Privacy Policy

Last updated: February 12, 2026

Data Controller

The Data Controller of personal data is:

I.DE.A SRL
VAT ID: 05560200486
Registered Office: Piazza Padre Pio 1, 71121 Foggia (FG), Italy
Operational Headquarters: Via Padre Ardelio Della Bella 52, 71122 Foggia (FG), Italy

For privacy-related requests and personal data processing, you can contact the Controller via the contact details indicated on the site (e.g., company contact email address).

Purpose of this policy

This policy describes how personal data of users visiting the website and/or interacting with the services and features present (e.g., browsing, contact requests, email sending, embedded content viewing, etc.) are processed, pursuant to Regulation (EU) 2016/679 (“GDPR”) and applicable Italian legislation.

Types of data processed

Depending on the use of the site, the Controller may treat the following categories of data:

a) Navigation data

Computer systems and software procedures used to operate the site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet protocols (e.g., IP address, device/browser information, date and time of the request, visited pages, referring URL, technical logs).

b) Data voluntarily provided by the user

Data sent voluntarily by the user via email or other contact channels on the site (e.g., name, surname, email address, phone number, message content, company, any attachments).

c) Data relating to cookies and tracking tools

The site may use technical cookies and, subject to consent where required, cookies or other tracking tools for statistical/analytical or third-party purposes. For details, please refer to the Cookie Policy (dedicated section or separate document). The rules applicable in Italy are also governed by the guidelines of the Guarantor on cookies and other tracking tools.

d) Third-party embedded content (e.g., video)

Viewing embedded content (e.g., YouTube) may involve the processing of data by the relevant third-party providers according to their privacy policies.

Purposes of processing and legal bases

Personal data may be processed for the following purposes:

4.1 Navigation and site operation

Purpose: to allow the use of the site, ensure correct technical functioning, security, maintenance, and log management.
Legal basis: legitimate interest of the Controller (Art. 6, par. 1, letter f GDPR) and/or technical necessity to provide the service requested by the user.

4.2 Management of contact requests and communications

Purpose: to respond to requests sent by the user via email or through any contact tools present on the site.
Legal basis: execution of pre-contractual measures adopted at the request of the data subject (Art. 6, par. 1, letter b GDPR) and/or legitimate interest of the Controller to manage communications.

4.3 Fulfillment of legal obligations

Purpose: to fulfill obligations required by laws, regulations, or requests from competent authorities.
Legal basis: fulfillment of a legal obligation (Art. 6, par. 1, letter c GDPR).

4.4 IT security, abuse prevention, and defense of rights

Purpose: to prevent illicit uses of the site, detect security incidents, defend a right in court or out of court.
Legal basis: legitimate interest of the Controller (Art. 6, par. 1, letter f GDPR).

4.5 Statistics/analytics and non-technical tracking tools (where present)

Purpose: site performance analysis, traffic measurement, content/service improvement.
Legal basis: user consent, where required by law (Art. 6, par. 1, letter a GDPR), collected via cookie banner/consent management platform.

Nature of data provision

The provision of navigation data is necessary for the technical functioning of the site.

The provision of data requested in voluntary communications (e.g., email) is optional, but failure to provide it may prevent the Controller from responding to the request.

For non-technical cookies and trackers, providing consent is optional; lack of consent does not prevent basic navigation of the site, except for features depending on specific third-party services.

Processing methods

Processing is carried out with paper and/or electronic tools, including automated ones, in compliance with the principles of lawfulness, fairness, transparency, minimization, storage limitation, and integrity/confidentiality provided by the GDPR.

The Controller adopts adequate technical and organizational measures to protect personal data from unauthorized access, loss, disclosure, alteration, or destruction.

Data retention

Personal data are kept for the time strictly necessary to achieve the purposes for which they were collected and, subsequently, for the time required by legal obligations or for the protection of the Controller's rights.

In particular (unless specific needs arise):

  • Navigation data/technical logs: for limited periods proportionate to security/maintenance purposes.
  • Contact data/communications: for the time necessary to manage the request and any subsequent relationships, and in any case for the period consistent with legal obligations or protection needs.
  • Data processed via cookies: as indicated in the Cookie Policy and consent settings.

Recipients of personal data

Data may be communicated, within the limits of the indicated purposes, to:

  • internal personnel authorized by the Controller;
  • suppliers of technical and IT services (hosting, maintenance, security, email providers, cloud services, analytics, video embedding, etc.);
  • consultants and professionals (e.g., legal, accountants, IT/privacy consultants), where necessary;
  • competent authorities or public/private subjects entitled to request them by legal obligation.

These subjects may act, as appropriate, as independent data controllers or data processors appointed pursuant to Art. 28 GDPR.

Transfer of data to non-EEA countries

Some technological services used by the site (e.g., cloud platforms, video embedding, analytics, email services) may involve transfers of personal data to countries located outside the European Economic Area.

In such cases, the Controller undertakes to verify that the transfer takes place in compliance with applicable legislation, adopting the guarantees provided by the GDPR (e.g., adequacy decisions, standard contractual clauses, or other tools provided by Arts. 44 and following GDPR), where necessary.

Rights of the data subject

The data subject may exercise, in the cases provided for by law, the rights referred to in Arts. 15 and following of the GDPR, including:

  • right of access to personal data;
  • right to rectification;
  • right to erasure (“right to be forgotten”);
  • right to restriction of processing;
  • right to object to processing;
  • right to data portability (where applicable);
  • right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (where processing is based on consent).

Requests can be sent to the Controller via the contact details indicated on the site.

Right to lodge a complaint with the Supervisory Authority

The data subject has the right to lodge a complaint with the Guarantor for the protection of personal data, or to take action in the competent judicial offices, if he/she believes that the processing of his/her personal data takes place in violation of the applicable legislation. The Guarantor is the Italian authority competent for the protection of personal data.

Cookies and other tracking tools

The site may use:

  • technical/necessary cookies (for the functioning and security of the site);
  • statistical/analytical cookies (possibly also third-party);
  • other tracking tools or embedded content (e.g., video players).

For detailed information on the categories used, purposes, duration, third parties involved, and consent/preference management methods, please refer to the Cookie Policy / Cookie Banner of the site, prepared in compliance with applicable legislation and the Guarantor's guidelines.

Changes to this policy

The Controller reserves the right to update or modify this Privacy Policy at any time, also due to regulatory changes, evolution of services offered, or technical changes to the site.

Changes will be published on this page with an update of the “Last updated” date.