Who are we and what do we do with your personal data?

IGD SIIQ S.p.A. (hereinafter IGD), with registered office in Bologna, via Trattati Comunitari Europei 1957-2007 no. 13, Italy, T.C. and VAT no. 00397420399 in the person of its pro tempore legal representative, hereinafter the Data Controller, protects the confidentiality of your personal data and provides it with the necessary protection from any event that may put it at risk of violation.

For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable law. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.


The Data Controller appointed a Data Protection Officer (DPO) who you can contact if you have questions about adopted policies and practices. You can contact the DPO at the registered office of IGD SIIQ SPA, via Trattati Comunitari Europei 1957-2007 n. 13 in Bologna, Italy, tel. +39 051 509111, fax +39 051 509127, email dpo@gruppoigd.it


How does IGD collect and process your data?

The Data Controller collects and/or receives information about you, such as: IP address personal identification data (such as name, surname, registered office of the company or country of residence, company, email address) issued during the subscription to the newsletter on the portal www.gruppoigd.it. The communication of your personal data is mainly to third parties and/or recipients whose activities are necessary for the carrying-out of the activities related to the above purposes, and also to meet certain legal obligations. Any communication that does not comply with these purposes will be subject to your prior consent.

Your personal data will not be in any way disseminated or disclosed to unspecified subjects.

The Data Controller transfers your personal data abroad. Your personal data will not be in any way disseminated or disclosed to unspecified subjects not even identifiable as third parties.

Your personal information will be processed for:

  • Subscribing to the newsletter

Your personal data is processed in accordance with your request in order to send you communications concerning the Company, with a special reference to the activities carried out or to be carried out, or which concern the market sector in which IGD operates.


  • communication to third parties and recipients

Your personal data is processed depending on your request for registration, and your data may not be disclosed to third parties/recipients for their own purposes unless:

  • you authorise to do so;
  • it is necessary for the fulfilment of obligations under the current relationship, contractual or otherwise, and law regulations governing it (e.g. for the defence of your rights, for reporting to the supervisory authorities, etc.);
  • the communication is made to the companies of the group to which the Data Controller belongs for administrative purposes and to companies which provide the IT services needed to provide the service;
  • SBs and other Board Committees set up;
  • the communication is made to the tax authorities and to public supervisory and control bodies towards which the Data Controller must fulfil specific obligations deriving from the specific nature of the activity carried on;


  • IT security purposes

The Data Controller processes, also through its suppliers (third parties and/or recipients), your personal data, including IT (e.g. logical access) or traffic data collected or obtained in the case of services displayed on the website, to the extent strictly necessary and proportionate to ensure the security and capacity of a network or its servers to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of retained or transmitted personal data.

For these purposes, the Data Controller envisages procedures for the management of personal data breach in compliance with the legal obligations to which it is subject.


What happens if you do not provide your data?

Your personal data identifying you is necessary for the fulfilment of the request you presented through the “newsletter” section and, if not provided, the Data Controller cannot fulfil your requests.


How, where and for how long is your data retained?

Your personal data is processed by both electronic and manual means and tools made available to subjects acting under the authority of the Data Controller authorised and trained for this purpose.

Personal data is stored in electronic files protected by effective and adequate security measures to counter the risks of violation considered by the Data Controller for the time required to fulfil the requests for information and for sending communications of such an exclusive nature that the Data Controller makes following your request, and until your request for erasure. Your personal data may be shared with the following non EU countries  – which fully comply with the guarantees provided for under EU laws:

– USA, found to provide adequate guarantees as per the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176) (Text with EEA relevance).


What are your rights?

Consistent with the time limits established for the processing of your personal data, the rights you are granted allow you to always have control of your data. Your rights are those of:

  • access;
  • rectification;
  • erasure;
  • restriction of processing;
  • objection to processing;
  • portability

Your rights are guaranteed without any special charges or formalities: the request to exercise them is essentially free of charge. You have the right:

  • to obtain a copy, also in electronic format, of the data you have requested access to. If you request additional copies, the Data Controller may charge you a reasonable contribution to costs;
  • to obtain the erasure of your personal data or the restriction of the processing or even the updating and rectification of your personal data and to obtain that third parties/recipients also comply with your request in the event that they receive your data, unless legitimate reasons prevail over those that led to your request (e.g. environmental investigations and risk limitation caused by the emergency managed through them by the Data Controller);
  • to obtain all useful information regarding the activities carried out as a result of the exercise of your rights without delay and, in any case, within one month of your request, unless there are grounds for extending it to two months, which must be duly communicated to you.
  • For any further information and to send your request, please contact the Data Controller at privacy@gruppoigd.it


Who can you complain to?

Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority or to the authority that carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.

Any update of this information will be communicated to you in a timely manner and by appropriate means and you will also be informed if the Data Controller will process your data for purposes other than those referred to in this information before carrying it out and in time to give your consent if necessary.