Issued pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (the Italian Data Protection Code).
This website (the “Site”) collects and processes personal data of users who browse it or interact with it. Through this notice, the Data Controller describes the purposes, methods and legal bases of the processing, as well as the rights granted to data subjects.
Domino S.r.l. Società Benefit
Registered office: Via Sebastiano Beato Valfrè, 4 – 10121 Turin (TO), Italy
Administrative and operating office: Via Agostino da Montefeltro, 2 – 10134 Turin (TO), Italy
VAT no. 07098990018
Email: info@domino.it
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted for any matter relating to the processing of personal data and the exercise of data subjects’ rights:
Flavio Pedazzini
Email: dpo@domino.it
Depending on how the user interacts with the Site, the Data Controller may process:
Personal data is processed for the purposes listed below; the legal basis and retention period are specified for each.
a) Responding to contact requests (contact form or phone contact: information, quotes, commercial inquiries)
Legal basis: performance of pre-contractual steps taken at the data subject’s request (Art. 6(1)(b)); for generic requests not aimed at entering into a contractual relationship, the Data Controller’s legitimate interest in responding (Art. 6(1)(f)).
Retention period: up to 24 months from the last contact, unless a contractual relationship is established.
b) Newsletter subscription and direct marketing communications
Legal basis: the data subject’s consent (Art. 6(1)(a)).
Retention period: until consent is withdrawn or the subscriber unsubscribes, and in any case no longer than 24 months of subscriber inactivity, after which the contact is sent a request to renew consent (re-permission); if no response is received, the contact is removed and the data is deleted.
c) Management of customer records and business relationships through the CRM (HubSpot), including B2B business development activities
Legal basis: for customers and prospects with whom negotiations are underway, performance of the contract or of pre-contractual steps (Art. 6(1)(b)); for B2B relationship development activities, the Data Controller’s legitimate interest (Art. 6(1)(f)).
Retention period: for the duration of the contractual relationship and any subsequent applicable limitation periods.
d) Management of unsolicited job applications (“Work with us”)
Legal basis: performance of pre-contractual steps at the candidate’s request (Art. 6(1)(b)); for any retention of the CV for future opportunities, consent (Art. 6(1)(a)).
Retention period: 6 months from receipt, for the purpose of evaluating the application; any retention beyond this period, for future opportunities, takes place only with the candidate’s prior consent.
e) Measurement and statistical analysis of Site usage (HubSpot Analytics, Google Analytics 4)
Legal basis: consent for third-party tracking tools (Art. 6(1)(a)); legitimate interest for aggregate statistics (Art. 6(1)(f)).
Retention period: as indicated for the relevant cookies in the Cookie Policy; aggregate data is kept for the period necessary for the analysis.
f) Marketing, remarketing and behavioral targeting (Google Ads, Meta Pixel)
Legal basis: the data subject’s consent given through the cookie banner (Art. 6(1)(a)).
Retention period: as indicated for the relevant cookies and conversion windows in the Cookie Policy.
g) Site security, system logs and maintenance
Legal basis: the Data Controller’s legitimate interest in network and system security (Art. 6(1)(f)).
Retention period: up to 12 months.
h) Establishment, exercise or defense of a legal claim
Legal basis: the Data Controller’s legitimate interest (Art. 6(1)(f)).
Retention period: for as long as necessary to protect the right, up to the applicable limitation period.
Providing data for purposes a), c), d) is mandatory: refusal makes it impossible to follow up on the request, manage the relationship, or comply with legal obligations. Providing data for purposes b), e) and f) is optional and based on consent, which can be freely withdrawn: refusal or withdrawal does not affect the use of the Site or of the requested services.
In the data collection forms, mandatory fields are clearly marked; all other fields are optional.
Processing is carried out using IT and electronic tools, with logic strictly related to the stated purposes, and through technical and organizational measures appropriate to ensure security and confidentiality (Art. 32 GDPR), aimed at preventing unauthorized access, disclosure, alteration or destruction of data.
Data may be processed by:
The updated list of data processors is available upon request at the contact details indicated in section 1.
Data is not disclosed to the public.
Some providers (HubSpot, Google, Meta) involve the transfer of personal data to the United States of America.
Such transfers take place on the basis of the European Commission’s adequacy decision of 10 July 2023 on the EU-U.S. Data Privacy Framework (DPF), as the relevant U.S. companies are certified under the Framework. Where a provider is not (or is no longer) certified, the transfer is safeguarded by the Standard Contractual Clauses adopted by the European Commission, supplemented by additional measures where necessary.
Users can verify a provider’s certification on the official list (www.dataprivacyframework.gov) and obtain a copy of the safeguards adopted by submitting a request to the contact details indicated in section 1.
The Data Controller may carry out profiling activities for marketing purposes and behavioral analysis (e.g. lead scoring through HubSpot, remarketing through Google and Meta), in order to assess user preferences and behavior and personalize communications.
Such activity does not produce legal effects or similarly significantly affect the data subject within the meaning of Art. 22 GDPR. Users have the right, at any time, to object to profiling for direct marketing purposes, pursuant to Art. 21(2) GDPR.
Pursuant to Articles 15-22 GDPR, the data subject has the right to:
Requests may be addressed to the contact details of the Data Controller or the DPO indicated in sections 1 and 2. The Data Controller will respond without undue delay and in any event within 30 days, which may be extended by a further 90 days in cases of particular complexity (Art. 12 GDPR). The exercise of these rights is free of charge.
Any data subject who believes that the processing of their personal data is unlawful has the right to lodge a complaint with the Italian Data Protection Authority:
Garante per la protezione dei dati personali
Piazza Venezia, 11 – 00187 Rome, Italy
Email: garante@gpdp.it – Certified email (PEC): protocollo@pec.gpdp.it
www.garanteprivacy.it
This is without prejudice to the right to bring the matter before a court.
The Site uses cookies and other tracking tools, including third-party tools. For details on the purposes, providers and consent management methods, please refer to the Cookie Policy.
The Data Controller reserves the right to modify or update this notice to reflect regulatory or organizational changes. Updated versions will be published on this page, indicating the date of the last update. Where changes affect processing based on consent, the Data Controller will collect consent again where necessary.
Last updated: 17 June 2026