By clicking "Accept", you agree to the storage of cookies on your device to improve site navigation, analyze site usage, and support our marketing efforts. See our Privacy Policy for more information.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Preferences

Privacy notice

Pursuant to Article 13 of Regulation (EU) 2016/679 and the applicable Italian legislation regarding the processing of personal data, we hereby inform you as follows.

a) Data Controller and Contacts
The Data Controller is INDIGO AI S.r.l., with registered office at Piazza Gae Aulenti 1 - Tower B, 20154, Milan (MI), Italy, e-mail: compliance@ndg.ai

.b) Purposes of the Processing
Your personal data, explicitly collected or otherwise obtained by the Data Controller during the assignment, the Offer Document, or the execution of the contract, shall be processed exclusively for negotiation purposes (quotations, meetings, evaluations), contractual and payment purposes, as well as for mandatory fiscal and tax obligations provided by the applicable Italian law at the time of processing. Following the termination of the contractual relationship, data may be used for sending communications relating to similar services, in compliance with Article 6(1)(f) GDPR (legitimate interest) and Article 21 GDPR, with the possibility to object at any time.In accordance with art. 13 of Regulation 679/2016 EU and the current legislation in Italy on the processing of personal data, we inform you of the following.

c) Legal Bases of the Processing
Your data will be processed on a contractual legal basis, concerning the main processing necessary for the execution of the contract and compliance with contractual obligations arising therefrom; on a statutory legal basis, for the fulfillment of legal obligations in tax and fiscal matters; and based on the legitimate interest of the Data Controller, in accordance with letter d) below. Currently, no processing based on consent is foreseen. Should processing on a consensual basis be initiated, the right to withdraw consent at any time remains, without prejudice to the lawfulness of processing carried out prior to the withdrawal.

d) Legitimate Interest of the Data Controller
Data processing may also occur based on the legitimate interest of the Data Controller. In particular, processing may concern purposes such as IT and network security, protection in legal disputes, prevention of fraud or abuse, video surveillance, and sending communications related to similar services after the termination of the contractual relationship. Such processing is carried out in compliance with Article 6(1)(f) GDPR (legitimate interest) and Article 21 GDPR, ensuring the data subject’s right to object at any time to processing for direct marketing purposes. Where processing is carried out on the basis of legitimate interest, it will not commence before duly assessing whether the interests or fundamental rights and freedoms of the data subject prevail, which require protection of personal data. In any case, the right to object to processing based on legitimate interest remains. This right can be exercised by writing to compliance@ndg.ai.

e) Recipients of Personal Data
Personal data will be disclosed only to all persons authorised to process data by the Data Controller pursuant to Article 29(4) GDPR due to their inclusion in the company staff and the existence of a subordinate employment relationship; any persons appointed by the Data Controller as external processors pursuant to Article 28 GDPR who are systematically involved in processing employee data; and persons entitled to access such data by virtue of general statutory provisions or specific lawful measures issued by a public authority. The full list of external processors is held by the company. Data will in no case be disclosed to unauthorised third parties.

f) Transfer of Data to Third Countries
Personal data is not normally transferred to third countries, i.e., outside the European Economic Area (EEA). Should it be exceptionally necessary to allow a transfer to third countries, such transfer will occur only if authorised in accordance with the GDPR, through an adequacy decision by the European Commission recognizing an adequate level of data protection, or standard contractual clauses approved by the European Commission, or other appropriate safeguards provided under Articles 44 et seq. GDPR. In any case, strict technical and organisational measures will be adopted to prevent unauthorised access or use of the data for purposes other than those indicated in point b).

g) Data Retention Period
Data provided by you will be processed and retained for the time strictly necessary for the establishment and performance of the contractual relationship and, subsequently, for compliance with related legal and tax obligations. In any case, personal data will not be retained for more than 10 years from the termination of the contractual relationship, except for statutory obligations or the need to safeguard the rights of the Data Controller.

h) Data Subject Rights
As a Data Subject, you have the right to exercise all rights provided under Articles 12 et seq. GDPR. In particular, you may request information about your data, access to it, rectification, deletion, restriction of processing, or object to its processing. You also have the right to data portability. To exercise these rights, you may send a request to the Data Controller or, if appointed, the Data Protection Officer (DPO) using the contacts provided above.

i) Right to Withdraw Consent
In case of processing based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to the withdrawal. This right may be exercised according to the procedures indicated in paragraph h).

l) Right to Lodge a Complaint
You may lodge a complaint regarding the processing or its modalities with the Italian Data Protection Authority (Garante per la protezione dei dati personali), located in Rome, or before the competent judicial authorities.

m) Mandatory Provision of Data
The provision of data is mandatory for the establishment and management of the contractual relationship. Failure to provide the data will make it impossible to initiate or continue the relationship.

n) Automated Decision-Making Processes
The Data Controller does not carry out any processing based on automated decision-making, including profiling. Processing concerns only B2B client data and does not include information about end users managed by such clients. Should you use a workspace provided by INDIGO.AI S.r.l., the latter will operate, depending on the case, as a Processor or Sub-Processor pursuant to Article 28 GDPR. All activities are governed by the contract and the relevant Data Processing Agreement (DPA), available upon request.