Information on the processing of personal data of users consulting IT Business websites pursuant to Article 13 of Regulation (EU) 2016/679
[REV. 4.1 of 22/02/2024]

On April 6, 2016, the European Union approved a major reform of the data protection framework by adopting the “General Data Protection Regulation” (GDPR or Regulation), which is directly applicable in member states. The Regulation replaces Directive 95/46/EC (“Data Protection Directive”) and its application becomes mandatory as of May 25, 2018, two years after its entry into force.

The new Regulation strengthens the protection of the right to personal data protection (Data Protection), in line with the recognition of personal data protection as a fundamental right in the EU. The Regulation is also an urgently needed response to the challenges posed by technological developments that enable the collection and processing of large amounts of personal data in real time, enabling the development of automated decisions beyond human intervention. The Regulation meets the need for privacy protection increasingly felt by European citizens.

Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation”), this page describes the methods for processing the Personal Data of users who consult the websites of IT Business srl (hereinafter the “Websites”) accessible by electronic means at the following addresses:


This information does not pertain to other sites, pages, or online services that can be reached through hypertext links that may be posted on the Web Sites but refer to resources outside the domains indicated above.

The Data Controller is IT Business srl (henceforth “IT Business”), located at Via Savoia 80, 00198 Rome (RM) whose contact details are:

  • +39 06 59604349

Personal Data of users visiting the Web Sites may be processed for the following purposes:

  • Purpose: to respond to requests for assistance or information.
  • Legal Basis: necessary for the pursuit of the legitimate interest of the Controller so that it can verify the identity of the user before responding to requests for assistance or information [Art. 6.1(f) GDPR].
  • Purpose: To obtain anonymous statistical information on the use of the Websites and to monitor its proper functioning, to identify anomalies and/or abuses.
  • Legal Basis: necessary for the pursuit of the legitimate interest of the Data Controller to monitor the proper functioning of the Websites, to identify anomalies and/or abuse [Art. 6.1(f) GDPR].
  • Purpose: statistical research/analysis on anonymous or aggregated data that IT Business may receive from social providers (e.g., LinkedIn, Facebook, etc.) regarding, for example, the performance of advertisements related to IT Business services. No information (e.g., first name, last name, or e-mail address) is transmitted to IT Business that would allow, even indirectly, to trace the identity of the user.
  • Legal Basis: according to ex art. 6.1 (f) of the Regulation is in the interest of IT Business both economic and aimed at increasing or improving the publicity of its products through statistical analysis of aggregate data.
  • Purpose: To enable the purchase of products and services for sale on the Websites where the e-commerce service is active.
  • Legal Basis: necessary for the performance of a contract to which the user is a party [art. 6.1 (b) GDPR]. The provision of Personal Data for this purpose is optional but failure to provide it would result in the impossibility of following up the request.
  • Purpose: To send newsletters to stay updated on initiatives promoted by IT Business regarding the products and services offered.
  • Legal Basis: it is constituted by the consent expressed by the user through the inclusion of his/her e-mail address pursuant to art. 6.1 (a) of the Regulations. With reference to Article 7 of the Regulations, the data subject may revoke any consent given at any time. Revocation of consent, which can be done through the appropriate link in the footer of the email newsletter, results in the suspension of the sending of the newsletter. Any revocation does not affect the lawfulness of the processing given before the revocation.
  • Purpose: To fulfill any legal, accounting and tax obligations.
  • Legal Basis: the processing is necessary to fulfill a legal obligation to which IT Business is subject pursuant to Article 6.1 (c) of the Regulations.

When a user visits the Web Sites, the following information may be collected for one or more of the above purposes:

  • contact information such as first name, last name, address for correspondence, e-mail address, and telephone number;
  • fiscal data such as company name, tax code, VAT number, shipping address, billing address, means of payment used;
  • browsing data on the type of device used, browser type and settings, IP address and traffic data related to the user’s Internet connection.

Your Personal Data will be processed with the support of computer and telematic means and will be protected through appropriate technical and organizational security measures suitable to ensure its confidentiality, integrity and availability. We retain your Personal Data only as long as necessary to achieve the purposes for which it was collected or for any other legitimate related purposes. Therefore, if Personal Data are processed for two different purposes, we will retain such data until the purpose with the longer term ceases. In any case, we will no longer process Personal Data for that purpose whose retention period has ended. Personal Data that is no longer needed, or for which there is no longer a legal basis for its retention, will be irreversibly anonymized (and thus may be retained) or deleted.

Personal Data processed to handle and respond to requests for information or other communications will be retained for as long as necessary to handle and respond to the user’s request and then deleted.

Information collected by IT Business will be stored on its own systems and in whatever region its suppliers operate.

IT Business, in order to provide the services offered through the Web Sites, may make use of third parties who will act on its behalf as “Data Processors” by virtue of an appropriate appointment. The Personal Data may also be brought to the attention of individuals who will act as “Authorized Data Processors”. For the purposes of service delivery, it is possible that your Personal Data may be provided to third parties in order to comply with IT Business’ internal, contractual and statutory obligations. Some categories of external recipients of your Personal Data are, for example:
  • Public, governmental or regulatory authorities and institutions (such as tax authorities, including complying with national security or law enforcement requirements);
  • IT and technology service providers, production, communication and control providers;
  • Third parties to whom IT Business assigns or remits any of its rights or obligations and collaborative and business partners;
  • Courts, law enforcement, regulatory authorities or lawyers or other third parties in connection with the establishment, exercise or defense of legal claims.
In addition, we may share non-identifiable, aggregate data with agents and business partners, or disclose aggregate statistical data about you to describe services to current and potential business partners, and other third parties for other legal purposes.

Due to possible needs related to the location of service providers, IT Business may share some of the data collected with services located outside the European Union area in countries for which the European Commission has not issued an Adequacy Decision. In such cases, IT Business is committed to ensuring adequate levels of protection and safeguards, including contractual safeguards, in accordance with the applicable rules, including the stipulation of standard contractual clauses as referred to in Article 46(2)(c) of the GDPR, supplemented where necessary by additional technical, legal and organizational measures necessary to ensure that the level of protection of Personal Data is equivalent to that of the European Union.

Pursuant to Articles 15-21 of the GDPR, in relation to the Data disclosed, the Data Subject has the right to:

  • access and request copies;
  • request deletion/rectification;
  • obtain the restriction of processing;
  • object to processing carried out on the basis of the legitimate interest of the Data Controller;
  • receive in a structured, commonly used and machine-readable format and to transmit without hindrance such Data to another Data Controller, where technically feasible;
  • to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, a Data Subject who considers that the processing concerning him or her violates the Privacy Regulations has the right to lodge a complaint with the supervisory authority of the Member State in which he or she resides or habitually works, or of the State in which the alleged violation occurred.

The above listed does not apply to information made available to third parties that is beyond the reach of IT Business.

Where processing is based on consent, pursuant to Article 7 of the GDPR, the Data Subject may revoke any consent given at any time, without prejudice to the lawfulness of the processing performed prior to revocation.

If the Data Subject wishes to have more information on the processing of his/her Data, or to exercise the previously mentioned rights, the same may forward an e-mail to:

IT Business may make changes to this policy, in any case ensuring that this Internet page is updated in a timely manner and providing access to the various versions that have succeeded one another over time, which can be consulted at the same address.