Information on the processing of personal data pursuant to articles. 13-14 EU Reg. 2016/679

This privacy policy describes the processing operations that Interzero Italy Srl carries out on the personal data of users who interact with the website www.interzero.it (hereinafter the “Site”) (the processing operations performed by Interzero on the personal data of users who interact with the website www.interzero.it are hereinafter referred to as the “Service”), as well as of suppliers and customers who, for various reasons, have an existing contractual relationship with our company (hereinafter the “Contract”).
Online services of companies other than the one listed above are subject to their own data protection information, which can be found on their websites.

Interzero Italy Srl considers the protection and security of your personal data very important, and takes this aspect into account throughout its business activity. In this policy we offer you an overview of all aspects of the Service that are relevant to data protection legislation. In the following sections we will explain:

  • What data we collect when you use the Service or enter into a Contract;
  • With what objectives does Interzero Italy Srl process this data;
  • What are your rights and options regarding the processing of your data;
  • How you can contact us for data protection issues.

1. Data controller

The Data Controller is Interzero Italy Srl, with registered office in Via Messina, 38 – 20154 Milan, (hereinafter the “Company” or the “Data Controller”)

When we use the terms: i ) “we” or “our” in this Privacy Policy, we mean only Interzero Italy Srl; ii ) “you” or “your” we mean the data subject and, therefore, the user or the supplier or the customer, as applicable.

The Data Controller can be contacted at service@interzero.it , or by post, addressed to Interzero, Via Messina, 38 – 20154 Milan.

The processing of personal data is necessary for the proper negotiation/execution of the Contract. Failure to provide such data will prevent the Data Controller from establishing and executing the Contract.

2. Categories of personal data processed

2.1 Automatic collection of access data

The Site can be visited without providing personal data. The only data collected is the access data that is automatically transmitted by our browser. These will include for example your online identification (for example IP address, session ID, device ID), information regarding the web browser and operating system used, the web path through which you are visiting the Site (i.e. if you are visiting our site via a link), information relating to texts, video images etc. that you view on the Site, the choice of language on the browser, any error messages and access times.

2.2 Data communicated through the Site

We collect all the information and data that you communicate to us through the Site (by way of example and not limited to, name, surname, date of birth) and contact data (by way of example and not limited to, e-mail addresses and telephone number). For example, on some pages of the Site, through functions such as the contact form or contact functions, you can send us messages and, in some cases, files (for example PDF documents). The information you provide to us will only be used to handle your request.

Disclosure of your message to another Interzero company or to an external third party will only occur if necessary to process your request (for example, we will disclose your message to another Interzero Group company if the latter is responsible for the management of your request). If you do not want your message to be disclosed to another company, you can state this directly in your message. In this case we will send your message without identifying information (such as your name, customer number or contact details).

The legal basis for this data processing is Article 6 (1) (b) of the GDPR. If you have consented to the disclosure or processing of the data you have provided to us by third parties, the legal basis is Article 6 (1) (a) of the GDPR.

2.3 Data of our suppliers and customers

We collect and process personal data provided by our customers and suppliers as part of the negotiation and/or formalization and/or execution of the Contract, such as that relating to their legal representatives, employees, partners, contacts and points of contact of our customers and suppliers and, more generally, all natural persons with whom our Company will interact for the establishment and execution of contractual relationships. As part of our contractual relationships, we will process the personal data of the aforementioned individuals, such as, but not limited to: identification data (name, surname, date of birth, tax code, residential address), contact details (email addresses and telephone numbers) (hereinafter “common data”).

Only in cases where processing is necessary under applicable law, in order to ascertain the suitability of the supplier and the customer to carry out the activity covered by the Contract, we collect and process judicial data relating to the criminal record certificate and the certificate of pending charges of individuals holding positions that require certain guarantees in terms of integrity and professionalism (hereinafter “special data”).

3. Purpose of the processing

Purpose Categories of personal data Legal basis
1. Perform the Service (by way of example and not limited to: creating your personal profile on the Site; allowing you to use the Site’s features, including requesting information about our Services via the dedicated contact section). Common personal data Processing necessary on a contractual basis (Article 6, paragraph 1, letter b) GDPR)
2. Manage cookies necessary for the Site: Technical cookies are essential for the proper functioning of the Site and are used for the sole purpose of managing various Services related to the Site itself, such as logins. Common personal data Processing necessary on a contractual basis (Article 6, paragraph 1, letter b) GDPR)
3. Fulfillment of regulatory obligations in the execution of the Service and the Contract (by way of example and not limited to, accounting, administrative, tax obligations, relating to the archiving of contractual documents and the regular maintenance of accounting records pursuant to art. 2220 of the Italian Civil Code), possibly also through communication to third parties. Common personal data Processing necessary to fulfill legal obligations to which the Data Controller is subject (art. 6, par. 1 letter (c) GDPR)
4. Conduct contractual negotiations with the supplier and the customer, execute the relevant Contract Common personal data Processing necessary for the performance of the Contract (art. 6(i)(b) GDPR) in relation to the purposes referred to in paragraph 2.3
5. Comply with the obligations arising from applicable legislation, including the legislation on the prevention and fight against money laundering and terrorist financing and the execution of communications to the competent authorities and supervisory bodies and to comply with requests from the same Common and specific personal data Processing necessary to comply with legal obligations (art. 6, par. 1 lett (c) GDPR) with particular reference to the judicial data referred to in paragraph 2.3 within the limits established by law
6. Transmission of communications and commercial information to customers regarding news, promotions and offers relating to the products or services covered by the Contract, or to similar products and services Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6(i)(f) GDPR) to keep customers informed and updated about news relating to their products and services
7. Transmission to customers of communications, invitations and information regarding events, institutional and promotional activities organised by the Data Controller or by third parties Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6(i)(f) GDPR) to involve the customer in activities that go beyond the strict execution of the Contract
8. Response to requests made by administrative, judicial, or public security authorities (by way of example and not limited to, pursuant to Articles 210 of the Italian Code of Civil Procedure and 248 of the Italian Code of Criminal Procedure) Common personal data Processing necessary to fulfill legal obligations to which the Data Controller is subject (art. 6, Apr. 1 letter (c) GDPR)

 
9. Exercise or defense of the Data Controller’s rights in or out of court, or in any case in the context of disputes or controversies (initiated by you, by the Data Controller, by third parties or by judicial or administrative authorities) Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6, par. 1 letter (f) GDPR) and for the exercise of one’s rights (art.17, par.3, lett. (e) GDPR
10. Direct marketing: sending promotional messages to users who have previously purchased or requested more details about a service (for services similar to those previously purchased or requested) Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6 (1) par. 1 letter (f) GDPR)
11. Conducting statistical research/analysis on aggregated or anonymous data, aimed at measuring the functioning of the Service, data traffic, and interactions. Common personal data Processing necessary for the pursuit of the legitimate interest of the Data Controller (art. 6 (1) par. 1 letter (f) GDPR) (Interest of the Owner in monitoring the correct functioning of the Site, data traffic, your interactions with the Site);

 
12. Carrying out activities related to business or business unit transfers, acquisitions, mergers, demergers, or other transformations and for the execution of such operations. Common and specific personal data Processing necessary for the legitimate interest of the Controller (art. 6 (1) par. 1 lett. (f) GDPR) and its counterparties, adequately balanced with the rights of the data subjects in light of the limited operational nature of such processing


4. Treatment methods

Each treatment will be conducted in compliance with the methods set out in the articles. 6 and 32 of the GDPR and through the adoption of the appropriate security measures envisaged.

5. Categories of recipients of the personal data processed:
In order to fulfill the aforementioned purposes, personal data will also be processed by third parties other than the Data Controller.
These subjects will process the personal data both on behalf of the Data Controller (therefore, as managers) and as independent data controllers, upon specific communication from the Data Controller.
Specifically, the following categories of recipients will process personal data:
a) suppliers of products, services or performances necessary for the correct execution of the Service and/or the Contract (by way of example and not limited to, IT service providers, business consultants);
– collaborators, employees and suppliers of the Data Controller, within the scope of their respective duties and/or any contractual obligations with them, inherent in commercial relationships with the Supplier;
– banking institutions for the management of collections and payments arising from the execution of the Contract with the supplier; and
– subcontractors and/or subcontractors engaged in activities related to the performance of the Contract with the Data Controller, as external data controllers;
b) jurisdictional, administrative (including authorities competent in tax matters) and/or public security authorities, with reference to legal or regulatory obligations to communicate personal data or other regulatory obligations;
c) companies belonging to the corporate group to which the Data Controller belongs (parent companies, subsidiaries, affiliates, affiliates), to enable the provision of services or performances necessary for the correct execution of the Contract or to fulfill administrative, fiscal or accounting obligations.
d) third parties and/or bodies responsible for controlling and supervising the Data Controller’s business activities (for example, but not limited to, board of statutory auditors, supervisory body, auditors).

In the event of disclosure of data to our service providers, they are permitted to use it solely to carry out their duties. These service providers are carefully selected by us, and by contract they must follow our instructions, adopt technical and organizational measures suitable for protecting the rights of data subjects. Furthermore, they are monitored regularly.

6. Transfer of data abroad
Personal data will be transferred, outside the European Economic Area, only to countries that ensure an adequate level of protection of the personal data of the interested parties, on the basis of an adequacy decision adopted by the European Commission:
In case of transfer to countries outside the European Economic Area which do not ensure an adequate level of protection of the personal data of the interested parties, the transfer will only take place:
(i) subject to the adoption of appropriate or appropriate guarantees (such as, by way of example and not limited to, the stipulation of data transfer agreements that implement the standard contractual clauses approved by the European Commission);
(ii) if it is necessary for the conclusion of a contract or the fulfillment of contractual obligations between the Customer and the Owner.
In any case, in such eventualities we will take care to provide you, upon your simple request, detailed information regarding the methods of data transfer to third countries, any appropriate or appropriate guarantees adopted and the means to obtain a copy of such data or the place where have been made available.

7. Retention period
Unless otherwise specified in this policy, we will use and retain your data for as long as necessary to fulfill our contractual obligations (for the duration of the Contract, and for a further period of 10 years, in compliance with specific regulatory or statutory provisions) or to fulfill the purposes for which the data is collected.
We will then delete your data immediately, unless we need to retain it until the statute of limitations expires in order to use it as evidence in civil litigation or to comply with the mandatory 10-year retention period.

8. Cookie management
We use our own cookies and third-party cookies on the Site. A cookie is a standardized text file that is stored by your browser for a set period of time. Cookies make it possible to locally store information, such as language settings and temporary identifiers that can be retrieved upon subsequent accesses to the site from the server that set the cookie. In the security settings of your browser you can view and delete active cookies. You can adjust your browser settings as you wish, and thus for example refuse to accept third-party cookies. Please note that in this case you may not be able to use all the functions of the Site.
Our cookies help make your visit to the Site easier and safer.

9. Third-party platforms
Through the Site it is possible to view content from external platforms and interact with them. Below are detailed the third-party cookies that could be used by the Site, as well as the links through which the user can receive more information and request the deactivation of cookies.

Youtube

We use YouTube videos on some pages of the Site. YouTube is a video platform operated by the Google Company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”).

YouTube videos can be viewed directly from the Site. Such videos fall under the “extended data protection mode”, so your data will only be transmitted to YouTube if you view the videos. This data transmission is completely independent of us. For cases where your personal data must be transmitted to the United States, Google and YouTube have adhered to the EU-USA Data Privacy Framework .

When the Site contains YouTube videos, YouTube and Google acquire your access data, and the information that you have visited the relevant page on the Site. This will happen regardless of whether or not you are logged in to YouTube or Google. If you are logged in to Google, your data will be associated directly with your Google account. If you do not want these to be associated with your YouTube profile, you must log out before watching a video. YouTube and Google may use your access data to create usage profiles for the purposes of marketing, market research and for the targeted design of their websites. You have the right to object to the creation of these usage profiles: in this case the objection must be sent directly to YouTube. You will find further information in Google’s Privacy Policy, which also applies to YouTube: https://policies.google.com/privacy?hl=en-US and https://policies.google.com/privacy/frameworks?hl= en-US.

Google Analytics

The Site uses Google Analytics, a web analytics service offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses cookies to collect your login data when you visit the Site. The cookies used by Google Analytics provide for the anonymization of the user IP.

For exceptional cases in which personal data is transmitted to the United States, Google has adhered to the EU-USA Data Privacy Framework . The European Commission has issued an adequacy decision, concluding that the United States ensures an adequate level of protection for personal data transferred from the EU to companies participating in the Framework.

Google will use the information obtained through cookies to evaluate the use of the Site, to draw up reports on their activity and to provide us with further services associated with the Site and the use of the Internet. You will find further information on this topic in the Google Analytics Google Analytics Privacy Policy.

You can object to the aforementioned creation and processing of pseudonymized usage profiles at any time. You have several options available to you:

(1) You can set your browser to block Google Analytics.

(2) You can adjust your Google settings regarding advertising

(3) You can install the opt-out plug-in provided by Google at https://tools.google.com/dlpage/gaoptout?hl=de on your Firefox, Internet Explorer or Chrome browser (this option cannot be used on mobile phones).

The data generated by Google Analytics are stored by Google as indicated in the information available at the following link:
https://policies.google.com/technologies/cookies?hl=it

Google tag manager

The Site uses Google Tag Manager, a service offered by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Tag Manager is used to manage the Site’s tags more efficiently. The tag is a code that is incorporated into the source code of our Site with the aim, for example, of capturing the presence of frequently used elements of the Site (for example the code for the web analysis service). Google Tag Manager works without the use of cookies. The data is partly processed by a Google server in the USA. In the case of personal data transmitted to the United States, Google has adhered to the EU-USA Data Privacy Framework . The legal basis for this operation is Article 6 (1) (f) of the GDPR, based on our legitimate interest in carrying out business on our Site. You will find more information at Google’s Information on Tag Manager.

Google ReCAPTCHA

We include a bot identification function, such as for online form entries (“ReCaptcha”), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://adssettings.google.com/authenticated

Google Maps

We include maps through the Google Maps service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/ , opt-out: https://adssettings.google.com/authenticated .

MyFonts

The Site also uses external fonts, provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA (hereinafter called “MyFonts”). These fonts are inserted through the connection with a MyFonts server. To deliver the font files to your browser, your IP address is transmitted to a MyFonts server when you visit the Site. Additional information (for example, the name of the site visited, the date and time of the request and the type of browser used) could be transmitted to MyFonts. To prevent MyFonts from executing JavaScript code, you can disable JavaScript in your browser or install a JavaScript blocker (https://www.java.com/it/download/help/disable_browser.html ). You will find further information on data privacy at MyFonts on the following link: https://www.myfonts.com/a/font/legal/website-use-privacy-policy).

Leadinfo

The Site uses a lead generation service provided by Leadinfo BV, Rotterdam, Netherlands, which tracks company visits to our website based on IP addresses and displays publicly available information, such as company names or addresses. Leadinfo also places two first-party cookies to provide transparency into how our visitors use our website, and the tool processes the domains from which the input is provided (e.g., “leadinfo.com”) to match IP addresses with companies and improve its services. For more information, visit www.leadinfo.com. You can opt out at www.leadinfo.com/en/opt-out. If you opt out, your data will no longer be used by Leadinfo.

10. Data processing for Linkedin

Interzero uses the social network Linkedin. On this social network we communicate the latest news from Interzero and everything we have done, and we are happy to use the possibilities offered by social networks to communicate directly with their members.

However, it’s important to emphasize that we have no influence on the data processing performed by social networks. Therefore, please carefully consider the type of personal information and messages you send us via social networks and, if in doubt, use other means of contacting us than those we make available. We are therefore not responsible for the conduct of the operators of these social networks and their members.

If you communicate with us through our social media accounts, we will process the information provided to us by the social network in question (for example, your name, page, and the content of messages you send us) in accordance with the purpose for which you sent them (e.g., requested services, suggestions, or criticisms). We will delete the data collected in this way as soon as its storage is no longer necessary, or we will limit its processing if there are statutory data retention obligations. For public posts on our social media accounts, we will decide on a case-by-case basis whether and when to delete them, weighing your interests and ours.

The legal bases for the above data processing depend on the objective of your message.

If it concerns using our customer service, or requesting a service from Interzero, the legal basis will be Article 6 (1) (b) of the GDPR. Otherwise the legal basis will be Article 6 (1) (f) of the GDPR (fair balance of interests based on our legitimate interest in processing your message). If you give your consent to the processing of the above data, the legal basis will be Article 6 (1) (a) of the GDPR.

11. Your rights

You have the right to ask us for access to your personal data, pursuant to art. 15 GDPR.

By exercising the right of access, you can request information about:

  • the purpose of the processing;
  • the categories of personal data in question;
  • the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;
  • where possible, the expected retention period of personal data or, where not possible, the criteria used to determine this period;
  • the existence of the right to ask the Data Controller to rectify or delete personal data or limit the processing of personal data concerning the interested party, or to oppose their processing;
  • the right to lodge a complaint with a supervisory authority;
  • if the personal data is not collected from you, all available information on its origin;
  • the existence of an automated decision-making process, including profiling pursuant to art. 22, paragraphs 1 and 4, of the GDPR and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing towards the interested party.

The following rights are also guaranteed:
a) the right to obtain from the Data Controller the rectification of inaccurate personal data, or the integration of incomplete personal data, pursuant to art. 16 GDPR;
b) the right to obtain from the Data Controller the erasure of personal data, pursuant to art. 17 GDPR. The exercise of this right may not be guaranteed by the Data Controller (or the Data Controller may only partially comply with the requests) to the extent that the processing of the personal data subject to the deletion request is required in compliance with legal obligations or for the establishment, exercise or defense of a right in court;
c) the right to obtain from the Data Controller restriction of processing, pursuant to art. 18 GDPR;
d) within the limits established by law, the right to obtain from the Data Controller the portability of personal data processed on a contractual basis pursuant to art. 6, paragraph 1, letter b) of the GDPR;
e) the right to object to the processing of personal data pursuant to art. 21 GDPR, unless the Data Controller demonstrates, upon receipt of a request in this regard, the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the interested party, or to ascertain, the exercise or defense of a right in court.

The above requests must be addressed to the Data Controller, at the contact details set out in the art. 1 of this information.

The Data Controller will respond to requests without undue delay.

In the event of non-response or negative, non-punctual or unsatisfactory feedback to your requests, you may contact a supervisory authority. Italian citizens, habitually resident or those who work in Italy, or who believe that the alleged violation by the Data Controller regarding the processing of their personal data occurred in Italy, may contact the Italian Data Protection Authority – www.garanteprivacy.it – to obtain adequate protection of their rights.

Citizens of another EU Member State, habitually resident or those who work in another EU Member State, or believe that the alleged violation by the Data Controller with reference to the processing of their personal data has taken place in another EU Member State, can consult the following web page http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for further information about the competent supervisory authority.

You also have the right to complain to the data protection authority. For Interzero Italy Srl this authority is the Guarantor for the protection of personal data, Piazza di Monte Citorio n. 121 – 00186 Rome.

12. Right of withdrawal and opposition

If you wish to exercise your rights of withdrawal and objection as illustrated below, a notification without particular formal requirements sent to the address indicated in the art. 1 of this information.

12.1 Withdrawal of consent

Pursuant to Article 7 (2) of the GDPR, you have the right to withdraw any consent you have given us at any time. We will therefore be unable to continue processing your data based on this consent in the future. Withdrawing your consent will not affect the lawfulness of processing based on consent until its withdrawal.

12. 2 Opposition to data processing

To the extent that we process your data based on legitimate interest pursuant to Article 6 (1) (f) of the GDPR, you have the right, pursuant to Article 21, to object to such processing if there are grounds for objecting arising from your particular situation, or if such objection concerns direct marketing. In the latter case, you have a general right to object, which we are required to uphold even without providing any reasons.

13. Security Measures

We adopt appropriate technical measures to guarantee data security for the Service, in particular to protect your data from the dangers that may arise during its transmission, and so that third parties do not gain knowledge of it in an unauthorized manner. These measures are constantly updated, in light of the latest technological developments. To secure the personal data you have provided on the Site we use the transport layer security (TLS) protocol, which encrypts the information you have entered.

14. Changes to this Data Protection Policy
We will update this policy periodically, for example when the Site is revised, or if the statutory rules or official regulations change.

This document is written in Italian and English. In the event of any discrepancy or divergence in interpretation between the two versions, the Italian version shall prevail.

January 9, 2026