You are here:  
  1. Home
  2. Privacy Policy

PRIVACY POLICY NOTICE

Pursuant to and in accordance with EU Regulation 2016/679 concerning the "protection of natural persons with regard to the processing of personal data and on the free movement of such data", the "GDPR", Articles 13 and 14, and (ii) Italian Legislative Decree no. 196 of 30 June 2003, the "Privacy Code" (collectively referred to as the "Privacy Regulation"), certain obligations are imposed on those who process—meaning "collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction"—personal data relating to other individuals (hereinafter the "Processing").

Data Controller

Dica srl, headquartered at Via Larga, 8 – 20122 Milan (the Company), hereby informs you about the methods and purposes of the Processing of your personal data.

The Data Controller is the entity that determines the purposes and means of the Processing (the “Controller”) and is identified as Dica srl. The Controller can be contacted by mail at the company’s address: Via Larga, 8 – 20122, Milan.

Categories of Data Subject to Processing

The data processed by the Controller may include:

  • Identifying data, such as name, surname, email address, phone number, and any other information necessary to establish the relationship;
  • Sensitive/special data pursuant to Article 9 of the GDPR, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for unique identification, data concerning health, sex life or sexual orientation, and, where applicable, data on criminal convictions and offences under Article 10 of the GDPR;
  • Browsing data, meaning information on how the company’s website is used or data collected via cookies or other tracking technologies (hereinafter "Data").

Purposes and Legal Basis of Processing Under

Under the Privacy Regulation, personal data must be processed lawfully based on one of the legal grounds provided in Article 6 of the GDPR. These are listed below by purpose:

  • Provision of professional services: to respond to your requests for information about the services offered by the Company or to gather preliminary information necessary for the performance of a professional engagement.
    • Legal basis: performance of a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR); or, in the case of sensitive data, your explicit consent (Art. 9(2)(a) GDPR).
    • Retention policy: data will be kept for a maximum of five years for quotes or requests; for active engagements, data will be retained for the duration of the engagement and for ten years after its termination.
  • Compliance with legal obligations: for fulfilling civil, administrative, fiscal, and accounting obligations imposed by law, regulations, EU law, or authorities.
    • Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and compliance with a legal obligation (Art. 6(1)(c) GDPR).
    • Retention policy: data will be retained as required by law, for the duration of the engagement, and for ten years thereafter.
  • Defense of the Controller's rights in legal proceedings: to provide information to authorities, comply with legal obligations, or defend the Company’s rights in or out of court.
    • Legal basis: legitimate interest in fraud prevention and legal defense, unless overridden by your interests or fundamental rights (Art. 6(1)(f) GDPR).
    • Retention policy: up to three years following the end of the contractual responsibility.
  • Responding to specific requests: data provided voluntarily via website forms will be used to respond to specific requests. Fields marked with an asterisk are mandatory. You are responsible for the accuracy and completeness of the data provided.
    • Legal basis: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).
    • Retention policy: retained only as long as necessary to respond; unaddressed requests will be kept no longer than 90 days.
  • Sending communications or event invitations: your data may be used to send you emails, newsletters, or invitations to events or seminars. You will always be informed of your right to opt out at any time, easily and free of charge.
    • Legal basis: your explicit consent (Art. 6(1)(a) GDPR).
    • Retention policy: data will be retained until you withdraw your consent.

If the Controller intends to process your data for purposes other than those stated above, you will be informed before such processing begins.

Nature of Data Provision

Providing data for purposes (a), (b), (c), and (d) is mandatory, as it is necessary for the fulfilment of legal and contractual obligations. Refusal or lack of authorization may make it impossible for the Controller to proceed with existing contractual relationships. Providing data for purpose (e) is optional; refusal will prevent the activities described therein.

Methods of Processing

In accordance with Article 32 of the GDPR, data is processed using manual, IT, and telematic tools suitable for storing, managing, and transmitting data securely and confidentially, solely for the purposes for which it was collected, in compliance with principles of fairness, lawfulness, and transparency.

Data Disclosure Scope

Your data may be made accessible to:

  • Employees and collaborators of the Controller, authorized and/or designated for processing;
  • Third-party service providers performing outsourced activities (administrative, accounting, legal, tax) on behalf of the Controller, appointed as Data Processors under Article 28 of the GDPR;
  • Supervisory bodies, judicial authorities, and all entities for whom data disclosure is mandatory by law.

Transfer of Data to Third Countries or International Organizations

Personal data is processed within the EU and stored on servers located in the EU. If necessary, the Controller reserves the right to transfer data to a third country or international organization and/or move servers outside the EU. Such transfers will comply with GDPR Articles 44 et seq.

Data Subject Rights

Under the Privacy Regulation (Articles 15–22 of the GDPR), you may exercise the following rights at any time by contacting the Controller:

  • Right of access: confirmation as to whether your personal data is being processed and, if so, access to that data;
  • Right to rectification, including supplementing incomplete data;
  • Right to erasure ("right to be forgotten") without delay if:
    • The data is no longer necessary for the purposes for which it was collected;
    • You withdraw consent and there is no other legal basis;
    • The data has been unlawfully processed;
    • Deletion is required to comply with EU or Member State law;
    • You object to processing for direct marketing purposes or for reasons under Art. 21(2) GDPR;
  • Right to restriction of processing, in cases of data accuracy disputes or unlawful processing;
  • Right to data portability, applicable when processing is based on consent and carried out by automated means;
  • Right to object to processing, subject to the Controller’s ability to demonstrate compelling legitimate grounds;
  • Right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal;
  • Right to lodge a complaint with a supervisory authority in the Member State of your residence, place of work, or place of the alleged violation.

If you believe your data has been processed unlawfully or that the Controller has failed to meet its obligations, you may file a complaint with the appropriate supervisory authority, pursuant to Article 77 GDPR.

To learn more or to exercise your rights, you may send a written request using the contact information provided in the “Data Controller” section of this notice. The Controller will respond as soon as possible and in any case within thirty days of the request. Any impossibility or delay in responding will be duly justified.