Privacy Policy

Please note that when browsing our website, we may acquire and process some of your personal data in compliance with the regulations on privacy and personal data protection, namely Legislative Decree 196/2003 and Regulation (EU) 679/2006 (GDPR).

Therefore, please be informed that:

  1. Data Controller

The Data Controller is Business Solution S.r.l. – with registered office in Via G. Washington, 59, 20146 Milan, Italy, VAT N. and Tax ID: 05865530967. Contact email info@businessolution.eu

  • Processing, Nature of Data Processed, Purpose, Legal Basis, and Data Retention Period

Browsing Data

Nature of Data Processed: The information technology systems and software procedures used by this website during the course of its normal operation acquire some personal data whose transmission is implicit in the use of Internet communication protocols. These data are anonymous.

This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes: IP addresses, domain names of the computers used by users to connect to the site; the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time when the request is made, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server and other parameters concerning the user’s operating system and computer environment.

Purpose: ensuring the correct operation of the website.

Legal Basis: Article 6, paragraph 1, letter f) of the GDPR: “processing is necessary for the purpose of the legitimate interest pursued by the Data Controller or a third party”. Specifically, both the organisation and users have a legitimate interest in the website working correctly and safely.

Data Retention Period: 6 months.

External Links

Nature of Data Processed: navigation data (see more information above).

Purpose: allowing users to move seamlessly by clicking on third-party websites to find further details, information, or access services provided by third parties.

The website contains links to further information, external services (for example SPID, the digital identity authentication system) and links to other third-party websites.

Users can recognise third-party websites by elements such as the different web design, the opening of a new web page, the appearing of a new cookie banner, on which they will find new information about the processing of their personal data.

Legal Basis: Article 6, paragraph 1, letter f) of the GDPR: “processing is necessary for the purpose of the legitimate interest pursued by the Data Controller or a third party”. Specifically, both the organisation and users have a legitimate interest in accessing new information, which in any case happens as a consequence of a specific action taken by users.

Data Retention Period: 6 months

Data Voluntarily Provided by Users Via Email

Nature of Data Processed: personal details, contact details (e.g.: email address) and other details included in the email or inferable therefrom.

By sending voluntarily emails to the addresses published on the website or to other addresses belonging to this organisation, the receiver automatically acquires the email addresses of the senders, required to reply to their requests, and any other details included in their emails. If the email activates a service or requires further action from our organisation, the initial purpose and legal basis may change, in which case the data processing policy will have to be updated accordingly.

Purpose: managing communications between users and our organisation.

Legal Basis: Article 6, paragraph 1, letter f) of the GDPR: “processing is necessary for the purpose of the legitimate interest pursued by the Data Controller or a third party”. Specifically, both the organisation and users have a legitimate interest in the correct management and processing of all communications.

Data Retention Period: up to 10 years, in line with the time-barring period under Italian Law and the probative value of postal and electronic communications.

Contact Us Form

Nature of Data Processed: personal details, contact details (e.g: email address) and other details included in the field with the request.

Data entered in the above-mentioned fields will be acquired by this organisation and processed exclusively to reply to the specific requests received. If the email activates a service or requires further action from our organisation, the initial purpose and legal basis may change, in which case the data processing policy will have to be updated accordingly.

Purposes: replying to the requests sent by users.

Legal Basis: Article 6, paragraph 1, letter a) of the GDPR: “users have consented to the processing of their personal data for one or more specific purposes”.

Data Retention Period: 6 months.

Cookies

See relevant policy.

  • Purposes of the Processing

Stated in point 2, specified for the different processing activities.

  • Legal Basis of Processing

Stated in point 2, specified for the different processing activities.

  • Data Recipients, Communication and Dissemination of Data

The personal data collected for the purpose of the activities in point 2 will not be disseminated indiscriminately. “Disseminated indiscriminately” refers to the cases in which the number and identity of data recipients is not known (e.g. publication in the media).

Such data may be accessible and/or communicated to subjects inside and outside the organisation, such as:

  • Authorised personnel tasked with managing requests generated by the data processing activities in point 2 (e.g. answering emails).
  • Suppliers appointed in accordance with Article 28 of the GDPR to manage and/or operate the website and/or services connected to the processing activities in point 2 (e.g. software house).
  • Autonomous data controllers (e.g. digital identity management providers).

The updated list of Data Processors and Data Recipients will be made available on request.

  • Non-EU transfers

Data will not be transferred outside the European Union.

  • Data Retention Period

Stated in point 2, specified for the different processing activities.

  • Data Subject Rights

The GDPR (Articles 12-22 of Regulation EU 679/2016) ensures the right of data subjects to ask the Data Controller to access, amend or delete their personal data, oppose or limit their use, and transfer their data to another data controller (portability right).

In the case of processing based on Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), the GDPR ensures the right to revoke consent at any time without prejudice to the processing based on the consent previously given.

To exercise their rights, and for further information, data subjects can contact the Data Protection Officer at the email address provided in point 1 herein.

Data subjects who believe that their rights have been breached may complain to the Data Protection Authority.

  • Optional and Mandatory Data

Users are free to choose not to access the website, however if they do the navigation data (technical and automated data) required for the website to operate will be processed by default.

Users are free to choose not to provide personal data, however this may lead to partial or total inability to access some of the services offered or receive answers to any questions or requests.

  1. Automated decision-making process

Data processing does not include automated decision-making processing or profiling as described in Article 22 of the GDPR.

  1. Other Information

Specific security measures are in place to prevent loss, unlawful and inappropriate use of data and unauthorised access.

Should the company decide to process personal data for purposes other than those for which they were collected, before doing so it will provide data subjects all the information regarding the additional purposes.

This site is registered on wpml.org as a development site.