Privacy policy
PRIVACY AND SECURITY INVESTIGATION NOTICE
Pursuant to Articles 13 and 14 of EU Regulation 2016/679
This document provides information to all individuals who, having commercial relationships with IDI EVOLUTION S.r.l., provide personal data to the company. Users are hereby informed that EU Regulation 2016/679 (hereinafter “GDPR”) on the protection of natural persons regarding the processing of personal data and the free movement of such data ensures the protection of individuals’ personal data as a right recognized by European law.
Data Controller
The Data Controller is IDI EVOLUTION S.r.l. (hereinafter “IDI Evolution” or the “Controller”), VAT and tax code 03221450962, with registered office at Largo Esterle 4, 20900 Monza (MB) – PEC: idievolution@pec.idievolution.it, represented by the pro tempore Legal Representative.
Types of Data Processed
Within its activities, the company will process only personal data strictly necessary for the purposes listed below, in compliance with the minimization principle (Article 5.1(c) GDPR) and the privacy by design principle (Article 25 GDPR). Processing will also respect the principles of fairness, lawfulness, and transparency, safeguarding the confidentiality and rights of clients.
Personal data processed concern website users, clients, and suppliers and include common types (e.g., identifiers, contact, and navigation data). Processing allows the Controller to achieve the following purposes:
| Purpose of Processing | Legal Basis | Retention Period |
|---|---|---|
| Management of communications/messages sent via the contact form | Explicit consent [Art.6.1(a) GDPR + EDPB Guidelines 5/2020 on consent] | 2 years from last exchange or quote if the client remains potential; 10 years after contract conclusion, unless a legal dispute arises |
| User subscription to periodic newsletter | Explicit consent [Art.6.1(a) GDPR + EDPB Guidelines 5/2020 on consent] | Until consent is withdrawn |
| Access to the “Client Area” via the ALFRED management system | Execution of ALFRED license contract [Art.6.1(b) GDPR] | Duration of the contract unless a legal dispute arises |
| Request for demonstration of ALFRED system | Explicit consent [Art.6.1(a) GDPR + EDPB Guidelines 5/2020 on consent] | Duration of the contract unless a legal dispute arises |
| Statistical analysis of website usage via cookies and tracking tools | - Explicit consent via cookie banner - Legitimate interest to generate target audiences for advertising [Art.6.1(f) GDPR] or to promote services via email to actual clients [Art.130.4 Italian Legislative Decree 196/2003]; - Explicit consent through form submission |
As long as required by consent or legitimate interest |
| Implementation of specific management systems (e.g., privacy) | Legal obligations [Art.6.1(c) GDPR] | Example: 3 years from the date in the official record, unless updated |
| Ensuring adequate ICT system security | Legitimate interest [Art.6.1(f) GDPR] | As required by law or for maintenance and technical support purposes |
| Defense of the company’s legal rights in disputes (civil, administrative, criminal, pre-litigation, conciliatory) | Legitimate interest [Art.6.1(f) GDPR] | Until dispute resolution plus 5 years |
Upon expiration of these periods, personal data contained in documents or commercial correspondence will be destroyed or deleted. If a dispute arises that requires extended retention of data, storage is justified until the final resolution of the dispute.
Methods of Processing
IDI Evolution processes personal data provided via paper and electronic means strictly for the stated purposes, ensuring security and confidentiality.
Mandatory Nature and Consequences of Refusal
Providing personal data is not mandatory; however, without such data, it is impossible to meet user requests or fulfill legal obligations arising from commercial relationships.
Recipients of Personal Data
Personal data will be processed by authorized personnel trained under Article 29 GDPR. To comply with legal obligations or for promotional activities, IDI Evolution may share personal data with third-party recipients, some acting as Data Processors under Article 28 GDPR. Categories include:
-
External accounting/tax/legal consultants
-
External management system consultants (e.g., privacy)
-
ICT service providers for system maintenance and protection
-
Digital marketing service providers
-
Website management and support service providers
-
Social media platforms for promotion and communication (Facebook, LinkedIn, Instagram, YouTube)
International Transfers
Data may be transferred outside the EU, specifically to the USA. Please refer to the IDI Evolution cookie policy for details.
Automated Decision-Making and Profiling
Some user data (e.g., social media profiles) may be used for profiling to deliver personalized messages. This does not constitute fully automated decision-making under Article 22.1 GDPR. Users retain the right to object under Article 21 GDPR.
Data Subject Rights
Under Articles 15–21 GDPR, users have the right to:
-
Withdraw consent at any time
-
Access their data
-
Rectify or erase data
-
Data portability
-
Restrict processing
-
Object to direct marketing based on legitimate interest
Requests should be sent to info@idievolution.it. At the end of the retention period, data will be deleted or anonymized, and rights to access, delete, rectify, or portability will no longer apply.
Users may also lodge a complaint with the Data Protection Authority if they believe their data is being misused: https://www.garanteprivacy.it/diritti/come-agire-per-tutelare-i-tuoi-dati-personali/reclamo.