Close this search box.

Privacy policy – license

Information on the processing of personal data

pursuant to art. 13 of the European Regulation 2016/679

The following provides some information on the processing of personal data of visitors navigating within the website (here inafter: Website) and use the services offered by the same, pursuant to and for the purposes of Art. 13 of EU Regulation 2016/679.

  1. Data Controller

The Data Controller is People Lab srl, P. Iva 04212840963, based in Milano Oldofredi, 45, e-mail address, CEM address .

  1. Data Subject

Data subjects are users, who visit the Site for professional reasons.

  1. Personal Data

For web site navigation and use of offered services from the same, the data subject must communicate the following personal data:

  • Name, Surname and address/registered office;
  • Phone number
  • E-mail address
  • Payment/billing data
  1. Purpose of data processing

The processing of personal data is aimed at fulfilling pre-contractual and contractual obligations.

In more detail, personal data will be processed for:

4.1 management of the pre-contractual phase and establishment/execution of the contractual relationship with the persons concerned;

4.2 tax and accounting management of the contractual relationship;

4.3 business promotion, customer satisfaction and customer loyalty relationships;

4.4 profiling for sending personalized communications;

4.5 newsletter service

Personal data may be processed through paper and computer archives – and processed in a manner strictly necessary to meet the purposes indicated above.

  1. Legal basis of the processing

5.1 The basis of the processing for the purpose referred to in point 4.1 is represented by the performance of the contract between the parties (art. 6, co.1, lett. b) Reg. EU 2016/679).

5.2 The basis of the processing for the purpose referred to in point 4.2 is represented by the fulfilment of a legal obligation to which the Data Controller is subject (art. 6, co.1, lett. c) Reg. EU 2016/679).

5.3 The basis of the processing for the purpose referred to in point 4.3 is represented by the legitimate interest of the data controller or third parties (art. 6, co. 1, lett. f) Reg. EU 2016/679).

5.4 The basis of the processing for the purpose referred to in point 4.4 and referred to in point 4.5 is represented by the consent of the data subject (art. 6, co.1, lett. a) Reg. EU 2016/679).

  1. Consequences of failure to provide personal data

With regard to personal data relating to the performance of the contract of which the data subject is a party or relating to the fulfilment of a regulatory obligation, failure to communicate personal data prevents the contractual relationship from being completed.

  1. Data retention

Personal data subject to processing for the purposes indicated in point 3, will be kept for the duration of the contract and, later, for the period in which the Data Controller is subject to retention obligations for tax purposes or for other purposes provided by law or regulation. In particular, the data will be kept for the ten-year period provided for the storage of documents relevant for accounting, tax and anti-money laundering purposes, in accordance with the reference standards.

  1. Data communication

The data of the data subject will be communicated and processed by employees authorized for this purpose by the Data Controller (contact persons and persons in charge/authorized for the processing).

Depending on what is necessary for the performance of the contract, personal data may be communicated to:

– Accounting Firm

– Law Firm

– Credit Institution

– Public security authorities / Judicial Authorities or insurance company as well as third parties authorized by specific legal provisions or by Regulations provided for by European Union or Member State law to which the Data Controller is subject.

The data may also be known by other independent Data Controllers and by External Managers and/or Sub Managers appointed by the owner.

  1. Data transfer to third countries

Data will not be transferred to a third country or an international organization by the Data Controller.

  1. Right of the data subject

The Data subject has the right to:

– request access to personal data and information relating thereto; the correction of inaccurate data or the integration of incomplete data; the deletion of personal data (upon the occurrence of one of the conditions indicated in art. 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in the paragraph 3 of the same article); the limitation of the processing of personal data (to the use of one of the cases indicated in art. 18, paragraph 1 of the GDPR);

– request and obtain – in cases where the legal basis for processing is the contract or consent, and the same is carried out by automated means – personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller;

– object at any time to the processing of personal data the use of special situations concerning the person concerned;

– withdraw your consent at any time, only in cases where the processing is based on consent for one or more specific purposes and concerns common personal data (for example, date and place of birth or residence), or particular categories of data (such as data that reveal racial origin, political opinions, beliefs, the state of health or sexual life). The processing based on the consent and carried out before the revocation of the same, retains, however, its lawfulness;

– lodge a complaint with a supervisory authority.

These rights can be exercised by writing to the e-mail address:


[Document version 1.0]