Privacy Policy

Information pursuant to Article 13 of EU Regulation 2016/679

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter referred to as GDPR) on the protection of individuals with regard to the processing of personal data, the Data Controllers inform their customers and contacts in general (hereinafter referred to as “Customer(s)”), about the processing of the personal data provided.

Joint data controllers

Joint Data Controllers are Derula Kft, I-PAN S.p.A. and I.B.L. S.p.A. (hereinafter referred to as “Joint Data Controllers”).

Pursuant to Article 26 of the EU Reg. 2016/679, the Joint Data Controllers have committed themselves by deed dated 16 September 2021 to: jointly determine the purposes and methods of processing of the Personal Data of the data subjects; jointly determine, in a clear and transparent manner, the procedures for providing timely feedback should you wish to exercise your rights, as provided for in Articles 15 et seq. of the EU Reg. 2016/679; jointly define this notice in compliance with the EU Reg. 2016/679. The co-processing agreement defines in detail the obligations of the Data Controllers in relation to the protection of the rights and freedoms of natural persons. To this end, the technical and organisational measures referred to in Art. 32 of the European Regulation are programmatically outlined, as well as the fulfilments relating to the principles referred to in Art. 5 of the same Regulation.

The essential contents of the agreement concerning the methods and purposes of processing, in relation to the above, are available to the interested party who may request them from each Data Controller at the addresses indicated above.

Object of the processing

The Data Controllers process the following categories of personal data, acquired while browsing the website and related interactions.

The categories of personal data processed are as follows:

– IP addresses

– cookies and/or other navigation data

– contact data of emails sent to the Derula address.

Please refer to the specific cookie policy available at the following link:

Purposes and methods of processing

A) Data processing will be carried out to allow the performance of activities connected with the establishment and management of the contractual relationship between the undersigned company and each Customer.

Your personal data will be used to

– facilitate direct contact (legal basis: performance of a contract to which the person concerned is a party);

– fulfil pre-contractual, contractual and fiscal obligations arising from existing relations with you (legal basis: performance of a contract to which the person concerned is a party or performance of pre-contractual measures taken at the request of the person concerned)

– to comply with obligations laid down by law, regulation, Community legislation or an order of the Authority (such as, for example, anti-money laundering) (legal basis: to comply with a legal obligation to which the Data Controller is subject)

– the defence of a right in litigation (legal basis: legitimate interest of the Controller).

The provision of data is mandatory.

Processing that requires the consent of the data subject is not contemplated.

The data will be processed pursuant to Art. 6 GDPR in a lawful manner, according to correctness and with the utmost confidentiality, mainly by electronic and computerised means and stored on both computerised and paper media.

Data retention

Browsing data will be stored according to the parameters at the link

Personal data communicated via the Derula email address on the “contact” page will be processed within the maximum limits of the law.

Once the said relationship has ceased and the period necessary for the fulfilment of any obligations connected with or deriving from the interruption of the professional relationship has elapsed, the data will be destroyed or rendered anonymous, compatibly with the technical procedures of cancellation and backup.

Data communication

Your data may be made accessible for the aforementioned purposes to employees and collaborators of the Data Controllers as well as to third party companies or affiliates or other entities (by way of example, consultants) that perform activities in outsourcing on behalf of the Data Controller, in their capacity as external data processors.

The list of external data processors is available to interested parties upon request to be sent to the contacts below.

Transfer to other countries/international transfer

Personal data may be transferred to recipients, who may process it accordingly, within as well as outside the EU. The Data Controllers may subcontract the processing to, or share your personal data with, third parties established in countries other than your country of residence. Therefore, your personal data may be transferred to an entity, including third parties and affiliated companies based outside the EU, and in particular they may transfer to the United States personal data collected in order to serve their legitimate interests or for any other legal basis defined herein. Where it is necessary to transfer your personal data to an entity based outside the EU, the Data Controllers will ensure that appropriate privacy policies, certifications, contractual safeguards or measures are in place to ensure that your personal data is protected and transferred in accordance with applicable data protection laws.

The Companies use the Microsoft 365 platform, based in the USA, which, however, declares its compliance with the GDPR regulations (see, inter alia: also through the use of data centres located in the European Union for customers in that area.

Rights of the data subject

Data subjects have the right to obtain from the Data Controller access to and rectification or erasure of their personal data or restriction of the processing concerning them or to object to the processing of their personal data, by means of a specific application to be submitted to the Data Controller by sending an e-mail to the following address: for Derula Kft. and for IBL S.p.A. and IPAN S.p.A.