Privacy Policy

This privacy notice is provided pursuant to Art. 13 of EU Regulation 2016/679 (GDPR) and describes how the personal data of users who visit the OUTSOURCING GROUP srl website and fill in the contact forms on the site are processed.

1. Data Controller

The Data Controller is:

2. Types of data processed

Personal data collected through the website includes:

• Full name
• Email address
• Company (if provided)
• Message (if provided)

Such data is voluntarily provided by the user by filling in the forms on the site.

3. Purposes and legal bases for processing

Personal data is processed for the following purposes:

• Handling requests sent via the contact form
• Managing leads generated from the website
• Following up with the user after their request

The legal basis for processing is the consent of the data subject, expressed by voluntarily submitting their data through the forms on the site (Art. 6(1)(a) GDPR).

4. Processing methods and data retention

Data is processed using electronic and digital tools, in compliance with the principles of lawfulness, fairness, transparency and minimisation as required by the GDPR.

Appropriate technical and organisational security measures are in place to prevent unauthorised access, disclosure, modification or destruction of data.

Personal data collected through the contact forms will be retained for a maximum period of 24 months from the date of collection, unless otherwise required by law. After this period, data will be deleted or anonymised.

5. Third-party access to data

Personal data may be processed by third parties acting on behalf of the Data Controller, as Data Processors, such as:

• Web hosting and infrastructure service providers
• Brevo (Sendinblue) – CRM platform used to manage contacts and requests submitted through the site forms. Data (name, email, company, message) is transmitted to Brevo under a Data Processing Agreement (DPA). More information: brevo.com/legal/privacypolicy
• Web traffic analysis service providers

These parties process data solely in accordance with the Data Controller's instructions and in compliance with applicable regulations.

6. Analytics and external services

The site uses Google Analytics, a web traffic analysis service provided by Google LLC, which collects data in aggregate form to analyse how users interact with the site.

Data collected by Google Analytics may be transferred to servers located outside the European Union. Google adheres to GDPR-recognised safeguard mechanisms for data transfers to third countries.

7. Data transfers outside the EU

Some data may be transferred to countries outside the European Union, solely in connection with the use of third-party services (e.g. Google Analytics, Brevo).

In such cases, the transfer is carried out in compliance with Articles 44 et seq. of the GDPR, through the adoption of appropriate safeguards.

8. Rights of the data subject

As a data subject, the user may exercise the following rights under Articles 15–22 of the GDPR at any time:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure (right to be forgotten)
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

9. How to exercise your rights

To exercise your rights or request information about the processing of your personal data, you can contact the Data Controller at the following email address:

info@osgdigitaleconomy.com

10. Updates to this Privacy Policy

This Privacy Policy may be subject to changes or updates.

Any changes will be published on this page and will take effect from the date of publication.