Privacy policy

IH1 s.r.l., as Data Controller (hereinafter “Controller”) according to the art. 13 of the EU
Regulation of 27 April 2016 n. 679 concerning the ” protection of natural persons with regard
to the processing of personal data” (hereinafter “regulation” or “legislation”), according to the
Italian Legislative Decree 101/2018, and in the person of its Legal Representative Farhad
Alessandro Mohammadi, in compliance with the principles of correctness, lawfulness,
transparency, and protection of your privacy and your rights,

informs you

that the personal data provided on the website ih1.co will be processed in accordance with the
current legislation and related confidentiality obligations.

1. Object of data processing
The personal data processed are the following:
a) For the visitors of the website:
> navigation and identification data;
b) For the users of the website:
> personal data such as: personal identification data, email addresses, telephone number…;
c) any other data collected in order to achieve the purposes mentioned in the following
paragraph.

2. Purpose of the data processing
The personal data provided to IH1 s.r.l. are necessary to achieve the following purposes:
> identification and tracking of the website’s visitors;
> communications and / or requests from users and/or visitors by filling the contact form
dedicated;
> communications to third parties for marketing and/or profiling purposes;
> any other fulfillment related to the business activity, the points set out above, as well as all
the obligations imposed by the law and/or by the public authorities.

3. Methods of data processing and retention
The processing will be carried out in an automated way, in accordance with the provisions
coming from the art. 32 of the Regulation on security measures, by individuals specifically
authorized and in compliance with the provisions of art. 29 of the Regulations, which will act
under the direct authority of the Data Controller. We point out that, in compliance with the
principles of lawfulness, purpose limitation and data minimization, according to the art. 5 of
the Regulation, your personal data will be retained for the time necessary to achieve the
purposes for which they are collected and processed, and for the additional period necessary
to comply with regulatory obligations.

4. External Data Processors
The complete list of the External Data Processors is constantly updated and can be found by
writing a request to privacy@ih1.co.

5. Internal individuals authorized to data processing
The complete list of internal individuals authorized to the data processing is constantly updated
and can be found by writing a request to privacy@ih1.co.

6. Nature of the provision of personal data and consequences in case of failure to provide
The provision of personal data, mentioned in paragraph 1 lett. b), for the purposes mentioned
in paragraph 2, is essential for the obligations mentioned in the same paragraph 2, typical of
the services coming from the website’s activity. Failure to provide such data would lead to the
total and/or partial impossibility of fulfilling such obligations.

7. Scope of communication and disclosure of personal data
The data collected will never be disclosed and will not be communicated without your explicit
consent, except for the necessary communications that may involve the transfer of data to
public bodies, consultants, or other subjects for the fulfillment of contractual obligations, legal
obligations. and/or obligations imposed by supervisory authorities. The personal data collected
can be disclosed to third parties for marketing and/or profiling purposes.

8. Transfer of personal data
Your personal data are stored on a Google Drive digital archive through shared drives; they
will not be transferred either to member states of the European Union or to third countries
outside the European Union.

9. Rights of Data Subjects
According to art. 15 – 22 and 77 of the GDPR, data subjects shall exercise the following rights:
a) right of access: right to obtain from the Data Controller confirmation that his/her personal
data are being processed or not and, in this sense, to obtain access to them and further
information on the origin, purpose, category of data processed, recipients of
communication and / or data transfer;
b) right of rectification: right to obtain from the Data Controller the rectification of
inaccurate personal data without undue delay, as well as the integration of incomplete
personal data, also by providing an additional declaration;
c) right to erasure (to be forgotten): the right to obtain from the Data Controller the erasure
of personal data without undue delay in the event that the personal data are no longer
necessary with respect to the purposes of the processing; the consent on which the
processing is based is revoked and there is no other legal basis for the processing; the
personal data have been unlawfully processed; personal data must be deleted to comply
with legal obligations;
d) right to object to processing: the right to object at any time to the processing of personal
data which have a legitimate interest of the Data Controller as their legal basis;
e) right to restriction of processing: the right to obtain from the Data Controller the
limitation of the processing, in cases where the accuracy of the personal data is disputed,
if the processing is unlawful and / or the interested party has opposed the processing;
f) right to data portability: right to receive personal data in a structured format, commonly
used and readable by an automatic device and to transmit such data to another Data
Controller, only for cases in which the processing is based on consent and only for data
processed by electronic means;
g) right to withdraw: right to withdraw the consent to the data processing previously given;
h) right to lodge a complaint with the Supervisory Authority: without prejudice to any
other administrative or judicial appeal, if the interested party believes that the processing
that concerns him or her violates the law, he will have the right to lodge a complaint with
the Supervisory Authority of the Member State where he habitually resides or works, or
the State in which the alleged violation occurred

10. How to exercise the rights of the Data Subject
The Data Subject can exercise his/her rights by writing to IH1 s.r.l., to the address of its
registered office, or by writing an e-mail to privacy@ih1.co.

11. The Data Controller
The Data Controller is IH1 s.r.l., Via Bossolasco 11, 10141 – Turin (TO), in the person of its
Legal Representative Farhad Alessandro Mohammadi.