Privacy Policy
MarketLabs S.r.l. ("we", "us", "MarketLabs") operates the Compass platform. We take privacy seriously and are committed to processing personal data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable laws. This Privacy Policy explains how we collect, use, and protect personal data when you visit our website, request a demo, or interact with our services.
Contents
- Who we are
- What personal data we collect
- Why we collect it (purposes and legal bases)
- Who we share it with (recipients and subprocessors)
- International transfers
- How long we keep it (retention)
- Your rights as a data subject
- How we protect personal data (security measures)
- Cookies and similar technologies
- Changes to this Policy
- How to contact us
Section 1. Who we are
The data controller is MarketLabs S.r.l., with registered office at Via delle Quattro Fontane 116, Rome, Italy. VAT and tax code: [TO BE VALIDATED]. Legal representative: [TO BE VALIDATED].
We have appointed a Data Protection Officer (DPO). You can contact our DPO at dpo@marketlabs.io [TO BE VALIDATED — actual DPO contact].
Section 2. What personal data we collect
We collect personal data in three contexts:
Website visitors. When you visit marketlabs.io, we collect: IP address, browser type and version, operating system, pages visited, referring URL, timestamps, and limited cookie-based analytics data (see Section 9).
Demo requests and contact form submissions. When you request a demo or contact us, we collect: name, email address, company name, job title, phone number (if provided), and the content of your inquiry.
Compass platform users (customers and authorized users). When your organization uses Compass, we process personal data submitted to the platform on behalf of our customers. The categories of personal data depend on the customer's use case. Examples include: business contacts (names, titles, emails of prospects, customers, counterparts), meeting transcripts (where the customer chooses to ingest them), interaction history (calendar events, email metadata where the customer chooses to integrate). [TO BE VALIDATED — confirm complete list based on actual product data flows]
Section 3. Why we collect it (purposes and legal bases)
We process personal data for the following purposes, on the following legal bases:
| Purpose | Categories of data | Legal basis (GDPR Article 6) |
|---|---|---|
| Operating the website | IP, browser, navigation data | Legitimate interest (6(1)(f)) |
| Analytics (limited, aggregated) | Cookie-based, see Section 9 | Consent (6(1)(a)) |
| Responding to demo requests | Contact form data | Pre-contractual measures (6(1)(b)) |
| Delivering the Compass service to customers | Platform-submitted personal data | Performance of contract (6(1)(b)) with customer; we act as data processor |
| Marketing communications | Opted-in contacts | Consent (6(1)(a)) — withdrawable at any time |
| Legal compliance | Where required | Legal obligation (6(1)(c)) |
[TO BE VALIDATED — confirm legal bases match actual operations]
Section 4. Who we share it with (recipients and subprocessors)
We share personal data with the following categories of recipients:
Subprocessors. Third parties we engage to deliver the Compass service. [TO BE VALIDATED — provide actual subprocessor list]. Examples may include: cloud hosting providers, LLM providers, data enrichment providers (such as Cerved), email service providers, analytics providers. Each subprocessor is bound by a written contract and processes personal data only on our documented instructions.
Service providers. Auxiliary providers (accounting, legal, IT support) that may incidentally access personal data. [TO BE VALIDATED]
Authorities. Where required by law, we may disclose personal data to competent authorities (tax, judicial, supervisory).
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
Section 5. International transfers
[TO BE VALIDATED] By default, all Compass production processing occurs in EU data centers. We do not transfer personal data outside the EU/EEA except where strictly necessary and with appropriate safeguards (Standard Contractual Clauses, adequacy decisions). Specific subprocessors and any cross-border transfers are documented in our subprocessor list.
Section 6. How long we keep it (retention)
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law:
| Category | Retention period |
|---|---|
| Website analytics | [TO BE VALIDATED — typically 14 months] |
| Demo requests | [TO BE VALIDATED — typically 24 months from last interaction] |
| Customer contracts and related personal data | Duration of contract + legal retention period (typically 10 years for accounting) |
| Customer-submitted platform data | As instructed by the customer; default 30 days post-termination, then deleted |
| Marketing contacts | Until consent withdrawal or 24 months of inactivity |
Section 7. Your rights as a data subject
Under GDPR, you have the following rights:
- Right of access (Article 15): obtain confirmation that we process your data, and a copy.
- Right to rectification (Article 16): correct inaccurate data.
- Right to erasure ("right to be forgotten") (Article 17): request deletion under specific conditions.
- Right to restriction of processing (Article 18): limit processing under specific conditions.
- Right to data portability (Article 20): receive your data in a structured format.
- Right to object (Article 21): object to processing based on legitimate interest.
- Right to withdraw consent (Article 7(3)): for processing based on consent.
- Right to lodge a complaint (Article 77): with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or your local supervisory authority.
To exercise any of these rights, contact us at privacy@marketlabs.io [TO BE VALIDATED]. We respond within 30 days as required by GDPR.
Section 8. How we protect personal data (security measures)
We implement technical and organizational measures appropriate to the risk, including:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Role-based access control with least-privilege principles
- Multi-tenant isolation
- Audit logging of access to personal data
- Regular security reviews and vulnerability assessments
- Staff training on data protection
- Incident response procedures with 96-hour breach notification commitment
See our Security page for detail.
Section 9. Cookies and similar technologies
We use cookies on marketlabs.io. Cookies that are strictly necessary for the website to function do not require consent. All other cookies (analytics, marketing) require your explicit consent.
Our cookie banner allows you to accept all, refuse all, or manage preferences. You can withdraw or change consent at any time via the cookie preferences link in the footer.
Categories of cookies used: [TO BE VALIDATED — actual cookie list]
Note on regulatory evolution: the EU Digital Omnibus (proposed November 2025, partially in adoption 2026) is reshaping cookie consent rules under GDPR Articles 88a-88b. We track these changes and update our cookie practices accordingly.
Section 10. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to active customers and via prominent notice on the website. The "Last updated" date at the top of this page reflects the most recent version.
Section 11. How to contact us
For privacy matters:
- Email: privacy@marketlabs.io [TO BE VALIDATED]
- Postal address: MarketLabs S.r.l., Via delle Quattro Fontane 116, 00184 Rome, Italy
- DPO: dpo@marketlabs.io [TO BE VALIDATED]
For complaints regarding processing of your personal data, you can also contact the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at garanteprivacy.it.