Privacy Policy
Data Controller
Schedoni S.r.l.
Registered office: Via Gandhi, 44 – 41123 Modena (MO) – Italy
VAT no. / Tax code: IT 02797190366
Email: info@schedoniheritage.com
(hereinafter “Controller”)
This Privacy Policy is provided pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR).
1. Purposes of processing and legal bases
| Purpose | Data processed | Legal basis |
|---|---|---|
| Reply to requests received via contact forms, job applications (CVs), information requests | First name, last name, email, telephone, CV, any other data voluntarily provided | Performance of pre-contractual measures (Art. 6.1.b GDPR) |
| Sending the “Join the Club” newsletter, commercial communications, invitations to exclusive events | First name, last name, email, country of residence, date of birth | Explicit consent (Art. 6.1.a GDPR) |
| Compliance with legal obligations (tax, accounting, anti-money laundering, etc.) | Identification and contact data | Legal obligation (Art. 6.1.c GDPR) |
| Establishing, exercising or defending legal claims | All data necessary for the purpose | Legitimate interest (Art. 6.1.f GDPR) |
| Technical operation and security of the website (logs, technical cookies) | IP address, navigation data, usage data | Legitimate interest (Art. 6.1.f GDPR) |
| Anonymous statistical analysis of user behaviour (Google Analytics with IP anonymisation, if used) | Aggregated/anonymised usage data | Legitimate interest (Art. 6.1.f GDPR) |
2. Categories of personal data
- Data voluntarily provided by the user: via contact forms, job applications, newsletter subscription (name, surname, email, phone, CV, etc.).
- Data of third parties: if you provide personal data of third parties (e.g. references), you are solely responsible for their lawful processing and for having informed them.
- Automatically collected data: IP address, browser type, pages visited, time of access, etc. See the separate Cookie Policy.
3. Place of processing and international transfers
Personal data are processed at the Controller’s premises and on servers of Infomaniak SA located in Switzerland.
Switzerland benefits from an adequacy decision by the European Commission (2000/518/EC, still applicable with limitations). Following the Schrems II ruling and the new Swiss Federal Act on Data Protection (nFADP), the Controller has nevertheless signed the EU Standard Contractual Clauses (2021) with Infomaniak and carried out a Transfer Impact Assessment (TIA) confirming the adequacy of the safeguards.
4. Data Processors
The Controller uses the following main external Data Processors (Art. 28 GDPR):
• Infomaniak SA – website hosting and corporate email
• WordPress/Automattic (only for essential technical functions)
• Any mailing service provider used for the newsletter (to be specified if applicable)
The updated list of Data Processors is available on request at info@schedoniheritage.com.
5. Data retention periods
| Type of data | Retention period |
|---|---|
| Contact form and job application data | 24 months from receipt (unless an employment relationship is established) |
| Newsletter data | Until consent is withdrawn + further 24 months for proof purposes |
| Data for tax/accounting purposes | 10 years from termination of the relationship |
| Technical and security logs | 12 months |
| Data for legal defence | Until expiry of limitation periods or conclusion of litigation |
At the end of the retention period, data will be deleted or anonymised.
6. Data subject rights (Articles 15–22 GDPR)
You have the right to:
• access your data
• request rectification or erasure
• obtain restriction of processing
• object to processing
• withdraw consent at any time
• receive your data in a structured format (portability)
• lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it)
Requests should be sent to: info@schedoniheritage.com
We will reply within 30 days (extendable in complex cases).
7. Security measures
The Controller implements appropriate technical and organisational measures (TLS encryption, encrypted backups, access control, regular updates of WordPress and plugins) to protect your data against loss, unauthorised access or misuse.
8. Changes to this Privacy Policy
The Controller reserves the right to modify this policy. The updated version will be published on this page with the date of the last update.
Last updated: December 2025