Privacy Policy

1. Data Controller

The Data Controller for personal data processing, pursuant to EU Regulation 2016/679 (GDPR), is:

  • Company name: i-creativi s.r.l.s
  • Legal form: Simplified limited liability company (S.r.l.s.)
  • Registered office: Via Villapizzone 26, 20156 Milan (MI), Italy
  • VAT number (P.IVA): 08673460963
  • Email: info@i-creativi.com
  • Phone: +39 339 281 9620

2. Regulatory References

This privacy notice is provided pursuant to the following regulatory provisions:

  • EU Regulation 2016/679 (General Data Protection Regulation — GDPR)
  • D.Lgs. 196/2003 (Italian Data Protection Code — Privacy Code)
  • D.Lgs. 101/2018 (Provisions for the alignment of national legislation with the GDPR)

3. Types of Data Collected

a) Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This includes: IP addresses, browser type, operating system, domain names and addresses of websites from which access was made, information about pages visited, access time, duration of visit, and navigation path.

b) Voluntarily provided data

The optional, explicit, and voluntary sending of messages through the contact form or writing to the email addresses indicated on the site entails the acquisition of the sender's personal data, including: first name, last name, email address, phone number, and any other information provided in the message.

c) Cookies

The site uses technical cookies and, with prior consent, analytical and third-party cookies. For detailed information, please refer to the Cookie Policy.

4. Processing Methods

Processing tools

Data processing is carried out using electronic and/or telematic tools, with organizational methods and logic strictly related to the stated purposes. In addition to the Data Controller, in some cases, individuals involved in the organization of the site (technical staff, collaborators) or external parties (third-party technical service providers, hosting providers, IT companies) may have access to the data.

Security measures

Processing is carried out using appropriate technical and organizational security measures to prevent data loss, unlawful or incorrect use, and unauthorized access, in accordance with Art. 32 of the GDPR. The site uses the HTTPS protocol for secure data transmission.

Retention period

Data is processed and retained for the time strictly necessary to achieve the purposes for which it was collected. For specific timeframes, please refer to the “Retention Period” section.

5. Purpose of Processing

The user's personal data is collected for the following purposes:

a) Responding to contact and quote requests

Legal basis: Art. 6.1.b GDPR — execution of pre-contractual measures taken at the request of the data subject.

b) Fulfillment of contractual obligations

Legal basis: Art. 6.1.b GDPR — necessity related to the execution of a contract to which the data subject is a party.

c) Sending newsletters and commercial communications

Legal basis: Art. 6.1.a GDPR — explicit consent of the data subject, revocable at any time.

d) Statistical analysis and service improvement

Legal basis: Art. 6.1.a GDPR — consent of the data subject for the use of analytical cookies; Art. 6.1.f GDPR — legitimate interest of the Controller for aggregate and anonymized analysis.

e) Legal compliance and tax obligations

Legal basis: Art. 6.1.c GDPR — compliance with a legal obligation to which the Controller is subject.

f) Technical operation of the website

Legal basis: Art. 6.1.f GDPR — legitimate interest of the Controller in ensuring the proper functioning and security of the website.

6. Legal Basis for Processing

The processing of personal data is based on the following legal grounds, as specified for each purpose:

  • Consent (Art. 6.1.a GDPR): for sending commercial communications and the use of non-technical cookies. Consent can be freely revoked at any time.
  • Contractual performance (Art. 6.1.b GDPR): to respond to contact requests, provide quotes, and fulfill contracts.
  • Legal obligation (Art. 6.1.c GDPR): to comply with obligations established by law, regulations, or EU legislation.
  • Legitimate interest (Art. 6.1.f GDPR): to ensure website security, fraud prevention, and aggregate anonymized statistical analysis.

7. Data Disclosure and Communication

Personal data will not be disclosed, meaning they will not be made known to unspecified parties. They may be communicated to:

  • Hosting providers: for the operation and maintenance of the website (server infrastructure).
  • Email services: for managing email communications and any newsletter delivery.
  • Analytics services: for statistical analysis of web traffic (e.g., Google Analytics), subject to user consent.
  • Consultants and professionals: for accounting, tax, and legal compliance.
  • Competent authorities: in cases provided by law or upon request of judicial authorities.

8. Extra-EU Data Transfer

Some of the third-party services used by the site (for example, analytics or hosting services) may involve the transfer of personal data to countries outside the European Union. In such cases, the transfer is carried out in compliance with the safeguards provided by the GDPR, through:

  • Adequacy decisions of the European Commission (Art. 45 GDPR)
  • Standard Contractual Clauses (SCC) approved by the European Commission (Art. 46.2.c GDPR)
  • Other appropriate safeguards pursuant to Articles 46-49 of the GDPR

The user may request further information on transfer mechanisms by contacting the Data Controller.

9. Retention Period

Personal data is retained for the period strictly necessary to achieve the purposes for which it was collected:

Contact/quote requests12 months from the request
Contractual data10 years from the end of the relationship (tax obligations)
Newsletter and commercial communicationsUntil consent is revoked
Browsing dataMaximum 26 months (analytics data)
CookiesSee duration in the Cookie Policy

Upon expiration of the indicated periods, data will be deleted or irreversibly anonymized.

10. Data Subject Rights

Pursuant to Articles 15-22 of the GDPR, the data subject has the right to:

  • Right of access (Art. 15): obtain confirmation as to whether personal data concerning them is being processed and, if so, obtain access to the data.
  • Right to rectification (Art. 16): obtain rectification of inaccurate personal data or completion of incomplete data.
  • Right to erasure (Art. 17): obtain the deletion of personal data (“right to be forgotten”), in the cases provided by the GDPR.
  • Right to restriction (Art. 18): obtain restriction of processing in the cases provided by the GDPR.
  • Right to data portability (Art. 20): receive personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21): object to the processing of personal data, including profiling.
  • Right to lodge a complaint (Art. 77): lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

11. How to Exercise Your Rights

To exercise the rights listed above, the data subject may send a written request to the Data Controller using the following contact details:

The Data Controller is required to respond within one month of receiving the request. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests.

12. Cookies

For all information regarding the use of cookies on this site, please consult our dedicated Cookie Policy.

13. Changes to This Privacy Notice

The Data Controller reserves the right to make changes to this privacy notice at any time, notifying users through the publication of the updated version on this page. It is recommended to periodically check this page for any updates. Should the changes concern consent-based processing, the Data Controller will obtain new consent from the data subject where necessary.

Last updated: April 2026