IT IT

Privacy Policy

Privacy Policy

EU Regulation 2016/679 (GDPR)

Fittinglabs Srl, as the Data Controller of personal data, hereby informs you that the processing of personal data will be conducted in compliance with the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality, as established by the applicable regulations. The personal data provided will be processed in accordance with the applicable laws and the confidentiality obligations set forth therein.

1. Data Controller. The Data Controller of personal data is Fittinglabs Srl (Tax ID: 05458330288), represented by its pro tempore legal representative, with registered office at Via N. Tommaseo n. 74/B, Padova (PD), Italy. Contact email: legal@fittinglabs.it

2. Types of Data Processed. The personal data processed to achieve the purposes outlined in section 3 of this policy are common personal data, such as identification, tax, contact, and payment data.
Data are processed electronically, strictly to the extent necessary for achieving the purposes specified in section 3.
If you provide personal data of third parties (e.g., friends or relatives), you guarantee that you are authorized to disclose their personal data based on a valid legal basis that justifies their processing. In such cases, you act as an independent data controller and assume all legal obligations and liabilities, indemnifying the Data Controller against any claims, demands, damages, or disputes that may arise from third parties regarding the processing of their personal data in violation of applicable regulations.

3. Purposes and Legal Basis of Processing. Personal data will be processed for the following purposes:

Purpose of Processing Legal Basis Types of Data Processed Mandatory or Optional Consequences of Refusal
Execution of a contract and fulfillment of related obligations Execution of a contract with the data subject (Art. 6, para. 1, letter b, GDPR);
Compliance with a legal obligation (Art. 6, para. 1, letter c, GDPR). 		Common personal data: identification, tax, contact, payment. Mandatory Unable to establish or continue the contractual relationship.
Sending promotional communications about services offered by Fittinglabs Srl Legitimate interest of the Data Controller in advertising services or products similar to those already purchased
(Art. 130, para. 4, Legislative Decree 196/2003, as amended). 		Common personal data: email address. Optional Promotional communications will not be sent.
Conducting defensive investigations Legitimate interest of the Data Controller in protecting its rights
(Art. 6, para. 1, letter f, GDPR). 		Common personal data: identification, tax, contact, payment. Mandatory Unable to establish or continue the contractual relationship.
Establishing, exercising, or defending a right in judicial proceedings,
or when judicial authorities act in their jurisdictional capacity 		Legitimate data processing under applicable regulations
(Art. 6, para. 1, letter f, GDPR). 		Common personal data: identification, tax, contact, payment. Mandatory Unable to establish or continue the contractual relationship.

Regarding promotional communications for services similar to those already purchased (so-called soft spam), you may object at any time by contacting the Data Controller using the contact details provided in section 1 of this policy.

4. Automated Decision-Making, Profiling. No automated decision-making processes are applied to the personal data processed for the purposes outlined in this policy.

5. Communication and Disclosure of Data. Recipients or Categories of Recipients: Personal data provided will be processed by employees and/or collaborators of the Data Controller, who are duly authorized and bound by confidentiality obligations.

Where necessary and within the limits of the purposes indicated, personal data may be disclosed to:

Where necessary and within the limits of the purposes indicated, personal data may be disclosed to:

  • Public entities (e.g., tax authorities, revenue agency, or other entities to which data must be disclosed by law);
  • Professionals and service companies supporting business administration and management (e.g., accountants, lawyers, etc.);
  • Insurance companies in the event of claims;
  • Providers of IT system maintenance and software hosting services strictly necessary for their activities;
  • System administrators;
  • Judicial authorities and/or law enforcement agencies, if necessary, for the investigation and prosecution of crimes.

Personal data will not be disseminated.

6. Transfer of Data Outside the European Economic Area (EEA). Personal data will be processed and stored within the EEA. Some personal data may be processed by software and application providers located outside the EEA. In such cases, data transfers are based on either an adequacy decision or the Standard Contractual Clauses approved by the European Commission, and the providers will process data in compliance with applicable regulations. For more information, contact the Data Controller using the contact details provided in section 1.

7. Data Retention Period. Data processed for the execution of the contract and related obligations, including accounting and tax purposes, will be retained for 10 years following the termination of the contractual relationship, unless longer retention is necessary for ongoing or potential disputes. Data processed for promotional communications will be retained until consent is withdrawn or opposition rights are exercised.

Further details about the retention period and criteria used to determine it can be requested from the Data Controller using the contact details in section 1.

8. Rights of the Data Subject. As a data subject, you have the right to:

  • Access your personal data;
  • Rectify inaccurate personal data or complete incomplete data;
  • Request the deletion of data;
  • Restrict processing;
  • Object, in whole or in part, to the processing of personal data for legitimate reasons, including for direct marketing purposes;
  • Data portability, i.e., receive your personal data in a structured, commonly used, and machine-readable format.

In certain cases, the exercise of these rights may be restricted under Art. 23 GDPR. Requests should be addressed to the Data Controller via email using the contact details provided in section 1.

9. Complaints. If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority in the EU Member State where you reside, work, or where the alleged violation occurred.

In Italy, the supervisory authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

Footer Logo

Indirizzo

Via Niccolò Tommaseo 74/B 35131, Padova (PD)

+39 345 758 5365

info@fittinglabs.it

Orario di lavoro: 9.00 AM - 18:00 PM

Copyright © 2025 Fitting Labs SRL

Informativa sulla privacy

Via Niccolò Tommaseo 74/B 35131, Padova (PD)

P .IVA/ C.F. : 05458330288