Skip to content

Privacy Policy (English)

Privacy Notice – Personal Data Processing

pursuant to Articles 13–14 of EU Regulation 2016/679 (GDPR)

Camera di Compensazione s.r.l. | www.cameracompensazione.it

Updated version – March 2026

1. Data Controller

The Data Controller for personal data collected through this website is:

Data ControllerCamera di Compensazione s.r.l.
Registered OfficePiazza Francesco Lo Sardo 5, 98123 Messina (IT)
VAT / Tax Code03671960833
Emailinfo@cameracompensazione.it
Certified Email (PEC)info@pec.cameracompensazione.it
Phone+39 371 581 7769

2. Categories of Data Processed

2.1 Navigation data

The computer systems and software procedures that operate this website automatically acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes:

  • IP addresses or domain names of computers and terminals used by users
  • URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources
  • Time of request, method used to submit the request to the server
  • Size of the file obtained in response, numerical code indicating the status of the response from the server
  • Browser type, operating system, and other device-related parameters

2.2 Data provided voluntarily by the user

We collect the following personal data when the user fills in the contact form, registers, or uses our services:

  • First and last name
  • Email address
  • Phone number
  • Business details (company name, VAT number) for B2B clients
  • Data relating to commercial receivables and payables (invoices issued/received) necessary for the provision of the service

2.3 Data processed through third-party services

The website uses third-party services that may process users’ personal data. Please refer to Section 7 for the full list and to the respective privacy notices.

3. Purposes of Processing and Legal Bases

Each processing activity is grounded in a specific legal basis pursuant to Art. 6 GDPR:

PurposeLegal Basis (Art. 6 GDPR)Retention
Responding to contact form enquiriesConsent (Art. 6.1.a) or Legitimate interest (Art. 6.1.f)12 months from the request
Provision of the multilateral compensation servicePerformance of a contract (Art. 6.1.b)Duration of contract + 10 years (accounting/tax obligations)
Statistical analysis and service improvement (navigation logs)Legitimate interest (Art. 6.1.f)6 months
Sending commercial communications / newsletterConsent (Art. 6.1.a) – withdrawable at any timeUntil consent is withdrawn
Compliance with legal obligations (tax, accounting, regulatory)Legal obligation (Art. 6.1.c)As required by law (e.g. 10 years for fiscal documents)

4. Recipients of Data

Personal data may be disclosed to the following categories of recipients, who will act as data processors pursuant to Art. 28 GDPR or as independent controllers:

  • IT service and hosting providers (servers, cloud, WordPress CMS)
  • Credit institutions, clearinghouses, and banks involved in compensation operations
  • Professionals (accountants, lawyers, consultants) for compliance purposes
  • Judicial or administrative authorities, in cases provided for by law
  • Other network users, limited to the data strictly necessary to evaluate compensation transactions (e.g. amounts and company identifier)

Personal data is not sold to third parties nor transferred for external marketing purposes.

5. International Data Transfers

Some services we use (e.g. Google LLC for Google Fonts, Meta Platforms for Facebook and Instagram, LinkedIn Corporation) are based in the United States or other third countries outside the EEA. Transfers of data to such countries are carried out in compliance with the appropriate safeguards provided for in Chapter V of the GDPR, in particular through:

  • Standard Contractual Clauses (SCC) adopted by the European Commission
  • Adequacy decisions recognised by the European Commission, where applicable

For further information on the safeguards adopted by individual providers, please consult the respective privacy notices listed in Section 7.

6. Cookies and Tracking Technologies

The website uses cookies and similar technologies. In accordance with the Italian Data Protection Authority (Garante) Provision of 8 July 2021 and the EDPB Guidelines, the placement of non-technical cookies is subject to the user’s prior consent, expressed through the cookie banner on the website.

6.1 Technical cookies (no consent required)

These are necessary for the website to function and cannot be disabled without impairing the usability of the service.

6.2 Third-party and analytics cookies

The website may install the following cookies. The full and up-to-date list is available in the cookie banner:

NameTypeDurationPurpose
wordpress_logged_in_*TechnicalSessionWordPress user authentication
wordpress_sec_*TechnicalSessionWordPress session security
wpforms_*TechnicalSessionContact form management (WPForms)
Google FontsTechnical / Third-party1 yearLoading graphic fonts (Google LLC, USA – SCC)
LinkedIn / Facebook / InstagramSocial / Third-partyVariesSocial sharing and tracking (subject to own policies – extra-EU transfer on SCC basis)

Users may manage, disable, or withdraw consent to cookies at any time through the cookie management panel on the website, or by configuring their browser preferences.

7. Third-Party Services

The website makes use of the following third-party services. The Data Controller is not responsible for processing carried out by these parties, who operate as independent controllers:

  • WordPress (Automattic Inc.) – Website CMS. Privacy policy: https://automattic.com/privacy/
  • WPForms (Awesome Motive Inc.) – Contact form management. Privacy policy: https://wpforms.com/privacy-policy/
  • Google Fonts (Google LLC, USA) – Font loading. Privacy policy: https://policies.google.com/privacy
  • Google Analytics (if active) – Statistical traffic analysis. Privacy policy: https://policies.google.com/privacy
  • LinkedIn Corporation (USA) – Social button and company profile link. Privacy policy: https://www.linkedin.com/legal/privacy-policy
  • Meta Platforms (Facebook / Instagram, USA) – Social buttons and company page link. Privacy policy: https://www.facebook.com/privacy/policy/

Should additional services be integrated over time (e.g. analytics tools, advertising, chatbots), this section will be updated accordingly prior to the activation of the service.

8. Rights of Data Subjects

As a data subject, you have the right to exercise the following rights at any time pursuant to Arts. 15–22 GDPR:

  • Right of access (Art. 15): obtain confirmation of processing and a copy of your data
  • Right to rectification (Art. 16): request the correction of inaccurate or incomplete data
  • Right to erasure / ‘right to be forgotten’ (Art. 17): request the deletion of data, subject to legal obligations
  • Right to restriction of processing (Art. 18): in certain circumstances, request the limitation of processing
  • Right to data portability (Art. 20): receive data in a structured, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interest, including direct marketing
  • Right to withdraw consent: at any time, without prejudice to the lawfulness of processing based on consent given prior to withdrawal
  • Right to lodge a complaint with the Supervisory Authority

To exercise your rights, write to: info@cameracompensazione.it

The Data Controller will respond within 30 days of receipt of the request (Art. 12 GDPR), except in cases of particular complexity.

9. Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) if you believe that the processing of your data violates the GDPR:

  • Website: www.garanteprivacy.it
  • Email: garante@gpdp.it
  • Certified Email (PEC): protocollo@pec.gpdp.it
  • Address: Piazza Venezia 11, 00187 Rome, Italy

10. Data Security

Camera di Compensazione s.r.l. adopts appropriate technical and organisational measures pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk, including:

  • Data transmission via HTTPS protocol (TLS encryption)
  • Access to data restricted to authorised personnel on a need-to-know basis
  • Regular monitoring of security systems
  • Procedures for managing and notifying potential data breaches

Despite these measures, no computer system is infallible. In the event of a personal data breach that presents a risk to the rights of data subjects, the Data Controller will notify the Supervisory Authority within 72 hours pursuant to Art. 33 GDPR.

11. Minors’ Data

The service is directed exclusively at adults and B2B economic operators. The Data Controller does not knowingly collect personal data from individuals under the age of 18. Should any unintentional collection of minors’ data be detected, such data will be deleted without delay.

12. Changes to this Privacy Notice

The Data Controller reserves the right to amend this notice at any time, informing users accordingly. Any changes will be published on this page with the updated date. In the event of material changes affecting ongoing processing activities, the Data Controller will endeavour to notify data subjects directly by email where possible.

In the event of disagreement with the changes made, the user has the right to request the deletion of their data pursuant to Art. 17 GDPR.

Last updated: March 2026