Skip to main content

Privacy Policy

PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA OF CUSTOMERS AND POTENTIAL CUSTOMERS OF A.I.GEN. ADVANCED INTELLIGENCE GENERATION S.R.L.

pursuant to Article 13 of Regulation (EU) 2016/679
This notice (the “Notice”) is provided pursuant to Article 13 of Regulation (EU) 679/2016 (“GDPR”) in relation to the processing of personal data of customers and potential customers of A.I.Gen. Advanced Intelligence Generation S.r.l. (the “Customers” or “Potential Customers”).

1. Data Controller

The data controller is A.I.Gen. Advanced Intelligence Generation S.r.l., with registered office at Piazza della Repubblica n. 10, 20121 – Milan (MI) (“A.I.Gen.”, the “Company” or the “Parent Company”), parent company of the eponymous group of companies consisting of Hic Mobile S.r.l., Bid Company S.r.l., Kettydo+ S.r.l. and UrbiStat S.r.l. (hereinafter the “A.I.Gen. Group” or simply the “Group”). Depending on the circumstances, A.I.Gen. may act as an independent controller or as a joint controller together with some Group companies, according to specific internal agreements signed with the other Group companies pursuant to Article 26 of the GDPR for the management of a unified Customer Relationship Management, which can be found at the following link.

2. Data collected

The Controller processes your personal data collected through contractual documentation – including the stipulated contract – and interactions that occurred in the pre-contractual phase, also collected through the completion of some online forms or modules, such as identification data (such as name, surname, date and place of birth, Tax Code and VAT number, company name) and contact details (such as address, email and telephone number) and any information contained therein (the “Data”). These are mainly Data necessary to establish contact and evaluate the opportunity to develop commercial and, in general, business relationships; as well as to keep you informed about events and activities of the A.I.Gen. world.

3. Purposes and legal basis of processing

The Data are processed according to the following purposes and legal bases:

3.1. Execution of pre-contractual measures adopted at the request of the data subject and of the contractual relationship

The Data will be processed to create a contact and evaluate the opportunity to establish a commercial relationship with the Company, including through the sending of quotes at the request of the data subject. The provision of Data for the aforementioned purpose is necessary as it is instrumental to the potential establishment of a contractual relationship with the Controller. Any refusal, partial or total, to provide the Data for these purposes will result in the impossibility for the Controller to evaluate the establishment of the contractual relationship. The Data will be processed in order to properly execute the contract with the Controller and, in particular:

  1. to allow effective management of the contractual relationship with the Controller;
  2. to fulfill obligations arising from the contract, such as, for example, for accounting purposes.

The provision of Data for the aforementioned purposes is mandatory and necessary for the correct execution of the above activities. Any refusal, partial or total, to provide the Data for these purposes will result in the impossibility for the Controller to establish and execute the contractual relationship.

3.2. Compliance with legal obligations

The Data may also be processed to allow the Controller to comply with obligations provided by law, by a regulation, by EU legislation or by an order of the Authority. The provision of Data for this purpose is necessary to comply with the legal obligations to which the Controller is subject.

3.3. Legitimate interest

  • Legal protection
    The Data will be processed to exercise the rights of the Controller, for example the right of defense in court. This legitimate interest is to be considered prevalent as it corresponds to a constitutionally guaranteed right and, as such, is socially recognized as prevalent over the interests of the individual data subject. The provision of Data for this purpose is necessary to allow the Controller to defend itself in judicial and extrajudicial proceedings.
  • Informative and promotional communications
    The Data will be processed to allow the Controller to contact Customers for sending individual communications, exclusively by email, of an informative and promotional nature, based on the contractual relationship already established with the same, and concerning products and/or services of the same type as those subject to the sale (Soft Spam), in accordance with the provisions of Article 130, paragraph 4, of Legislative Decree 196/2003 as amended, unless opposed. The legal basis for this processing lies in the legitimate interest of the Controller to maintain and strengthen human and professional relationships established with Customers. Legitimate interest that does not prejudice the rights and freedoms of Customers as it finds its respective balance in the interest and reasonable expectation of Customers to receive information on similar products to those already purchased and on the activity of the Controller.
  • Marketing activities
    The Data may be processed by the Controller to send to Customers and Potential Customers through the channels authorized by them – such as, for example, mail, telephone or electronic communications, such as e-mail – marketing communications, having an advertising, informative and promotional nature of the products and services offered by A.I.Gen. and the Group. The legal basis for this processing is the legitimate interest of the Company to provide a service of updating on its products and activities to Customers and Potential Customers, which is as accurate as possible and in line with the expectations of the data subject. Legitimate interest which, given the reasonable expectation of the data subject and the constitutionally guaranteed interest in free economic initiative, is to be considered prevalent. The data subject can, at any time, object to the sending of such communications through the appropriate unsubscribe link present at the bottom of all communications sent via email, or by contacting A.I.Gen. at the addresses provided in paragraph 7 below. The provision of Data is optional, any refusal will result in the impossibility, even partial, of pursuing this purpose.

3.4 Consent

  • Transfer of data to A.I.Gen. Group companies to allow them to send their own advertising, informative and promotional material communications
    The Data of Customers and Potential Customers may be transferred to A.I.Gen. Group companies and used for sending communications of advertising, informative, promotional material by A.I.Gen. Group companies. The legal basis for this processing is the consent of the Customer or Potential Customer. Consent can always be freely revoked by contacting the Controller at the addresses provided in paragraph 7 below. The provision of Data is optional, any refusal will result in the impossibility, even partial, of pursuing this purpose.

4. Recipients of the Data

The Data will be processed by employees of the Controller, specifically designated as persons authorized to process (such as, by way of example, those in charge of the commercial office, legal office and marketing office), where necessary for the performance of the activities referred to in paragraph 3 above. Furthermore, Personal Data may be communicated to third parties where necessary for the establishment, management, execution and/or conclusion of the contractual relationship with the Controller. In this case, the third-party recipients of the Personal Data – autonomous data controllers or duly designated as data processors – belong to the following categories:

  1. external subjects operating as autonomous controllers such as, by way of example, Authorities and supervisory and control bodies and in general subjects, including private ones, entitled to request the data (such as accounting consultants, legal consultants), Public Authorities that make an express request for administrative or institutional purposes, according to the provisions of current national and European legislation; 
  2. subjects outside the company that provide services to the company and that are useful for its activities (for example: IT service providers for database management including contacts and emails, digital service providers and IT consultants who provide technical assistance to the company, offices that provide payroll services, training institutes, banking and financial intermediaries); these subjects have received a specific appointment as data processors and their names are available upon request to the Controller, using the contact details indicated in the following Paragraph 7.

5. Data retention period

I The Data processed for:

  1. the execution of pre-contractual measures and the contractual relationship to which the data subject is a party are kept for the entire duration of the contractual relationship and for the ordinary limitation period of 10 years provided for by the applicable regulatory provisions;
  2. compliance with legal obligations to which the Controller is subject are kept for the duration provided for by law (10 years for administrative-accounting requirements);
  3. the legitimate interest of the Data Controller, and specifically in the case of judicial litigation, will be kept for the entire duration of the same, until the expiry of the terms of exercisability of appeals and for the purpose of sending commercial communications (including Soft Spam) until the opt-out request by the data subject or for a period of 24 months from the last active contact with the data subject.
  4. Data collected for marketing purposes will be kept for a period not exceeding 24 months from the last active interaction or contractual relationship with the Customer or Potential Customer, after which a request for confirmation of the willingness to continue receiving such treatments will be sent: in case of denial, the Data provided will be deleted; in case of consent, they will be kept and processed for a further period of 24 months.
  5. lthe transfer of data to controlled/controlling companies and/or affiliated to the A.I.Gen. Group, will be kept for a period of time necessary to technically allow the correct transfer of data to third parties and subsequently according to what is regulated in the information that will be issued by each controller.

6. Transfer of data to third countries

The Controller will not make transfers outside the European Union. Should this occur, the Controller will adopt adequate safeguards in accordance with the applicable laws and regulations on personal data protection, in order to ensure that your Data are adequately protected: in particular, such transfers will take place, based on individual cases, after verification of the standard contractual clauses (Standard Contractual Clauses) approved by the European Commission pursuant to Art. 46, par. 2, lett. c) and d) of the GDPR or the binding corporate rules referred to in Art. 47 of the GDPR or, in their absence, by virtue of one of the derogating measures referred to in Art.49 of the GDPR.

7. The rights of the data subject

Customers or Potential Customers, as data subjects (i.e., subjects to whom the Data refer), are holders of rights conferred by the GDPR. In particular, pursuant to Articles 15-22 of the GDPR, data subjects have the right to request and obtain, at any time, access to their personal data, information on the processing carried out, rectification and/or updating of personal data, erasure and restriction of processing. Furthermore, they also have the right to object to processing and to request data portability (i.e., receive personal data in a structured, commonly used format, readable by automatic devices). Finally, data subjects always have the right to withdraw their consent at any time (this, in any case, will not affect the lawfulness of processing based on consent before its withdrawal) and to lodge a complaint with a supervisory authority (in Italy: the Data Protection Authority). The above rights can be exercised at any time, by simple request to the Controller to be transmitted:

  • by post, to the address Viale Vincenzo Lancetti, 43, 20158 – Milan; or
  • to the email address [[email protected]]

The Customer or Potential Customer:

  • Declares to have read the privacy notice on the processing of personal data, pursuant to Article 13 of the General Data Protection Regulation (GDPR); (mandatory)
  • Gives separate and express consent to the processing of personal data represented by the communication by A.I.Gen. to the companies of the A.I.Gen. Group, which will process them as autonomous controllers according to the methods indicated in their respective notices, to receive promotional, commercial and marketing communications from them. (optional)