As Data Controller (hereinafter Data Controller), we want to submits to you this Privacy notice in compliance with Articles 13 and 14 of GDPR 2016/679 to offer you detailed information on the collection and processing of Personal Data. Your Data will be processed with following modalities and for following purposes.
This privacy notice apply only to data related to natural persons and which form part of a filing system or are intended to form part of a filing system.
The privacy policy is provided for professional users. The language is technical because it is supposed to be intelligible and easily accessible to the data subjects.
Don’t hesitate to contact us if you need further informations or plain text explanation.

1. Data processing scope

The Data Controller will process Personal Data voluntary provided by you prior to entering into a contract and for the contract itself.
We will acquire further data from public archives only.

2. Purpose of the Processing

2.1 Contractual purposes

The provided Data will be processed to meet contractual obligations deriving from commercial relationships.
The collected Data will be processed to request offers, to send orders, to provide requested services, to provide goods and to handle all related matters including payment of invoices.
Lawfulness of processing: performance of a contract [art. 6 c.1 lett.(b)].

2.2 Purpose of the Processing to meet legal obligations or EU regulations

The Data will also be handled to complete obligations provided by the law or by EU Regulations for civil, accounting and tax purposes.
For a.m. purposes, the provision of Data is necessary and a failure or a partial or incorrect provision will result in the impossibility for the Data Controller to process your requests and start or continue the business relationship with you.
Lawfulness of processing: compliance with a legal obligation [art. 6 c.1 lett.(c)].

2.3 Business Development

Data will be used to inform you about our new similar services that can be provided to our customers.
Lawfulness of processing: legitimate interests business developing [art. 6 c.1 lett.(f)]. For this purpose, the data subject have the right to object and stop the processing.

3. How we process data

Personal Data are processed whether or not by automated means, in any case in such a way as to ensure the security, integrity and confidentiality of the Data in compliance with organizational, physical and logical measures set forth by the applicable regulations.
All the personnel acting under the authority of the Data Controller will be appointed as authorised to process personal data.

4. Data Retention

The Data provided will be stored as long as it is required by the purpose they have been collected for (performance of the contract). Data will be stored for at least 10 years from the end of the commercial relationship.

5. Data Controller

The Data Controller is:
Tecnofirma S.p.A.
Viale Elvezia, 35
20900 Monza - IT

6. Data Sharing

Communication and dissemination of Personal Data to fulfil the purposes of the processing The Data Controller may disclose Personal Data to data processors or third parties, to whom the communication is necessary to meet legal requirements (By way of example and not of limitation: persons, companies or professional entities that provide assistance, advice or collaboration in accounting, administrative, legal, taxation, financial matters, and in management systems).
Moreover, Personal Data may be communicated to any other data controller or third party, when the communication is mandatory by law or to carry out activities set out in the Regulation.
Data will be shared with and will be processed by data processors:

  1. accountant, Legal and Labour Consultants
  2. ICT consultants and providers
  3. management system consultants
  4. HeS

None of your Personal Data will be subject to diffusion.

7. Data transfer outside the EU

There is no Data transfer outside the EU.

8. Rights

In compliance with Articles 13, paragraph 2, subparagraphs (b) and (d), 15, 18, 19 and 21 of the Regulation, you shall be informed that you have the rights to:

  1. access to your Data;
  2. seek rectification or cancellation of your Data, or obtain restriction of the processing;
  3. object to processing of your Data;
  4. request the portability of your Data;
  5. withdraw your consent, if applicable, without prejudicing the lawfulness of the processing, based on the consent given before the revocation;
  6. lodge a complaint with the supervisory authority (DPA - Garante Privacy).

You can contact the Data Controller for the exercise of your rights at following email address DPO@PRIVACYBYDESIGN.IT

9. Data Protection Officer

The Data protection Officer (DPO) is Christian Bernieri and can be contacted via email at: DPO@PRIVACYBYDESIGN.IT


The Privacy policy is provided to data subject with all available contact points.
It is not necessary to give acknowledgement
It is not necessary to accept the privacy policy
It is not necessary any consent

11. Privacy policy update

Last update: May 25th, 2018

Follow us on: