Last updated: May 13, 2025

This privacy notice is provided – pursuant to EU Regulation 2016/679 on the protection of personal data – to those who access the website www.assirecregroup.com (hereinafter referred to as the “Site”) and use its services. This policy applies exclusively to the aforementioned website and not to any other websites that may be accessed by the user via external links.

The Company may amend or simply update, in whole or in part, this Web Policy. Any changes or updates will be available to all users in the Privacy section of the Website as soon as they are active and will be binding as soon as they are published. Should the User not agree to such changes, they may discontinue use of the Site.

Continued use of the Site and our products and services following the publication of such changes and/or updates shall be deemed as acceptance of the same and recognition of their binding nature. The Site is owned and fully managed by the Company.

1. Data Controller

The personal data collected through this site are processed, as independent or joint Data Controllers, by the following companies:

  • Assirecre Consulting S.r.l. – Via Gerolamo Fracastoro 3/a – 00161 ROME, Italy
  • Assirete S.r.l. – Via Gerolamo Fracastoro 3/a – 00161 ROME, Italy
  • Assigesco S.r.l. – Via Gerolamo Fracastoro 3/a – 00161 ROME, Italy

For any inquiries regarding personal data protection, you may write to: privacy@assirecregroup.com

2. Data Protection Officer (DPO)

Pursuant to Article 37 of EU Regulation 2016/679, no Data Protection Officer has been appointed.

3. Categories of Data Processed

The data processed through the Site may include:

Browsing Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes:

  • IP addresses or domain names of the computers used by users who connect to the site;
  • the URI (Uniform Resource Identifier) addresses of the requested resources;
  • the time of the request;
  • the method used to submit the request to the server;
  • the size of the file obtained in response;
  • the numerical code indicating the status of the server's response (e.g. successful, error, etc.);
  • other parameters related to the user's operating system and computer environment.

These data are used solely to obtain anonymous statistical information on site usage and to ensure its proper functioning. The data may be used to ascertain responsibility in the event of potential cybercrimes to the detriment of the site. Except for this eventuality, web contact data are retained for no more than 24 months.

Cookies

The site collects certain personal data through cookies. For more information, please refer to our Cookie Policy.

Data Voluntarily Provided by the User

  • Contact form: first name, last name, email, phone number, any data included in the message
  • Assirete Card request form: first name, last name, email, phone number, any data included in the message
  • Whistleblowing: personal data of the Reporter (in case of non-anonymous reports), individuals identified as potential perpetrators, and any other individuals involved or mentioned, such as: personal information (e.g. name, surname, date and place of birth), contact details (e.g. phone numbers, postal/email address). Special categories of data as per Article 9 of the GDPR may also be included in the report.

4. Purposes and Legal Basis of Processing

PurposeLegal BasisData Provision
Browsing the siteLegitimate interest of the Controller (Art. 6.1.f GDPR)Necessary
Handling contact form requestsPerformance of pre-contractual measures (Art. 6.1.b GDPR)Necessary for response
Handling Assirete Card requestsPerformance of pre-contractual measures (Art. 6.1.b GDPR)Necessary for response
Whistleblowing managementLegal obligation and legitimate interest (Art. 6.1.c and f; Art. 9.2.b/f GDPR)Necessary for receiving and processing reports

5. Processing Methods

Processing is carried out using manual, IT, and telematic tools, with logic strictly related to the stated purposes and appropriate security measures.

6. Data Recipients

Data may be disclosed to:

  • Authorized internal personnel
  • IT service providers, hosting and website maintenance providers
  • External professionals and consultants (e.g., legal, compliance firms)
  • Competent authorities in the case of whistleblowing, if required by law

Data will not be transferred to non-EU countries or international organizations.

7. Data Retention Period

  • Contact data: up to 12 months after the last interaction
  • Whistleblowing reports: in accordance with current legislation (currently max 5 years)
  • Browsing data: as per Cookie Policy

8. Data Subject Rights

Users may exercise the rights under Articles 15-22 of the GDPR at any time, including:

  • Access, rectification, erasure, restriction
  • Objection to processing
  • Data portability (where applicable)
  • Withdrawal of consent (for consent-based processing)

Requests should be sent to: privacy@assirecregroup.com

If you believe your data has been processed unlawfully, you may lodge a complaint with the Italian Data Protection Authority.

9. Automated Decision-Making (e.g., Profiling)

The collected data are not subject to profiling or any automated decision-making aimed at evaluating aspects of an individual such as job performance, economic situation, health, preferences, reliability, behavior, location, or movements.

10. Data Security

The Company protects personal data using internationally recognized security standards and internal procedures aimed at preventing:

  • Unauthorized access
  • Improper use or disclosure
  • Unauthorized modification
  • Accidental or unlawful loss or destruction