This Privacy Policy, provided pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), contains information regarding the processing of the user’s personal data provided while browsing the website and through the completion of online forms, including those relating to contact requests and/or requests for a free consultation, as further described below.
Privacy Policy
Information on the Processing of Personal Data
1. Who is the Data Controller and the DPO?
The Data Controller is Italiaonline S.p.A., with registered office at Via del Bosco Rinnovato 8, 20057 Assago (MI), Italy (hereinafter “Italiaonline” or the “Data Controller”), and may be contacted by e-mail at info@italiaonline.it.
The Data Controller has appointed a Data Protection Officer (“DPO”) in accordance with Articles 37 et seq. of the GDPR, who may be contacted through the dedicated contact form.
2. What categories of data do we process?
When the user visits the website or uses the services available through it, Italiaonline automatically processes the following personal data:
Browsing data
The IT systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified individuals; however, by its very nature, it could, through processing and association with data held by third parties, enable users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful completion, error, etc.), and other parameters relating to the user’s operating system and IT environment.
In addition, Italiaonline collects further browsing data through cookies in accordance with the Cookie Policy.
Data voluntarily provided by website useers and visitors
Italiaonline may process the following personal data voluntarily provided by users by completing online forms, including:
• identification and contact data (e.g. first name, last name, VAT number, e-mail address);
• username and password for accessing the restricted customer area dedicated to the management of Italiaonline products;
• any other data voluntarily provided directly by the user.
It is not necessary to provide personal data such as health-related data, judicial data, data revealing racial or ethnic origin, or trade union membership as referred to in Articles 9 and 10 of the GDPR, as Italiaonline does not process such special categories of data for the purposes described below.
3. How are your data processed?
Your data are processed using IT and telematic tools and are protected through appropriate security measures designed to ensure their confidentiality and integrity.
In particular, Italiaonline has adopted and continuously implements suitable organisational measures (allocation of roles and responsibilities in carrying out activities and controls), procedural measures and technical measures to protect your data against loss, theft, as well as unauthorised use, disclosure or alteration.
4. What are the purposes and legal bases of the processing?
Personal data are processed for the following purposes:
1) enabling navigation of the website and providing the requested functionalities;
2) carrying out anonymous statistics regarding the use of the website;
3) allowing access to the restricted area reserved for customers who have purchased Italiaonline products and services;
4) responding to requests to join the Easybid network submitted through online forms.
The legal basis for the above processing activities is the performance of a contract to which the user is a party or the implementation of pre-contractual measures taken at the user’s request. In such cases, the provision of personal data is necessary. Failure to provide such data may make it impossible to provide the requested service.
Personal data are also processed for the following purpose:
5) establishing, exercising or defending legal claims in judicial or extrajudicial proceedings.
The legal basis for the above processing activity is the legitimate interest of Italiaonline.
Finally, personal data are processed for the purpose of complying with legal obligations, regulatory requirements and requests from competent authorities.
The legal basis for this processing activity is compliance with a legal obligation to which Italiaonline is subject. The provision of personal data for this purpose is necessary in order to allow Italiaonline to comply with applicable legal and regulatory obligations and requests from competent authorities.
5. To whom may your data be disclosed?
Italiaonline may disclose personal data to external parties acting as data processors.
In such cases, Italiaonline regulates the processing activities through a data processing agreement pursuant to Article 28 of the GDPR, under which specific instructions regarding the processing of personal data are provided to the data processor.
Personal data may be disclosed to the following categories of recipients:
• persons, entities or authorities to whom the communication of data is mandatory by law or by order of competent authorities;
• parties delegated and/or authorised by the Italiaonline Group to perform activities strictly related to product management.
Should the user wish to receive further information regarding the list of recipients, a request may be sent to info@italiaonline.it
6. How long do we retain your data?
Italiaonline retains personal data for the period necessary to achieve the purposes for which they were collected or for any other related legitimate purpose, in accordance with the storage limitation principle set out in Article 5(1)(e) of the GDPR.
Where personal data are processed for two different purposes, Italiaonline retains such data until the purpose with the longer retention period ceases and subsequently anonymises, aggregates or deletes the data.
As a general rule, personal data processed for the purposes referred to under points 1 to 3 above are retained for the duration of the relationship and for no longer than ten (10) years after its termination, except where longer retention periods are required in connection with disputes or requests from competent authorities.
Personal data processed for the purpose of managing requests to join the Easybid network are retained only for the period strictly necessary to handle such requests.
Where it is necessary to process data for the purpose of protecting legal rights, the data shall be retained for the period during which claims and/or actions may be pursued by law, namely throughout the pre-litigation and litigation phases and until the expiry of any applicable appeal periods.
Data processed for compliance with legal obligations are retained for the period prescribed by law for each specific category of data.
7. Are data trasferred abroad?
Italiaonline stores data on servers located within the European Union.
Should it become necessary, for the purposes indicated above, to transfer personal data outside the European Union to countries for which the European Commission has not issued an Adequacy Decision, Italiaonline undertakes to adopt and guarantee adequate levels of protection and safeguards, including contractual safeguards, in accordance with applicable regulations, including the execution of Standard Contractual Clauses pursuant to Article 46(2)(c) of the GDPR, supplemented where necessary by technical, legal and organisational measures designed to ensure a level of protection equivalent to that guaranteed within the European Union.
Should the user wish to receive further information regarding the safeguards implemented and request a copy thereof, a request may be sent to info@italiaonline.it.
8. What are your rights?
At any time, you may exercise the rights provided for under Articles 15 to 21 of the GDPR by writing to Italiaonline, Via del Bosco Rinnovato 8, 20057 Milanofiori Nord, Assago (MI), Italy, or by sending an e-mail to info@italiaonline.it.
You have the right to:
• Access – obtain confirmation as to whether personal data concerning you are being processed and request a copy thereof;
• Rectification – request the correction of your personal data;
Erasure – request the deletion of your personal data;
• Restriction – request the restriction of processing in the cases provided for by law;
• Objection – object to the processing on legitimate grounds;
• Data Portability – receive a copy of your personal data in electronic format;
• Complaint – lodge a complaint with the competent supervisory authority (Italian Data Protection Authority www.garanteprivacy.it) in the event of a breach of personal data protection legislation.
9. Amendments and updates
This Privacy Policy may be amended from time to time, including as a result of the entry into force of new sector-specific legislation, updates to or provision of new services, or technological developments.
Users are therefore invited to review this page periodically.
Last updated: June 2026