Information to Business Partners


INFORMATION ON THE PROCESSING OF PERSONAL DATA OF BUSINESS PARTNERS’ PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) NO 2016/679 (“GDPR”)


Dear Business Partner, the Retelit Group as identified below, provides you with information, in accordance with Articles 13 and 14 of the GDPR, regarding processing of personal data (hereinafter, the “Data“), of your Company (hereinafter, the “Partner“) and/or the persons acting on its behalf, which will be used and stored in compliance with the provisions of European Regulation No. 679/2026 (hereinafter, “GDPR“), the applicable legislation on the protection of personal data and in accordance with this notice.

It is understood that it is your responsibility to inform the individuals acting on your behalf, of the processing of the Data referred to in this notice and to seek their consent where necessary.

1. Who we are

The Retelit Group consists of the holding Retelit S.p.A. and the other Companies indicated below, which, depending on the purposes pursued, may process your Data as Autonomous Data Controller or as Joint Controllers, by virtue of the Joint Controller Agreement issued pursuant to Article 26 of the GDPR, the essential contents of which are available upon your request at the contacts below:

  • Reti Telematiche Italiane S.p.A., abbreviated as “Retelit S.p.A.,” with registered office in Milan (MI), Via Pola 9, in the person of its legal representative pro tempore;
  • Retelit Digital Services S.p.A., with registered office in Milan (MI), Via Pola 9, in the person of its legal representative pro tempore;
  • PA ABS S.r.l. – Partners Associates Advanced Business Solutions, with registered office Milan, Via Pola, 9, in the person of its legal representative pro tempore;
  • PA Expertise S.r.l., with registered office in Milan (MI), Via Pola 9, in the person of its legal representative pro tempore;
  • Brennercom S.p.A., with registered office in Bolzano (BZ), via Pacinotti 12, in the person of its legal representative pro tempore;
  • IRIDEOS S.p.A., with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 09995550960;
  • IRIDEOS DATA CENTER ITALIA S.r.l. with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 11920940969;
  • Brennercom Tirol GmbH, headquartered at Eduard-Bodem-Gasse 8 – A-6020 Innsbruck, in the person of its legal representative pro tempore, VAT no. ATU 628 358 19;

More information on the corporate structure of the Retelit Group, as well as contact details, can be found at www.retelit.it.

For any request regarding the processing of Data, it will in any case be possible to contact the Group Companies, by sending a registered letter with return receipt to the registered office, a PEC to retelit@pec.retelit.com or an e-mail to privacy@retelit.it.

2. Data Protection Officer

The Group Companies, in order to facilitate the relationship between you and each Data Controller, have designated a Personal Data Protection Officer (DPO) who can be contacted via PEC to retelit@pec.retelit.com – c.a. of the Data Protection Officer (DPO); e-mail, at dpo@retelit.it.

These contact methods are also made available on the Parent Company Retelit website www.retelit.it where any updates will also be posted.

3. Type of Data and Mode of Processing

In the context of activities related to the establishment and subsequent management of the business relationship with the Group Companies such as, for example, agency relationships, business procurement, distribution and sale of our products and/or services, the following categories of Data will be processed:

  1. personal and identifying data (e.g., first name, last name, tax code, VAT number, video images);
  2. Portal access data made available by Group Companies (e.g., username, activity logs for troubleshooting purposes).
  3. contact data, such as residence or domicile address, e-mail address, and telephone number of the persons appointed by you to do business with the Contractors;
  4. data on the degree of solvency and punctuality of payments, also acquired through information systems of authorized companies that provide services for credit risk management and fraud prevention;
  5. Data on the degree of financial reliability;
  6. Data on membership in social security institutions or trade associations.

Group Companies collect Data:

  • at the data subject, through customer care operators, and by other modes of contact, such as, by way of example, the websites and portals granted for use to Partner i by the Contractors;
  • from public sources, such as freely accessible records, directories and documents (such as financial statements or chamber of commerce visas), as well as from sources such as print and/or digital newspapers, information drawn from telephone directories, websites of public agencies and supervisory and control authorities.
  • Data are collected, processed and stored in a lawful manner and for the purposes indicated below, manually and with the aid of electronic and/or automated means, in such a way as to ensure their security and confidentiality.

4. Purpose and legal basis for processing

Data will be collected, used and stored for the following purposes:

PURPOSE OF PROCESSING LEGAL BASIS
Conclusion and execution of the contract
Data processing takes place through access to the Group Companies’ website, portals, and/or by filling out registration forms, for the eventual conclusion and execution of the business cooperation contract.		 Processing is necessary for the performance of pre-contractual activities and the eventual conclusion and execution of the cooperation contract with the Group Companies. Refusal to provide the Data may result in the inability to enter into the contractual relationship with them.
Compliance with legal obligations
The processing of collected Data is carried out to fulfill administrative, accounting and tax obligations to which Group Companies are subject.		 Processing is necessary to enable the Group Companies to fulfill legal obligations to which they are subject and to comply with any orders of judicial and other supervisory authorities.
Payment services and verification of the reliability and timeliness of payments and fraud prevention
Data processing takes place by accessing the information systems of companies and third parties, which provide payment verification and credit risk management and fraud prevention services.		 The processing is based on the legitimate interest of the Group Companies in collecting and disbursing payments, conducting credit check, fraud prevention activities and managing late and non-payment. You have the right to object to this processing at any time in case of special situations concerning you.
Processing for extrajudicial, judicial and regulatory litigation management
Processing is carried out to ensure the proper management of business activities with regard to extrajudicial, judicial and regulatory litigation.		 The processing is based on the legitimate interest of the Group Companies in carrying out the extrajudicial, judicial and regulatory litigation management activities related to the performance of their business activities. You have the right to object to this processing at any time in case of special situations concerning you.

5. Subjects we can communicate Data

The Data may be made accessible to, brought to the attention of, and/or communicated to the following parties, who may be appointed by the Data Controllers – as appropriate – as processors, authorized persons for processing, co-processors, or will act as independent data controllers:

  • Legal persons and/or individuals who provide management services to our information systems for the operation of our business activities;
  • Legal persons and/or individuals who provide services of a technical and organizational nature;
  • Legal entities and/or individuals who provide data entry, storage, and management services;
  • Legal persons and/or individuals performing control, audit and certification functions of the activities carried out by the Joint Controllers;
  • Legal persons and/or individuals who serve as consultants to the Joint Controllers;
  • Banking and financial institutions and other entities that provide payment services and credit risk management and fraud prevention;
  • Legal persons and/or individuals assignees of the debt and debt collection companies/institutions;
  • Our parent, subsidiary and associated companies;
  • Judicial and independent authorities under orders issued in accordance with current regulations.

In any case, the Data will not be disseminated.

6. How long we process the Data

The Group Companies will process your Data for the time strictly necessary to achieve the purposes indicated and described in this policy.

Specifically, depending on the purpose of processing, the expected retention periods are as follows:

Purpose of processing Expected retention period
Pre-contractual activities and eventual conclusion and execution of supply contracts up to 24 months after the collection of the Data or for the duration of the contractual relationship.
Fulfillment of legal obligations Up to 10 years after termination of contractual relationship.
Administrative, accounting and tax purposes Up to 10 years after the termination of the contractual relationship.
Verification of the degree of financial reliability For the duration of the contractual relationship.
Systems activities on Data Controller’s resources and/or in use by End Customers (system administrators) for at least 6 months, in accordance with the applicable regulations on system administrators.
Verification of the quality of call center services and training of employees. For at least 6 months after acquiring the registration.
Pursuit of a legitimate interest of the Company for as long as necessary to pursue the legitimate interest of the Data Controller. You have the right to object at any time for reasons related to special situations concerning you.

7. Where we process Data

The Joint Holders undertake to process and store the Data within the European Union.

Notwithstanding the above, in order to achieve the purposes set out in paragraph 4, the Data may be transferred to entities established in countries outside the European Economic Area, which offer the Data Holders services related to the processing activities performed (e.g., technology service providers, cloud, CRM, etc.).

Such a transfer, where appropriate, will take place in compliance with the conditions set forth in the GDPR and will be regulated, depending on the recipients, through the use of the standard contractual clauses adopted by the European Commission or – alternatively – on the basis of an adequacy decision of the Commission and/or any other instrument allowed by the relevant legislation, including adherence to the certification mechanism of the “EU-U.S. Data Privacy Framework.”

8. Rights that can be exercised by the data subject

During the period in which the Group Companies carry out the processing of your Data, you, as a data subject, may, at any time, exercise the rights provided in Articles 15 to 22 of the GDPR:

In accordance with the GDPR, you may exercise the following rights:

  • to carry out access to its Data in order to obtain information regarding their existence, the purposes of processing, the recipients or categories of recipients to whom the Data have been or will be communicated, and the period of retention of the Data;
  • Request and obtain modification and/or rectification of Data that you believe is inaccurate and/or incomplete;
  • to request and obtain the deletion and/or limitation of the processing of your Data if it is not necessary for the performance of the contract, the pursuit of a legitimate interest of the Contractors and/or the fulfillment of legal obligations;
  • object at any time, to the processing of your Data, including profiling, under the terms of Article 21 of the GDPR;
  • request and obtain your Data – in a structured, commonly used, machine-readable format – for portability to another Data Controller.

You may exercise the above rights, either directly or through your proxy, by sending a simple communication to the e-mail address privacy@retelit.it.

We will carry out the relevant requests within the time limits stipulated in Article 12, Paragraph 3. of the GDPR.

9. Right to file a complaint with the Guarantor

You have the right to file a complaint with the Garante per la Protezione dei Dati Personali if you believe that your rights have been violated, in line with Article 77 et seq. of the GDPR, in the manner indicated on the Garante’s website accessible at: www.garanteprivacy.it.

10. Final Provisions.

The Group Companies reserve the right to amend and/or update this policy also on the basis of developments in applicable data protection legislation, as well as in the face of any changes in the Group’s corporate structure. The updated version of the policy can always be found in the Partner Portal, or through the usual channels of business communication.


Support
+39 02 87 200 983
Toll free number
+39 800 585 383
Privacy | Cookie | Legal notes
IRIDEOS SpA - Retelit Group | Via L. Bodio, 37 - Building 3 - 20158 Milan (Italy) -
P. IVA 09995550960 - R.E.A. di MI 2126652

Il nostro sito usa cookieper poterti offrire una migliore esperienza di navigazione in accordo alla normativa sulla privacy. Chiudendo questo banner o continuando la navigazione del sito acconsenti all’uso dei cookie.

Contact Us

I would like to receive additional information about IRIDEOS products and services.



    Acconsento

    I have read and understood the information on the processing of personal data.