Search competences, areas, descriptors...
Last updated: 22 February 2026
v1.0The data controller is IDCERT S.r.l. (hereinafter "Controller"), headquartered in Italy. For any communication regarding personal data protection, please use the contact form available in the Contact section of the portal or write to: privacy@idcert.io
The LifeComp Explorer portal collects the following categories of data: a) Navigation data The IT systems and software procedures used to operate the portal automatically collect certain personal data whose transmission is implicit in the use of Internet communication protocols (e.g. anonymised IP addresses, URLs of requested resources, time of request). This data is necessary for the technical operation of the service. b) Data voluntarily provided by the user Data entered in the contact form: name, email address, subject and message content. Submitting the form is optional and requires the user's explicit consent. c) Self-assessment data LifeComp self-assessment data is associated with an anonymous session identifier generated by the browser (UUID). This identifier cannot be traced back to the user's identity and does not allow any form of personal identification. d) Cookie preferences The user's cookie preferences are recorded anonymously in the database and in a technical browser cookie (lc_consent).
Personal data is processed for the following purposes: - Technical operation of the portal: legal basis is the legitimate interest of the Controller (Art. 6(1)(f) GDPR). - Responding to contact requests: legal basis is user consent (Art. 6(1)(a) GDPR). - Aggregate and anonymous statistical analysis: legal basis is user consent expressed via the cookie banner (Art. 6(1)(a) GDPR). Analysis is performed via Google Analytics with anonymised IP. - Compliance with legal obligations: legal basis is legal obligation (Art. 6(1)(c) GDPR).
Personal data is processed using IT and electronic tools, with logic strictly related to the stated purposes and in any case in a manner that guarantees data security and confidentiality. Adequate technical and organisational security measures are adopted to prevent data loss, unlawful or incorrect use, and unauthorised access, including: - Communication encryption (HTTPS/TLS) - IP address anonymisation - Row Level Security (RLS) on the database - Parameterised queries for SQL injection prevention - Honeypot and rate limiting on the contact form - IP address hashing in consent logs
Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected: - Contact form data: maximum 12 months from the request. - Technical navigation logs: maximum 90 days. - Anonymous self-assessment data: retained indefinitely in non-identifiable form. - Cookie consent logs: maximum 24 months. Once the retention periods have expired, data is deleted or irreversibly anonymised.
Personal data is not disclosed or transferred to third parties, except as necessary for the technical operation of the service: - Vercel Inc. (hosting and CDN) - servers located in the EU and USA, transfer based on Standard Contractual Clauses (SCCs). - Supabase Inc. (database) - servers located in the EU. - Google LLC (Google Analytics, only with consent) - transfer based on SCCs and the EU-US Data Privacy Framework. No data transfers to third countries are made outside the safeguards indicated above.
The portal does not carry out any profiling or automated decision-making activities within the meaning of Art. 22 GDPR. The LifeComp self-assessment is a personal reflection tool and does not produce any evaluation, scoring or classification of the user by the Controller.
The portal is not directed at children under 16 years of age. The Controller does not knowingly collect personal data from children under 16. Should it become known that data from a minor has been inadvertently collected, such data will be promptly deleted.
Under Articles 15-22 of Regulation (EU) 2016/679 (GDPR), users have the right to: - Access their personal data (Art. 15) - Rectification of inaccurate data (Art. 16) - Erasure of data (Art. 17) - Restriction of processing (Art. 18) - Data portability (Art. 20) - Object to processing (Art. 21) - Withdraw consent at any time without affecting the lawfulness of processing based on consent given before withdrawal To exercise these rights, please contact the Controller via the contact form or write to privacy@idcert.io. Users also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali - www.garanteprivacy.it).
The Controller reserves the right to modify, update or supplement this policy at any time. Previous versions are available in the Archive section. Changes shall be effective from the moment of publication on the portal.