PRIVACY POLICY PURSUANT TO REGULATION (EU) 2016/679 (GDPR)

This privacy policy is provided pursuant to Regulation (EU) 2016/679 (“GDPR”) and the applicable national legislation on the protection of personal data.

LE VELE S.r.l. protects the confidentiality of users’ personal data and undertakes to process them in compliance with the principles of lawfulness, fairness, transparency, and data minimization.

 

DATA CONTROLLER

The Data Controller is:
LE VELE S.r.l.
Via Enrico Fermi, 7 – 20090 Noverasco (Milan)
E-mail: info@levelesrl.com

TYPES OF DATA PROCESSED
The Data Controller processes the following categories of personal data:

• Identification data (first name, last name, company name)
• Contact data (email, phone number)
• Administrative and tax data (e.g. tax code, VAT number)
• Data relating to the contractual relationship
• Browsing data (IP address, technical logs)

 

PURPOSES OF PROCESSING
Personal data are processed for the following purposes:

• management of contact and information requests
• management of pre-contractual and contractual relationships
• administrative, accounting, and tax compliance
• management of orders, services, and assistance
• protection of the Controller’s rights (e.g. dispute management)
• possible sending of commercial communications, subject to consent

 

LEGAL BASIS FOR PROCESSING
The processing of personal data is based on:

• performance of a contract or pre-contractual measures (Art. 6.1.b GDPR)
• compliance with legal obligations (Art. 6.1.c GDPR)
• the Controller’s legitimate interest (Art. 6.1.f GDPR) for the management and security of services
• the data subject’s consent (Art. 6.1.a GDPR), where required (e.g. marketing)

 

METHODS OF PROCESSING
Processing is carried out using electronic and/or paper-based tools, adopting appropriate security measures to prevent unauthorized access, loss, or unlawful use of data. Authorized personnel are bound by confidentiality obligations.

 

RECIPIENTS OF THE DATA
Data may be disclosed to:

• technical and IT service providers
• administrative, legal, and tax consultants
• banking institutions and payment operators
• subjects appointed as Data Processors pursuant to Art. 28 GDPR
• competent authorities, in the cases provided for by law

The data will not be disclosed publicly.

 

TRANSFER OF DATA OUTSIDE THE EU
If data are transferred outside the European Economic Area, the Controller guarantees compliance with the GDPR through:

• adequacy decisions
• standard contractual clauses (SCCs)
• other safeguards provided for by law

At present, the Controller does not entrust processing activities to suppliers based outside the European Economic Area.

 

RETENTION PERIOD
Personal data are retained for the time necessary to fulfill the indicated purposes:

• contractual and administrative data: up to 10 years (legal obligations)
• contact requests: up to 12 months
• data processed on the basis of consent: until consent is withdrawn

 

NATURE OF DATA PROVISION
The provision of data is:

• mandatory for contractual and legal purposes
• optional for additional purposes (e.g. marketing)

Failure to provide mandatory data may prevent the provision of services.

 

COOKIES AND TRACKING
The website may use technical cookies and, subject to consent, other tracking tools.

For more information, please refer to the Cookie Policy.

 

PROFILING
Personal data are not subject to automated decision-making processes or profiling.

 

RIGHTS OF THE DATA SUBJECT
The data subject may exercise the rights provided for in Articles 15–22 GDPR, including:

• access to data
• rectification or erasure
• restriction of processing
• objection
• data portability
• withdrawal of consent

Requests may be sent to: info@levelesrl.com

 

RIGHT TO LODGE A COMPLAINT
The data subject has the right to lodge a complaint with the Data Protection Authority:

www.garanteprivacy.it

 

CHANGES TO THIS PRIVACY POLICY
This privacy policy may be updated over time.

You are invited to consult it periodically.

Last updated: 20/03/2026