Features Pricing MSP
Documentation Changelog Learning Hub
Sign in

Website Privacy Policy

Back to Privacy and GDPR

In accordance with Articles 13 (data collected from the data subject) and 14 (data not obtained from the data subject) of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), this privacy notice provides information on the processing of personal data for Users interacting with this website.

This notice applies exclusively to the processing activities conducted through this website and does not extend to third-party websites accessible via external links.

Data Controller and contact details

The Data Controller is SUBSTRING DI MATTEO CONTRINI, VAT no.: IT02632420226, with registered office at Via della Provvidenza 18, 38062 Arco (TN), Italy, contact email: support@dmarcwise.io.

Data Protection Officer (DPO)

Based on an assessment of the current processing activities, the Data Controller has determined that a Data Protection Officer is not mandatory under Article 37 of the GDPR.

Categories of personal data processed and sources

The Data Controller processes the following categories of personal data.

  • automated browsing data and cookies.
  • voluntarily provided data: the Data Controller processes personal data submitted directly by the User through electronic communications. This includes common personal data, such as identification, biographical, and tax-related information. This may also include special categories of personal data pursuant to art. 9 GDPR.

Data may be obtained from automatic sources or from voluntary sources, as well as public sources.

For example, data may be collected automatically during the User’s navigation of the website. This may include information regarding the User’s interactions with other websites. For a comprehensive description of these activities, please consult the Cookie Policy.

The Data Controller processes information provided directly and voluntarily by the User or by third parties acting on the User’s behalf.

Additional data may be sourced from public records, such as searches of public registers, official certificates, registrations, and other publicly available archives.

Throughout all processing activities, the Data Controller adheres to the highest standards of confidentiality and professional secrecy, in compliance with both legal and ethical obligations.

Purposes of processing

The processing of personal data is grounded on the following purposes:

  1. to browse the website, to enable the consultation of published information and content, and to provide access to the related services requested by the User;
  2. to manage browsing data for technical and functional purposes, ensuring the seamless delivery and optimization of website content; this includes the use of technical cookies to enable core functionalities, analytics cookies for the purpose of aggregate statistical research. All such activities are conducted in accordance with the terms specified in the Cookie Policy, and in compliance with the Guidelines on cookies and other tracking tools issued by the Italian Data Protection Authority on June 10th, 2021;
  3. to process and manage inquiries submitted by the User via the website and its integrated communication tools (such as information requests), including all necessary follow-up communications and related processing activities required to effectively fulfill the User’s requests;
  4. to provide the DMARC diagnostic tool, which enables Users to send a test email message in order to evaluate the current state of their email domain configuration and understand the value of the services offered;
  5. to manage newsletter subscriptions and the subsequent delivery of informational and professional communications related to the Data Controller’s activity;
  6. to ensure compliance with applicable legal obligations and other mandatory regulatory requirements, including financial reporting, billing, and anti-money laundering (AML) protocols;
  7. to perform any other processing activities that are ancillary, related, or consequential to the abovementioned purposes, provided they fall within the operational scope of the website;
  8. to process the e-mail address provided by the User in the context of a previous sale of services for the purpose of sending direct marketing communications regarding similar products or services without requiring further consent, pursuant to Article 130(4) of the Italian Personal Data Protection Code (Legislative Decree 196/2003); in any event, the data subject maintains the right to object to such processing at any time - both initially and upon receipt of any subsequent communication - simply and free of charge, by following the instructions provided in each communication;
  9. to receive and process Curriculum Vitae from candidates for recruitment purposes and to manage applications for employment or collaboration with the Data Controller.

The processing of personal data is carried out in accordance with the following legal bases:

  • Article 6(1)(a) of the GDPR – Consent: this legal basis applies to processing operations ancillary to the primary purposes and not falling under alternative legal bases (as specified in Purpose No. 7); for the subscription to the newsletter (as specified in Purpose No. 5) when such subscription is ancillary or additional to other processing activities;
  • Article 6(1)(b) of the GDPR – Contractual or pre-contractual necessity: this legal basis covers: website navigation and access to information or services published on the website, including the processing of related information (as specified in Purpose No. 1); the management of technical and functional cookies, excluding profiling cookies (as specified in Purpose No. 2); the processing and fulfilment of inquiries submitted by the Data Subject, including the provision of relevant responses (as specified in Purpose No. 3); the provision of the DMARC diagnostic tool and the processing of related data submitted by the User for evaluation purposes (as specified in Purpose No. 4); newsletter subscriptions, where the provision of personal data - specifically the email address - is the primary or sole purpose of the interaction (as specified in Purpose No. 5); any other processing activities that are functional, related, or consequential to the aforementioned operations (as specified in Purpose No. 7); the management and evaluation of Curriculum Vitae and related recruitment inquiries (as specified in Purpose No. 9);
  • Article 6(1)(c) of the GDPR – Compliance with a legal obligation: processing is necessary for compliance with a legal obligation to which the Data Controller is subject. It covers the processing of all data necessary to satisfy statutory requirements, including the management of tax and accounting data for invoicing purposes; processing activities stated by regulatory frameworks, such as anti-money laundering (AML) and counter-terrorism financing legislation (as specified in Purpose No. 6); any other processing operations that are functional, related, or consequential to the fulfilment of these legal duties (as specified in Purpose No. 7);
  • Article 6(1)(f) of the GDPR – Legitimate interests: this legal basis applies to all processing operations conducted in the context of providing information society services, as well as for the Data Controller’s informational purposes. In this regard, the Data Controller relies upon its legitimate interest to send further communications to the Data Subject’s email address - provided that such communications relate to similar goods or services - pursuant to Article 130(4) of the Italian Personal Data Protection Code (as specified in Purpose No. 8). This processing is subject to the Data Subject’s right to object to such communications at any time, simply and free of charge, as further detailed in this notice.

For the processing of special categories of personal data (as defined under Article 9 of the GDPR) that may be voluntarily provided by Data Subjects through website navigation, contact requests, or similar communication channels, the Data Controller relies upon the following additional legal bases:

  • Article 9(2)(a) of the GDPR – the Data Subject has given explicit consent to the processing: the Data Subject has given explicit consent to the processing of those personal data for one or more specified purposes.
  • Article 9(2)(e) of the GDPR – processing relates to personal data which are manifestly made public by the Data Subject: the processing relates to personal data which have been manifestly made public by the Data Subject;
  • Article 9(2)(f) of the GDPR – processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

Legitimate interest

The processing of personal data is further grounded in the legitimate interests of the Data Controller pursuant to Article 6(1)(f) of the GDPR. These interests include the exercise of the Data Controller’s information rights within the digital economy, the delivery of services featured on the website, and the implementation of direct marketing operations, as expressly recognized in Recital 47 of the GDPR.

Specifically, the Data Controller relies upon its right to process the email addresses of Data Subjects obtained in the context of a sale of goods or services. This processing for the delivery of subsequent communications regarding products or services like those previously purchased, in accordance with Article 130(4) of the Italian Personal Data Protection Code. Such processing is conducted without prejudice to the Data Subject’s free right to object at any time, as specified in Purpose No. 8 of this notice.

Mandatory vs. optional nature of data provision

The provision of browsing data by Users for the purposes stated above depends on the privacy settings enabled or disabled within their browser. Please be advised that disabling technical cookies may adversely affect the browsing experience and the overall functionality of the website.

In any event, the provision of certain personal data is strictly necessary for the structure of the website and the delivery of its core services. For illustrative purposes, this includes:

  • the submission of inquiries via the webpage “Contact us”, providing the minimum requested data;
  • the provision of a valid email address and the creation of a password are mandatory for registration and to secure access to any restricted area of the website.

The provision of any additional information not expressly required as mandatory is entirely optional.

Consequences of failure to provide data

The implications of not providing personal data are as follows:

  • Mandatory Data: the failure to provide personal data required as mandatory will prevent the Data Controller from fulfilling User’s specific requests, such as sending information, executing the requested processing operations, or, in certain instances, delivering the core services offered through the website.
  • Optional Data: the failure to provide personal data required as optional will not result in the aforementioned restrictions. However, it may adversely affect the efficiency or completeness with which the request is processed or limit the quality of User’s browsing experience on the website.

Recipients of personal data and international transfers

Personal data may be disclosed to companies, professionals, and other consultants operating in connection with the purposes established in this notice or for related objectives, whether located within or outside the European Union. In the event of data transfers to entities located in non-EU countries, such transfers shall be conducted exclusively to recipients for whom an adequacy decision is in force or where appropriate safeguards have been implemented, most notably Standard Contractual Clauses (SCCs).

In the absence of an adequacy decision or appropriate safeguards, transfers may only take place based on the data subject’s explicit consent or under the specific derogations set forth in Article 49 of the GDPR.

All such processing activities are performed in strict compliance with the principles established by the Court of Justice of the European Union in its “Schrems II” judgment of July 16th, 2020.

Furthermore, personal data may be disclosed to Data Processors and persons authorized to process data by the Data Controller, for the same purposes as the website or for purposes strictly related to the services provided. Such data may also be shared with independent Data Controllers, provided that such disclosure remains within the scope of the related purposes. Specifically, recipients include the Data Controller’s internal staff acting as authorized persons, as well as designated Data Processors and their authorized personnel for related administrative or fiscal purposes.

No generalized communication of data for additional purposes shall be carried out, and no dissemination of personal data will take place.

Data retention period

The retention of personal data is governed as follows:

  • voluntarily provided data: personal data provided voluntarily by the Data Subject will be retained until the withdrawal of consent or until the Data Subject takes specific actions through his or her browser, such as clearing or deleting stored cookies.
  • browsing data and technical cookies: browsing data and technical cookies are stored only for the duration strictly necessary to perform the technical functions for which they were collected.
  • cookie retention in general: for detailed information regarding the specific retention periods for cookies, please consult the Cookie Policy.
  • other personal data: for all other categories of personal data, the retention period is limited to the duration required to fulfil legal or contractual obligations, or until the expiration of the applicable statute of limitations for the enforcement of relevant rights (e.g., billing and accounting records).

Rights of the data subject

Pursuant to Articles 15-22 of the GDPR, the Data Subject is entitled to exercise the following rights:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability;
  • right to object;
  • right not to be subject to a decision based solely on automated processing, including profiling.

These rights may be exercised in accordance with the procedures and timeframes established under Article 12 of the GDPR by sending a written communication to the Data Controller via the email address provided above.

The Data Controller shall provide a response without undue delay and, in any event, within one month of receipt of the request, except in cases of justified extension or refusal as per Article 12 of the GDPR.

Where processing is based on consent, the Data Subject has the right to withdraw such consent at any time. This right may be exercised by sending an email to the Data Controller’s account or a communication to the Data Controller’s registered office.

Right to lodge a complaint and judicial redress

Pursuant to Article 77 et seq. of the GDPR, the Data Subject has the right to lodge a complaint with a competent supervisory authority. For the Italian territory, the designated supervisory authority is the Data Protection Authority.

The specific procedures, formats, and statutory time limits for lodging such a complaint are governed by the national legislation in force and the regulations established by the Data Protection Authority.

The exercise of this right is without prejudice to any other administrative or non-judicial remedy.

Within the Italian jurisdiction, any action for damages must be brought before the territorially competent civil Court.

Profiling

No personal data profiling activities will be conducted while browsing this website.

For details, please consult the Cookie Policy.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

If there are significant changes to this Privacy Policy, we will notify you via email or through our service.

Last updated: 2026-01-20