Privacy Policy
PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA OF CLIENTS AND POTENTIAL CLIENTS OF A.I. GEN. ADVANCED INTELLIGENCE GENERATION S.R.L.
This privacy notice (the “Notice“) is provided pursuant to Sect. 13 of Regulation (EU) 679/2016 (“GDPR“) regarding the processing of personal data of clients and potential clients of A.I.GEN. Advanced Intelligence Generation S.r.l. (“Clients” or “Potential Clients“).
1. Data Controller
The data controller is A.I.GEN. Advanced Intelligence Generation S.r.l., with registered office at Piazza della Repubblica n. 10, 20121 – Milan (MI) (“A.I.GEN.“, the “Company” or the “Parent Company“), parent company of the homonymous group consisting of Hic Mobile S.r.l., Bid Company S.r.l., Kettydo+ S.r.l., UrbiStat S.r.l. and Youthquake S.r.l. (hereinafter the “A.I. GEN. Group” or simply the “Group“). Depending on the circumstances, A.I. GEN. may act as an independent controller or as a joint controller together with some Group companies, according to specific internal agreements signed with other Group companies pursuant to Sect. 26 of GDPR for the management of a unified Customer Relationship Management system, whose essential content is made available to the data subject through a link available in the footer of the Company’s website homepage.
2. Data collected
The Controller processes your personal data collected through contractual documentation – including the executed contract – and interactions occurring in the pre-contractual phase, also collected through the completion of certain forms or modules, including online forms, such as identification data (like name, surname, date and place of birth, Tax Code and VAT number, company name) and contact details (such as address, email and telephone number) and any information contained therein (the “Data“). This mainly consists of Data necessary to establish contact and evaluate the opportunity to develop commercial and general business relationships; as well as to keep you informed about events and activities in the A.I.GEN. world.
3. Purposes and legal basis of processing
3.1. Implementation of Pre-contractual Measures Requested by the Data Subject and Contractual Relationship
The Data will be processed to create contact and evaluate the opportunity to establish a commercial relationship with the Company, including through sending quotes at the request of the data subject.
The provision of Data for the above purpose is necessary as it is instrumental to the potential establishment of a contractual relationship with the Controller. Any refusal, partial or total, to provide Data for such purposes will result in the impossibility for the Controller to evaluate the establishment of the contractual relationship.
The Data will be processed to properly execute the contract with the Controller and, in particular:
- to allow effective management of the contractual relationship with the Controller;
- to execute obligations arising from the contract, such as, for example, accounting purposes.
The provision of Data for the above purposes is mandatory and necessary for the proper execution of the above activities. Any refusal, partial or total, to provide Data for such purposes will result in the impossibility for the Controller to establish and execute the contractual relationship.
3.2. Compliance with Legal Obligations
3.3. Legitimate Interest and Consent
- Legal Protection
The Data will be processed to exercise the Controller’s rights, such as the right of defense in court. Such legitimate interest is considered prevalent as it corresponds to a constitutionally guaranteed right and, as such, is socially recognized as prevailing over the interests of the individual data subject. The provision of Data for this purpose is necessary to allow the Controller to defend itself in judicial and extra-judicial proceedings. - Informative and Promotional Communications
The Data will be processed to allow the Controller to contact Clients for sending individual communications, exclusively via email, of an informative and promotional nature, based on the contractual relationship already established with the same, and concerning products and/or services of the same type as those subject to sale (Soft Spam), in accordance with Sect. 130, paragraph 4, of Legislative Decree 196/2003 as amended, unless opposed. The legal basis for such processing lies in the legitimate interest of the Controller to maintain and strengthen human and professional relationships established with Clients. This legitimate interest does not prejudice the rights and freedoms of Clients as it finds its respective balance in the interest and reasonable expectation of Clients to receive information about similar products to those already purchased and about the Controller’s activity. - Marketing Activities
The Data may be processed by the Controller to send Clients and Potential Clients through their authorized channels – such as mail, telephone, or electronic communications, including email – marketing communications of an advertising, informative, and promotional nature regarding products and services offered by A.I. GEN. and the Group and according to the methods and contents of the joint controllership agreement mentioned above, as well as to streamline internal workflows through the corporate CRM system. The legal basis for such processing is the consent of the data subject to receive updates on products and activities that are as accurate as possible and in line with their expectations. The data subject may, at any time, withdraw their consent to receive such updates through the appropriate “unsubscribe” link present at the bottom of all communications sent via email, or by contacting A.I. GEN. at the addresses provided in paragraph 7 below. The provision of Data is optional; any refusal will result in the impossibility, even partial, to pursue this purpose.
4. Recipients of the Data
The Data will be processed by employees of the Controller, specifically designated as persons authorized to process (such as, by way of example, those in charge of the commercial office, legal office, and marketing office), where necessary for the performance of the activities referred to in paragraph 3 above. Furthermore, Personal Data may be communicated to third parties where necessary for the establishment, management, execution, and/or conclusion of the contractual relationship with the Controller. In such cases, third-party recipients of Personal Data – independent data controllers or duly designated as data processors – belong to the following categories:
- external subjects operating as independent controllers such as, by way of example, Authorities and supervisory and control bodies and in general subjects, including private ones, entitled to request data (such as accounting consultants, legal consultants), Public Authorities that expressly request it for administrative or institutional purposes, according to the provisions of current national and European legislation.
- subjects outside the company who provide services to the company and who are useful for its activities (for example: IT service providers for database management including contacts and emails, digital service providers and IT consultants who provide technical assistance to the company, offices that provide payroll services, training institutes, banking and financial intermediaries); these subjects have received a specific appointment as data processors and their names are available upon request to the Controller, using the contact details indicated in Paragraph 7 below.
5. Data Retention Period
The Data processed for:
- the execution of pre-contractual measures and the contractual relationship to which the data subject is party are kept for the entire duration of the contractual relationship and for the ordinary limitation period of 10 years provided for by applicable regulatory provisions.
- compliance with legal obligations to which the Controller is subject are kept for the duration provided by law (10 years for administrative-accounting compliance).
- the legitimate interest of the Data Controller, and specifically in the case of judicial litigation, will be kept for the entire duration of the same, until the expiration of the terms for exercising appeal actions and for the purpose of sending commercial communications (including Soft Spam) until the opt-out request by the data subject or for a period of 24 months from the last active contact with the data subject.
- marketing purposes will be kept for a period not exceeding 24 months from the last active interaction or contractual relationship with the Client or Potential Client, after which a request for confirmation of the willingness to continue receiving such processing will be sent: in case of denial, the Data provided will be deleted; in case of consent, they will be kept and processed for a further period of 24 months.
- management of the same within the corporate CRM system among A.I.GEN. Group companies will be kept for the entire duration of any contractual relationship established and for the ordinary limitation period of 10 years provided for by applicable regulatory provisions.
6. Transfer of Data to Third Countries
Should this occur, the Controller will adopt adequate safeguards in accordance with applicable laws and regulations on personal data protection, to ensure that your Data are adequately protected: in particular, such transfers will take place, based on individual cases, after verification of standard contractual clauses (Standard Contractual Clauses) approved by the European Commission pursuant to Sect. 46, par. 2, lett. c) and d) of GDPR or binding corporate rules pursuant to Sect. 47 of GDPR or, in their absence, by virtue of one of the derogating measures pursuant to Sect. 49 of GDPR.
7. Data Subject Rights
Clients or Potential Clients, as data subjects (i.e., subjects to whom the Data refers), are holders of rights conferred by GDPR. In particular, pursuant to Sects. 15-22 of GDPR, data subjects have the right to request and obtain, at any time, access to their personal data, information about the processing carried out, rectification and/or updating of personal data, erasure and restriction of processing. Furthermore, they also have the right to object to processing and request data portability (i.e., receive personal data in a structured, commonly used format, readable by automatic devices). Finally, data subjects always have the right to withdraw their consent at any time (this, in any case, will not affect the lawfulness of processing based on consent given before withdrawal) and to lodge a complaint with a supervisory authority (in Italy: the Data Protection Authority)
The above rights may be exercised at any time, by simple request to the Controller to be transmitted:
- by mail, to the address Piazza della Repubblica n. 10, 20121 – Milan; or
- to the email address [email protected]