Privacy policy

Art. 13 EU Regulation 679/16‎

TEMPESTIVE s.p.a. a socio unico, as data controller, inform the Clients that personal data shall be processed according to Regulation EU 2016/679 “General Data Protection Regulation” (hereinafter “GDPR”).

1. Data Controller

1.1 The Data Controller is Tempestive s.p.a a socio unico, represented by its legal representative pro tempore, with registered office by the Polo Tecnologico of Pordenone, via Roveredo no. 20/b, 33170 Pordenone, VAT number 01352100935, Phone 0434.570305 e-mail – PEC (hereinafter also “Tempestive” or the “Controller”).

2. Data Protection Officer

2.1 Tempestive has designated the Data Protection Officer in accordance with article 37 of the GDPR (“DPO”) in the person of Avv. Anna Perut (contact details: – PEC

3. Purposes and legal basis for the processing

3.1 Tempestive shall process the personal data exclusively for the following purposes:

  1. performance of pre-contractual negotiations and fulfilment of all activities connected with the management and fulfillment of the contractual relationship (e.g. fulfillment of the contract, administrative and accounting management, invoicing). The legal basis of the processing is the performance of a contract to which the data subject is party or the steps made at the request of the data subject prior to entering into a contract (art. 6, par. 1, letter b) of the GDPR);
  2. fulfilment of fiscal and regulatory obligations of the Controller (art. 6, par. 1 letter c) of the GDPR);
  3. protection of Tempestive rights arising from the contract. The legal basis of the processing is the legitimate interests pursued by the Controller (art. 6, par. 1, letter f) of the GDPR);
  4. soft spam: Tempestive shall use the e-mail address provided by the data subject when purchasing a service, performance or product in order to propose services, performance or products similar to those purchased. Should the data subject no longer wish to receive the above-mentioned communications, he or she may object at any time by writing to the following address or by clicking on the link in each communication. The legal basis of the processing is the legitimate interests pursued by the Controller to send a limited number of commercial communications appropriate and inherent to the existing relationship with the clients concerned (art. 6, par. 1, letter f) of the GDPR);
  5. for the legitimate interests pursued by the Controller or by the parent company Alfa Sistemi s.p.a. (art. 6, par. 1, letter f) of the GDPR), properly evaluated and balanced, personal data may be transmitted to the parent company if it is necessary for internal administrative purposes, integrated process management or purposes related to management and coordination action.

4. Modalities of personal data processing

4.1 The processing operations shall be carried out using computer and telematic tools as well as paper, in accordance with the principles of lawfulness, fairness, transparency, relevance, accuracy, with logical organization and processing related to the purposes pursued. Personal data shall be protected against destruction, alteration, deletion and unauthorized access by means of appropriate physical, logical and organizational security measures. Personal data shall be processed, for the purposes referred to in paragraph 3, by persons working within the internal organizational structure of the Controller, specially authorized and trained according to their duties, and by external persons appointed as data processors pursuant to article 28 of the GDPR.

4.2 There are no automated decision-making nor profiling processes.

5. Nature of the provision of data and consequences of failure to provide data

5.1 The provision of personal data is necessary for pre-contractual negotiations, to enter into the contract, to fulfill the contract and to comply with legal obligations. Any refusal to provide data, in whole or in part, may make it impossible to pursue the above purposes.

6. Personal data retention period

6.1 Personal data relating to the contract shall be stored for the entire duration of the contractual relationship and, subsequently, for the duration foreseen by the applicable civil and fiscal regulations, and in any case no longer than 10 years from the end of the contractual relationship. Further periods of storage are allowed, also related to the protection of the rights of the Controller, where required by law; subsequently, the data shall be deleted or made anonymous.

6.2 The e-mail address processed for the purpose of soft spam communication shall be stored until the object request by the data subject.

7. Recipients of the personal data

7.1 Personal data may be disclosed, for the purposes referred to in paragraph 3, to the persons authorized to process operating within the internal organizational structure of the Controller who are committed to confidentiality or have an adequate legal obligation of confidentiality.

7.2 Personal data may be disclosed to the parent company and all those public and private subjects whose disclosure is necessary to pursue the purposes referred to in paragraph 3 (e.g. Tempestive’s legal and tax consultants, trusted external companies for the provision of services, including computer services) or is required by law or regulation, as well as in the event of requests from the Public Authorities. These subjects shall operate, depending on the context, as data processors or data controllers.

7.3 Personal data shall not be disseminated nor transferred to a third Country or international organizations.

8. Data subject rights

8.1 In accordance with article 15-22 of the GDPR, the data subject has the right to:

  • obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information of article 15 of the GDPR (right of access);
  • obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her or the completion of incomplete personal data (right to rectification – art. 16 of the GDPR);
  • obtain from the Controller the erasure of personal data concerning him or her without undue delay, if applicable (right to erasure – art. 17 of the GDPR);
  • obtain from the controller restriction of processing (right to restriction of processing – art. 18 of the GDPR);
  • object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her and object to the processing of personal data for direct marketing purposes (right to object – art. 21 of the GDPR);
  • lodge a complaint with the Italian Data Protection Authority pursuant to article 77 of the GDPR.

8.2 The rights shall be exercised by contacting Tempestive s.p.a. a socio unico, using the appropriate form provided by Tempestive, sending an e-mail to the following addresses: e-mail – PEC or by submitting a written request or registered letter with return receipt to the registered office of Tempestive s.p.a. a socio unico, by the Polo Tecnologico of Pordenone, via Roveredo no. 20/b, 33170 Pordenone or by contacting the DPO at the following contacts: – PEC

The data subject may communicate at any time that he/she does not wish to receive soft spam communications by sending a request to or by clicking on the link present in each communication.  

Last updated: Tuesday, 27th February 2024

Contact us for more information

Tell us what you need, together we will find the best solution for your business.