Skip to Content

Privacy Policy



Privacy Policy on the Processing of Personal Data (Privacy Policy)

pursuant to art. 13 of Regulation (UE) 2016/679 (“GDPR”)

1. Data Controller

The Data Controller is Riadatto S.r.l. Società Benefit, with registered office at Via Antonio Cechov, 50 – 20151 Milan (MI), Italy, Tax Code and VAT No. 11985800967, contact email: info@riadatto.it.

The Data Controller ensures compliance with the applicable personal data protection regulations and processes personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, and data minimization.


2. Types of Data Processed

Riadatto processes personal data provided directly by the data subjects or automatically collected through the website, including:

  • Personal identification and contact data (such as name, surname, email address, phone number, company, and role);
  • Technical browsing data (such as IP addresses, logs, cookies, browser type, and device information);
  • Data provided through contact forms or job applications (such as free-text messages, curriculum vitae, portfolio, etc.);
  • Client and supplier data (for administrative, accounting, and contractual purposes).

Riadatto does not process special categories of personal data or sensitive data (Article 9 GDPR) through the website.


3. Purposes and legal bases of the processing

Purpose of the processing

Legal basis

Data retention period

Management of contact or quotation requests received through the website or via email

Performance of pre-contractual or contractual measures (Art. 6(1)(b) GDPR)

For the time necessary to respond and, in any case, for a maximum period of 12 months

Management of contractual relationships with clients, suppliers, and collaborators

Performance of a contract / compliance with legal obligations (Art. 6(1)(b)–(c) GDPR)

10 years from the termination of the contractual relationship

Sending technical or informational communications related to the firm’s services

Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) or consent

Until withdrawal of consent

Anonymous statistical analysis on the use of the website (technical and analytical cookies)

Legitimate interest or consent (depending on the type of cookies)

According to the specific cookie policies

Selection and evaluation of unsolicited applications

Consent of the data subject (art. 6, lett. a)

12 months from the submission of the CV

Compliance with legal and tax obligations

Legal obligation (art. 6, lett. c)

10 years or as required by applicable law


4. Methods of data processing

Data processing is carried out using IT, telematic, and paper tools, with logic strictly related to the declared purposes and with the adoption of appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of the information.

Automated decision-making processes or profiling activities are not used through the website.


5. Disclosure and recipients of the data

Personal data may be communicated to:

  • collaborators and consultants of Riadatto duly authorized to process data;

  • providers of technical and IT services (hosting, website maintenance, email providers);

  • entities providing professional and legal services;

  • public authorities or competent authorities, where required by law.

All third parties processing data on behalf of the Data Controller operate as Data Processors under Article 28 of the GDPR and are bound by specific contracts.


6. Data transfer to third countries

The website may use hosting services or analytical tools provided by entities established outside the European Economic Area (e.g., Google LLC, USA).

In such cases, the transfer occurs based on standard contractual clauses approved by the European Commission or other guarantee mechanisms provided for in Articles 45-46 of the GDPR.


7. Rights of the data subjects

Data subjects can exercise at any time the rights provided for in Articles 15-22 of the GDPR, including:

  • the right to access their personal data;

  • right to rectification and updating;

  • right to erasure (“right to be forgotten”);

  • right to restriction of processing;

  • right to data portability;

  • right to object to processing;

  • right to withdraw consent, where given.

To exercise your rights, you can send a request to: info@riadatto.it.

The data subject also has the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).


8. Cookies and tracking tools

The site uses technical cookies and, with consent, analytical and third-party cookies to improve the browsing experience and collect anonymous statistics on site usage.

For more information, please consult the dedicated Cookie Policy, which specifies types, purposes, and methods of managing consent.


9. Nature of the provision of data

Providing personal data is optional, but necessary to use the requested services (e.g., to receive responses to messages or quotes).

Failure to provide data may result in the inability to fulfill the request.


10. Data security

Riadatto adopts appropriate technical and organizational measures to prevent loss, unlawful use, or unauthorized access to data, including:

  • secure authentication systems;
  • periodic backups and controlled retention policies;
  • access to data limited to authorized personnel.

11. Updates to this privacy notice

This notice may be subject to changes or updates.

The latest version is always available on the website www.riadatto.it.

Last updated: October 2025.