This Privacy Policy describes the purposes and methods of processing personal data of the customers of **Aerauliqa S.r.l. a socio unico** (hereinafter referred to as “Aerauliqa”).
### 1) Data Controller
The Data Controller is **Aerauliqa S.r.l. a socio unico**, with registered and operational office at Via Mario Calderara 39/41, 25018 Montichiari (BS) – Italy.
TEL: +39 030 674681 – FAX: +39 030 6872149
Tax Code and VAT No.: 03369930981 – REA: BS-528635
E-mail: info@aerauliqa.it
Website: [www.aerauliqa.it](https://www.aerauliqa.it)
### 2) Data Protection Officer (DPO)
Pursuant to Article 37 of EU Regulation 2016/679, **Aerauliqa** has decided not to appoint a Data Protection Officer (DPO), as it is not a public body and does not carry out large-scale monitoring of personal data, including special categories of data under Articles 9 and 10.
### 3) Purpose, Method, and Place of Processing
Personal data collected by **Aerauliqa** concerning its customers will be processed for the following purposes:
a) To fulfill obligations arising from contractual relationships;
b) For civil, tax, and accounting purposes;
c) To comply with legal obligations, regulations, EU legislation, or orders from authorities (e.g., anti-money laundering laws).
Only with your specific and explicit consent, your data may also be processed:
d) For promotional, marketing, and commercial purposes, including references, invitations to events, trade fairs, and seminars, as well as for sending newsletters, catalogs, and price lists.
Personal data is processed by automated and manual means for the period strictly necessary to achieve the purposes for which it was collected. Appropriate security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorized access.
Processing related to the Services takes place at the aforementioned headquarters of **Aerauliqa** and at the premises of electronic data processing service providers, performed only by authorized technical personnel or appointed processors, including those performing occasional maintenance.
### 4) Categories of Data, Recipients, and Disclosure Scope
**Aerauliqa** collects personal data necessary for providing the contracted Services, including—by way of example—company name, telephone number, email address, tax code, VAT number, and bank details.
Such data may be communicated to:
a) Public bodies, for institutional purposes;
b) Debt collection agencies;
c) Insurance companies;
d) Legal advisors and attorneys for contract-related disputes;
e) Potential customers, to facilitate business relationships;
f) Consulting firms, professionals, and organizations working with the company;
g) Accounting firms;
h) Banks and financial institutions;
i) Couriers and transport companies for product delivery;
j) Internal staff performing company functions;
k) The parent company, for group management purposes.
These subjects will process the data as independent data controllers.
Data will not be disseminated.
### 5) Nature of Data Provision and Consequences of Refusal
Providing data for purposes listed in points 3 a), b), and c) is mandatory. Failure to provide such data may make it impossible to deliver the requested Services.
Providing data for marketing purposes under point 3 d) is optional and does not affect contract performance. You may choose not to provide data or withdraw your consent at any time without consequences for the main service.
### 6) Data Transfer Abroad
Data is transferred abroad through backup systems on **IDrive Cloud**. Such transfer is considered compliant under the European Commission’s adequacy decision of July 12, 2016, governing EU–U.S. data transfers (known as the “Privacy Shield”).
### 7) Data Retention Period
Personal data processed for pre-contractual/contractual purposes is retained only for as long as necessary to achieve the intended objectives and may be stored for up to **ten (10) years** to comply with legal obligations, manage potential disputes, and handle claims for damages.
### 8) Data Subject Rights
As a data subject, you have the rights set out in **Article 15 of the GDPR**, including the right to:
I. Obtain confirmation as to whether personal data concerning you exists, even if not yet recorded, and to receive such data in an intelligible form.
II. Obtain information on:
a) The origin of the personal data;
b) The purposes and methods of processing;
c) The logic applied in case of automated processing;
d) The identification details of the controller, processors, and appointed representatives;
e) The subjects or categories of subjects to whom data may be communicated.
III. Obtain:
a) The updating, rectification, or integration of data;
b) The erasure, anonymization, or blocking of data processed unlawfully;
c) Certification that these operations have been notified to third parties who received the data.
IV. Object, in whole or in part:
a) On legitimate grounds, to the processing of personal data, even if relevant to the purpose of collection;
b) To processing for marketing, advertising, or commercial communication purposes, including via automated systems such as email, phone calls, or traditional mail.
V. The objection right in point (b) extends to both automated and traditional communications. You can therefore choose to receive only certain types of communications or none at all.
Where applicable, you are also entitled to the rights under Articles 16–21 GDPR (Right to rectification, erasure, restriction, data portability, and objection), as well as the right to lodge a complaint with the supervisory authority.
### 9) Exercising Your Rights
Requests may be submitted to the Data Controller by email at: **privacy@aerauliqa.it**
### 10) Right to Lodge a Complaint
You have the right to lodge a complaint with the **Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)** if you believe the processing of your personal data violates applicable law.
Address: Piazza di Monte Citorio 121, 00186 Rome – Italy
Fax: (+39) 06 69677.3785 – Switchboard: (+39) 06 696771
E-mail: garante@gpdp.it – Certified email (PEC): protocollo@pec.gpdp.it
### 11) Source of Data
Personal data is primarily collected directly from the data subject. Some data may, however, be obtained from publicly available sources.
