Privacy policy


This document sets out the methods and purposes of the processing of personal data put in place by Italy Norge S.r.l. as Data Controller (hereinafter, the Data Controller), as well as any further information required by law, including information on the rights of the data subject and their related exercise.

The EU regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the GDPR regulation) establishes rules relating to the protection of individuals with regard to the processing of personal data, as well as rules relating to the free circulation of such data and protects the fundamental rights and freedoms of individuals, with particular reference to the right to the protection of personal data.

Art. 4 of the GDPR regulation provides that personal data must be understood as any information concerning an identified or identifiable natural person (hereinafter, interested).

Treatment must, on the other hand, be understood as any operation or set of operations carried out with or without the aid of automated processes and applied to Personal Data or a set of Personal Data, such as the collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction ( art.4, n.2 of the GDPR regulation).

Pursuant to art. 12 and following of the GDPR regulation, it is also provided that the interested party must be made aware of the appropriate information relating to the processing activities that are carried out by the Data Controller and the rights of the data subjects. As an interested party, we invite you to carefully read this privacy policy.

1. Data Controller

The data controller is Italy Norge S.r.l., based in Anagni in S.P. Casilina Sgurgola Station; telephone 0775 769437, fax 0775/769436, email: and

2. Sources of processing and legal basis The processing of the personal data provided is aimed at:

a) management of the established and existing commercial relationship with Italy Norge S.r.l .;

b) fulfillment of legal obligations related to civil, fiscal and accounting provisions;

3. Methods of data processing

The processing is carried out with the support of paper, computer or telematic means in compliance with the provisions of art. 32 of the GDPR Regulation on security measures with organizational and processing logics strictly related to the purposes themselves and, in any case, in order to guarantee the security, integrity and confidentiality of data.

4. Categories of data

Italy Norge S.r.l., in the context of data processing for the purposes described above, does not need to process personal data other than common identification data. Italy Norge S.r.l. could become aware of data that can be classified as "particular categories of personal data", as defined by art. 9 and 10 of the GDPR regulation, in those data that reveal "racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, from biometrics intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person "or of a judicial nature.

5. Nature of the provision of personal data

We inform you that, taking into account the purposes of the processing as illustrated above, the provision of data is mandatory for the purposes both a and b of point 2 of this information and their failure, partial or incorrect, may have, as a consequence, the impossibility to perform the contract / assignment and, therefore, to fulfill the contractual obligations. 6. Communication and dissemination Within the limits relevant to the purposes of the processing indicated, the data provided may be communicated and / or disseminated to:

• to employees of Italy Norge S.r.l. for all purposes related to the performance of the contractual service;

• to external consultants of Italy Norge S.r.l. for all purposes related to the performance of the contractual service;

• credit institutions, debt collection companies, credit insurance companies;

• judicial or administrative authorities for legal obligations.

The data provided will not be disseminated

7. Retention period In accordance with the principle of "conservation limitation" pursuant to art. 5 of the GDPR regulation, the data collected will be kept for a period of time not exceeding the achievement of the peer purposes which are processed and in any case:

• For the purposes indicated in letters a) and b) of point 2 of this information: for the entire duration of the contractual relationship and, in the case of termination and / or other type of termination of the relationship, for the time in which there are conservation obligations for fiscal purposes or for other purposes provided for by law or regulation and, in any case, for a period of not less than 10 (ten) years.

8. Transfer of personal data abroad

The personal data collected, as part of the aforementioned purposes, will not be transferred to third countries with respect to the EU.

9. Existence of automated decision-making processes

No automated decision-making process will be based on the data communicated for the processing covered by this information.

10. Rights of the interested party

The interested party, pursuant to articles 15 and following of the GDPR regulation, always has the right to exercise the following rights at any time, free of charge and without formalities:

• Access to personal data (Article 15 of EU Reg. 2016/679) or the right to obtain confirmation as to whether or not data concerning him is being processed and, in this case, to obtain access to personal data by obtaining a copy as well as certain information in relation to the processing;

• Rectification of data (Article 16 of EU Regulation no. 2016/679) or the right to obtain the rectification of inaccurate data concerning him and the integration of incomplete data;

• Deletion of data (Article 17 of EU Reg. No. 2016/679) if the purpose of the processing is exhausted or the processing has been opposed or the data have been processed in violation of the law (upon the occurrence of one of the conditions indicated in the art.17, paragraph 1, of the GDPR regulation and in compliance with the exceptions provided for in paragraph 3 of the same article);

• Limitation of processing (Article 18 of EU Reg. 2016/679) or the right to obtain the marking of stored data with the aim of limiting their processing in the future (if one of the hypotheses indicated in art. , paragraph 1 of the GDPR regulation);

• Obligation to notify in case of rectification or cancellation of personal data or limitation of processing (Article 19 of EU Reg. 2016/679). The Data Controller communicates to each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of the processing carried out in accordance with Article 16, Article 17, paragraph 1, and Article 18, unless this proves impossible or involves a disproportionate effort. The data controller informs the data subject of these recipients if the data subject requests it;

• Portability of personal data (Article 20 EU Reg. No. 2016/679) understood as the right to obtain from the Data Controller a structured format of common use and readable by an automatic device to transmit them to another data controller without impediments ;

• Opposition to processing (Article 21 of EU Reg. 2016/679) at any time, for reasons connected with his particular situation, to the processing of personal data concerning him including profiling, if implemented;

• Withdrawal of consent to processing (Article 7, paragraph 3 of EU Reg. 2016/679) at any time. The treatment based on consent and carried out prior to the revocation of the same retains, in any case, its lawfulness;

• Submit a complaint to the Supervisory Authority (Article 51 of EU Reg. 2016/679)

11. How to exercise your rights

In case of questions or doubts in relation to the processing of data or to exercise any other right mentioned above, the interested party may send communication to the Data Controller by fax (n. 0775/769436), PEC or email