Privacy Policy


This is to inform you that our organisation processes your personal data in full compliance with the current national legislation of the European Union on the processing of personal data; pursuant to art. 13 and 14 of EU REGULATION 2016/679, we inform you that:


1.The data controller is Carlucci S.r.l. in the person of its legal representative, with registered office in Via dei Castelli Romani, 44 - 00071 Pomezia, Telephone: 06/9160021 - E-mail:

2. Purpose of processing: Personal data is processed as part of the normal business activity, for the following purposes:

  • aimed exclusively at the fulfilment of contractual obligations or for the acquisition of pre-contractual information, as well as for information relating to requests by the interested party for supplies and services.
  • connected to the obligations established by laws, regulations and community legislation as well as by provisions issued by authorised authorities and by supervisory and control bodies, as well as the obligations in tax and accounting matters, for communication activities, including commercial ones.
  • for activities functional to the Company's business, carried out directly or through third parties, such as:
  • detection of the degree of customer satisfaction on the quality of services provided and on the activity; promotion and sale of services brokered by the Company, carried out by mail, telephone, sending advertising material, automated systems, etc.; market surveys and statistical processing.

3. Category of data collected: The data collected fall within the category of personal identification data (personal data, fiscal code or VAT number, details of identification documents, certificates, experience gained.

4. Methods of data processing: The processing of data takes place using paper, IT and digital tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data. In particular, we inform you that your data are: 
processed in a lawful, correct and transparent manner; collected for the aforementioned, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes; adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed (“data minimisation”); exact and, if necessary, updated, deleted and/or corrected; stored in a form that allows its identification for a period of time not exceeding the achievement of the purposes for which they are processed;
processed in such a way as to ensure adequate security of personal data, including protection, by means of appropriate technical and organisational measures, from unauthorised or illegal processing and from loss, destruction or accidental damage)

5. Data communication: For the pursuit of the purposes indicated in point 2, your data may be disclosed to companies that carry out the acquisition, registration and processing of data contained in documents, archives or media to prepare texts, specifications and agreements; to legal aid companies; to companies including information technology ones, companies enabling the management of electronic tools, archiving procedures, printing correspondence and managing incoming and outgoing mail; to companies in charge of fraud control, credit recovery and detection of credit and insolvency risks; to Public Administrations, in accordance with the law; to all those subjects that perform banking, financial and insurance services; to service companies for the management of the company's information system; to companies that carry out transmission, enveloping, transport and sorting of communications; to firms or companies in the context of assistance and consultancy relationships; to any Supervisory Body; to certification bodies of Management Systems; to the Board of Statutory Auditors; to subjects who carry out control, revision and certification of the activities carried out by the company; to subjects to whom the communication is necessary or functional for the correct fulfilment of the contractual obligations assumed, as well as the obligations deriving from law or who have access to personal data by virtue of regulatory or administrative provisions; to accountants and contracting authorities.

6. Dissemination of data: Personal data are not subject to disclosure

7. Obligation/optional nature of data provision: Without prejudice to the personal autonomy of the data subject, the provision of personal data, both common and falling into particular categories, can be: mandatory in relation to the obligations established by laws, regulations and European Union legislation, as well as by provisions issued by authorities authorised to do so and by supervisory and control bodies, as well as obligations in tax and accounting matters; essential to the conclusion of new relationships or to the management and execution of contractual relationships existing or in the process of being established.

8. Refusal to provide data: Any refusal by the data subject to provide personal data for the purposes indicated in point 2 letters a) b) c) of this policy will make it impossible to proceed with the correct and complete execution of the contractual relationships existing or in the process of being established.

9. Data retention period: The personal data concerning you will be stored in a form that allows their identification for a period of time not exceeding the achievement of the purposes for which they are processed, and in any case in compliance with the legal obligations relating to data retention times (investigations tax and statute of limitations for the exercise of rights).

10. Rights of the data subject: You can contact the data controller to assert your rights, as envisaged in the Regulations, and in particular you are entitled to:

  1. ask the data controller to access your personal data and the correction or cancellation of the same or the limitation of the processing of personal data and to oppose their processing, in addition to the right to data portability;
  2. lodge a complaint with a supervisory authority;
  3. know the source from which the personal data originates and, if applicable, the possibility that the data come from sources accessible to the public;
  4. obtain confirmation from the data controller whether or not personal data is being processed and, in this case, to obtain access to personal data and the following information:
  • the purposes of the processing;
  • the categories of personal data;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are third countries or international organisations;
  • when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period;
  1. ask the data controller to rectify or delete personal data or limit the processing of personal data or to oppose their processing;
  2. know, if the data are not collected from the data subject, all the information available on their origin, on the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject;
  3. obtain from the data controller the correction of inaccurate personal data concerning him without undue delay;
  4. obtain, taking into account the purposes of the processing, the integration of incomplete personal data, also by providing an additional declaration;
  5. obtain from the data controller the cancellation of personal data without undue delay;
  6. obtain from the data controller the limitation of the processing in the event that they dispute the accuracy of the personal data, or they object to the cancellation of the data, or - although the data controller no longer needs it for the purposes of the processing - the data are necessary for the data subject in ascertaining, exercising or defending a right in court, or they have opposed the processing carried out by the controller for the pursuit of their own legitimate interest;
  7. receive the personal data concerning you in a structured format, commonly used and readable by an automatic device and to transmit such data to another data controller without impediments by the data controller to whom they provided (the so-called right to portability some data);
  8. oppose at any time, for reasons connected with their particular situation, to the processing of their personal data (when the processing is necessary for the performance of a task of public interest or connected to the exercise of public authority vested in the data subject, or when the processing is necessary for the pursuit of a legitimate interest of the data subject), including profiling on the basis of these provisions, as well as oppose to the processing of data carried out for direct marketing purposes.

11. The aforementioned rights may be exercised by means of a written request addressed to the Data Processing Representative by registered letter, or by e-mail to the following e-mail address:

Need more information?


Contact us for more information or customized quotation.