Privacy Policy

Last updated: May 22, 2026

This Privacy Policy describes how Vai Group S.r.l. processes the personal data of users interacting with the website (hereinafter "the Site"), pursuant to Regulation (EU) 2016/679 ("GDPR") and Italian legislation on the protection of personal data.

Data controller

The Data Controller is:

Vai Group S.r.l.
Registered office: Via Ennio Salvadei, 7 - 62100 Macerata (MC), Italy
Operational office: Via Ufente 20, 04100 Latina (LT), Italy
VAT ID: 01635720434
REA: MC168731
Share capital: EUR 1,000,000 fully paid-up
Email: privacy@vaigroup.it

Types of data collected

The Site may collect the following categories of personal data:

  • Navigation data: IP address, browser type, operating system, pages visited, date and time of access. These are automatically collected by the IT systems that operate the Site and are used for IT security and technical diagnostics.
  • Data voluntarily provided: first name, last name, email address, telephone number, company name, message and any other data entered by the user through the Site's contact forms.
  • Consent data: choices expressed by the user regarding cookies and any consent to processing, stored to demonstrate the lawfulness of the processing.

Purposes of processing

The personal data collected is processed for the following purposes:

  • Responding to information requests sent via the Site's contact forms
  • Ensuring the correct functioning of the Site and IT security
  • Complying with obligations under laws, regulations or European Union legislation
  • Defending the Controller's rights in court, where necessary

The data will not be used for marketing, profiling or commercial communication activities without the explicit prior consent of the data subject.

Legal basis

The processing of personal data is based on the following legal grounds:

  • Performance of pre-contractual measures (art. 6.1.b GDPR) for contact requests made by the user
  • Legitimate interest of the Controller (art. 6.1.f GDPR) for IT security and diagnostics of the Site
  • Legal obligation (art. 6.1.c GDPR) for responding to requests from the competent authorities
  • Consent of the data subject (art. 6.1.a GDPR), where required, for specific purposes such as any analytics cookies or promotional communications

Data retention period

Personal data is stored for the following periods:

  • Contact form messages: 24 months from the date of submission, except for ongoing commercial relationships requiring longer retention
  • Site access logs: 6 months, except where extension is required for security investigations
  • Cookie consent data: 12 months from the date consent was given

After the indicated periods, data will be deleted or anonymised, except for legal obligations requiring longer retention.

Data recipients

Personal data may be disclosed to the following parties, acting as Data Processors pursuant to art. 28 GDPR:

  • Hosting provider of the Site, with infrastructure located in the European Union
  • Transactional email service providers for the delivery of messages sent via the contact forms
  • Professional consultants (e.g. legal, tax advisors) in cases provided for by law

Personal data will not be disclosed to other parties, nor publicly disseminated, except upon request of the competent authorities.

Non-EU data transfers

Some of the service providers used may process personal data in countries outside the European Economic Area. For such transfers, the Controller relies on the Standard Contractual Clauses approved by the European Commission (Implementing Decision EU 2021/914) and additional technical and organisational security measures, in compliance with art. 44 and following of the GDPR.

Data subject rights

Pursuant to articles 15 to 22 of the GDPR, the data subject has the right to:

  • obtain confirmation of the existence of personal data concerning them and receive a copy thereof (right of access)
  • request the rectification of inaccurate data or the integration of incomplete data (right to rectification)
  • request the deletion of data in cases provided for by law (right to be forgotten)
  • request the restriction of processing
  • object to processing for legitimate reasons
  • receive their data in a structured, machine-readable format (right to data portability)
  • withdraw consent at any time, without affecting the lawfulness of processing based on the consent given before the withdrawal
  • lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it)

How to exercise your rights

To exercise the rights listed above, the data subject may send a written request to:

Vai Group S.r.l.
Via Ennio Salvadei, 7 - 62100 Macerata (MC), Italy
Email: privacy@vaigroup.it

The Controller will respond within 30 days of receipt of the request, except in cases of particular complexity, which may result in an extension, communicated promptly to the data subject.

Changes to this policy

This Policy may be subject to changes due to regulatory, organisational or technical adjustments. Any updates will be published on the Site indicating the date of entry into force. Users are therefore invited to consult this page periodically to stay up to date on how their personal data is processed.