Privacy Policy

1. Introduction

At IOMA Srl (IOMA) — hereinafter "we", "the Company" — we consider your privacy and the protection of your data to be of primary importance. This privacy policy ("Notice") describes how we collect, retain, access, and process information about natural persons.

For the purposes of this Notice, "personal data" means any information that, alone or combined with other available information, can identify a natural person.

We process your data in accordance with the applicable regulations, in particular Regulation (EU) 2016/679 (GDPR) and the Italian implementing legislation (Legislative Decree 196/2003 and subsequent amendments).

Scope

This Notice applies to the websites, domains, applications, services, and products of IOMA Srl.

It does not apply to third-party applications, websites, products, services, or platforms accessible via any external links. Those sites are managed independently and have their own privacy notices. We are not responsible for the contents or privacy practices of those sites.

Processing activities

The Notice applies when you interact with us:

• by using our products and services as an authorized user;
• by visiting any of our websites that links to this Notice.

2. Personal data we collect

What data we collect

When you contact us, request commercial information, or use our products and services, we may collect the following personal data:

• Contact data: first name, last name, email address, phone number, business name of the company you work for.
• Administrative data: billing address, VAT number, fiscal code, recipient code / PEC, banking details.
• Content of communications: the text of the messages you send via form or email, including any technical attachments related to the project.

How we collect data

Directly from you: when you fill in contact forms, write to us via email, attend events, or request services and products, knowingly providing us with your data.

Automatically: while browsing the site, basic technical data may be collected (device type, browser, pages visited, visit duration) via server logs. This data is used to ensure the functioning, security, and improvement of services.

From third parties: we may receive data from commercial partners, analytics providers, and infrastructure vendors, always in accordance with the purposes described in this Notice.

Purposes and legal bases of processing

• Performance of a contract: or pre-contractual measures: to reply to your requests, provide quotes, deliver services, manage the commercial relationship.
• Legal obligations: to comply with tax, accounting, and administrative obligations.
• Legitimate interest: for the security of systems, fraud prevention, and protection of our rights.
• Consent: where required, for marketing or newsletter purposes; consent may be withdrawn at any time.

International transfer and retention

Where possible we retain and process data on servers located within the European Union. In the event of transfers to third countries, we apply adequate safeguards (e.g. standard contractual clauses approved by the European Commission).

Sharing and disclosure

We share data with third parties only in the ways set out in this Notice or communicated at the time of collection. The main data processors are: HubSpot, Inc. (CRM, contact form, and live chat), Google LLC (Firebase Analytics, in anonymized form), Vercel Inc. (hosting). Data may also be shared with legal and tax advisors and with competent authorities where required by law.

3. Cookies and third-party services

A cookie is a small file with information that the browser stores on your device. The site ioma.ai does not use profiling cookies or advertising cookies. There may be technical cookies necessary for the site to work and, in anonymized form, traffic-analytics tools.

The HubSpot live chat installed on the site is loaded only after an explicit click by the user on the "Chat" button at the bottom right. Until that moment no HubSpot cookie is installed on the device. Clicking the button constitutes explicit consent to load HubSpot's messaging service and the related technical cookies necessary for the chat to work. The preference is stored in the browser so you are not asked again on subsequent visits. HubSpot privacy policy.

4. Retention and deletion

We retain personal data only for as long as necessary for the purposes for which it was collected and within the limits provided by law. When no longer needed, it is deleted from our systems or anonymized.

5. Merger or acquisition

In the event of a merger, acquisition, or transfer of a business unit, your personal data may be transferred. We will notify you before the data is transferred and before it becomes subject to a different notice.

6. Security measures

We adopt appropriate organizational and technical measures to protect personal data from accidental loss, unauthorized access or disclosure, and alteration. Communications between your browser and the site occur over an encrypted connection (HTTPS).

We require any third party processing data on our behalf to adopt security measures that are appropriate and compliant with regulations.

In the unfortunate event of a personal-data breach, we will notify the supervisory authority and the data subjects within the terms set by regulation.

7. Protection of minors

We do not knowingly collect personal data from minors under 16. If you believe a minor has provided us with personal data, please contact us: we will delete it.

8. Your rights

As a data subject, under articles 15–22 of the GDPR, you have the right to:

• Access (art. 15): know whether we process your data and receive a copy of it..
• Rectification (art. 16): request the correction of inaccurate or incomplete data..
• Erasure (art. 17): request the removal of your data, subject to legal obligations..
• Restriction (art. 18): request limitation of processing in certain cases..
• Portability (art. 20): receive the data in a structured, machine-readable format and transmit it to another controller..
• Objection (art. 21): object to processing on grounds relating to your particular situation..
• Withdrawal of consent: withdraw at any time any consent given, without prejudice to the lawfulness of prior processing..
• Complaint to the authority: lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (garanteprivacy.it).

To exercise your rights you can write to privacy@ioma.ai. To secure the request, we may ask you to confirm your identity.

9. Changes

We may amend this Notice at any time. In case of changes we will publish an updated version on this page and indicate the date of the last update.

10. Contact

To exercise your rights, request a copy of your data, request deletion, or ask questions about processing, you can write to: