that source IP addresses received as part of normal request handling are discarded at the nearest Cloudflare data center rather than stored in core databases or logs. The website may also use Cloudflare Turnstile as a strictly necessary security measure to protect the contact form. Third parties such as Google, Meta, or Cloudflare may process personal data under their own policies and, depending on the service, as independent controllers or service providers.

Security measures

We adopt technical and organizational measures reasonably designed to protect personal data against unauthorized access, accidental loss, alteration, or unlawful disclosure.

Policy updates

We may update this Privacy Policy from time to time. The date shown at the top of this page indicates the latest revision.