Privacy Policy
(pursuant to EU Regulation 2016/679 – GDPR)
1 Introduction
When you use the services of Studio Ughi S.r.l. and interact with the company through the digital platform, website or other channels, your personal data is processed.
This Privacy Notice is written to help you understand:
- what personal data is collected;
- for what purposes it is processed;
- on what legal basis;
- how Studio Ughi S.r.l. manages, protects, stores, communicates and deletes it.
Per 'dati personali' si intendono tutte le informazioni relative a una persona fisica identificata o identificabile, quali, a titolo esemplificativo, nome, indirizzo email, numero di telefono, dati fiscali, bancari e professionali.
Section 3 describes the processing of personal data carried out by Studio Ughi S.r.l. as Data Controller, both within the platform and digital services (section 3.1), and when the user interacts through other channels, such as the website (section 3.2). Section 2 indicates the processing not covered by this Notice.
2 Processing not covered by this Notice
2.1 Processing carried out by professionals appointed by the client
With reference to the processing of personal data carried out by professionals appointed by the user through the Studio Ughi S.r.l. platform, such professionals operate as independent Data Controllers. For such processing, the user should refer to the privacy notices provided by the individual professionals.
2.2 Processing carried out by the user through the platform
With reference to the processing of personal data that the user carries out directly through the platform (e.g., issuing and managing invoices, uploading documents, managing records), the user is the Data Controller, while Studio Ughi S.r.l. operates as Data Processor, based on the Data Processing Agreement (DPA) attached to the service contract.
3 Processing carried out by Studio Ughi S.r.l. as Data Controller
Studio Ughi S.r.l. is the Data Controller when it determines the purposes and means of processing personal data, for example for platform management, service delivery, software development, security, marketing and defense of its rights.
3.1 Processing carried out within the platform and digital services
3.1.1 What personal data is processed
Studio Ughi S.r.l. may process the following categories of personal data:
- Identification data: name, surname, date and place of birth, tax code;
- Contact data: email address, phone number, postal address;
- Login credentials: username and password (stored in encrypted/hashed form);
- Activity data: information related to economic or professional activity (e.g., ATECO code);
- Contractual data: purchased services, contract status, renewals;
- Payment data: payment information and payment methods used;
- Economic and tax data: information on economic and tax situation;
- Banking data: bank account details and related documentation;
- Log and technical data: IP address, access logs, platform usage, cookies and sessions;
- Preferences: user interests, habits and preferences.
3.1.2 Data collection methods
Personal data is collected:
- directly from the user;
- upon authorization, from public entities (e.g., Revenue Agency);
- automatically through platform usage and tracking technologies.
3.1.3 Processing purposes
Personal data is processed for the following purposes:
- Service provision: platform and digital service delivery, operational and administrative support, integration management (e.g., certified email, digital signature);
- Software development and IT security: functionality improvements, maintenance, authentication, prevention of unauthorized access, backup and disaster recovery;
- Accounting and invoicing: civil and tax compliance, payment recording;
- Statistical analysis: aggregated and anonymous analysis on platform usage and service effectiveness;
- Marketing: service promotion, sending informative communications, event and webinar invitations, referral programs;
- Legal defense: management of any out-of-court or judicial disputes.
3.1.4 Legal basis for processing
Processing is based on:
- contract performance (Art. 6, para. 1, letter b GDPR);
- compliance with legal obligations (Art. 6, para. 1, letter c GDPR);
- legitimate interest of the Controller (Art. 6, para. 1, letter f GDPR);
- consent of the data subject, where required (Art. 6, para. 1, letter a GDPR).
3.1.5 Data retention
| Contractual and tax data | 10 years |
| Log and technical data | max 12 months |
| Marketing data | until consent withdrawal or 12 months after the end of the relationship |
| Credentials | for the duration of the service |
3.2 Processing through website and other channels
3.2.1 Categories of data processed
- identification and contact data;
- browsing data;
- behavioral data;
- preferences;
- data provided for commercial inquiries or job applications.
3.2.2 Purposes
- marketing and communication;
- commercial inquiries management;
- statistical analysis;
- IT security;
- personnel recruitment.
3.2.3 Retention
| Marketing | max 3 years |
| Recruitment | max 6 months |
| Legal obligations | 10 years |
4 Data communication and transfer
Data may be disclosed to:
- cloud providers and IT suppliers;
- certified email and digital signature providers;
- banks, public entities, consultants.
Any extra-EU transfers are carried out in compliance with Chapter V GDPR (adequacy decisions or standard contractual clauses).
5 Profiling
Any profiling activities are carried out only with the user's prior consent and are intended exclusively for personalized communications.
6 Data subject rights
The data subject may exercise their rights under Articles 15-22 GDPR (access, rectification, erasure, restriction, portability, objection).
It is always possible to lodge a complaint with the Data Protection Authority.
7 Data Controller
Studio Ughi S.r.l.
Via Larga 7, 20122 Milano (MI)
P. IVA 10680620969
Email: privacy@adesso360.com
PEC: adesso360@pec.com
8 Updates
This Privacy Policy is subject to periodic revision.
Last updated: 15 January 2026