Privacy Policy

Last Updated: January 1, 2025

1. Data Controller

HRMANAGEMENT SRL, with registered office at Viale Bianca Maria, 17, 20122 Milano, Italy (VAT: 02225370036, REA: MI-2601672), is the Data Controller pursuant to EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

Contact:
Email: info@hrmitaly.com
PEC: hotelrestaurantmanagement@legalmail.it
Phone: +39 344 792 7453

2. Types of Data Collected

We collect and process the following categories of personal data:

  • Identification data: name, surname, email address, phone number
  • Navigation data: IP addresses, browser type, device information, pages visited, timestamps
  • Business data: company name, business sector, project requirements
  • Communication data: correspondence via email, contact forms, or phone
  • Cookie data: as detailed in our Cookie Policy

3. Purpose and Legal Basis of Processing

Your personal data is processed for the following purposes:

a) Service Provision (Art. 6(1)(b) GDPR)

To respond to inquiries, provide quotes, execute contracts, and deliver marketing and consulting services requested by clients.

b) Legal Obligations (Art. 6(1)(c) GDPR)

To comply with fiscal, accounting, administrative, and legal obligations under Italian and EU law, including tax reporting and record-keeping requirements.

c) Legitimate Interest (Art. 6(1)(f) GDPR)

To improve our services, website functionality, business operations, fraud prevention, and security measures.

d) Consent (Art. 6(1)(a) GDPR)

For marketing communications, newsletter subscriptions, and non-essential cookies. Consent can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Data Retention

Personal data will be retained for the time necessary to fulfill the purposes for which it was collected:

  • Client data: for the duration of the contractual relationship plus 10 years for fiscal and legal obligations (Art. 2220 Italian Civil Code)
  • Inquiry data: 24 months from last contact, unless consent is withdrawn earlier
  • Marketing consent: until consent is withdrawn or 24 months of inactivity
  • Navigation data: 12 months maximum
  • Cookie data: as specified in our Cookie Policy

After the retention period, data will be securely deleted or anonymized.

5. Data Sharing and Transfer

Your data may be shared with the following categories of recipients:

  • Service providers and data processors: hosting services, email providers, analytics tools, CRM systems (all bound by data processing agreements)
  • Professional advisors: accountants, lawyers, auditors (subject to professional secrecy)
  • Public authorities: when required by law or to protect our legal rights
  • Business partners: only with your explicit consent

International Transfers: Data may be transferred outside the EU only to countries ensuring adequate protection levels (Art. 45 GDPR) or through appropriate safeguards such as Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR). You may request a copy of these safeguards.

6. Your Rights (Arts. 15-22 GDPR)

You have the following rights regarding your personal data:

  • Right of access (Art. 15): obtain confirmation of data processing and a copy of your data
  • Right to rectification (Art. 16): correct inaccurate or incomplete data
  • Right to erasure (Art. 17): request deletion of your data (right to be forgotten) when legally permissible
  • Right to restriction (Art. 18): limit processing in certain circumstances
  • Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interest or for direct marketing purposes
  • Right to withdraw consent (Art. 7(3)): for processing based on consent, without affecting prior lawful processing
  • Right to lodge a complaint (Art. 77): with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)

How to exercise your rights:
Send a written request to: hotelrestaurantmanagement@legalmail.it or info@hrmitaly.com
We will respond within 30 days (extendable by 60 days for complex requests).

7. Security Measures

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, destruction, alteration, or disclosure, in compliance with Art. 32 GDPR:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Staff training on data protection
  • Data breach notification procedures

8. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you (Art. 22 GDPR).

9. Cookies

This website uses cookies in accordance with the Italian Data Protection Authority's Guidelines. For detailed information about the types of cookies used, their purposes, and how to manage them, please refer to our Cookie Policy.

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Updates

This Privacy Policy may be updated periodically to reflect changes in our practices, legal requirements, or business operations. The latest version will always be available on this page with the date of last update. Significant changes will be communicated through appropriate channels.

Contact Information

Data Controller:
HRMANAGEMENT SRL
Viale Bianca Maria, 17
20122 Milano, Italy
VAT: 02225370036 | REA: MI-2601672
Email: info@hrmitaly.com
PEC: hotelrestaurantmanagement@legalmail.it
Phone: +39 344 792 7453

Supervisory Authority:
Garante per la Protezione dei Dati Personali
Piazza Venezia, 11, 00187 Roma, Italy
Website: www.garanteprivacy.it

Talk with Us