Commercial Privacy


Dear Customer,
We inform you that European Regulation No. 679 of April 27, 2016, on the processing of personal data, provides for the protection of individuals concerning the processing of personal data. Personal data may directly refer to your organization if it is an individual or sole proprietorship, or it may consist of information related to individuals who represent, belong to, or are otherwise connected in any way to your organization if it is a corporation or another public or private entity.

The company ETATRON D.S. SPA (hereinafter also referred to as the "COMPANY") provides you with the aforementioned information pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter also referred to as "GDPR"), in compliance with the principles of fairness, lawfulness, transparency, and confidentiality, subject to changes and adaptations necessary following national, European, and/or measures by control authorities subsequent to the publication of this document.

We kindly ask you to acknowledge this information by signing and returning the document.

1. Identification details of the Data Controller and DPO
The Data Controller for your data is ETATRON D.S. SPA, located at VIA DEI RANUNCOLI N. 53, 00134 ROMA (RM), VAT No. 06632160583, Tax ID 01585941006, Tel. 06.9349891, PEC: email: , represented by its legal representative pro tempore.
Data Protection Officer (DPO)
The Data Protection Officer of the COMPANY can be contacted at the following addresses: Email: PEC:

2. Origin of personal data
Personal Data collected and subject to processing are provided by the Customer to present our commercial offer and consequently finalize your purchase order and execute it, including administrative practices related to the fulfillment of the order itself. The data of potential customers (hereinafter "Prospects") are collected in the pre-contractual phase, when a quote is requested or the intention to receive commercial information, newsletters, and marketing information is expressed.

3. Nature of the processed data
The processing covered by this information concerns common personal data such as, for example, company name/personal data, tax code/VAT number, telephone number, email address, IBAN.

4. Purposes of processing:
Personal data are collected and processed for the following purposes:
(a) pre-contractual purposes: to respond to requests made by the Prospect and/or the Customer and for any other activity instrumental to the knowledge, subscription, and/or activation of the Services offered by the COMPANY;
(b) contractual purposes: for the sale of products and services; for the formulation of an offer and the execution of the contract; for the technical, administrative, and accounting management of complaints and disputes; for sending information and service communications;
(c) fulfillment of obligations under community and national regulations, including laws, regulations in force from time to time, and measures also issued by legitimately authorized Authorities, as well as for purposes related to the ascertainment and repression of crimes;
(d) purposes related to the contract and relating to the monitoring of the course of relations with customers and the control of credit and fraud risks connected to contractual performance. To proceed with the sale of certain products or services, some personal data from public archives or records relating to any protests, registrations, or prejudicial transcriptions (such as foreclosures, bankruptcy proceedings, seizures, mortgages, judicial requests) and data on inspections and balance sheets may be used. Such data are acquired through access to the information systems of authorized companies and are processed, where necessary, exclusively for the purpose of verifying reliability and punctuality in payments. The COMPANY may also process information about the status and punctuality of the Customer's payments for services provided in the past: once acquired by the COMPANY, this information will be stored and processed to protect the COMPANY's credit rights for the evaluation of any further adhesions and/or contractual proposals to be subscribed by the Customer;
(e) direct marketing purposes: for sending advertising, direct sales, commercial communications related to the Products and/or Services offered by the Company. This activity may be carried out, subject to explicit consent, by sending advertising/informative/promotional material to both Customers and Prospects and/or invitations to participate in initiatives carried out through "automated" contact systems (such as SMS and/or MMS, phone calls without operator intervention, email, fax, interactive applications);
(f) indirect marketing purposes: for sending advertising material, commercial communications by third parties regarding products and/or services offered by the COMPANY and the represented Brands as described in the following point 7 – “Communication to third parties for marketing purposes.” This activity may be carried out, subject to explicit consent, by sending advertising/informative/promotional material to both Customers and Prospects and/or invitations to participate in initiatives carried out through "automated" contact systems (such as SMS and/or MMS, phone calls without operator intervention, email, fax, interactive applications);
(g) profiling purposes: to profile the Customer, subject to explicit consent, in relation to purchasing habits and tendencies in the sector, in order to improve the services offered by the company.

5. Methods and logic of processing
The processing of data is carried out by the COMPANY both using manual tools and using electronic and automated means. Data processing will be carried out with organizational and processing logics related to the purposes of this information, however, in a way that ensures the security and confidentiality of the data. Specifically, the data will be stored in servers protected against theft or alteration by specific storage and computer security systems.

6. Storage times
Personal data will be processed by the COMPANY for the entire contractual duration and also subsequently to assert or protect its own rights. These data may also be processed after the termination of the contract signed with the COMPANY:

  • for a maximum period of 24 months for the purposes referred to in point 3 lett. e) and f);
  • for a maximum period of 12 months for the purposes referred to in point 3 lett. g)
    against which the Customer/Prospect may always object in the manner indicated in point 9. After this period, the data may be processed exclusively for administrative and/or legal purposes (e.g., in the event of offenses such as fines, damages, thefts, etc.) and to fulfill obligations arising from the current applicable regulatory and normative framework. Upon the completion of the necessary period for the aforementioned purposes, the data will be deleted.

7. Categories of Entities to Whom Data May Be Disclosed:
To pursue the above-mentioned purposes, the COMPANY may need to communicate the personal data of Customers/Prospects to third parties in Italy to duly execute contracts, comply with legal obligations, or perform activities instrumental to the provision of requested services. These entities belong to the following categories:
(a) Public authorities and supervisory bodies when required by specific legislative, regulatory, and authorization provisions;
(b) Entities acting on behalf of the COMPANY performing technical or organizational tasks; entities providing support or services instrumental to the execution of contracts; entities carrying out the acquisition, processing, and elaboration of data necessary for the use of services for Clients; entities providing services for the management of the COMPANY's technological infrastructure; entities involved in the transmission, packaging, transport, and distribution of communications to the Customer; entities engaged in customer assistance activities (e.g., call centers); entities involved in archiving and data entry activities; studios and companies in the context of assistance and consulting relationships, including legal ones; entities performing control, review, and certification of activities carried out by the COMPANY, also in the interest of its Customers and users; factoring companies, credit institutions or banks, and companies issuing credit cards; insurance companies; leasing companies; service companies entrusted with the management, settlement, and payment of any claims;
(c) External companies operating in the credit recovery sector, including payment deferrals, when permitted by current legislation, for the purposes of preventing and controlling the risk of insolvency, fraud control, and credit protection, for which external data processors may be appointed.
All employees, consultants, collaborators, and/or any other "natural person," as per Article 4, letter 10 of the GDPR, performing their activities based on instructions received from the COMPANY are designated as "authorized subjects for processing." The COMPANY provides appropriate operational instructions to Controllers and authorized subjects, with particular reference to the adoption of technical and organizational measures suitable for ensuring the confidentiality and security of data.

8. Communication to Third Parties for Marketing Purposes:
The personal data of the Customer/Prospect, with prior express consent, may also be communicated for the purposes outlined in section 3, letter f), to the following entities: a) Parent Companies, b) the network of agents, c) telemarketing companies.

9. Nature of Consent and Legal Basis
The provision of personal data by the Customer is necessary for the conclusion and execution of contractual relationships, to fulfill legal obligations, or for legitimate interests as specified for the purposes described in point 3 letters a), b), c), and d) (in accordance with Art. 6 letters b), c), and f) GDPR). Any refusal would make it impossible for the COMPANY to proceed with the execution of the stipulated contract.
With regard to the purposes of processing as described in point 3, letters e), f), and g) of this Information, consent to the processing of data by the Customer/Prospect is instead optional and always revocable. The Company may send commercial communications to the Customer/Prospect regarding products and/or services similar to those already provided, using the email address provided on those occasions, to which the Customer/Prospect may object using the methods indicated in point 11.

10. Rights of the Data Subject
Pursuant to Articles 15 and following of EU Regulation 2016/679, the data subject is granted the exercise of specific rights against us. In particular, the data subject may:

  • Obtain confirmation of the existence of personal data concerning them, even if not yet recorded, and access to the same data and their origin, as well as the purposes, retention periods, processing methods, and the logic applied in case of processing carried out with automated tools;
  • Revoke any consent given concerning the processing of specific data, without prejudice to the lawfulness of the processing carried out up to that moment;
  • Receive the personal data processed in a structured, commonly used, and machine-readable format, and, unless technically unfeasible, transmit the data directly to another Data Controller;
  • Obtain the erasure, transformation into anonymous form, or blocking of data that do not require retention in relation to the purposes for which the data was collected and processed;
  • Obtain the update, rectification, and integration of the processed data;
  • Object, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection;
  • Lodge a complaint with the supervisory authorities.

It is specified that the exercise of these rights must not prejudice or violate the rights and freedoms of others. You may exercise these rights at any time by writing by mail to the addresses indicated in point 1 of this information.

Download Complete Commercial Information