Privacy & Cookie Policy

Personal data is processed as part of the operation of this website and the use of the services offered by Business Research s.r.l. (“LabKey” or “We”). This privacy policy is intended to inform you, both as a visitor to the site and as a user of LabKey services, about the nature, scope, and purposes of the collection and processing of personal data. The terms used in this privacy policy (e.g., “personal data,” “processing,” “pseudonymization,” or “anonymization”) comply with the definitions contained in the General Data Protection Regulation (“GDPR”) and with applicable law. The data controller of personal data is the website operator: Business Research s.r.l. Viale della Navigazione Interna 51/A 35129 Padova Italy Our data protection officer (DPO) is the Administrator. You can contact our data protection officer at any time by writing to [indirizzo email rimosso].  

Data Processing The nature, scope, and purposes of the processing of personal data are determined based on which LabKey services are used. In particular, when using our panel managing solutions, specific personal data necessary to fulfill the provision of the service are processed.

Website The data subjects in relation to the provision of the website are all those who visit the website. To ensure access to the website and to allow the use of basic functions and proper operation, it is necessary for technical reasons to process some personal data. Although this essentially involves device data, it is possible to link this data back to visitors. For example, the IP addresses of the terminals used, identifiers of the devices used, operating systems, and browser are processed exclusively to establish a connection between the terminal and the server hosting the web page and to display the content in the intended layout.

Website Security The data subjects in relation to website security are all those who visit the website. To ensure the security of the website, data is processed through access to the website via server log files. Although this is fundamentally device data, it is possible to link this data back to website visitors. This data is compared with existing attack data and analyzed in the event of confirmed attacks. The data stored in the server log files includes the websites visited, the date and time of access, the amount of data sent in bytes, the URL of the previously visited website, the internet browser used, and the operating system used. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For server log files, the maximum storage period is 7 days. In the event that data must be stored as evidence, it will be stored until the incident is definitively resolved. The legal basis for processing is Article 6(1)(f) GDPR (legitimate interest).  

Express Consent For the optimized management of your consent on our website, we store the acceptance of consent at the start of the first view. This acceptance allows us to collect, manage, and document the consent of our visitors for data processing and the use of individual third-party services and certain technologies on the website. The legal basis for processing is Article 6(1)(c) GDPR (compliance with legal obligations). Please note that we DO NOT use external providers for the manage.labkey.io panel. However, we would like to inform you that we only use the external providers listed below (“third-party”) for the public website www.labkey.io, therefore the information provided is only relevant to you if you have given your consent in this regard:

Google services We use the services Google Analytics (Universal) Analytics, Google Analytics Remarketing, Google Ads, Google Search Ads 360, and Google Tag Manager. These are analysis services provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”). Google is based in a third country, the United States, which does not have an EU level of data protection. However, Google is a certified entity under the EU-US Privacy Shield and thus offers an adequate level of protection for personal data pursuant to Article 45 of the GDPR. Further information is available in Google’s Privacy Policy.

Google Analytics (GA4) Google Analytics uses cookies. The data obtained from cookies is usually transmitted to a Google server in the United States, where it is stored. This website anonymizes and shortens the IP address of visitors. Only in exceptional cases is the full IP address transmitted to servers in the United States, where it is then shortened. This shortening of the IP address eliminates the personal reference to the visitor’s IP address. In accordance with the terms of the agreement with Google, Google uses the collected data to evaluate the use of our website and compile reports on the activities of our website and to provide additional services related to the use of our website. The data collected by Google on our behalf is used to evaluate the use by individual visitors, for example to generate reports on website activity to improve our offer. If you have given your consent, the cookie stored in your internet browser will be completely removed within a maximum period of 90 days.

Google Analytics Remarketing Google Analytics Remarketing allows us to link website usage with the cross-device functionalities of Google Ads and Google Campaign Manager. In this way, personalized, interest-based advertising messages that are tailored based on your previous usage and browsing behavior on one device (e.g., mobile phone) can also be displayed on another device of the visitor (e.g., tablet or PC). This requires the visitor to have given their consent to Google. In this case, Google links the web and app browsing history to the visitor’s personal Google account. To enable this feature, Google Analytics collects Google-authenticated IDs of visitors that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising promotion. Website visitors who have a Google account can permanently opt-out of cross-device remarketing/targeting by disabling personalized advertising in their Google account at the following link: https://www.google.com/settings/ads/onweb/  

Google Ads (previously AdWords) and Conversion Tracking This website uses so-called conversion tracking provided by Google Ads. When you click on an ad provided by Google, a conversion tracking cookie is stored in your browser. These cookies expire after 30 days and are not used for the personal identification of the visitor. If you visit specific pages of our website and the cookie has not yet expired, we can recognize that you clicked on a particular advertisement and were redirected to this page. With the help of conversion cookies, the data collected is used to generate conversion statistics on the total number of visitors who clicked on a Google ad and were redirected to a page with a conversion tracking tag. We do not receive any data that personally identifies visitors. You can set your internet browser so that you are informed about the setting of cookies and only allow cookies in individual cases, disable the acceptance of cookies for certain cases or generally exclude them, and activate the automatic deletion of cookies when closing the internet browser. Please note that disabling cookies may limit the functionality of the website. The same applies to the next section.  

Google Search Ads 360 (previously DoubleClick Search) Similarly to the previous paragraph; the use of Search Ads 360 allows Google and partner sites to serve ads based on previous visits to our or other websites. The data collected in this context may be transferred by Google to a server in the United States for analysis and storage. Unlike Google Ads, which is limited to the Google search network, Google Search Ads 360 allows for the delivery of ads and keywords to multiple supported search engines.

Google Tag Manager Google Tag Manager manages the tracking of Google Analytics (see above). Google Tag Manager does not collect personally identifiable information.

Facebook Pixel & Facebook Remarketing We use the “Custom Audiences” remarketing feature of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland, “Facebook”). Facebook is based in the United States, a third country that does not have an EU level of data protection. However, Facebook is certified under the EU-US Privacy Shield and thus offers an adequate level of protection for personal data pursuant to Article 45 of the GDPR. This function is used to target visitors with a Facebook account with interest-based advertisements on the social network Facebook. For this purpose, the Facebook Remarketing tag has been implemented on this website. Through the use of this tag, a direct connection to the Facebook servers is established during the website visit, and it is transmitted to the Facebook servers which pages of our website have been visited. Facebook associates this information with your Facebook user account, if one exists. Within Facebook, visitors to our website who are also Facebook members will be shown personalized and interest-based Facebook advertising. As a visitor to our website and a Facebook user, you can deactivate the “Custom Audiences” remarketing function via the provided form. For more information on Facebook’s collection and use of data, your rights in this regard, and ways to protect your privacy, please see Facebook’s Privacy Policy. If you have given your consent, the cookie stored in your internet browser will be completely removed within a maximum period of 90 days.  

Communication and Social Media

Newsletter The data subjects in relation to the newsletter are the newsletter subscribers. Registration for our newsletter can be done via our website. The newsletter service is a separate and free service that can be used independently of any existing customer relationship with LabKey. The newsletter subscriber has the option to agree to receive information about current offers or events via e-mail in the form of a newsletter from LabKey. To activate the newsletter service, we need your e-mail address to send you the newsletter, as well as your first and last name and the category of your business to address them correctly and prevent any misuse. The subscriber can unsubscribe from the newsletter at any time. Each newsletter contains information on how to unsubscribe from the newsletter. Alternatively, the cancellation request can be sent by e-mail at any time to [indirizzo email rimosso]. The legal basis for processing is Article 6(1)(a) GDPR (consent). For the distribution, management, and statistics of the newsletter, we use Odoo.  

Odoo We use Odoo, an open-source software developed by Odoo S.A., hosted and managed on our servers. This tool allows us to administer an internal database of e-mails and phone numbers to communicate with registered users. Odoo also collects information related to interaction with sent e-mails, such as read confirmation and clicks on links contained in the messages. For this purpose, so-called web beacons or tracking pixels are used, small image files that allow the analysis of user behavior. You can object to this form of tracking at any time by unsubscribing from the newsletter according to the instructions provided. Furthermore, if you have deactivated the automatic display of images in your e-mail program, tracking will not be possible. However, in this case, the newsletter may not be displayed correctly and some functionalities may be limited.

Social Media The data subjects in relation to social media are website visitors who are also users of the respective social media. For marketing reasons, we are active on social media and provide information about current news, events, and other information that may be of interest to you. In addition, we will inform you about news and products of our affiliated companies. If you visit our company page on a social network, we will process the personal data you provide to us to establish or maintain contact in this network based on our legitimate interest (Article 6(1)(f) GDPR). We do not use social media plugins with scripts to share data from our website through social media. Rather, our share buttons only contain a link to the social media (e.g., sharer.php for Facebook). Consequently, we do not process your personal data for this purpose. Furthermore, we ensure that your personal data, such as your IP address (possibly truncated), full cookies, or other information, is only transmitted to the social media and thus possibly also to servers in the United States, if you click on the corresponding button. This also applies to the links to our social media pages that we have implemented on our website. It is possible that a social media provider may link your visit to our services with your account. We have no control over the amount and extent of the personal data that is processed by the social media providers if you click on a share button on the respective link and access the social media page. Therefore, we can only inform you to the best of our knowledge. Once you access the social media site, the terms and conditions and privacy policy of each social media provider apply. For the aforementioned purposes, we use the following social media (for more information, you can find more details in the links to the respective privacy policies included below): Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland); Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland), Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). This website uses the Shareaholic service of Shareaholic, Inc. (2 Center Plaza, 3rd Floor Boston, MA 02108, USA, “Shareaholic”), to enable visitors to share the content of our website, in particular our blog. Shareaholic offers social plug-ins that allow website visitors to share website content through social media. If a visitor shares content through Shareaholic in services owned by them or to which they are logged in, the visit and sharing can be associated with that user.  

Customer Services The data subjects in relation to the services we offer to registered users are our customers. During the entry and completion of the registration process, the data subjects are considered potential customers. LabKey is a service provider for small and medium-sized enterprises and private individuals. Currently, our business sector focuses on offering access control systems for commercial (B2B) and private (B2C) clients. We process data that is necessary for the provision of our services and to fulfill our contractual and legal obligations. This includes general data relating to the location of installed devices, transaction data relating to the management of your account, but also personal data such as the names and e-mail addresses of the beneficial owners, supporting information for operation, etc. The legal bases for the services intended for registered users are Article 6(1)(f) GDPR (legitimate interest), Article 6(1)(b) GDPR (performance of a contract), and Article 6(1)(c) GDPR (compliance with a legal obligation).

Registration To register and open a LabKey account, various general data are collected. This data includes, in addition to the legal form of your company and your e-mail address. To open a manage panel within the LabKey infrastructure, this data is transferred to Business Research s.r.l..

Account Management LabKey manages your account by providing you with a dashboard with an overview of your panel and all connected functionalities. To enable LabKey to provide these functionalities, statistics, and manage the panel, LabKey processes opening and code synchronization data such as MACADDRESS number, opening dates, time validity, unique user codes. Most of the data is not considered personal data, however, references and user data may still contain personal data, in which case it will be treated as personal data. For account management, LabKey may process personal data such as names and e-mail addresses of users and actual telephone numbers or those of authorized representatives. In some cases, LabKey, in its customer care function, collects data in accordance with legal obligations (GWG, BGB) and transmits it to Business Research s.r.l..

Customer Service Customers can use our customer service services. For this purpose, we process the personal data stored in connection with the customer relationship.

Deletion At the end of the contractual relationship between LabKey and the customer, LabKey is obliged to store your data in accordance with the statutory retention periods. Once these periods have expired, LabKey will delete your data. Data that is not subject to a retention obligation will be deleted immediately.

Rights of the Data Subject If your personal data is being processed, you are considered a data subject within the definition of the GDPR. Consequently, you can exercise the rights provided for in Articles 15 to 21 of the GDPR in relation to the data controller. To exercise your rights or to obtain further information on the protection of personal data by Business Research s.r.l., please contact our data protection officer by sending an e-mail to info@busnet.it.

Right of Access Pursuant to Article 15 of the GDPR, you have the right to request confirmation from the data controller as to request confirmation from the data controller as to whether or not personal data concerning you is being processed, and, where that is the case, to obtain evidence of which of your personal data is processed by LabKey and to receive a copy of such personal data. Furthermore, pursuant to Article 19 of the GDPR, you have the right to request from the data controller information about the recipients to whom your personal data has been disclosed.  

Right to Erasure (‘Right to be Forgotten’) If one of the grounds provided for in Article 17 of the GDPR applies, you have the right to request the erasure of your personal data stored by the data controller that is no longer necessary for the purposes for which it was collected or otherwise processed and if it is not subject to any statutory retention obligation. If erasure cannot be carried out due to a legal obligation to retain such data, the processing of personal data will be restricted, and the data will not be processed for any further purpose. The erasure of your data implies that LabKey’s services can no longer be used. LabKey is obliged to erase personal data immediately if the processing is not necessary and for one of the following reasons:  

• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• You have withdrawn your consent to processing and there are no other legal grounds for the processing.
• You have objected to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you have objected to the processing pursuant to Article 21(2) of the GDPR.   
• The personal data has been unlawfully processed.
• The erasure of your personal data is necessary to comply with a legal obligation under German or European law.

If LabKey has made your personal data public and is obliged to erase it, we will take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data, taking account of available technology and the cost of implementation. The measures are taken only to the extent that the processing is not necessary.

Right to Restriction of Processing Pursuant to Article 18 GDPR, you have the right to obtain restriction of processing of your personal data where one of the following applies:

• • You contest the accuracy of the personal data. In this case, the processing is restricted for a period enabling the controller to verify the accuracy of your personal data.  
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.

• • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.  

• • You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing of personal data has been restricted under the above conditions, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the processing is restricted, LabKey will inform you before the restriction of processing is lifted.  

Right to Object Pursuant to Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR. 

If you wish to correct, block, or delete your personal data stored by us, or if you have any questions regarding the collection, processing, or use of your personal data, or if you wish to revoke your consent, please contact the data protection officer by sending an e-mail to: [indirizzo email rimosso].  

Complaint to a Supervisory Authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR and/or applicable law, pursuant to Article 77 of the GDPR. The supervisory authority responsible for the controller is the Italian Data Protection Authority.  

Last updated: 14/03/2025