Privacy Policy
Privacy Policy
Last Update: 09.01.2025
What is this document? Through this privacy policy drawn up pursuant to art. 13 of the Regulation EU n. 679/2016 ("General Data Protection Regulation" or "GDPR") and in compliance with the principles contained therein, Data Valley Consulting s.r.l. intends to inform each user ("the Data Subject") of the processing of personal data collected through the website datavalley.it ("the Website")
Data Controller and Contact Details
Data Valley Consulting s.r.l. (hereinafter "Data Controller", for the purposes of Article 4(7) GDPR) with registered office in Piazza del Duomo 20, 20122 Milan info@datavalley.it
Purpose of processing, Legal basis, Personal data processed and Retention period
The Data Controller acquires personal data for the following purposes, as specified below, where the legal basis and duration of data processing are also highlighted.
| Purpose | Personal data | Legal basis | Retention period |
|---|---|---|---|
| A. Contact | Personal details (First name, surname) / Contact information (Email address, telephone number) | Execution of pre-contractual measures [Art. 6, 1, lett. b) GDPR] | For the period necessary to provide a response to the Data Subject. |
| B. Send newsletters | Personal details (First name, surname) / Contact information (Email address) | Consent [Art. 6, 1, lett. a) GDPR] | Until the withdrawal of consent and no later than 24 months from the date of last contact. |
| C. Selection and hiring of candidates for a job position. | Personal details (First name, surname) / Contact information (Email address, telephone number) / Professional informations (CV) | Execution of Pre-contractual Measures [Art. 6, 1, lett. b) GDPR] | 2 years |
| D. Allow the Data Controller to fulfill formalities required by law, including those of a fiscal nature. | Personal details (First name, surname) / Contact information (Email address, telephone number) / Invoice data | Legal obligation [Art. 6, 1, lett. c) GDPR] | According to applicable legislation. |
| E. Improve website analyzing how Data Subjects navigate and/or use the website. | Browsing data | Legitimate Interest [Art. 6, 1, lett. f) GDPR] | Not applicable (aggregated or anonymous data). |
| F. Identify or prevent fraudulent activities and exercise the Data Controller's rights in court | Personal details (First name, surname) / Contact information (Email address, telephone number) | Legitimate Interest [Art. 6, 1, lett. f) GDPR] | 10 years |
| G. Contact through LinkedIn | Email address / Phone number / Master data (First name, last name) / Company and professional qualification | Execution of pre-contractual measures [Art. 6, 1, lett. b) GDPR] | 3 months from the date of last contact |
In the event that the Data Subject prefers not to communicate mandatory and/or necessary data for the fulfillment of certain purposes, the Data Controller reserves the right not to provide the service.
The Data Subject can request clarification on the legal basis of each processing at any time.
Means of Processing
The data processing involves using automated and/or manual IT and telematic tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect communication, unlawful or unauthorized use of the data.
Data access
The Data Subject's personal data will be processed by the Data Controller's internal staff specifically authorized pursuant to art. 29 of the GDPR.
Personal data may also be shared with the following external parties:
- Internet service providers and platforms used by the Data Controller as organizational tools, communication and/or promotion channels;
- consultants and other service providers who perform services for us or on our behalf and require access to such information to carry out that work;
- public entities to whom such data must be mandatorily communicated by law or by order of the Authority.
These parties act as independent data controllers or data processors. In this last case, the Data Controller has stipulated a specific agreement pursuant to art. 28 GDPR (Appointment of Data Processor).
The list of data processor is available by sending a request to the Data Controller at the email address info@datavalley.it.
Place of Data Processing
Personal data is processed at the Data Controller's headquarters, as well as on the servers that host the Site. Personal data is stored on servers located in the EU and will in no case be transferred outside of them. The Data Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers are carried out using appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for by the GDPR.
Rights of the interested party
The Data Subject can exercise all the rights provided for by the articles. 15-21 of the GDPR at any time and without unjustified limitations, by contacting the Data Controller at the email address info@datavalley.it. Requests are filed free of charge and processed by the Data Controller as quickly as possible.
In particular, the Data Subject can:
- Obtain confirmation that the Data Controller is processing his/her personal data (Art.15);
- Obtain rectification of inaccurate or incomplete data (Art. 16);
- Obtain the deletion of data without unjustified delay (Art. 17);
- Limit the processing of only part of the personal data (Art. 18);
- Receive a copy of the personal data processed by the Data Controller, in a commonly used and machine-readable format; obtain an unhindered transfer of the personal data to another data controller (Art. 20);
- Object at any time to the processing of personal data. (Art. 21);
Complaints
The Data Subject can always lodge a complaint with the competent Authority (Garante per la Protezione dei Dati Personali), pursuant to Art. 77 of the GDPR, if you believe that the Data Controller is processing your Personal Data in violation of the applicable legislation.
Changes to this Privacy Policy
The Data Controller reserves the right to modify and update the following Privacy Policy following any new provision of national or European law on the protection of personal data.