Privacy policy

Information on the processing of personal data pursuant to Article 13 of the “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data, as well as free circulation of such data and which repeals Directive 95/46 / EC “(” GDPR “).

The Data Controller HRM SRL wishes to inform you about the purposes and methods of processing personal data of natural persons pursuant to the GDPR that may be processed by the Data Controller as well as the related rights regarding such treatments.
Purpose of the processing and nature of the main data processed.
The Data Controller processes the personal data of natural persons exclusively for the following purposes:

  1. Contractual purposes, relating to the establishment and management of the contractual relationship;
  2. Administrative purposes, inherent in the management of administrative relationships related to the existing contractual relationship;
  3. Purposes of commercial communication and marketing, including through the use of news letters;
  4. Purposes of security and protection of corporate assets;
  5. Cooperation with public authorities and, in particular, health authorities.

Personal data (Surname and Name; telephone numbers, e-mails, tax data and bank data) are collected in order to organize and manage the contractual relationship and only with your express consent for commercial and marketing communication purposes.

Main methods of data processing

The Data Controller minimizes the collection and processing of personal data to the bare essentials with respect to the purposes pursued.
The data can be processed in paper form, in computer mode and through the use of video surveillance systems.
The Data Controller, after evaluating the risks and where applicable of the impact on the protection of personal data related to the loss of objectives of confidentiality, availability and integrity of the information processed, plans and adopts the necessary technical and organizational measures to minimize these risks. This is also in order to ensure the resilience of the treatments carried out in the context of the more general need to ensure the continuity of the services provided.

Legal basis of the processing

The processing of personal data for contractual and administrative purposes is necessary in order to establish and manage the contractual relationship and to fulfill the related legal obligations.
The refusal of consent to the processing implies the impossibility of establishing and maintaining the contractual relationship and therefore the provision of the service.

The processing of personal data for commercial communication and marketing purposes is optional and your consent is required. Denial of consent does not affect the provision of the service.

Communication or dissemination of the data processed

The Data Controller does not disclose or communicate your personal data to third parties for purposes other than those highlighted above.
The data is not processed in non-EU countries.
Processing by third parties
The Data Controller may use the help of third parties for the processing of your data for the purposes listed above, such as:

  1. Administrative service providers, such as accountants;
  2. Providers of technical assistance services on IT systems;
  3. Affiliated companies.

In this case, the Data Controller ensures that these subjects can process your personal data exclusively for the performance of the activities of competence strictly related to the previously defined purposes and in compliance with adequate technical and organizational data protection measures.
The data may be known by those authorized to process.
The data are not disclosed or disclosed to third parties outside the specific regulatory provisions and, if requested, they can be disclosed to public authorities.
The data are not transferred abroad and no automated decisions are made.

Information and exercise of the rights of the data subject

The Data Controller wishes to inform you of the rights that the GDPR confers on you, as a data subject.

These rights are set out in Art. 13 of the GDPR and concern:

  1. the right of the data subject to ask the data controller for access to personal data;
  2. the right of the interested party to ask the owner to rectify or cancel them or limit their processing;
  3. the right of the interested party to oppose their treatment;
  4. the data subject’s right to data portability;
  5. the right of the interested party to lodge a complaint with a supervisory authority.

Retention period of personal data and reference criteria

The Data Controller keeps the personal data processed with reference to the following criteria:

  1. compliance with the requirements applicable to the duration of the existing contractual relationship;
  2. compliance with administrative and tax requirements as per applicable legislation.

The conservation for a longer period in relation to requests from the public authority is reserved.
The retention of personal data, including particular ones, is reserved for a longer period, within the limitation period of the rights, in relation to needs related to the exercise of the right of defense in the event of disputes.

Data Controller

The Data Controller of your personal data is HRM SRL, with registered office in Milan, Piazza Santo Stefano, 6.

For any request for information regarding the processing of your personal data as well as for the exercise of your rights set out in art. 13 of the GDPR can refer to the following e-mail address: or can contact the Data Protection Officer who can be contacted at the following certified e-mail address:, or at the email addresses : or