Privacy Notice on the Processing of Personal Data pursuant to Art. 13 of EU Regulation 2016/679 for the Use of the Contact Form

Privacy Notice on the Processing of Personal Data pursuant to Article 13 of EU Regulation 2016/679 for the Use of the Contact Form

Last updated: 4 November 2025

This privacy notice is provided pursuant to Articles 13 and 14 of EU Regulation 2016/679 (General Data Protection Regulation, “GDPR”) to inform visitors to the website about the processing of personal data carried out when they complete the contact form in order to request a demo of the product offered by the Data Controller.

 
1. Data Controller
The Data Controller responsible for the personal data collected through the form is Assist Digital S.p.A. (hereinafter, the “Controller”), with registered office at Via Angelo Inganni 93, Milan, Italy.
For any information regarding the processing of your data or to exercise your rights, you may contact the Controller using the details indicated in paragraph 7.

 
2. Purposes of Processing and Legal Basis
The personal data provided by users through the contact form will be processed by the Controller for the following purposes:

Management of contact requests: handling the user’s request, responding to questions or requests for assistance, and providing information on the products or services offered.
The legal basis for the processing is the Controller’s legitimate interest in managing and responding to user requests and, where applicable, the performance of pre-contractual measures taken at the data subject’s request (Art. 6(1)(f) and Art. 6(1)(b) GDPR).

Marketing communications: with the user’s prior and optional consent, sending promotional updates via e-mail or telephone relating to the product or similar services offered by the Controller.
The legal basis is the data subject’s consent (Art. 6(1)(a) GDPR), which may be withdrawn at any time. Lack of consent (or its withdrawal) does not affect the processing necessary to handle the demo request.

Compliance with legal obligations: fulfilling obligations set out by laws, regulations, EU rules, or orders issued by authorities.
The legal basis is compliance with a legal obligation to which the Controller is subject (Art. 6(1)(c) GDPR).

 
3. Categories of Data Collected
The Controller processes the following data provided by users through the contact form:

Personal and identification data (first name, last name);
Contact details (e-mail address);
Any additional information voluntarily provided by the user in the message field.
Providing the data marked as mandatory (first name, last name, and e-mail address) is necessary to manage the contact request; failure to provide such data will make it impossible to receive a response. Providing additional information is optional.

 
4. Methods of Processing and Data Retention Period
Data will be processed using paper and/or electronic tools in accordance with the principles of lawfulness, fairness, and transparency, and in a manner that protects confidentiality and the rights of the data subject.

Your data will not be subject to automated decision-making for the purposes described above.

In accordance with Article 5 of EU Regulation 2016/679, your data will be processed:
(i) lawfully, fairly, and transparently;
(ii) accurately, and updated where necessary;
(iii) in compliance with the principle of data minimization, ensuring relevance and non-excessiveness in relation to the purposes pursued.

Your data will be processed exclusively by individuals authorized by the Controller. Appropriate security measures have been implemented pursuant to Article 32 of the GDPR to prevent destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

The data will be retained for a period proportionate to the purposes for which it was collected:

Data provided to manage the contact request will be stored for the time necessary to respond and for a maximum of 12 months thereafter to handle any follow-up communications relating to the same matter.
If consent for marketing communications is provided, the data will be processed for a maximum of 24 months.
Data processed to comply with legal obligations will be retained for the period required by applicable laws.
 
5. Data Recipients and International Transfers
Your data will not be disseminated. They may be disclosed to:

staff and collaborators of the Controller, authorized and properly instructed;
third parties providing services related to website management or communication with users (e.g., IT service providers, e-mail service providers), appointed as data processors pursuant to Article 28 GDPR;
authorities or public bodies where disclosure is required by law or by order of an authority.
Should the transfer of personal data outside the European Economic Area (EEA) be necessary, the Controller guarantees that such transfer will take place in compliance with Articles 44 et seq. GDPR, adopting appropriate safeguards (e.g., adequacy decisions or standard contractual clauses).

 
6. Rights of Data Subjects
Users, as data subjects, may exercise at any time the rights granted under the GDPR, including:

a) Right of access (Art. 15): obtain confirmation whether personal data concerning them is being processed and access such data and related information (processing purposes, data categories, recipients, storage period, rights, source of data, existence of automated decision-making, and safeguards for transfers outside the EU).

b) Right to rectification (Art. 16): correct or complete inaccurate or incomplete personal data.

c) Right to erasure (Art. 17): erase personal data where:
– it is no longer necessary for the purposes collected;
– it has been unlawfully processed;
– erasure is required by law;
– consent is withdrawn and no other legal basis applies;
– the data subject objects to processing and no overriding legitimate grounds exist.

d) Right to restriction of processing (Art. 18): in cases such as contested accuracy of data, unlawful processing with objection to erasure, data needed for legal claims, or objection to processing pending verification of overriding legitimate grounds.

e) Right to data portability (Art. 20): receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller where processing is based on consent or contract.

f) Right to object (Art. 21): object at any time, on grounds relating to their particular situation, to the processing of personal data.

 
7. Contact Details of the Data Controller and the Data Protection Officer Controller’s contact e-mail: dpo.assist@assistdigital.com

The Controller has appointed a Data Protection Officer (DPO), who may be contacted at the same address above.

Data subjects who believe that their personal data is being processed in violation of the GDPR have the right to lodge a complaint with the competent supervisory authority (in Italy: the Garante per la Protezione dei Dati Personali) or to pursue legal action.