Personal Data Processing Policy
Pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)
This policy describes how personal data collected through the IRIGuest website is processed, with particular reference to contact and information request forms.
1. Data Controller
The Data Controller is:
SanziSoft di Sanfilippo Alfredo
Via Frescobaldi, 28
60019 Senigallia (AN) — Italy
Email: privacy@irideprogetti.it
2. Types of Data Collected
The following personal data may be collected through the forms on the website:
- first and last name;
- company;
- email address;
- phone number;
- content of the message sent;
- any additional information voluntarily provided by the user.
The website may also process technical browsing data necessary for the operation of the site itself, as described in the cookie policy, if applicable.
3. Purposes of Processing
Personal data provided by the user is processed for the following purposes:
- responding to information requests submitted through the website;
- contacting the user regarding the request made;
- providing information about IRIGuest products and services;
- managing demo requests, quotes or commercial enquiries;
- fulfilling any applicable legal obligations.
4. Legal Basis for Processing
The legal basis for processing is:
- the express consent given by the data subject by ticking the relevant checkbox in the website forms;
- the performance of pre-contractual measures taken at the request of the data subject;
- compliance with any legal obligations applicable to the Controller.
5. Processing Methods
Data is processed using computer, electronic and organisational tools designed to ensure the security, confidentiality and integrity of personal data.
Processing is carried out by authorised personnel and, where necessary, by external parties appointed in accordance with applicable regulations.
6. Provision of Data
Providing the data requested in the forms is optional, but necessary to allow the Controller to respond to the user's request.
Failure to provide the required data may prevent the submission of the request or the possibility of being contacted.
7. Data Retention
Personal data will be retained for the time strictly necessary to handle the request received and any subsequent interactions with the user.
In any case, data will not be retained beyond the period necessary for the purposes for which it was collected, unless required by law or needed to protect the Controller's rights.
8. Data Disclosure
Personal data will not be disseminated.
Data may be shared with parties collaborating with the Controller for technical, organisational, administrative or commercial purposes strictly related to managing the requests received. Such parties will process data in compliance with applicable regulations and, where required, will be appointed as data processors.
9. Transfer of Data Outside the European Union
Personal data is not systematically transferred to third countries outside the EU.
Should technical or operational needs require the use of services involving a transfer of data outside the European Economic Area, the Controller will adopt the safeguards provided for under the GDPR.
10. Rights of the Data Subject
The data subject may exercise at any time the rights provided under Articles 15–22 of the GDPR, including:
- right of access to personal data;
- right to rectification;
- right to erasure;
- right to restriction of processing;
- right to object;
- right to data portability, where applicable;
- right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Requests may be sent to: privacy@irideprogetti.it
11. Complaint to the Supervisory Authority
The data subject has the right to lodge a complaint with the competent Data Protection Authority if they consider that the processing of their data violates applicable regulations.
12. Updates to This Policy
This policy may be updated periodically to reflect regulatory, technical or organisational changes.
Last updated: June 2026