Privacy Policy

Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”)

WHY THIS INFORMATION?
Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes the methods of processing personal data. This notice is provided in accordance with Article 13 of the GDPR. The notice shall not be considered valid for other third-party websites, which may be accessible via links on this website, for which no responsibility is assumed.

Processable Personal Data

- Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (Recitals 26, 27, 30 GDPR).

- Data of contractors/users

- Browsing Data: the computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

- Data Provided Voluntarily: the optional, explicit, and voluntary sending of messages to the contact addresses indicated on this site and/or the completion of data collection forms entails the subsequent acquisition of the sender’s address, which is necessary in order to respond to requests, as well as any other personal data included in the communication.

Information Regarding the Processing of Personal Data via Social Media Platforms
With regard to the processing of personal data carried out by the operators of the Social Media platforms used by the Data Controller, reference should be made to the information provided by those operators in their respective privacy policies. The Data Controller processes the personal data provided by users through the dedicated pages of such Social Media platforms in order to manage interactions with users (comments, public posts, etc.), in compliance with the applicable legislation.

Specific Notices
Specific privacy notices may be provided on certain pages of the Website in connection with particular services or data processing activities offered.

COOKIES AND OTHER TRACKING SYSTEMS – WHAT ARE THEY AND WHAT ARE THEY FOR?
For information regarding cookies and other tracking systems, please refer to the Cookie Policy available in the website footer.

1. WHO IS THE DATA CONTROLLER AND HOW CAN YOU CONTACT THEM?
The Data Controller is Servitly Srl, with registered office at Via Cavour no. 2 – 22074 Lomazzo (Italy), represented by its current legal representative. You may contact the Data Controller for any information by telephone at (+39) 02 36714281 or by email at privacy@servitly.com.

HAS A DATA PROTECTION OFFICER BEEN APPOINTED? WHAT ARE THEIR CONTACT DETAILS?
Servitly has appointed its Data Protection Officer (DPO) pursuant to Articles 37, 38, and 39 of the GDPR. The DPO can be reached at the Data Controller’s registered office indicated above or by email at: dpo@servitly.com.

2. PURPOSE OF PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD, NATURE OF DATA SUBMISSION

PURPOSE OF PROCESSING

LEGAL BASIS

DATA RETENTION

DATA CONFERRAL

Browsing on This Website
 The data necessary for the use of the website’s services are also processed for the following purposes:
- to obtain statistical information regarding the use of the services (e.g., most visited pages, number of visitors by time slot or day, geographic areas of origin, etc.);
- to monitor and verify the proper functioning of the services provided.

Such data may also be used to establish liability in the event of alleged computer crimes committed against the website.

The processing is necessary for the purposes of the legitimate interest pursued by the data controller or by third parties, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, taking into account the reasonable expectations of the data subject and the activities strictly necessary for the operation of the website and for navigation itself.(Art. 6(1)(f) and Recital 47 of the GDPR)

The retention of browsing data will last for the duration of the browsing session. In any case, such data will not be stored for more than seven days (unless required for the investigation of crimes by the Judicial Authority).

The provision of data is necessary for browsing on the website

Use of cookies and similar technologies.Please refer to the cookies policy in the website footer.

For non-technical cookies and similar technologies that are not strictly necessary, the processing is based on consent to the processing of personal data (Art. 6(1)(a) and Recitals 42 and 43 of the GDPR).Consent is provided through the website’s cookie banner and cookie policy.

See the cookies policy in the website footer.

See the cookies policy in the website footer.


In addition to navigation purposes, personal data will be processed for:

PURPOSE OF PROCESSING

LEGAL BASIS

DATA RETENTION

DATA CONFERRAL

A) CONTACTS, sending contact requests, information, demo requests, and meeting booking.

The processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract (C44). Art. 6(1)(b) GDPR.

Maximum 12 months.

The provision of data is necessary.

Failure to provide the required data will make it impossible to be contacted and to receive information.

B) DIRECT MARKETING – for the sending of advertising material or direct sales communications, or for the carrying out of market research, commercial and promotional communications, newsletters, by means of automated tools (e-mail, SMS) as well as traditional tools (telephone and postal mail).

In order to compare and, where necessary, improve the results of automated communications, the Data Controller uses reporting systems. Through such reports, the Data Controller may obtain, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; details of the activities of individual users; details of e-mails sent, delivered or not, and those forwarded. All such data are used for the purpose of comparing and, where appropriate, improving the effectiveness of communications.

The processing is necessary for compliance with a legal obligation to which the controller is subject (C45).Art. 6(1)(c) GDPR.

Data will be processed until consent is withdrawn (opt-out).

Providing the data is optional.

Failure to provide the required data will make it impossible to receive direct marketing communications.

C) HANDLING OF YOUR REQUEST and those of other data subjects, pursuant to Articles 15 et seq. of the GDPR (data subject rights).

The processing is necessary for compliance with a legal obligation to which the controller is subject (C45).Art. 6(1)(c) GDPR.

5 years from the closure of the request, unless legal disputes arise

Providing personal data is mandatory, as it is essential for fulfilling legal obligations.

3. TO WHOM WILL PERSONAL DATA BE DISCLOSED? DATA RECIPIENTS
 Personal data will be disclosed to entities that will process the data either as independent Data Controllers or as Data Processors (Art. 28 GDPR), and may be processed by natural persons (Art. 29 GDPR) acting under the authority of the Controller and the Processors based on specific instructions provided regarding the purposes and methods of processing.
Data will be disclosed to recipients belonging to the following categories:
- Entities providing services for the website and communication networks, including email, hosting, and website management;
- Entities based in Italy with whom the Controller has entered into agreements, and with prior consent, where required;
- For direct marketing, subject to consent, to entities managing direct marketing activities;
- Competent authorities for compliance with legal obligations and/or requests from public authorities.

The list of Data Processors pursuant to Art. 28 is available upon request by writing to privacy@servitly.com or using the other contact details provided above.

4. WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Personal data will not be transferred to countries outside the EEA.

5. IS THERE AN AUTOMATED PROCESS?
Personal data will be processed manually, electronically, and through automated means. It is specified that no fully automated decision-making processes are carried out.

6. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
Data subjects may exercise their rights as set forth in Articles 15 et seq. of the GDPR by contacting the DPO at dpo@servitly.com, the Data Controller at privacy@servitly.com, or using the other contact details provided above.The Controller ensures that data subjects can, at any time, request access to their personal data (Art. 15), correction (Art. 16), deletion (Art. 17), or restriction of processing (Art. 18). The Controller communicates (Art. 19) any corrections, deletions, or restrictions of processing carried out to each recipient to whom the personal data have been disclosed. Upon request, the Controller will provide data subjects with the identities of such recipients.

The Controller guarantees the right to data portability (Art. 20) and, in the event of requests under Art. 20, will provide the data subjects with their data in a structured, commonly used, and machine-readable format.Data subjects have the right to object (Art. 21) at any time to processing based on legitimate interest by contacting the addresses above with the subject line “objection.”
In the event of an objection to processing based on legitimate interest, the Controller will provide data subjects, upon request, with information on the balancing test performed.Data subjects have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent given prior to its withdrawal.To stop receiving automated direct marketing communications (e.g., email, SMS, instant messaging), data subjects are invited to send an email to privacy@servitly.com with the subject line “unsubscribe from automated” or use our automatic unsubscribe system available for emails only (opt-out).

To stop receiving traditional direct marketing communications (e.g., phone calls with an operator or postal mail), data subjects are invited to send an email to privacy@servitly.com with the subject line “unsubscribe from traditional.” To stop receiving any marketing communications, data subjects are invited to send an email to privacy@servitly.com with the subject line “unsubscribe from marketing.”

If data subjects believe that the processing of their personal data by the Controller violates Regulation (EU) 2016/679, they are free to lodge a complaint with the National supervisory authority, in particular in the Member State where they habitually reside or work, or where the alleged violation occurred (Italian Data Protection Authority – Garante Privacy), or to seek recourse through the appropriate judicial channels.

7. CHANGES TO THE PRIVACY POLICY
The Controller may change, modify, add, or remove any part of this Privacy Policy. To facilitate the verification of any changes, the policy will indicate the date of its latest update.


Last updated: July 23, 2025