How personal data is processed on the Decimo public website

The controller for the processing carried out through the public Decimo website is Decimo Srl, via Volla 28, 03030 Piedimonte San Germano (FR), Italy.

This notice applies to the public corporate website and its IT, EN, FR, ES and DE versions. It does not replace the documentation that may apply to separate restricted environments such as configurator or support services.

• data entered voluntarily in contact, commercial, career and newsletter forms;
• attachments transmitted through protected forms, where available;
• technical browsing data, including IP-related request metadata and user agent information;
• consent management data, such as event type, consent version, selected categories, requested path and technical log data;
• data processed by Google reCAPTCHA when a protected form is used;
• optional analytics or marketing data processed only after the relevant consent, including Dealfront / Leadfeeder and Google Ads related data.

• Commercial and contact requests: handled as pre-contractual measures requested by the user or under the controller's legitimate interest to answer incoming communications.
• Career forms and CV submission: handled as pre-contractual measures and under the controller's legitimate interest in evaluating professional profiles.
• Newsletter: processed on the basis of the user's consent.
• Protected forms and website security: processed under the controller's legitimate interest and, where strictly necessary, to ensure the security and integrity of the service.
• Optional analytics and marketing: processed only after the relevant consent has been granted through the cookie banner.

Based on the current repository, the public website may rely on the following external services:

• Google Tag Manager as the technical tag container used client-side with privacy-by-default consent settings.
• Dealfront / Leadfeeder as an optional Analytics provider for B2B traffic analysis and visiting-company intelligence.
• Google Ads as an optional Marketing provider for advertising and remarketing purposes.
• Google reCAPTCHA as a form protection and anti-spam service.
• Brevo as the planned newsletter infrastructure mentioned in the existing project documentation.

Retention periods depend on the type of request, the operational need to manage the relationship with the user and the providers effectively active in production. The project makes it possible to identify the presence or potential activation of services related to Google, Brevo and Dealfront / Leadfeeder, but the final live retention schedule must still be validated against the production setup.

Some of these providers may involve data processing outside the EEA or access from third countries. The applicable transfer mechanisms and safeguards must therefore be confirmed against the live vendor documentation and contractual framework.

The public website uses a self-hosted consent layer based on CookieConsent v3. Before the user grants consent, only necessary cookies and security-related functions should remain active.

When the user grants Analytics consent, the website can emit a dedicated consent event to the dataLayer and attempt to run window.ldfdr.acceptCookie() so that Dealfront / Leadfeeder may set its consent-dependent identifiers.

Consent actions may also be logged server-side through an internal PHP endpoint, including event type, language, requested path, selected categories, IP address and user agent. This log is intended to support accountability rather than profiling.

Users may exercise the rights granted by applicable data protection law, including access, rectification, erasure, restriction, objection and, where applicable, withdrawal of consent for optional processing.

Requests concerning personal data processed through the public website can be sent to info@decimosrl.it. Cookie preferences can also be updated at any time through the Manage cookies link in the website footer.