This Privacy Policy (referred to as "Privacy Policy") explains how SECO (“SECO”, “we”, “our”, and “us”) collects, uses, shares and otherwise processes your personal information (also known as personal data) in connection with the use of SECO websites and applications that link to this Privacy Policy (the “Sites”), and the use of our services and products (the “Services” and “Products”).

1. Data Controller

The Data Controller is SECO S.p.A. (hereinafter also referred to as "SECO" or the "Controller"), represented by its pro tempore legal representative, with registered office in Arezzo (AR), 52100, Via Achille Grandi, no. 20.

2. Type of data which are subject to the processing:


When using our Services, we may collect certain information, such as your name, email address, phone number, postal address, job title, and company name. We may also collect other information that you provide through your interactions with us, for example if you request information about our Products or Services, interact with our sales team or contact customer support, or take part in marketing activities.

We do not process special categories of personal data about our users.


The computer systems and software procedures used to operate the Site can acquire, during their normal operation, navigation data whose transmission is implicit in the use of Internet communication protocols.

Navigation data, necessary for the use of web services, are also processed for the purpose of:

  • obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
  • checking the correct functioning of the services provided.

3. Purpose of the Processing

We inform you that your personal data are processed for purposes strictly connected and necessary for the use of the Site and the services provided therein, as well as to ensure the security of the network and data of the company's IT systems.

In particular, personal data will be processed for the following purposes:

  • to create and maintain your SECO account;
  • to provide, maintain, deliver and update SECO Services;
  • to provide you with customer service and support;
  • to respond to your questions, comments, and requests, including to keep in contact with you regarding the Products and Services you use;
  • for billing, payment, or account management; for example, to identify your account and correctly identify your usage of our Products and Services;
  • for marketing communications;
  • to protect the security, availability and integrity of our services and information systems;
  • to comply with our obligations under applicable law, legal process, or government regulation.

4. Legal Basis

We process personal data for the following purposes:

The legal basis of the processing depends on the various purposes set out above: consent (Article 6, section 1, letter a) of the GDPR); the fulfilment of specific obligations deriving from pre-contractual and contractual agreements (pursuant to Article 6, section 1, letter b) of the GDPR); the legitimate interest of the company (Article 6, section 1, letter f) of the GDPR).

5. How we share you information

Your personal data may be disclosed to the following categories of parties:

  • companies belonging to the SECO Group for the performance of the contract and for related administrative purposes;
  • employees and collaborators appointed by the Data Controller as authorised parties for processing;
  • entities and/or subjects appointed as data processors;
  • external IT service providers who provide IT maintenance and assistance, IT solutions and software solutions on behalf of the Controller and/or the SECO Group;
  • natural or legal persons appointed by the Data Controller to perform services related to the management of the payment systems in use at the Site, as well as credit recovery companies;
  • public security authorities, judicial authorities, parties, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities.

6. Transfer of Data to Third Countries

The personal data you provide may be transferred abroad, both within the European Union and to third countries, for the purpose of performing the contract in place with you or the pre-contractual measures adopted at your request, as well as the fulfilment of obligations imposed by applicable laws.

In any case, please note that the transfer of your personal data abroad shall take place in accordance with the provisions of Articles 44 et seq. of the GDPR.

7. Period for Retention of Personal Data

In order to ensure correct and transparent processing, Seco retains your personal data for a period of time not exceeding that necessary for the purposes for which they have been collected or subsequently processed, in accordance with the provisions of Article 5, section 1, letter e) of the GDPR.

Personal data that are no longer necessary, or for which there is no longer a legal basis for its storage, are irreversibly anonymised or destroyed.

Navigation data are not retained except for any need to ascertain crimes by the judicial authorities.

The personal data processed to fulfil any contractual obligation may be stored for the duration of the agreement and in any case no later than the following 10 years, in compliance with the statute of limitations laid down by law.

In the event that it is necessary to process the data for judicial purposes, these will be retained for the time when any complaints can be prosecuted.

8. Data subject rights

At any time, you may exercise the rights recognised pursuant to Articles. 15 et seq. of the GDPR, in the manner and within the limits governed by the above-mentioned legislation:

  • right of access (Article 15 of the GDPR);
  • right of rectification (Article 16 of the GDPR);
  • right to erasure (Article 17 of the GDPR);
  • right to restriction of processing (Article 18 of the GDPR);
  • right to data portability (Article 20 of the GDPR);
  • right to object (Article 21 of the GDPR);
  • right not to be subjected to a decision based solely on automated processing, including profiling (Article 22 of the GDPR).

You can exercise your rights by writing to the following address:

9. Right to Lodge a Complaint

Should you believe that the processing of your personal data is carried out in breach of the provisions of current legislation, you have the right to lodge a complaint with the Supervisory Authority, as provided by art. 77 of the GDPR, or to make a claim in the appropriate judicial offices, pursuant to art. 79 del GDPR.

10. Links to Other Websites, Platforms and Applications

The Site may contain links to other websites, which you can consult by selecting special links made accessible while browsing. Access to and consultation of these sites remain unrelated to the activity, checks and/or security measures adopted by SECO.