• Via Enrico Toti, 454, 21014 Caronno Pertusella (VA)
  • +39 02 965 5505
  • info@isastudiox.com
  • order@isastudiox.com

© 2026 StudioX

Privacy

Isa StudioX, with registered office at Via E. Toti 454, 21042 Caronno Pertusella (VA) – VAT No. 00338960123 (hereinafter the “Data Controller”), in its capacity as data controller, hereby informs you, pursuant to Article 13 of Legislative Decree 196/2003 (hereinafter the “Privacy Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter the “GDPR”), that your data will be processed in the following manner and for the following purposes:

1.PURPOSE OF THE PROCESSING
For the establishment and management of our ongoing relationship with you, the Data Controller processes your personal, identifying, contact, and tax data (e.g., first name, last name, company name, address, phone number, email address, bank and payment details, etc.). 2

2. PURPOSES OF PROCESSING AND LEGAL BASIS
Your personal data is processed:
a. Without your express consent (Art. 24 of the Privacy Code and Art. 6 of the GDPR) for the following service-related purposes:
To enter into contracts for the Data Controller’s services
To fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with you
To fulfill obligations required by law, regulation, EU legislation, or an order from the Authority
To exercise the Data Controller’s rights, such as the right to defend itself in court;
b. Only with your specific and separate consent (Art. 23 and 130 of the Privacy Code and Art. 7 of the GDPR), for the following marketing purposes:
To send you, via email, mail, and/or text message and/or telephone contact, newsletters, commercial communications, and/or advertising material regarding products or services offered by the Data Controller, and to survey your level of satisfaction with the quality of services
To send you, via email, mail, and/or text message and/or telephone contact, commercial and/or promotional communications from third parties (e.g., business partners, other group companies, etc.)
Please note that if you are already our customer, we may send you commercial communications regarding the Data Controller’s services and products similar to those you have already used, unless you object (Article 130(4) of the Privacy Code)

3. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO PROVIDE DATA
The provision of data for the purposes referred to in point 2.a is mandatory. Without such data, we will not be able to provide you with the relevant services.
The provision of data for the purposes referred to in point 2.b is, however, optional. You may therefore decide not to provide any data or subsequently withdraw consent to the processing of data already provided for such purposes; in this case, you will not be able to receive newsletters, commercial communications, and advertising material relating to the services and products offered by the Data Controller. You will, however, continue to be entitled to the services referred to in point 2.a.

4. METHODS OF PROCESSING
The processing of your personal data is carried out through the operations indicated in Article 4 of the Privacy Code and Article 4(2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.
Your personal data is processed both in paper form and electronically and/or automatically.
The processing is carried out by designated personnel and collaborators within the scope of their respective duties and in accordance with the instructions received, always and solely for the achievement of the specific purposes, strictly adhering to the principles of confidentiality and security required by applicable regulations.

5. ACCESS TO DATA
Your data may be made available for the purposes set forth in section 2:
To the Data Controller’s employees and collaborators in their capacity as data processors and/or internal data controllers and/or system administrators
To third-party companies or other entities (including, but not limited to, financial institutions, professional firms, consultants, insurance companies, etc.) that perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors, a list of which is available at our headquarters.

6. DISCLOSURE OF DATA
Without the need for express consent (Art. 24 of the Privacy Code and Art. 6 of the GDPR), the Data Controller may disclose your data for the purposes set forth in point 2.a to Supervisory Bodies, Judicial Authorities, as well as to all other entities to whom disclosure is required by law for the fulfillment of the aforementioned purposes. Your data will not be disclosed.

7. DATA TRANSFER
Your data will not be transferred outside the European Union. It is understood, however, that the Data Controller, should it become necessary, will have the right to transfer data within the European Union and/or to countries outside the EU. In such a case, the Data Controller hereby guarantees that the transfer of data outside the EU will take place in accordance with applicable legal provisions, entering into, if necessary, agreements that ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

8. DATA RETENTION
All personal data provided will be processed in accordance with the principles of lawfulness, fairness, relevance, and proportionality, using only the methods—including electronic and telecommunications means—strictly necessary to achieve the purposes described above.

In any case, personal data will be retained for a period of time no longer than that strictly necessary to achieve the stated purposes. Personal data that is no longer necessary for the stated purposes will be deleted or anonymized. Please note that the information systems used to manage the collected data are configured, from the outset, to minimize the use of personal data.

9. RIGHTS OF THE DATA SUBJECT
As a data subject, you have the rights set forth in Article 7 of the Privacy Code and Article 15 of the GDPR, specifically the rights to:
1. Obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and to have such data communicated to you in an intelligible form;
2. To obtain information regarding: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic tools; d) the identification details of the Data Controller, the data processors, and the designated representative; e) the subjects or categories of subjects to whom the personal data may be disclosed or who may become aware of it in their capacity as designated representative within the territory of the State, data processors, or persons in charge of processing; 3. To obtain: a) the updating, rectification, or, where interested, the completion of the data; b) the erasure, anonymization, or blocking of data processed in violation of the law, including data that no longer needs to be retained for the purposes for which it was collected or subsequently processed; c) confirmation that the operations referred to in letters a) and b) have been brought to the attention, including with regard to their content, of those to whom the data have been disclosed or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the right being protected; 4. object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even if such data is relevant to the purpose for which it was collected; b) to the processing of personal data concerning you for the purposes of sending advertising or direct sales material, or for conducting market research or commercial communications, through the use of automated calling systems without the intervention of an operator, via email, and/or through traditional marketing methods such as telephone and/or postal mail. Please note that the data subject’s right to object, as set forth in point b) above, for direct marketing purposes via automated means extends to traditional methods, and that in any case, the data subject retains the right to exercise the right to object even only in part. Therefore, the data subject may choose to receive only communications via traditional methods, or only automated communications, or neither type of communication.

Where applicable, the data subject also has the rights set forth in Articles 16–21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Authority.

10. HOW TO EXERCISE YOUR RIGHTS
You may exercise your rights at any time by sending an email to info@isastudiox.com

11. DATA CONTROLLER, DATA PROCESSOR, AND DATA PROCESSING STAFF
The Data Controller is Isa StudioX The updated list of data processors and data processing staff is kept at the Data Controller’s registered office.

12. UPDATES TO OUR PRIVACY POLICY
This Privacy Policy may be updated periodically without prior notice to reflect changes in our practices regarding the processing of personal information. We will post a prominent notice on our websites to communicate any significant changes to our Privacy Policy, indicating the date of the last update at the bottom of the policy.

Policy updated on July 17, 2018.

© 2026 StudioX. Created with ❤ using WordPress and Kubio