Skip to main content
SC2

Privacy Policy

Last updated: May 2026

1. Data Controller

The Data Controller is:
Esseciquadro Associati S.r.l.
Via Camillo Benso Conte di Cavour, 8807100 Sassari (SS)Italia
VAT / Tax code 02934440906
Companies Register Sassari, ordinary section, no. 02934440906
REA SS-216529
Email: info@esseciquadro.it
Certified email (PEC): esseciquadroassociatisrl@pec.it

2. Data Protection Officer (DPO)

Esseciquadro Associati S.r.l. has not appointed a Data Protection Officer, as it does not meet the mandatory appointment criteria of art. 37 GDPR. For any privacy-related request you may contact the Data Controller at privacy@esseciquadro.it.

3. Categories of data and purposes

We process your personal data only within the limits and for the purposes set out below.

3.1. Contact form

Data: name, email, request type, message content.
Purpose: respond to enquiries and manage correspondence.
Legal basis: pre-contractual measures and legitimate interest of the Controller (art. 6(1)(b) and (f) GDPR).
Retention: 12 months from the last interaction, except where a contractual relationship is established.

3.2. Job applications

Data: name, email, role of interest, message, CV (PDF).
Purpose: evaluation of candidates and recruitment process management.
Legal basis: pre-contractual measures at your request (art. 6(1)(b) GDPR). We invite you not to include in your CV special categories of data under art. 9 GDPR (racial or ethnic origin, political opinions, religious beliefs, health data, sex life data, etc.) unless strictly relevant to the application.
Retention: 6 months after the recruitment process is closed, after which the data are deleted unless you give explicit consent to extended storage for future opportunities.

3.3. Browsing data

Data: anonymous, aggregated browsing data (page visited, browser, country, referrer) collected via Vercel Web Analytics, a cookieless privacy-friendly tool that does not use cookies and does not uniquely identify visitors (IP is stored only as an anonymous daily-rotating hash).
Purpose: aggregated traffic measurement to improve the site.
Legal basis: legitimate interest of the Controller (art. 6(1)(f) GDPR), since the data are anonymous and not profiling, exempt from prior consent under the Italian Data Protection Authority decision of 10 June 2021.

4. Recipients of the data

Your data may be communicated to the following data processors under art. 28 GDPR:

  • Resend, Inc. — transactional email provider for forms (EU – Frankfurt servers).
  • Sanity.io — content management system (CMS); content may be stored on EU or non-EU infrastructure depending on the configured bucket region.
  • Vercel Inc. — hosting provider (edge network infrastructure) and provider of cookieless anonymous Web Analytics. For data transfers to the United States, Vercel adheres to the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses under art. 46 GDPR.
  • Consultants, professionals and competent authorities, where required by law.

Your data will not be disseminated nor sold to third parties for marketing purposes.

5. Transfers outside the EU

Where some providers entail transfers of data outside the European Economic Area (EEA), such transfers take place on the basis of adequate safeguards under art. 46 GDPR, in particular through the Standard Contractual Clauses adopted by the European Commission (decision 2021/914/EU) or on the basis of adequacy decisions, where applicable.

6. Your rights

As a data subject, you have the right to:

  • access your data and obtain a copy (art. 15 GDPR);
  • request rectification (art. 16 GDPR);
  • request erasure (art. 17 GDPR);
  • request restriction of processing (art. 18 GDPR);
  • receive your data in a portable format (art. 20 GDPR);
  • object to processing based on legitimate interest (art. 21 GDPR);
  • withdraw your consent at any time, without prejudice to the lawfulness of processing already carried out.

To exercise these rights please send a request to privacy@esseciquadro.it or to the certified email esseciquadroassociatisrl@pec.it. We will reply within 30 days (extendable by a further 60 days in case of complex requests, with notice).

7. Right to lodge a complaint

If you consider that the processing of your data infringes the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (art. 77 GDPR):
Garante per la protezione dei dati personali
Piazza Venezia 11 — 00187 Roma — Italy
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Website: www.garanteprivacy.it

8. Data security

We implement appropriate technical and organisational measures (TLS encryption in transit, access control, data minimisation, compliant hosting) to protect your data from unauthorised access, loss or disclosure, in accordance with art. 32 GDPR.

9. Changes to this policy

This policy may be updated to reflect regulatory or operational changes. The most recent version is always published on this page, with the date of last update.