privacy POLICY

1. Data Controllers

Brandon Group S.r.l., with registered office at Via Vannella Gaetani no. 27, 80121, Naples, is the Data Controller of the personal data collected and processed through the services offered on the website www.brandongroup.it/.

2. Scope of Application

This Privacy Policy describes how personal data of users (e.g., customers, suppliers, partners, collaborators, employees, and other individuals interacting with the Company) is collected, processed, stored, and protected in accordance with current regulations, in particular Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/03 and subsequent amendments (Italian Privacy Code), as amended by Legislative Decree 101/2018. This Policy applies exclusively to the website www.brandongroup.it and its subdomains, and does not apply to any third-party websites that may be accessed via links.

3. Categories of Personal Data Collected

Data voluntarily provided by the user: information directly provided by the user (such as name, surname, email address, phone number, billing details, etc.) when registering on the website, using contact forms, or submitting an information request. This data is necessary to provide services and respond to inquiries.
Data automatically collected: via cookies and similar tools, the website collects information such as IP address, access times, browser type, internal browsing history, location data, and other details necessary to improve the browsing experience or analyze aggregated statistics.
Data from third parties: in compliance with applicable law, we may receive personal data from public sources or third-party service providers who are authorized to share such data with us.
Children’s data: As a matter of policy, the Company does not knowingly process data of individuals under the age of 14. If a minor provides personal data without parental or guardian consent, the Company will delete such data.

4. Purpose and Legal Basis of Processing

Personal data is processed solely for the following purposes:

Provision of services and support: to provide the requested services, manage access to restricted areas, and respond to inquiries or requests.
Compliance with legal obligations: to retain and transmit data to competent Authorities, as required by current laws.
Legitimate interest: to protect the Company’s rights and assets, prevent fraud, ensure system security, and improve the products and services offered.
Marketing and commercial communications: with the user’s consent, to send newsletters and/or promotions related to company services or events. Consent may be withdrawn at any time via the instructions provided in the communications or by writing to privacy@brandongroup.it.
Profiling: to analyze habits, choices, and consumer preferences in order to provide more personalized services, only with the explicit consent of the data subject, who may withdraw it at any time.

5. Processing Methods and Security Measures

Personal data is processed using manual or digital tools, with logic strictly related to the stated purposes and based on principles of lawfulness, fairness, transparency, and confidentiality, in compliance with the technical and organizational security measures required by law (e.g., encryption, backups, access controls, firewalls, and security systems).

6. Data Retention Period

Personal data is retained for the time necessary to manage contractual relationships and fulfill legal obligations. Generally, unless otherwise specified by law, personal data is retained for no longer than 5 years from the end of the relationship or from the time of collection, unless otherwise required by law or justified by the legitimate interests of the Data Controller (e.g., legal defense).

7. Data Disclosure and Sharing

Personal data collected may be disclosed to:

External processors (IT service companies, software providers, legal, tax, accounting consultants, etc.) specifically appointed and bound by confidentiality obligations;
Public entities or Authorities, to comply with legal obligations or upon their request;
Business partners (under specific agreements), solely within the limits of lawful purposes and with the data subject’s consent, if required. Data will not be disseminated to unspecified parties, except as required by law or authorized by the data subject.

8. Data Transfer to Non-EU Countries

Should it become necessary to transfer personal data to countries outside the European Union, the Company will adopt the safeguards required by applicable legislation (e.g., Standard Contractual Clauses) to ensure an adequate level of protection.

9. Data Subject Rights

The data subject has the right to:

Obtain confirmation of the existence of their personal data and access it (Art. 15 GDPR);
Request rectification of inaccurate data and the completion of incomplete data (Art. 16 GDPR);
Request the erasure of data, where applicable (Art. 17 GDPR);
Restrict processing in the cases provided by law (Art. 18 GDPR);
Object to data processing based on legitimate interest (Art. 21 GDPR);
Withdraw consent at any time, where processing is based on consent (Art. 7 GDPR);
Request data portability (Art. 20 GDPR);
Lodge a complaint with a Supervisory Authority if they believe their data protection rights have been violated.

To exercise these rights, please send an email to privacy@brandongroup.it. The Data Controller will respond within the time limits set by law.

10. Updates

The Company reserves the right to amend or update this Policy periodically, in accordance with regulatory developments or organizational needs. Users will be duly informed via website notifications or email, where applicable.

Publication date: [26/03/25]

Brandon Group S.r.l.