1. Data Controller and contacts

The data controller is the company managing giacorconsulting.it:
Giacor Consulting srl, registered office at…………………., VAT No.……………………, e-mail address and certified e-mail (PEC)…………………….

2. Processed data

  • data collected through the “Contact Us” form: name, surname, company name, e-mail address, telephone number, and message — obtained directly from the data subject at the time of submitting the form, with prior information provided at the time of collection;
  • data necessary for the provision of the requested services (e.g. identification and contact details of employees of client companies, tax and administrative data, and information required for legal, employment, administrative, and financial consulting purposes);

3. Purpose of the data processing

  • Management and response to enquiries submitted via the “Contact us” form
  • Provision of consulting and management services in the administrative, accounting, financial, employment, and legal fields;
  • Management of client relationships, including training, personnel administration, payroll and contributions processing, and labour law and labour relations consulting;
  • Sending of commercial offers, newsletters, and promotional communications relating to Giacor Consulting’s services, subject to the data subject’s specific consent;

4. Legal basis for the processing

  • performance of pre-contractual or contractual measures requested by the data subject;
  • consent (for example, for the sending of commercial or promotional communications);
  • compliance with legal or regulatory obligations;
  • pursuit of the data controller’s legitimate interest, duly balanced and documented.

5. Nature of data provision and consequences of refusal

Providing the data requested as mandatory in the form for managing the enquiry is necessary in order to process the request. Failure to provide such data will make it impossible to receive a response, while consent for marketing purposes is optional, and failure to provide it will not affect the handling of the enquiry.

6. Recipients r categories of recipients

The personal data of data subjects may be communicated, within the limits of the purposes described above, to:

  • external professionals and consultants (e.g. accountants, labour consultants, lawyers, IT providers, cloud and hosting services, payroll and contribution management platforms, newsletter and CRM services);
  • other independent data controllers for legal obligations or legitimate interests (e.g. judicial or administrative authorities, public bodies, insurance companies, banks, or service providers functional to the purposes indicated above);
  • entities acting as data processors pursuant to Article 28 of the GDPR, on the basis of specific agreements or contracts.

7. Transfer to third countries

Any transfers of personal data to third countries will take place only where appropriate safeguards are in place, in accordance with Articles 44 et seq. of the GDPR (such as adequacy decisions, standard contractual clauses, or binding corporate rules).

An up-to-date indication of the safeguards adopted and the countries concerned is provided in the policy and the relevant register.

Personal data will not be transferred to third countries or international organisations without the safeguards required by law.

8. Retention period

The data processed in connection with consulting services will be retained for the period necessary to achieve the purposes for which they were collected, in compliance with sector-specific regulations (including tax, civil, administrative, and social security laws). In the absence of specific legal obligations, the data will be retained for a maximum period of 24 months from the end of the relationship or from the date of the request, unless longer retention periods are required by law or necessary for the establishment, exercise, or defence of legal claims.

9. Rights of the data subject

Data subjects may exercise their rights of access, rectification, erasure, restriction of processing, data portability, and objection (particularly to marketing activities). They may also withdraw any consent previously given at any time, free of charge, and will receive a response within one month. This period may be extended by a further two months in cases of complexity, with the reasons for any refusal and information on the right to lodge a complaint with the supervisory authority being duly provided.

The right to object to marketing entails the cessation of processing for such purposes.

10. Automated decision-making processes

No automated decision-making processes, including profiling, are carried out in the management of data collected through the “Contact Us” form or in the provision of services

11. Technical and organisational security measures

Appropriate technical and organisational measures are adopted in proportion to the level of risk (e.g. access control, encryption in transit, system hardening, access logs, policies and procedures, staff training, data breach management, and notifications within 72 hours where required). These measures are continuously updated in line with the evolution of identified risks.

12. Contact channels for exercising rights and submitting complaints

Data subjects may submit requests to the data controller using the contact details provided, including by email or certified email (PEC), and will receive a response within the time limits established by law. Data subjects also retain the right to lodge a complaint with the competent supervisory authority at the following link: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali.

13. Privacy Policy updates

This policy may be subject to updates to reflect regulatory or organisational changes. Users will be informed through the website, with the date of the last revision clearly indicated.