Privacy Policy

Controller

The controller is Ristocloud Group srl, CF/PI 09876950966, with headquarters in 20137 – Milan (MI), Piazzale F. Martini 3, in the person of the legal representative pro tempore, email contact information info@ristocloudgroup.com.

Data Protection Officer (RPD/DPO)

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at this email dpo@ristocloudgroup.com

Categories of data processed and sources of origin

The Owner may first process general navigation data, as well as cookies for which he invites you to read the specific Cookie Policy linked in the footer. The Owner may also process personal data voluntarily contributed by the user, for example through the contact form or the sending of communications via email, including common personal data (identifications, personal data, tax and similar), exceptionally particular data pursuant to art. 9 GDPR to the extent that this is made necessary by the request itself. The data could come from automatic sources or voluntary sources, as well as from public sources. For example, they could come from the user's navigation, which could bring with it information relating to previous browsing of other sites, including in particular cookies and other similar technologies, so please refer again to the specific Cookie Policy linked in the footer. The data could also be voluntarily contributed by the user or related parties. Other data could come from public sources, such as those processed as part of research on public registries and from visures, certificates, public records and the like. In any case, the rules of maximum confidentiality and professional secrecy regarding user information falling under legal and ethical obligations are scrupulously observed.

Purpose of the treatment

The personal data of the Users of the Website, as described above, will be subject to processing in the ways and forms prescribed by the GDPR, generally for the performance of the Website's own functions, the consultation of its contents and the use of its services. In particular, the processing of personal data pursues the following purposes

1. for visiting the Site, consulting the information published there and using the related services;
2. for the management of navigation data and for functional or technical reasons that allow the same use of content, including through technical cookies, for reasons of aggregated statistical collection, including through cookie analytics, for the provision of personalized content or services, including through profiling cookies, if required and with prior consent; in any case, under the conditions set out in the Cookie Policy linked in the footer, which recalls the Guidelines of the Guarantor Authority of 10 June 2021, published on 9 July 2021;
3. to verify the requests made by the User through the Website and its communication tools (contact forms, information request forms and the like) and for each subsequent, related, connected, consequential and similar communication and processing for the best management of the request itself;
4. for the possible registration of the newsletter, where applicable, and the consequent sending of various informative communications concerning the sector in which the Owner operates;
5. for legal requirements and other mandatory purposes, such as billing profiles or anti-money laundering;
6. for other purposes ancillary or connected or consequential to those indicated above and included in the activities of the Website;
7. for the processing of the email address provided by the User in the context of a previous relationship of sale (in any sense, of supply, surrender and the like) of goods or services, also aimed at sending, without further consent, communications for subsequent similar information, pursuant to and within the limits set out in art. 130 paragraph 4 of the Privacy Code (Legislative Decree 196/2003); the interested party may in any case express his refusal and oppose such processing, both initially and subsequently, easily and free of charge, following the instructions given in each of these subsequent communications;
8. for the possible receipt of Curricula Vitae by candidates who intend to apply to the Owner;
9. for the initiation and management of new commercial operations/negotiations/negotiations with potential customers and/or intermediaries.

Legal bases underpinning the processing

For all personal data, the processing of personal data is based on the following conditions of lawfulness (legal bases)

• art. 6 par. 1 letter a) GDPR = consent: for the management of profiling cookies referred to in purpose no. 2 and for other processing subject to consent, including purposes ancillary to the main ones that do not fall within the other legal bases, as per purpose no. 6; for registration in the newsletter referred to in purpose no. 4, if ancillary or additional to other processing;
• art. 6 par. 1 letter b) GDPR = contractual or pre-contractual obligation: for the same visit to the Site or for access to services, including informational ones, published on the Site itself and for the processing of related navigation information; for the management of cookies referred to in purpose no. 2 other than profiling cookies; for processing requests made by the Data Subject and the related responses referred to in purpose no. 3; for registering for the newsletter when this is the sole or primary purpose of providing personal data, in particular the email address, as per purpose no. 4; for other processing related, functional, and consequential to those just indicated, as per purpose no. 6; for the management of Curricula Vitae and related requests, as per purpose no. 8; for the management of related reports as per purpose no. 9;
• art. 6 par. 1 letter c) GDPR = fulfillment of a legal obligation: for the processing of all data necessary to fulfill legal obligations, including the processing of tax data related to billing profiles or other legally mandatory processing, such as that relating to anti-money laundering, as per purpose no. 5; for other processing related, functional and consequential to those just indicated, as per purpose no. 6;
• art. 6 par. 1 lit. f) GDPR = legitimate interest, for all processing included in information society services, as well as for the information purposes of the Owner. In this regard, the Data Controller invokes legitimate interest in further communications sent to the Data Subject's email address pursuant to Article 130, paragraph 4 of the Privacy Code, as per purpose no. 7, except for the Data Subject's free right of objection, as illustrated therein.

For particular data pursuant to art. 9 GDPRs that may have been voluntarily granted by the interested parties through navigation and also through contact forms or similar, the Owner indicates the following additional legal conditions pursuant to art. 9 GDPR:

• art. 9 par. 2 lit. a) GDPR: consent, for treatments for which it has been expressly conferred
• art. 9 par. 2 lit. e) GDPR: data made manifestly public by the interested party, for data independently communicated or disclosed by the interested party
• art. 9 par. 2 lit. f) GDPR: establishment, exercise or defense of a right in court or whenever the jurisdictional authorities exercise their jurisdictional functions, for the exercise of a right by the Owner.

Legitimate interest

The processing of personal data is also based on the legitimate interest of the Data Controller referred to in Article 6, paragraph 1, letter f) GDPR, such as the exercise of one's information rights in the context of the information society, the performance of the services indicated on the Website, or the possible implementation of direct marketing operations pursuant to Recital 47 of the GDPR. The Holder also invokes the option to avail himself of the processing of the email address of the Interested Party conferred in the context of a sale of goods and services, for sending further communications addressed to the Interested Party and relating to similar goods or services pursuant to art. 130 paragraph 4 of the Privacy Code, always without prejudice to the free right of opposition of the Interested Party, as per purpose no. 7.

Mandatory or optional nature of the data contribution

The provision of browsing data by Users, for the above purposes, depends on the degree of privacy that the User has enabled or disabled through their browser, or that they have managed through the appropriate Cookie Banner commands regarding the management of cookies. For technical cookies, disabling it may affect the navigation of the Website. The provision of certain data is in any case necessary for the very structure of the Website and for the provision of some of its services. In particular, by way of example:

• to send messages via contact form or to register for any newsletter, the minimum information required therein is mandatory, such as the sender's name/surname and/or email address and/or other identifying information and/or USERNAME. In any case, the contact form indicates which information is mandatory (with an asterisk “*”) and which is not;
• USERNAME and PASSWORD are in any case mandatory for registration and access to any restricted area of the Website.

Consequences of non-conferral

Failure to provide the mandatory personal data prevents the Owner from sending the requested information or performing the further processing requested by the User or, in some cases, from being able to provide the services offered by the Website. Failure to provide optional data does not produce these consequences, but could affect the evasion of the request made by the User or the very navigability of the Website.

Recipients of any communications and data transfers

The data may be communicated to companies, professionals and other consultants operating in relation to the purposes indicated in this notice or related purposes. In any case, the data may be communicated to data controllers and persons authorized to process, always for the same purposes as the Site or for purposes related to the services offered by the Website, as well as to any additional independent Data Holders within the limits of the related purposes. Recipients include in particular: the Owner's operators as authorised entities for processing, its Data Processors and related persons authorised for processing for related purposes, for example of a management or tax nature, Google Ireland for Google Analytics. Generalised data communications will not be carried out for further purposes and no dissemination of personal data will be carried out. Navigation data and the like (for which the above is recalled), as well as third-party profiling cookies (for which reference is made to the Cookie Policy linked in the footer), will be communicated to the respective third parties concerned, where they do not already manage them directly as autonomous Data Controllers, within the limits of the consents given.

Transfers to third countries or to international organisations

The data may be transferred to third countries or to international organisations for which one or more of the conditions set out in Articles 44 et seq GDPR apply (including an adequacy decision or adequate guarantees including Standard Contractual Clauses – SCCs or binding business rules or consent or where further guarantees or derogations are provided under these provisions).

Shelf life

The data voluntarily contributed by the Interested Party will be kept until the withdrawal of the consent expressed by the Interested Party, or until the actions that the Interested Party can carry out on its browser, including the cleaning of cookies. Navigation data and technical cookies will be kept for the technical time necessary to fulfill the functions for which they were collected. For cookie storage times in general, please refer to the specific information available from the Cookie Banner. For any other personal data, the retention period is limited to the limitation period of the relevant rights or the termination of the relevant legal or contractual obligations, including those relating to invoicing and the like.

Rights of the Interested Party

Pursuant to Articles 15 to 22 of the GDPR, each Interested Party has the right of access (Article 15), rectification and integration (Article 16), cancellation (forgetfulness) in the cases provided for (Article 17), limitation in the cases provided for (Article 18), notification in the case of rectification, cancellation or limitation in the cases provided for (Article 19), of portability in the cases provided for (art. 20), of opposition in the cases provided for (art. 21) and of not being the subject of an automated individual decision, including profiling (art. 22). These rights may be exercised in the forms and terms referred to in art. 12 GDPR, either by written communication sent to the Owner by e-mail at the above address or by delivery at its premises. The Holder will make an adequate response as soon as possible and in any case within the 1-month period from receipt of the request, except in the cases of extension or denial provided for by art. 12 GDPR. Also consult: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali

Right to withdraw any consent given

Where the processing is based on consent, the Data Subject may revoke it at any time by sending an email to the above-mentioned email address of the Data Controller, or by the appropriate commands of the Website, in particular for the management of profiling cookies, as well as in any case by express communication at the Data Controller's headquarters.

Right to bring a complaint

The Data Subject has the right to lodge a complaint pursuant to Articles 77 et seq of the GDPR with a supervisory authority, which for the Italian State is the Data Protection Supervisor. The forms, methods, and deadlines for filing complaints are provided for and governed by current national legislation, and for Italy by specific regulations of the Guarantor. The complaint shall without prejudice to any other administrative or jurisdictional appeal. Also consult: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali

Profiling

The personal data provided through browsing this website may be profiled by third-party providers via third-party profiling cookies, subject to the User's consent expressed through the appropriate Cookie Banner commands. For more information, the User is invited to read the Cookie Policy linked in the footer.

Ristocloud Group Srl has also appointed the Data Protection Officer. The contact details are as follows: Email. dpo@ristocloudgroup.com.

Without prejudice to any other administrative or jurisdictional appeal, you have the right to lodge a complaint with a Supervisory Authority, if you believe that the treatment concerning you violates the EU Regulation.

 

Revision 9 of 03/07/2025