Part of Servix International

Schedule a Strategy Call

Privacy Policy

/ LEGAL

Privacy Policy

Last updated: 22 May 2026

This Privacy Policy describes how Italy4VAT S.r.l. (the “Data Controller”) processes personal data collected through the website italy4vat.com, in accordance with Regulation (EU) 2016/679 (“GDPR”) and Italian Legislative Decree no. 196/2003, as amended.

1. Data Controller

The Data Controller is Italy4VAT S.r.l., with registered office in Rome, Italy.

Contact email: rome@italy4vat.com

The Data Controller has not appointed a Data Protection Officer, as the conditions set out in Article 37 of the GDPR are not met.

2. Categories of personal data

The Data Controller processes one category of data:

  • Data voluntarily provided by the data subject — when the user contacts the Data Controller via the email addresses published on the website, the personal data contained in the message (identification data, contact details, business information, and any further data the user chooses to disclose) is processed.

The website does not employ any audience-measurement, analytics, or behavioural-tracking service. Edge request logs may be retained by the hosting provider (Cloudflare) for operational and security purposes only — see section 5.

  • Responding to enquiries and requests for information — pre-contractual measures pursuant to Article 6(1)(b) GDPR, or the Data Controller’s legitimate interest in interacting with prospective clients pursuant to Article 6(1)(f) GDPR.
  • Performance of professional services for clients — execution of the contract pursuant to Article 6(1)(b) GDPR; compliance with tax, accounting, and regulatory obligations pursuant to Article 6(1)(c) GDPR.

4. Method and place of processing

Personal data is processed by electronic means, through technical and organisational measures designed to ensure its security, confidentiality, and integrity. The website is hosted on Cloudflare’s edge platform (Workers Static Assets), provided by Cloudflare, Inc. (United States), under the contractual safeguards described in section 5. Access to personal data is restricted to authorised personnel of the Data Controller. No automated decision-making, including profiling, is carried out.

5. Recipients and transfers

Personal data may be communicated to:

  • Cloudflare, Inc. — acting as Processor pursuant to Article 28 GDPR, for hosting and edge infrastructure (DDoS protection, abuse prevention, platform diagnostics). Transfers outside the European Economic Area are governed by the European Commission’s Standard Contractual Clauses and by Cloudflare’s Data Processing Addendum.
  • Professional advisors — tax, legal, and accounting consultants engaged by the Data Controller, bound by professional secrecy.
  • Competent authorities — where disclosure is required by law or by an order of a judicial or supervisory authority.

Personal data is not sold, rented, or otherwise transferred for commercial purposes.

6. Retention

  • Email enquiries not resulting in a contractual relationship: retained for up to 24 months from the last exchange, then deleted.
  • Client data: retained for the duration of the contractual relationship and for ten years after its termination, in accordance with Italian tax and civil-law obligations.
  • Edge request logs: retained by Cloudflare for operational and security purposes according to its own standard retention windows; not accessible to the Data Controller as analytics.

7. Rights of the data subject

Pursuant to Articles 15 to 22 of the GDPR, the data subject has the right to obtain access to personal data, rectification, erasure, restriction of processing, data portability, and to object to processing carried out on the basis of legitimate interest. Where processing is based on consent, the data subject may withdraw consent at any time, without prejudice to the lawfulness of processing performed prior to withdrawal.

Requests may be addressed in writing to rome@italy4vat.com. The Data Controller will respond within the timeframe prescribed by Article 12(3) GDPR.

The data subject also has the right to lodge a complaint with the Italian supervisory authority, Garante per la protezione dei dati personali (garanteprivacy.it), and to seek judicial remedy pursuant to Article 79 GDPR.

8. Changes to this Policy

The Data Controller may update this Policy to reflect changes in applicable law or in its processing activities. The version in force is the one published on this page, identified by the “Last updated” date above. Material changes are communicated by email to clients with an active contractual relationship.