Information to the Suppliers


Dear Business Partner,
the Retelit Group as identified below, provides you with information, in accordance with Articles 13 and 14 of the GDPR, regarding processing of personal data (hereinafter, the “Data“), of your Company (hereinafter, the “Partner“) and/or the persons acting on its behalf, which will be used and stored in compliance with the provisions of European Regulation No. 679/2026 (hereinafter, “GDPR“), the applicable legislation on the protection of personal data and in accordance with this notice.
It is understood that it is your responsibility to inform the individuals acting on your behalf, of the processing of the Data referred to in this notice and to seek their consent where necessary.


    1. Who we are


The Retelit Group consists of the holding Retelit S.p.A. and the other Companies indicated below, which, depending on the purposes pursued, may process your Data as Autonomous Data Controller or as Joint Controllers, by virtue of the Joint Controller Agreement issued pursuant to Article 26 of the GDPR, the essential contents of which are available upon your request at the contacts below:

  • Reti Telematiche Italiane S.p.A., abbreviated as “Retelit S.p.A.,” with registered office in Milan (MI), Via Pola 9, in the person of its legal representative pro tempore;
  • Retelit Digital Services S.p.A., with registered office in Milan (MI), Via Pola 9, in the person of its legal representative pro tempore;
  • PA ABS S.r.l. – Partners Associates Advanced Business Solutions, with registered office Milan, Via Pola, 9, in the person of its legal representative pro tempore;
  • PA Expertise S.r.l., with registered office in Milan (MI), Via Pola 9, in the person of its legal representative pro tempore;
  • Brennercom S.p.A., with registered office in Bolzano (BZ), via Pacinotti 12, in the person of its legal representative pro tempore;
  • IRIDEOS S.p.A., with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 09995550960;
  • IRIDEOS DATA CENTER ITALIA S.r.l. with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 11920940969;
  • Brennercom Tirol GmbH, headquartered at Eduard-Bodem-Gasse 8 – A-6020 Innsbruck, in the person of its legal representative pro tempore, VAT no. ATU 628 358 19;

Hereinafter, disjointly the Controller(s) or jointly the Joint Controllers and/or Group Companies.

More information on the corporate structure of the Retelit Group, as well as contact details, can be found at .

For any request regarding the processing of Data, it will in any case be possible to contact the Group Companies, by sending

an e-mail to


  1. Data Protection Officer.

The Group Companies, in order to facilitate the relationship between you and each Data Controller, have designated a Personal Data Protection Officer (DPO) who can be contacted via

These contact methods are also made available on the Parent Company Retelit website where any updates will also be posted.


  1. Type of Data and Mode of Processing

In the context of activities related to the establishment and subsequent management of the business relationship with the Group Companies such as, for example, agency relationships, business procurement, distribution and sale of our products and/or services, the following categories of Data will be processed:

  1. personal and identifying data (e.g., first name, last name, tax code, VAT number, video images);
  2. Portal access data made available by Group Companies (e.g., username, activity logs for troubleshooting purposes).
  3. contact data, such as residence or domicile address, e-mail address, and telephone number of the persons appointed by you to do business with the Contractors;
  4. data on the degree of solvency and punctuality of payments, also acquired through information systems of authorized companies that provide services for credit risk management and fraud prevention;
  5. Data on the degree of financial reliability;
  6. Data on membership in social security institutions or trade associations.

Group Companies collect Data:

  • at the data subject, through customer care operators, and by other modes of contact, such as, by way of example, the websites and portals granted for use to Partner i by the Contractors;
  • from public sources, such as freely accessible records, directories and documents (such as financial statements or chamber of commerce visas), as well as from sources such as print and/or digital newspapers, information drawn from telephone directories, websites of public agencies and supervisory and control authorities.
  • Data are collected, processed and stored in a lawful manner and for the purposes indicated below, manually and with the aid of electronic and/or automated means, in such a way as to ensure their security and confidentiality.


  1. Purpose and legal basis for processing.

Data will be collected, used and stored for the following purposes:

  1. Subjects we can communicate Data.

The Data may be made accessible to, brought to the attention of, and/or communicated to the following parties, who may be appointed by the Data Controllers – as appropriate – as processors, authorized persons for processing, co-processors, or will act as independent data controllers:

  • Legal persons and/or individuals who provide management services to our information systems for the operation of our business activities;
  • Legal persons and/or individuals who provide services of a technical and organizational nature;
  • Legal entities and/or individuals who provide data entry, storage, and management services;
  • legal persons and/or individuals performing control, audit and certification functions of the activities carried out by the Joint Controllers;
  • Legal persons and/or individuals who serve as consultants to the Joint Controllers;
  • banking and financial institutions and other entities that provide payment services and credit risk management and fraud prevention;
  • legal persons and/or individuals assignees of the debt and debt collection companies/institutions;
  • Our parent, subsidiary and associated companies;
  • judicial and independent authorities under orders issued in accordance with current regulations.

In any case, the Data will not be disseminated.


  1. How long we process the Data.

The Group Companies will process your Data for the time strictly necessary to achieve the purposes indicated and described in this policy.

Specifically, depending on the purpose of processing, the expected retention periods are as follows:


  1. Where we process Data.

The Joint Holders undertake to process and store the Data within the European Union.

Notwithstanding the above, in order to achieve the purposes set out in paragraph 4, the Data may be transferred to entities established in countries outside the European Economic Area, which offer the Data Holders services related to the processing activities performed (e.g., technology service providers, cloud, CRM, etc.).

Such a transfer, where appropriate, will take place in compliance with the conditions set forth in the GDPR and will be regulated, depending on the recipients, through the use of the standard contractual clauses adopted by the European Commission or – alternatively – on the basis of an adequacy decision of the Commission and/or any other instrument allowed by the relevant legislation, including adherence to the certification mechanism of the “EU-U.S. Data Privacy Framework.”

  1. Rights that can be exercised by the data subject.

During the period in which the Group Companies carry out the processing of your Data, you, as a data subject, may, at any time, exercise the rights provided in Articles 15 to 22 of the GDPR:

In accordance with the GDPR, you may exercise the following rights:

  • to carry out access to its Data in order to obtain information regarding their existence, the purposes of processing, the recipients or categories of recipients to whom the Data have been or will be communicated, and the period of retention of the Data;
  • Request and obtain modification and/or rectification of Data that you believe is inaccurate and/or incomplete;
  • to request and obtain the deletion and/or limitation of the processing of your Data if it is not necessary for the performance of the contract, the pursuit of a legitimate interest of the Contractors and/or the fulfillment of legal obligations;
  • object at any time, to the processing of your Data, including profiling, under the terms of Article 21 of the GDPR;
  • request and obtain your Data – in a structured, commonly used, machine-readable format – for portability to another Data Controller.

You may exercise the above rights, either directly or through your proxy, by sending a simple communication to the e-mail address

We will carry out the relevant requests within the time limits stipulated in Article 12, Paragraph 3. of the GDPR.


  1. Right to file a complaint with the Guarantor.

You have the right to file a complaint with the Garante per la Protezione dei Dati Personali if you believe that your rights have been violated, in line with Article 77 et seq. of the GDPR, in the manner indicated on the Garante’s website accessible at: .
Final Provisions.
The Group Companies reserve the right to amend and/or update this policy also on the basis of developments in applicable data protection legislation, as well as in the face of any changes in the Group’s corporate structure. The updated version of the policy can always be found in the Partner Portal, or through the usual channels of business communication.

Download the information.


Contact Us

I would like to receive additional information about IRIDEOS products and services.


    I have read and understood the information on the processing of personal data.