Privacy policy

Pursuant to Article 13 of EU Regulation 2016/679 (hereinafter referred to as the “GDPR”) and the legislation on the protection of personal data, Industrious Global Technologies S.r.l., as data controller, provides this policy (hereinafter referred to as the "Policy") in order to describe and illustrate the processing operations of the Personal Data (as defined below) of the data subjects (hereinafter referred to as the “Data Subjects”) who consult the website accessible electronically through the following link “https://industriousgt.com” (hereinafter referred to as the "Website").

1. Data Controller and contact details.

The controller of personal data is Industrious Global Technologies S.r.l., a sole quotaholder, with registered office in Cassina de' Pecchi (MI), via Roma n. 108 (CAP 20051), quota capital Euro 100,000.00 fully paid-up, registered in the Companies’ Register of Milano Monza-Brianza Lodi, registration number, tax code and VAT number 10256090969, registered in R.E.A. MI-2517597, in the person of its pro tempore legal representative (hereinafter referred to as the "Data Controller" or, also, "IGT"). 

The Data Subject may contact the Data Controller at any time by sending a registered letter with return receipt to the registered office of IGT, or by sending a communication to the following e-mail address: privacy@industriousgt.com.

2. Types of Personal Data and description of the processing.

The Data Controller will process, depending on the purposes, the following personal data:

1. identification and contact data, such as: name, surname, address, telephone number, e-mail address and similar. Such data are freely provided by the Data Subjects by filling in the form, or by sending a communication to the addresses indicated on the Website;
2. browsing data, such as, for example: identification number ("ID"), date/time of access,clientfile request (file nameand URL) and http response code. These data are provided by the Data Subjects during access to the Website and during its navigation by selecting cookies and filling in forms. In this regard, for information on the processing of browsing data and the use of cookies, please read the cookie policy (available at the following link: https://industriousgt.com/it/cookie); 

(hereinafter, collectively, referred to as the "Personal Data"), which will be collected directly from the Data Subject.

3. Purpose of the processing.

Personal Data will be processed for the following purposes:

1. managing expressions of interest by the Data Subject and establishing pre-contractual relationships; 
2. responding to requests and communications sent through the contact form on the Website, or by sending communications to the Data Controller's contacts indicated on the Website;
3. evaluating applications in the context of personnel selection activities, through the collection and analysis of curricula vitae;
4. managing interactions with social networks and external platforms, including through connection tools (e.g., plug-ins, content sharing, comments).

4. Legal basis.

The legal basis justifying the processing of Personal Data is: 

1. for the purposes referred to in points i), ii) and iii), the performance of a contract to which the Data Subject is party and/or to take steps at the request of the Data Subject prior to entering into a contract (Article 6, paragraph 1, letter (b), of the GDPR); 
2. for the purposes referred to in point iv), the legitimate interest of the Data Controller (Article 6, paragraph 1, letter (f), of the GDPR). It should be noted that the acceptance of marketing and statistical cookies may constitute the basis for the processing of browsing data, which is carried out in the legitimate interest of the Data Controller, for example for the purposes of analysis, improvement of the services offered and personalization of the experience of the Data Subject, in compliance with the Data Subject’s fundamental rights and freedoms. Failure to accept may compromise and/or limit some features of the Website.

5. Provision of Personal Data and consequences of refusal.

The provision of Personal Data for the purposes referred to in points (i), (ii) and (iii) of paragraph 3 it is mandatory and necessary for the Data Controller to correctly and completely perform the services requested by the Data Subject and/or correctly comply with legal or regulatory obligations. The Data Subject is free to provide (or not) the requested Personal Data. However, in the absence such data, the Data Controller will not be able to provide the services requested by the Data Subject. 

For the purpose referred to in point (iv) of paragraph 3 the provision of Personal Data is to be considered optional and does not entail any direct consequence for the Data Subject, without prejudice to the provisions of letter b) of paragraph 4.

6. Methods of processing Personal Data.

Personal Data will be processed using paper supports, or IT, electronic and/or telematic tools, in any case suitable for guaranteeing the integrity, availability, security and confidentiality of the Personal Data itself. 

In particular, the Personal Data stored and processed: 

1. on computer, electronic and telematic supports, will be stored on (dedicated) cloud servers and local servers;
2. on paper supports are stored in special registers and/or files, which will be kept in special containers at the Data Controller’s premises.

It should be noted that the Personal Data provided in the context of self-applications orcontact forms will be stored in structured and secure databases, accessible exclusively by the Data Controller and by subjects expressly authorized by the latter.

Appropriate security measures are taken to prevent the risks of destruction or loss, modification, unauthorized disclosure or unauthorized access to Personal Data, or processing that does not comply with the purposes for which the Personal Data was collected.

7. Automated decision-making process.

The Data Controller informs the Data Subject that there is no automated decision-making process on the Website and, in particular, there is no profiling system.

8. Period of Personal Data storage.

Personal Data will be stored for the time strictly necessary to perform the requested service or, in any case, within the limitation limits of the statute of limitations provided for by law, except for any further retention period necessary. 

In the specific case of curricula vitae, if there is no response to interest from human resources, Personal Data will be automatically deleted. Otherwise, the storage will be proportional to the degree of interest expressed and, in any case, will not exceed a period of between 1 and 3 years. 

On the other hand, in the case of the request received through the contact form, the storage period varies depending on the nature of the same. In particular:

1. Management of commercial requests and quotes: Personal Data will be stored for a period of between 12 and 24 months, depending on the possibility that the request may result in the establishment of a contractual relationship;
2. Management of technical, environmental or operational issues: Personal Data will be stored for up to a maximum of 5 years, taking into account any operational, environmental or documentary responsibilities related to the report;
3. General communications or unstructured information: Personal Data will be stored for a period of between 6 and 12 months, which is the technical time required to respond to the request and proceed with archiving;
4. Management of institutional contacts or requests for collaboration: Personal Data will be stored for a period of between 2 and 5 years, in relation to the possible establishment and development of ongoing professional or institutional relationships.

9. Transfer of Personal Data.

The Personal Data collected will not be transferred outside the territory of the European Union.

10. Category of recipients. Communication and dissemination.

In relation to the purposes described above, Personal Data may be made accessible or communicated to the following categories of subjects:

1. employees and collaborators of the Data Controller, in their capacity as persons authorised to process and/or system administrators, within the scope of their respective duties and in accordance with the instructions received;
2. to third-party companies that perform activities functional to the management of the Website (such as, for example, providers who provide maintenance services of the Website, hosting services providers, IT services providers connected to the functioning of the Website);
3. to all those public and/or private entities (e.g.: law firms), if the communication is necessary or functional to the correct fulfilment of the contractual obligations undertaken in relation to the services requested by the Data Subject, as well as the obligations arising from the law and, more generally, to all those entities (including public authorities) that have access to the data by virtue of regulatory or administrative provisions.

The subjects referred to in points (ii) and (iii) will process the Personal Data as data processors duly appointed by the Data Controller pursuant to Article 28 of the GDPR. The updated list of subjects appointed as data processors is kept at the Data Controller’s registered office. 

Personal Data will not be disclosed or communicated to third parties, i.e. made known to unspecified subjects. 

11. Rights of the Data Subject. Opposition. Complaint.

The Data Subject may exercise the rights provided for in Articles 7 and 15 to 22 of the GDPR, where applicable, against the Data Controller. In particular, the Data Subject has the right to request access to data concerning him or her (Article 15 of the GDPR), updating, integration, rectification (Article 16 of the GDPR), erasure (Article 17 of the GDPR), restriction (Article 18 of the GDPR), data portability in open format (Article 20 of the GDPR), to withdraw consent at any time, where given, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal (Article 7 of the GDPR), or, for legitimate reasons, to object, in whole or in part, to the processing of Personal Data (Articles 21 and 22 of the GDPR). 

The Data Subject may at any time exercise the rights provided for by the GDPR or request information from the Data Controller in relation to the processing of his/her Personal Data: (i) by writing to Industrious Global Technologies S.r.l., via Roma n. 108, 20051-Cassina de’ Pecchi (MI); or (ii) by sending ane-mail to the ordinary e-mail address: privacy@industriousgt.com. 

Pursuant to Article 77 of the GDPR, the Data Subject also has the right to lodge a complaint with the Supervisory Authority of the Member State in which he or she habitually resides, where he or she works or the place where the alleged violation occurred. In Italy, the competent authority is the Garante per la protezione dei dati personali, based in Rome (www.garanteprivacy.it). For any clarification and/or further information, the e-mail address of the Supervisory Authority is: urp@gpdp.it.

12. Links to third-party websites and services.

The Website hosts links to websites or services offered by third parties (e.g., LinkedIn).

This Policy does not apply to such websites and/or services. The Data Controller, therefore, does not assume any responsibility for the processing of Personal Data that may be carried out by the aforementioned third parties. For information relating to the processing of personal data carried out by each third party, the Data Subject is invited to consult the relevant privacy policy.

13. Changes to the Policy.

The Data Controller reserves the right to modify the Policy when appropriate and/or necessary. In any case, the Data Controller recommends that you review this Policy from time to time to check for any changes or improvements, as it will always be available on the Website.

Policy version 3.0. 

Cassina de' Pecchi (MI), 29 July 2025. 

Industrious Global Technologies S.r.l.