1. DATA CONTROLLER

The Data Controller is:

DMBI Consultants S.r.l.
Registered office: Via Candido Galli, 5 – 00044 Frascati (Rome), Italy
VAT No.: 09913981008
Email: info@dmbi.it
Tel/Fax: +39 06 9422 421

2. PRIVACY CONTACTS – NO DPO APPOINTED

The Data Controller is not required to appoint a Data Protection Officer (DPO) pursuant to Art. 37 GDPR and therefore has not appointed one.

To exercise your rights or request information regarding personal data processing, contact:
privacy@dmbi.it.

3. TYPES OF DATA COLLECTED

Our website collects and processes the following categories of personal data:

3.1 Browsing data

The IT systems and software procedures used to operate the website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols.

This data includes, for example, IP addresses, URIs of requested resources, time of the request, method used, server response status, and other parameters relating to the user’s operating system and IT environment.

3.2 Data voluntarily provided by the user

Voluntary communications sent to the Controller or completion of website forms may involve processing of data such as:

• First and last name
• Email address
• Phone number
• Company and professional role
• Curriculum vitae (for job applications)
• Any other information voluntarily provided

3.3 Cookies and tracking technologies

The website uses technical cookies and, with user consent, analytical cookies.
See the dedicated Cookie Policy for details.

4. PURPOSES AND LEGAL BASIS OF PROCESSING

Personal data are processed for the following purposes:

4.1 Technical and security purposes (Legal basis: legitimate interest – Art. 6(1)(f) GDPR; legal obligations – Art. 6(1)(c))

• Ensure proper website operation
• Prevent fraud and cyber attacks
• Resolve technical issues
• Fulfill legal obligations

4.2 Contact request management (Legal basis: pre-contractual measures – Art. 6(1)(b))

• Respond to service inquiries
• Provide quotations and commercial proposals
• Manage relations with potential clients

4.3 Recruitment management (Legal basis: pre-contractual measures – Art. 6(1)(b))

• Evaluate applications submitted via “Careers” section
• Manage recruitment processes
• Create candidate databases for future opportunities (CV retention for future roles only with consent)

4.4 Direct marketing (Legal basis: consent – Art. 6(1)(a))

Subject to explicit optional consent:

• Newsletters and commercial communications
• Information about events, workshops, Digital Academy activities
• Updates on projects and case studies

4.5 Statistical analysis (Legal basis: consent – Art. 6(1)(a))

• Web traffic analysis
• Aggregated site usage statistics

Consent is optional and revocable at any time.

5. METHODS OF PROCESSING

Processing is carried out using electronic and manual tools, adopting GDPR-compliant security measures and respecting principles of:

• Lawfulness, fairness, transparency
• Purpose limitation: data is collected for specific, explicit and legitimate purposes
• Data minimization: the data collected are adequate, relevant and limited to what is necessary
• Accuracy: the data is updated and, if necessary, corrected
• Storage limitation: the data is stored for the necessary time
• Integrity and confidentiality: adequate technical and organizational security measures

6. DATA RECIPIENTS

Personal data may be communicated or accessible to:

6.1 Authorized personnel

DMBI Consultants employees and collaborators, duly authorized and trained, for the sole purposes indicated above.

6.2 Data processors

Third-party service providers such as hosting providers, IT services, maintenance services, email marketing providers, analytics services, and consultants appointed under Art. 28 GDPR.

6.3 Authorities

Judicial authorities, law enforcement, or public bodies when required by law.

6.4 Other recipients

Professional consultants involved in specific processing activities.

International data transfers may occur when using third-party services (e.g., analytics tools, social platforms). Transfers comply with GDPR Chapter V through adequacy decisions, Standard Contractual Clauses, or equivalent safeguards.

7. DATA RETENTION PERIOD

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected:

• Browsing data: limited retention unless required for legal investigations
• Contact requests: duration necessary to handle request + up to 24 months for commercial/pre-contractual interactions
• Job applications: 24 months unless extended consent provided
• Newsletter and Marketing data: until consent withdrawal
• Analytics data: aggregated and anonymized

Data will be deleted or irreversibly anonymized after retention periods.

8. DATA SUBJECT RIGHTS

You have the right to:

• Access (Art. 15 GDPR): obtain confirmation of the existence of personal data concerning you and receive a copy thereof
• Rectification (Art. 16 GDPR): obtain the rectification of inaccurate data or the integration of incomplete data
• Erasure (Art. 17 GDPR): obtain the erasure of personal data if one of the reasons provided for by the GDPR exists
• Restriction (Art. 18 GDPR): obtain the limitation of processing when one of the hypotheses provided for occurs
• Data portability (Art. 20 GDPR): receive the data provided to the Data Controller in a structured, commonly used and machine-readable format and, where technically feasible, to transmit them to another data controller
• Objection (Art. 21 GDPR): opporsi in qualsiasi momento, per motivi connessi alla Sua situazione particolare, al trattamento dei dati personali basato sul legittimo interesse del Titolare
• Withdraw consent (Art. 7 GDPR): withdraw consent at any time for processing based on consent, without prejudice to the lawfulness of the processing based on consent given before the withdrawal
• Complaint (art. 77 GDPR): lodge a complaint with the competent supervisory authority (Data Protection Authority – www.garanteprivacy.it)

8.1 How to Exercise Your Rights

To exercise your rights, you can contact the Data Controller at the following addresses:

Email: info@dmbi.it

PEC: dmbisrl@legalmail.it

Posta ordinaria: DMBI Consultants S.r.l., Via Candido Galli, 5 – 00044 Frascati (Rome)

Requests are processed within one month (extendable by two months if necessary).

9. NATURE OF DATA PROVISION

Except for browsing data, providing personal data is optional. However:

• Failure to provide data required for contractual/pre-contractual purposes prevents handling requests
• Refusal of marketing consent does not affect website usage

10. AUTOMATED DECISION-MAKING

No automated decision-making or profiling pursuant to Art. 22 GDPR is carried out.

11. DATA SECURITY

DMBI Consultants adopts appropriate technical and organizational security measures to ensure a level of security appropriate to the risks, pursuant to Article 32 of the GDPR.

Such measures include, among others:

• HTTPS encryption
• Authentication and authorization systems
• Firewalls and updated antivirus
• Regular backups
• Staff training
• Data breach management procedures

12. POLICY CHANGES

This policy may be updated. Substantial changes will be communicated through updated website publication with revision date.

13. LEGAL REFERENCES

• Regulation (EU) 2016/679 (GDPR)
• Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018
• Italian Data Protection Authority guidelines