Privacy Policy

Last updated: November 4, 2025

1. Data Controller

Syntazen Srl
Piazza Statuto, 14 – 10122 Turin (TO) – Italy
VAT and Tax ID: IT13228740018 – REA TO-1348189
Email: privacy@syntazen.com
PEC: syntazen@pec.it

2. Types of Data Processed

Browsing Data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols (e.g., IP address, access logs, date and time of requests, user-agent, and security logs).

Customer and Supplier Data

Identification, business, tax, and billing data necessary for managing contractual relationships and fulfilling legal obligations.

Analytics Data

Aggregated and anonymous web traffic data collected through the Matomo platform, self-hosted on Syntazen infrastructure and operating in a cookieless mode, configured to prevent the identification of visitors.

3. Purposes and Legal Bases of Processing

  • Website functionality and security – Art. 6(1)(f) GDPR (legitimate interest of the controller).
  • Aggregated statistical analysis via Matomo cookieless – Art. 6(1)(f) GDPR (legitimate interest).
  • Management of contracts, orders, and customer support – Art. 6(1)(b) GDPR (performance of a contract).
  • Tax and accounting obligations – Art. 6(1)(c) GDPR (legal obligation).

4. Data Recipients

  • Authorized internal personnel;
  • External accounting consultant appointed as Data Processor pursuant to Art. 28 GDPR;
  • ICT and hosting service providers (IONOS SE, AWS);
  • No dissemination of data to unauthorized third parties.

5. Data Retention

  • Browsing data: retained for a maximum of 7 days (unless required for the investigation of cybersecurity incidents).
  • Contractual and billing data: retained for 10 years, as required by civil and tax regulations.
  • Customer support data: retained for as long as necessary to manage the request.
  • Aggregated analytical data: anonymized and stored indefinitely, as it cannot be linked to individual persons.

6. Data Transfers Outside the EU

Syntazen Srl’s main technical providers (IONOS SE and AWS Amazon Web Services) operate within the European Union. Specifically, some hosting and cloud-computing services provided by AWS (Amazon Web Services) use data centers located in Italy. However, since AWS is a U.S.-based company, it cannot be completely ruled out that, in exceptional cases, technical data may be accessed from outside the EU.

In such cases, any transfer will occur in compliance with Articles 44–49 of the GDPR and based on the Standard Contractual Clauses (SCCs) adopted by the European Commission, as well as additional technical and organizational security measures.

7. Security Measures

The Controller adopts appropriate technical and organizational measures to ensure the security of personal data, including:

  • Encrypted connections via HTTPS protocol;
  • Periodic end-to-end encrypted backups;
  • Access control and multi-factor authentication for internal systems;
  • Firewalls and security log monitoring;
  • Access limitation and traceability for all data operations.

8. Data Subject Rights

As a data subject, you may exercise the rights set out in Articles 15–22 of the GDPR at any time, including:

  • Right of access to your data;
  • Right to rectification or erasure (“right to be forgotten”);
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object to processing on legitimate grounds;
  • Right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

To exercise your rights, please contact privacy@syntazen.com or use the certified email address syntazen@pec.it.

9. Updates

This policy may be subject to changes or updates in case of regulatory amendments or technical developments of the website. We encourage you to periodically review this page.

10. Legal References

This Privacy Policy has been drafted in compliance with:

  • Regulation (EU) 2016/679 (“GDPR” – General Data Protection Regulation);
  • Italian Legislative Decree No. 196/2003 (“Italian Data Protection Code”), as amended by Legislative Decree No. 101/2018;
  • Guidelines and Recommendations of the EDPB (European Data Protection Board);
  • Decisions and provisions issued by the Italian Data Protection Authority regarding websites, cookies, and personal data processing.