info@handyrent.it
+39 389 6509 168
Terms of Use
PrivacyVAT Number 01618880916
Copyright 2025 Handy S.r.l
We use cookies to provide you with the best possible experience on our website. Cookies help us improve site functionality, analyze traffic, and offer you personalized content. By clicking "Accept," you consent to the use of all cookies.
HANDY S.R.L. is a company specialized in the Information Technology sector.
With this document (hereinafter, “Privacy Policy”), we intend to renew our commitment to ensuring that the processing of personal data collected through this website (hereinafter the 'Site'), carried out by any means, whether automated or manual, is fully compliant with the guarantees and rights recognized by Regulation (EU) 2016/679 (hereinafter “GDPR” or “Regulation”) and other applicable regulations on the protection of personal data.
The term “personal data” refers to the definition contained in Article 4, point 1) of the Regulation, which states that “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter “Personal Data”).
The Regulation provides that, before proceeding with the processing of Personal Data, understood as any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, it is necessary that the person to whom such Personal Data belongs is informed about the reasons for which such data are required and how they will be used.
In this regard, this Privacy Policy, drafted based on the principle of transparency and all the elements required by Articles 13 and following of the Regulation, aims to provide you, in a simple and intuitive way, with all the useful and necessary information so that you can provide your Personal Data in a conscious and informed manner and, at any time, request clarifications and/or rectification.
The company that will process your Personal Data for the main purpose described in the 'Purposes' section of this Privacy Policy and will therefore act as the data controller, as defined in Article 4, point 7) of the Regulation, which specifies that the data controller is “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is:
HANDY S.R.L. (hereinafter the “Controller”), with registered office at Via Einaudi 13c, VAT number 01618880916, 08015 - Macomer (NU).
Your personal data are collected and processed by the Controller for purposes strictly related to the use of the Site and its information services. Furthermore, your personal data may also be used in various processing operations (such as storage, archiving, processing, etc.) compatible with these purposes. In particular, your personal data may be processed for the following purposes:
a) To respond to inquiries;
b) To enable the provision of the services you requested;
c) To comply with legal obligations;
d) To send promotional and direct marketing communications, including newsletters and market research.
The legal basis for the processing of personal data for the purposes referred to in points a), b), and c) is Article 6, paragraph 1, letters b) and c) of the GDPR, as the processing is necessary to respond to the data subject's requests, provide the requested services, and comply with a legal obligation of the Controller. The provision of personal data for these purposes is optional, but failure to provide such data may make it impossible to activate the services provided by the site or respond to requests.
The legal basis for the processing of personal data for the purpose described in point d) is Article 6, paragraph 1, letter f), of the GDPR. The Controller may carry out this activity based on its legitimate interests, independently of your consent, and until you object or limit (as provided in the 'Rights' section) such processing, as better explained in Recital 47 of the Regulation, which considers it legitimate to process personal data for direct marketing purposes. This will also be possible based on the assessments made by the Controller regarding the possible prevalence of your interests, rights, and fundamental freedoms requiring the protection of personal data over your legitimate interest in sending direct marketing communications.
The methods of contact for direct marketing activities can be both automated and traditional. However, as better specified in the 'Rights' section, you will have the possibility to withdraw your consent, even partially, for example by consenting only to traditional contact methods.
Regarding contact methods involving the use of your telephone contacts, we inform you that the Controller's direct marketing activities will be carried out after verifying your possible registration in the Opposition Register, as provided by the provisions of Legislative Decree 7 September 2010, n. 178 and subsequent amendments.
The personal data required for the purposes indicated above will be those specified in the contact form, including but not limited to: name, surname, email address, and telephone numbers.
Your personal data may be communicated to certain recipients who are considered recipients of such personal data.
In fact, Article 4, point 9) of the Regulation defines the recipient of personal data as “the natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not” (hereinafter referred to as the “Recipients”).
In order to correctly carry out all the processing activities necessary to achieve the purposes described in the 'Purposes' section, the following Recipients may be involved in the processing of your personal data:
Third parties who carry out part of the processing activities and/or activities related and instrumental to them on behalf of the Controller. These subjects have been appointed as data processors, meaning pursuant to Article 4, point 8) of the Regulation “the natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller” (hereinafter referred to as the “Data Processor”).
Natural persons, employees, and/or collaborators of the Controller, to whom specific and/or multiple processing activities related to your personal data have been entrusted. These subjects have been given specific instructions regarding the security and correct use of personal data and are defined, pursuant to Article 4, point 10) of the Regulation, as “persons authorized to process personal data under the direct authority of the Controller or Processor” (hereinafter the “Authorized Persons”).
If required by law or to prevent or suppress the commission of a crime, your personal data may be communicated to public entities or the judicial authority without being considered Recipients. In fact, according to Article 4, point 9) of the Regulation, “public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.”
One of the principles applicable to the processing of your personal data concerns the limitation of the retention period, as governed by Article 5, paragraph 1, letter e), of the Regulation, which provides that “personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject.”
In light of this principle, your personal data will be processed by the Controller only for the time necessary to achieve the purposes described in the 'Purposes' section.
In particular, concerning the purposes described in the 'Purposes' section, your personal data, subject to legal obligations, will be processed for a period equal to the minimum necessary, as indicated in Recital 39 of the Regulation, i.e., 3 months from the contact request.
Regarding the processing carried out for the purpose described in the 'Purposes' section of this Privacy Policy, the Controller may lawfully process your personal data for one year.
As provided by the Regulation, if you have given consent to the processing of your personal data for one or more purposes for which it was requested, you may revoke it in whole or in part at any time without affecting the lawfulness of the processing based on the consent before its withdrawal.
The methods for withdrawing consent are very simple and intuitive. You just need to contact the Data Controller using the contact channels provided in this Privacy Policy.
As provided by Article 15 of the Regulation, you have the right to access your personal data, request their rectification or update if incomplete or inaccurate, request their deletion if the collection was carried out in violation of a law or regulation, and to object to their processing for legitimate and specific reasons.
In particular, we inform you of all your rights that you can exercise at any time against the Data Controller.
You have the right, pursuant to Article 15, paragraph 1, of the Regulation, to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and, if so, access to such personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You can find all this information within this Privacy Policy, which will always be available to you in the Privacy section of the Site.
You can obtain, pursuant to Article 16 of the Regulation, the rectification of your personal data that are inaccurate. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right, pursuant to Article 17, paragraph 1, of the Regulation, to obtain the erasure of your personal data without undue delay, and the Data Controller has the obligation to erase your personal data where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) you withdraw consent on which the processing is based, and where there is no other legal ground for the processing; c) you object to the processing pursuant to Article 21, paragraphs 1 or 2, of the Regulation, and there are no overriding legitimate grounds for the processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
In some cases, as provided by Article 17, paragraph 3, of the Regulation, the Data Controller has the right not to erase your personal data if their processing is necessary, for example, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, or for the establishment, exercise, or defense of legal claims.
You have the right to obtain restriction of processing, pursuant to Article 18 of the Regulation, in the following cases: a) if you contest the accuracy of your personal data (the restriction will be in place for the period necessary for the Data Controller to verify the accuracy of the personal data); b) if the processing is unlawful, but you oppose the erasure of your personal data and request the restriction of their use instead; c) even if the Data Controller no longer needs the personal data for the purposes of the processing, they are required by you for the establishment, exercise, or defense of legal claims; d) if you have objected to processing pursuant to Article 21, paragraph 1, of the Regulation, pending the verification whether the legitimate grounds of the Data Controller override yours.
In case of restriction of processing, your personal data will be processed, with the exception of storage, only with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. You will be informed before the restriction is lifted.
You can, at any time, request and receive, pursuant to Article 20, paragraph 1, of the Regulation, all your personal data processed by the Data Controller in a structured, commonly used, and machine-readable format or request their transmission to another data controller without hindrance. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you intend to transfer your personal data, providing us with written authorization.
Pursuant to Article 21, paragraph 2, of the Regulation and as reiterated in Recital 70, you may object, at any time, to the processing of your personal data when it is carried out for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Without prejudice to your right to seek administrative or judicial remedies, if you believe that the processing of your personal data carried out by the Data Controller is in violation of the Regulation and/or applicable law, you may lodge a complaint with the competent Supervisory Authority. Data Protection Authority.
To exercise all your rights as identified above, you simply need to contact the Data Controller using the following methods:
- Sending an email to the email address info@Handy Rent.it;
- Sending a registered letter to the registered office of HANDY S.R.L.
Your personal data will be processed by the Data Controller within the territory of the European Union.
If, for technical and/or operational reasons, it becomes necessary to involve entities located outside the European Union, we inform you in advance that such entities will be appointed as Data Processors pursuant to Article 28 of the Regulation, and the transfer of your personal data to such entities, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation.
All necessary precautions will be taken to ensure the total protection of your personal data, basing such transfers: (a) on adequacy decisions of the third countries recipients expressed by the European Commission; (b) on adequate guarantees expressed by the third-party recipient pursuant to Article 46 of the Regulation; (c) on the adoption of binding corporate rules; (d) on the use of standard contractual clauses approved by the European Commission.
In any case, you may request further details from the Data Controller if your personal data have been processed outside the European Union, requesting evidence of the specific safeguards implemented.