By clicking "Accept", you agree to the storage of cookies on your device to improve site navigation, analyze site usage, and support our marketing efforts. See our Privacy Policy for more information.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Preferences

Privacy policy

Privacy Notice - Customers General Information ex art. 13 Reg. 679/2016 EU
In accordance with art. 13 of Regulation 679/2016 EU and the current legislation in Italy on the processing of personal data, we inform you of the following.

a1) Data Controller and Contact Information
The Data Controller is INDIGO AI S.r.l., located at Piazza Gae Aulenti 1 - Torre B, 20154, Milan (MI), Italy, email: admin@ndg.ai, PEC: indigoai@legalmail.it.

a2) Data Protection Officer (DPO)
The appointed Data Protection Officer (DPO) according to Article 37 of EU Regulation 679 2016 is Aldo Benato, a lawyer based in Castelfranco Veneto (TV), who can be contacted via PEC at aldobenato@pec.it.

b) Purpose of Data Processing
Your personal data, explicitly collected or obtained by the Data Controller during the assignment or contract signing, will be processed exclusively for pre-contractual purposes (quotes, meetings, evaluations), contractual and payment purposes, as well as for mandatory tax and fiscal obligations as per the current legislation in Italy at the time of processing. After the termination of the contractual relationship, your data will be further processed in compliance with the current regulations on the preservation of fiscal documentation and for the legitimate interest of the Data Controller, consisting in the preservation of data for protection against disputes and the potential use of the same for sending communications as per Article 130 co. 4 D.lgs. 196/2003.

c) Legal Basis of Processing
Your data will be processed:
- On a contractual legal basis, as regards the main processing aimed at the conclusion of the contract and the fulfilment of the contractual obligations arising from it;
- On a regulatory legal basis, as regards the fulfilment of legal obligations in tax and fiscal matters;
- For the legitimate interest of the Data Controller, in accordance with what is provided for in the following letter d). Currently, no processing on a consensual basis is envisaged. If a data processing on a consensual basis were to be initiated, the right to revoke consent at any time remains, without however affecting the lawfulness of the processing based on the consent given before the revocation.

d) Legitimate Interest of the Data Controller
The processing of your data may also occur for the legitimate interest of the Data Controller. In particular, it may occur for purposes related to company security, network and data security, video surveillance and communications following the termination of the contract under art. 130 co. 4 D.lgs. 196/2003. In the event that data processing occurs for the legitimate interest of the Data Controller, the processing will not be carried out before adequately evaluating the possible prevalence of interests or rights and fundamental freedoms of the interested party that require the protection of personal data. In any case, your right to object to data processing based on legitimate interest remains. You can exercise this right by writing to: admin@ndg.ai.

e) Recipients of Personal Data
Your personal data will only be communicated to:
- All subjects authorized to process by the Data Controller under art. 29 par. 4 GDPR due to their inclusion in the company staff and the existence of a subordination link;
- Any subjects appointed by the Data Controller as external managers under art. 28 GDPR and who are systematically involved in the processing of employee data;
- Subjects to whom the right to access such data is recognized by virtue of general regulatory provisions in force or specific lawful measures of a public authority. The complete list of external managers is held by the company. In no case will there be any dissemination of such data.

f) Transfer of data to third countries
Your personal data is not transferred to third countries, i.e., countries outside the European Economic Area (EEA). If access to your data were to be allowed by the aforementioned countries, the most stringent logistical-information security measures would be adopted to prevent and hinder the risk of access to the same by unauthorized parties or for purposes different from those referred to in the previous point b). In any case, no data processing is carried out by subjects belonging to third countries without prior control and compliance with the rules referred to in articles 44 and following of the GDPR.

g) Duration of data retention
The data provided by you will be processed and stored for the time strictly necessary for the establishment and execution of the contractual relationship and, after the termination of the relationship, for the fulfillment of all obligations arising from or connected to the relationship and the fulfillment of the obligations arising from the current legislation. In any case, no personal data processed will be stored beyond the maximum limit of 10 years.

h) Rights of the data subject
As data subjects, you have the right to exercise all the rights provided by articles 12 and following of the GDPR against the data controller. In particular, you can ask for information about your data, access to them and their rectification, deletion, limitation of processing or you can object to their processing. You also have the right to data portability. To exercise these rights, you can send a specific request to the Data Controller or the possible DPO using the above-mentioned contacts.

i) Right to Withdraw Consent
Your personal data has been collected in a pre-contractual and contractual context aimed at fulfilling obligations towards the interested party based on the existing employment relationship, as well as legal obligations, rules and regulations in force. Therefore, as a rule, no further data processing based on the consent of the interested party is expected, and consequently, there is, as a rule, no consent to which you may exercise the right to withdraw. However, should further processing be carried out on a consensual legal basis, not only would you have the right to refuse to give consent, but, in the event of giving the same, you would retain the right to withdraw at any time.

l) Right to Complain
Against the processing or the methods of processing your data, you can lodge a complaint with the Guarantor for the protection of personal data, based in Rome, or before the competent judicial authorities.

m) Obligation of Data
The provision of your data in the pre-contractual and contractual phase must be considered mandatory as it is necessary for the establishment and conduct of the employment relationship, for the fulfillment of obligations in the field of tax and social security assistance, as well as for the execution of obligations in the field of work safety and for any other related function. In the event of failure to provide data, it will not be possible to establish or further pursue the contractual relationship.

n) Automated decision-making processes
The Data Controller does not carry out any data processing based on automated decision-making processes.

Further instructions regarding the data processing carried out by INDIGO.AI srl in its role as Data Controller (or Other-Controller) under art. 28 Reg. 679/2016 EU.
In case you use the ChatBot service provided by INDIGO.AI srl, the same, unless specifically contractually waived, will assume the role of:

A) Data Controller, under art. 28 par. 1 GDPR, where you act as the Data Controller;

B) Other-Controller, under art. 28 par. 2 GDPR, where you act as the Data Controller under art. 28 co. 1 GDPR in relation to the Data Controller.

Information about the processing of personal data carried out by INDIGO.AI srl in its role as Data Controller or Other-Controller is contained in the relevant DPA, which forms an integral part of the terms and conditions of service and can be consulted on this site.

Download DPA