Aspetto

Legal notice

Privacy & Cookie Policy

This page explains how FridaWebinar processes personal data through the website, webinar landing pages, registration forms, live or replay access flows, certificate management, service communications and tracking tools.

The policy is structured to cover both webinars organized directly by I.D.R.A. S.r.l. and webinars managed by third-party organizers using the FridaWebinar platform.

When a specific webinar is organized by a third party, this notice complements the organizer's own privacy notice, which remains the reference document for purposes directly connected to that event.

1. Data controller

For the processing activities described in this notice, the data controller is I.D.R.A. S.r.l.

I.D.R.A. S.r.l.

Via Paolo Emiliani Giudici 25 - 93100 Caltanissetta, Italy

VAT no. 02078580855

Privacy e-mail: commerciale@fridasmart.it

2. Data Protection Officer (DPO)

The formally appointed Data Protection Officer may be contacted for matters concerning the processing of personal data and the exercise of GDPR rights.

Dr. Calogero Furnari

E-mail: dott.calogerofurnari@gmail.com

Phone: 3470092491

3. Scope and privacy roles

FridaWebinar may operate in different scenarios and, as a result, the privacy roles may vary depending on the webinar or service involved.

  • When the webinar is organized directly by I.D.R.A. S.r.l., the company acts as data controller for the data collected through the platform.
  • When the webinar is organized by a third party identified on the landing page or in event communications, that party will generally act as data controller for registrations, attendance management, participant communications and any related certificate issuance.
  • For the services delivered to the organizer, I.D.R.A. S.r.l. may act as data processor pursuant to Article 28 GDPR.
  • I.D.R.A. S.r.l. may also process certain data as an independent controller for platform security, technical logging, abuse prevention, regulatory compliance, protection of its rights and service continuity.

4. Categories of personal data processed

Depending on the services used, FridaWebinar may process several categories of personal data required to deliver webinars and related services.

  • Identification and contact data: name, surname, e-mail address, phone number, company, professional role and any additional form fields.
  • Webinar registration data: registration date, registration status, registration source and personal access link.
  • Attendance data: live or replay access, viewing status, operational attendance tracking, last activity and data required for certificate workflows.
  • Certificate-related data: information declared by the user, attendance data and data contained in issued or verified certificates.
  • Technical and navigation data: IP address, user agent, session identifiers, application logs and security logs.
  • Consent-related data: privacy consents, marketing consents, profiling consents, cookie preferences, revocations and objections.

5. Purposes of processing

  • Managing webinar registrations and access to the related digital journey.
  • Sending personal access links, reminders, OTP codes and service communications.
  • Allowing access to live sessions, replay content, supporting materials and certificate areas, where available.
  • Managing technical, organizational or administrative support requests.
  • Verifying attendance, eligibility and requirements for certificates or related documents.
  • Complying with legal, regulatory, tax, accounting or authority requirements.
  • Ensuring platform security, operational integrity, service continuity and prevention of unlawful use or unauthorized access.
  • Sending informational, promotional or commercial communications, where consent is required and obtained.
  • Carrying out profiling, segmentation and communication personalization, where consent is required and obtained.
  • Producing internal statistics and aggregate measurements on the use of content and services.

7. Nature of data provision

Providing the fields marked as mandatory in registration forms is necessary to complete the registration, access the webinar, receive service communications or obtain any related certificate.

Failure to provide the necessary data may prevent the requested service from being delivered. Providing data for marketing, profiling and non-technical tracking purposes is optional.

8. Processing methods

Data is processed through IT, telematic and, where necessary, organizational tools, in accordance with the principles of lawfulness, fairness, transparency, minimization, accuracy, integrity and confidentiality.

Appropriate technical and organizational measures are implemented to protect data from unauthorized access, loss, unlawful disclosure, destruction, alteration or misuse.

9. Webinar attendance and participant visibility

FridaWebinar is configured so that participants or viewers do not appear publicly within the webinar through the platform, neither during the live session nor during the replay.

The platform still processes the data strictly necessary for event operations, such as registration, access, attendance, replay and certificate workflow data.

10. Marketing communications

Subject to consent, contact data may be used to send informational, promotional or commercial communications about webinars, events, services, educational content or initiatives related to FridaWebinar or the relevant organizer.

Consent is optional and may be withdrawn at any time, without affecting the lawfulness of processing carried out before withdrawal.

11. Profiling

Subject to consent, personal data and interaction data related to content, webinars, campaigns or landing pages may be used for segmentation, preference analysis and communication personalization.

At present, these activities are not used to make solely automated decisions producing legal effects or similarly significant effects under Article 22 GDPR.

12. Cookies and other tracking tools

FridaWebinar uses cookies and similar technologies for technical purposes and, where enabled, also for statistical, analytical, marketing, profiling and performance measurement purposes.

Depending on the active configuration, services such as Google Analytics 4, Meta Pixel, LinkedIn Insight Tag, Hotjar, PostHog and a CMP platform for consent management may be involved.

  • Technical and session cookies required for the website and platform to function.
  • Analytical and statistical tools used to measure traffic, browsing behavior and performance.
  • Marketing and advertising tools used for campaign measurement, remarketing and conversion tracking, when enabled.
  • Heatmapping, session analysis and product analytics tools, when enabled.

Technical cookies

Technical cookies are used to enable navigation, keep sessions active, manage security and provide the services explicitly requested by the user. Consent is not required for these tools, while an information notice remains mandatory.

Analytics, marketing and profiling

Non-technical cookies and tracking tools are used only after consent has been collected, where required by applicable law.

Users may accept, refuse or modify their choices at any time through the cookie banner, the CMP or any tools made available by the platform. Preferences may be requested again in the situations allowed by the applicable guidelines, for example after relevant changes or after the applicable period has elapsed.

13. Video platforms, vendors and transfers outside the EEA

Third-party integrations or services may be used to deliver webinars, communications or content. Interacting with those services may also involve processing governed by their own privacy and cookie notices.

Using certain technology or marketing providers may involve transferring personal data to countries outside the European Economic Area, including in some cases the United States. Where this happens, transfers will be handled in accordance with Articles 44 and following of the GDPR through the applicable safeguard mechanisms.

  • Brevo for operational e-mails, OTP messages and marketing communications, where permitted.
  • StreamYard, Vimeo and YouTube for streaming, replay delivery and video content management.
  • Google Analytics 4, Meta Pixel, LinkedIn Insight Tag, Hotjar, PostHog and other analytics or measurement tools, when enabled.

14. Data recipients

  • Webinar organizers, where they act as controllers for the relevant event.
  • Providers of technical services, cloud services, hosting, maintenance, security and application support.
  • Messaging, e-mail and automation providers, including Brevo.
  • Streaming, video hosting and replay providers, including StreamYard, Vimeo and YouTube.
  • Analytics, advertising, heatmapping, product analytics and CMP providers, when enabled.
  • Consultants, professionals and parties assisting the controller with legal, organizational, tax, accounting or technical matters.
  • Authorities, public bodies or parties legally entitled to receive the data due to legal obligations or to protect the controller's rights.

15. Retention periods

Personal data is retained for no longer than necessary in relation to the purposes for which it is collected, unless a longer period is required by law, by evidentiary needs or to protect the controller's rights.

  • Registration, attendance, webinar access, replay, support and operational management data: up to 24 months from the event or from the last relevant interaction.
  • Data processed for marketing purposes: up to 24 months from consent collection or from the last useful positive interaction.
  • Data processed for profiling purposes: up to 12 months from collection or from the last useful record.
  • Data related to certificates, verification activities and related documentation: up to 10 years.
  • Administrative, tax and accounting data or documents: up to 10 years or for any longer period required by law or applicable audits.
  • Technical, application and security logs: ordinarily up to 12 months, unless longer retention is necessary for legal obligations, documented security needs or legal defense.
  • Cookie preferences and consent records collected through the CMP: for the period consistent with the adopted technical configuration and in any case in line with applicable law and guidelines.

16. Data subject rights

Where provided for by the GDPR, the data subject may exercise the rights of access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interest and withdrawal of consent at any time.

The data subject may also object at any time to the processing of personal data for direct marketing purposes.

Privacy e-mail: commerciale@fridasmart.it

DPO: dott.calogerofurnari@gmail.com

17. Complaint to the supervisory authority

The data subject has the right to lodge a complaint with the Italian Data Protection Authority, without prejudice to any other administrative or judicial remedy provided by law.

www.garanteprivacy.it

18. Minors

FridaWebinar is not intended for individuals under 18 years of age. The services are designed for adult users, professionals, companies, institutions and organizations.

19. Policy updates

This Privacy & Cookie Policy may be updated over time for legal, organizational, technical or functional reasons. If relevant changes are made, the updated version will be made available through the platform or the related websites.