Privacy Policy

Information Notice on the Processing of Personal Data Pursuant to European Regulation 2016/679 (Art. 13) and Applicable National Laws

We inform you that your personal data provided by you will be processed by IANTRA S.R.L., Tax Code and VAT no. 02809850239, which, as Data Controller, has adopted appropriate technical and organizational measures to ensure their protection.
Personal data refers to any information relating to an identified or identifiable natural person (“data subject”).
“Processing” refers to any operation performed with or without the use of automated means (including collection, organization, and storage) on personal data, whether digitally or on paper.

The company has also appointed a Data Protection Officer (DPO), lawyer Diego Perini, who can be contacted at: diego@studiolegalediegoperini.it – PEC: avvdiegoperini@cnfpec.it

Which personal data do we process, why (legal basis and purposes), and how long do we keep it?

We process non-sensitive personal data (name, email, phone number, company reference) to allow you to use the services offered through the website https://www.iantra.it/en/ (“the site”), specifically for the following purposes:

  1. To respond to information requests, suggestions, feedback, or support regarding the website’s services.
    Providing data is optional, but without it, we will be unable to process your message.
  2. To comply with legal obligations.
  3. To protect our own rights and interests (or those of users or third parties), detect potential fraudulent or harmful activity, and for the following purposes: backend hosting, collection of privacy preferences, and analytics.

The Data Controller processes personal data based on the following legal grounds:

  1. For purpose 1: the processing is necessary for the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR);
  2. For purpose 2: the processing is necessary to comply with a legal obligation (Art. 6(1)(c) GDPR);
  3. For purpose 3: the processing is necessary for the legitimate interests pursued by the Controller or third parties (Art. 6(1)(f) GDPR).

In Case 1, the data will only be retained for managing the message and will be deleted no later than 24 months from receipt.

Browsing Data

During user navigation, the following information may be collected and stored in the site’s server logs (hosting):

  • IP address
  • Browser type
  • Device parameters used to connect
  • Name of the internet service provider (ISP)
  • Date and time of visit
  • Referring and exit web pages

These data are used for statistical analysis only in aggregated form.
The IP address is used solely for security purposes and is not cross-referenced with other data.

  • Security-related data (e.g. IPs used to prevent site attacks) are retained for 12 months.
  • Analytics/statistical data are retained in aggregated form for 12 months.

Who will have access to your data?

Personal data may be disclosed to public authorities upon legitimate and lawful request.
They may also be accessed by Data Processors (appointed pursuant to Art. 28 GDPR), as well as by authorized personnel within the company (pursuant to Art. 29 GDPR and Art. 2-quaterdecies of Legislative Decree 101/2018), duly trained and instructed by the Controller.
An updated list of Data Processors is available upon request.

How long will your data be stored?

Unless otherwise specified, personal data are processed and stored for the time necessary to fulfill the purposes for which they were collected.
They may be retained longer in compliance with legal obligations, for dispute resolution, or based on user consent. After the retention period ends, personal data will be deleted.
Once deleted, rights such as access, deletion, correction, and data portability can no longer be exercised.

Where is your data processed?

Processing is carried out at the Data Controller’s premises or those of the appointed Data Processors, on servers located within the European Union.
Manual and electronic procedures are used, ensuring the confidentiality and security of the information.

If transferred to a third country or international organization, such transfers will comply with the provisions of Chapter V of the GDPR.

What are your rights and how can you exercise them?

You may exercise your rights under Articles 15–22 of GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability (where applicable and technically feasible)

You can contact the Data Controller by writing to privacy@iantra.it, calling +39 045 8303306, or by mail to the company’s registered office:
Piazza Donatori di Sangue, 5 – 37124 Verona (VR), Italy

Alternatively, you can contact the DPO: diego@studiolegalediegoperini.it

You also have the right to lodge a complaint with the supervisory authority: www.garanteprivacy.it

Withdrawal of Consent

If the processing of your data is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

The full texts of the EU Regulation 2016/679 and relevant national legislation on personal data protection are available at: www.garanteprivacy.it