Client Privacy Policy

Client Information Form REV. 00 of 30/06/2020

Dear Data Subject,
with this form STUDIO AMBIENTE SRL makes the information about the processing of personal data acquired, even verbally, directly or through third parties, related to you, necessary for the performance of administrative, accounting, management and contractual services related or resulting from the execution of the contract. This information is provided in accordance with the provisions of art. 13 of EU Reg. 2016/679 (so-called GDPR).


The Data Controller is the company STUDIO AMBIENTE SRL with registered office in via Monte Baldo 4 – Dossobuono – 37062 Villafranca di Verona (VR), F.C. and VAT number n. 03427230234, R.E.A. VR-335460, share capital € 10.000,00, tel. +39 045 987304, fax +39 045 8618049, e-mail, PEC


Your personal data will be processed for the following purposes:

  • stipulation and execution of the contract and all activities connected to it, such as, for example, invoicing, credit protection, administrative, management, organisational and functional services for the contractual relationship (including the fulfilment of pre and/or post contractual obligations);
  • fulfilment of the obligations provided for by laws, regulations, national and/or EU regulations on contractual, accounting and fiscal matters and to achieve an effective management of business relations and other provisions issued by authorities invested with the law and by supervisory and control bodies;
  • e-mail addresses provided in the context of the sale of a good or service may be used for the forwarding via e-mail of advertising or promotional material and in general for commercial communication activities on Services similar to those purchased by the interested party (47 GDPR);
  • if necessary, to ascertain, exercise or defend the rights of the Data Controller in court (“Security Purposes”).


3.1. Given that the processing of data is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject, the legal basis for the processing is that provided for in Art. 6, para. 1 letter B) GDPR and therefore the fulfilment of a contract, as well as Art. 6, para. 1 letter C) GDPR with regard to the fulfilment of legal obligations inherent in or arising from the contract.

3.2. For the purpose of sending commercial communications via e-mail for products similar to those already purchased that fall within the so-called soft spam, the legal basis is the legitimate interest of the Data Controller pursuant to art. 6 para. 1 letter F) in conjunction with recital 47 GDPR. This applies to customers who have or have had a contractual or pre-contractual relationship with the Data Controller, unless the Interested Party expressly objects

3.3. For the Security Purposes, the legal basis is the legitimate interest pursuant to Art. 6 para. 1 letter F) to be able to ascertain, exercise and defend a right in court.


The data treatment will be carried out using electronic, computerised or automated instruments, as well as paper.
The processing is carried out by the Data Controller and by the Data Controller’s collaborators and/or employees as data processors, by the system administrator, as well as by the data processors specifically identified in writing, within the scope of their respective functions and in compliance with the instructions given by the Data Controller, ensuring the use of suitable measures for the security of the data processed and guaranteeing its confidentiality.
According to the rules of the Regulation, the processing carried out by the Data Controller will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, data minimisation, accuracy, integrity and confidentiality.
The data will always be processed with the utmost respect for the principle of confidentiality even in the case of management of the same by third parties expressly appointed by the Data Controller.
Your data are not subject to any automated decision making process.


Your personal data will be kept during the execution of the contract and for a period of ten years after its termination/completion in order to fulfil fiscal and accounting obligations, as well as for judicial protection in case of disputes arising from the contract itself.
This is without prejudice to the cases in which the rights deriving from the contract may be asserted in court; in which case the personal data of the interested party, exclusively those necessary for such purposes, will be processed for the time necessary to pursue them.
With regard to the sending of promotional communications by e-mail for products similar to those already purchased, your data will be kept until your possible opposition.
For security purposes, your data will be kept until the pursuit of the same, except for further storage if necessary to defend the rights of the Data Controller.
Once the above mentioned storage terms have expired, the data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures.
This information will be considered valid also for subsequent contracts that you may conclude with the Data Controller.


The personal data provided by you may come to the knowledge of the Data Controller, the persons in charge and/or the data processors. The list of Data Processors, where appointed, is available on request.

The communication of the personal data of the interested party takes place mainly towards third parties and/or recipients whose activity is necessary to carry out the activities inherent to the execution of the contractual relationship established and to respond to certain legal obligations, such as:

  • the subjects who process the data in execution of specific legal obligations;
  • credit institutions, financial companies and other credit intermediaries that provide services functional to the purposes described above;
  • software and hardware assistance companies;
  • external consultants who provide functional services, deriving from or connected to the purposes described above, identified in writing and to whom specific written instructions have been given with reference to the processing of personal data;
  • companies or professionals for the judicial or extra-judicial protection of the Data Controller’s rights;
  • in general, to all those public and private subjects for whom the communication is necessary for the correct and complete fulfilment of the above mentioned purposes.


Unless specifically requested in writing by you, or ordered by a legal or regulatory authority, the personal data provided by you are not subject to dissemination.


The data collected will not be transferred to third countries or international organisations.

Some Personal Data of the interested parties are shared with Recipients that may be found outside the European Economic Area. The Data Controller ensures that the transfer and processing is carried out in compliance with applicable legislation. Indeed, transfers are carried out through adequate guarantees, such as adequacy decisions, standard contractual clauses approved by the European Commission or other legal instruments.


The legislation confers on the data subject the exercise of specific rights listed in articles. from 15 to 22 of GDPR, including the right to obtain from the Data Controller confirmation, or not, of the existence of his/her personal data (i.e. access), their availability in an intelligible form, as well as their rectification or cancellation, or to limit in whole or in part the processing or to oppose for legitimate reasons to the same and/or to revoke the consent to the processing at any time (without prejudice to the consequences indicated), or to request the portability of his/her data with regard to the data subject to specific consent, or even the updating.
The data subject has the right to be informed of the origin of the data, the purpose and methods of processing, the logic applied to the processing, the identification details of the data controller and the subjects to whom the data may be communicated.
The interested party also has the right to request the transformation into anonymous form, limitation or blocking of data processed in violation of the law; he may also lodge a complaint regarding unauthorized processing of data provided to the Guarantor for the Protection of Personal Data in the manner published on the site of said authority (
Requests relating to the exercise of the aforementioned rights may be addressed to the Data Controller, at the addresses indicated above, without formality or, alternatively, using the model provided for by the Personal Data Protection Guarantor available on the Website:
The exercise of these rights can be exercised by written communication to be sent by PEC or by registered letter addressed to the above mentioned structure.


The provision of personal data is not mandatory, however it is necessary for the exact execution of contractual and pre-contractual obligations. The provision of contact data for the commercial activity is not mandatory, but it is necessary in case you intend to receive communications relating to services and promotions offered by the Data Controller.
The Data Controller specifies that you will only be asked for the data strictly necessary for the conclusion of the contract and for the execution of the obligations or legal obligations deriving from it.


Failure to provide the data by the data subject makes it impossible to stipulate the contract as well as to carry out the required pre-contractual measures, and to carry out in an exact manner the fulfilment of contractual obligations, as well as the fulfilments (also legal) deriving from or connected to the contract and, more generally, the impossibility to fulfil the above mentioned purposes.