EUROCREDIT BUSINESS INFORMATION SRL, (hereinafter “Company”), with registered office in Via Lambro 12, 20129 Milan, pursuant to and in compliance with the provisions of art. 13 of the EU Regulation 2016/679, provides the following information on the processing of personal data of its customers, as Data Controller.

  1. Data controller and contact details

According to the art. 4 of EU Regulation 2016/679, the Company is the data controller of its Customers.

Pursuant to the articles 37 ss. of EU Regulation 2016/679, the Company has appointed a data protection officer (hereinafter “DPO”), to whom any communications and requests should be addressed, by mail to

  1. Type of data collected and processed

    The treatment will have as object single operations, or a complex of operations, of treatment (such as for example: collection, recording, organization, conservation, elaboration, communication, modification, selection, use) of the following personal data supplied by the User in opportunity to use the services rendered by the Company through its Website:

    a) identification and contact details, provided by the user in the event of registration on the site or in the case of requests for information sent to the Company, including, among other things, name, surname, e-mail address, address and mobile phone number ;

    b) data relating to the curricula uploaded in the “work with us” section or sent spontaneously to the address;

    c) navigation data: for the simple access to the Site it is not necessary to provide any personal data; however, during normal operation, the IT systems and software used to operate the Site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects

  1. Purpose of the processing

Personal Data is processed:

A) without the express consent of the User (Article 6 letter b) GDPR), for the following purposes:

  • process a contact request;
  • evaluate a spontaneous application for the
  • purpose of including it in the Company’s
  • recruiting database;
  • process an activation request for a free trial of a TAS service / product;
  • fulfill the obligations provided by the law, by a regulation, by the community legislation or by an order of the Authority;
  • fulfill obligations related to the management of relations with Users;
  • preventing or detecting fraudulent activities or abuses harmful to the Site;

B) with the express consent of the User (art. 7 GDPR), for the following purposes:

send via e-mail information communications, including the newsletter, referring to TAS products and / or services, including free trials already requested by Users;

  1. Data processing methods

    In relation to the described purposes, the data processing can be carried out using manual, automated, computerized, electronic instruments designed to manage, memorize and transmit the data and in any case suitable to guarantee security and confidentiality.

    The data is processed as required by the law, in particular:

    a) treated lawfully and fairly;

    b) collected and recorded for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with those purposes;

    c) exact and updated;

    d) relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed;

    e) kept in a form that allows the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

5. Possible communication and dissemination of data

For the aforementioned purposes the data may be communicated to third parties appointed as data processors pursuant to Article 28 of the Regulation and in particular to banking institutions, companies active in the insurance field, service providers strictly necessary for the performance of the business activity, or to consultants of the company, where this proves necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations or for administrative and / or accounting purposes, pursuant to recitals 47 and 48 and Article 6 of the Regulation. Furthermore, the Data may be shared with authorities, bodies and / or subjects to whom the Data should be communicated pursuant to legal provisions or orders of authority. These authorities, bodies and / or subjects will operate as independent data controllers. Data is not disclosed.

  1. Data transfer in non-EU countries

    Customers’ Personal Data are stored on servers located within the European Union. Customers acknowledge that, with the prior consent or other appropriate legal basis, their Personal Data may be processed in countries outside the European Union.

  1. Data retention period

    The Data will be stored on paper and / or computer supports only for the time necessary for the purposes for which they were collected, respecting the principles of limitation of conservation and minimization pursuant to article 5, paragraph 1, letters c) and e) of the Regulation.

    The Data will be kept to comply with legal obligations and to pursue the aforementioned purposes, in compliance with the principles of indispensability, non-surplus and pertinence.

    The Company could keep Data after the termination of the contractual relationship in order to fulfill legal and / or post-contractual obligations in relation to the legal provisions (10 years). Subsequently, once the aforementioned reasons for processing cease to exist, the Data will be deleted, destroyed or stored anonymously.

  1. Rights of the interested party

    In relation to the aforementioned treatments, the interested party can exercise his / her rights as per articles 15 to 22 of the Regulations.

    In particular, the interested party has the right to ask the Company for access to his / her Data, the correction or cancellation of the same, has the right to oppose the processing or to request the limitation of the treatment in the cases provided for by Article 18 of the Regulation and to obtain their data in a structured format, commonly used and automatically readable, in the cases provided for by article 20 of the Regulation.

    The interested party may also revoke the consent given in accordance with article 7 of the Regulation at any time, as well as lodge a complaint by the Guarantor Authority for the protection of personal data pursuant to Article 77 of the Regulation, if it considers that the processing of its own Data is contrary to the legislation in force.

    In the event of opposition to the processing of data pursuant to Article 21 of the Regulation, the Company reserves the right to evaluate the request, which will not be accepted if there are legitimate cogent reasons to proceed with the processing that prevail over the interests, rights and freedoms of the ‘Interested.

    Any requests must be sent in writing to the DPO at the email