Privacy Policy

Privacy Policy of Idrak Security SRL

This policy describes how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

Effective Date: June 6, 2025

1. Data Controller

The data controller is Idrak Security SRL, located at Via Pietro Micca 15, 10122 Turin (TO), Italy, VAT number 12503620010.

Contact

  • Email: info@idrak-security.com
  • Phone: +39 3921502806
  • Website: www.idrak-security.com

Business Hours

  • Mon-Fri: 09:00-18:00 CET
  • Address: Via Pietro Micca 15, 10122 Turin, Italy

2. Personal Data Collected

We collect and process the following categories of personal data:

Contact Data

  • First and last name
  • Email address
  • Phone number
  • Company name (if acting on behalf of a corporate entity)

Browsing Data

  • IP address and device details
  • Pages visited, session duration
  • Cookies and similar tracking technologies

Professional Data

  • Job role
  • Employer or company name
  • Industry sector

Communication Data

  • Information provided via contact forms
  • Internal notes related to requests
  • Project details and technical specifications

3. Purposes and Legal Basis for Processing

We process personal data for three purposes, based on the following legal grounds under the GDPR:

Handling Information and Quote Requests

Purpose: Respond to service inquiries, provide quotes, and detail our offerings.

Legal Basis: Necessary for pre-contractual measures (Article 6(1)(b) GDPR)

Providing Contracted Services

Purpose: Deliver agreed-upon security services and maintain client relationships.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR)

Legal and Accounting Obligations

Purpose: Comply with tax, accounting, and other legal requirements.

Legal Basis: Legal obligation (Article 6(1)(c) GDPR)

Direct Marketing

Purpose: Send information about our services and updates.

Legal Basis: Consent (Article 6(1)(a) GDPR)

Service Improvement and Statistical Analysis

Purpose: Improve our services and analyze user behavior.

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)

4. Cookies and Tracking Technologies

Our website (www.idrak-security.com) uses cookies and similar tracking technologies in these categories:

Technical / Necessary Cookies

Enable basic site functions (e.g., login management, language preferences). Always active.

Analytical / Statistics Cookies

Collect aggregated information on how users interact with the site (e.g., pages visited).

Marketing / Profiling Cookies

Track user activity across this site and other sites for remarketing or targeted campaigns (only with consent).

Cookie Management

On first visit, a cookie banner informs users of our use of cookies and links to this Privacy Policy and our Cookie Policy. Users may accept all cookies, reject non-essential ones, or configure preferences.

At any time, users can modify or withdraw their preferences via the "Cookie Settings" link in the site footer or through their browser settings.

5. Processing Methods and Location

Personal data are processed using manual and automated tools designed to ensure security and confidentiality.

Processing operations (collection, storage, modification, consultation, deletion) occur at Idrak Security SRL's premises and at the premises of our trusted service providers.

Hosting and Infrastructure

Providers with servers located in the EU or, if outside the EU, under appropriate safeguards.

Email, CRM, and Ticketing

Third-party platforms hosting data on servers in the EU.

International Transfers: We do not transfer personal data to countries outside the EU except when technically necessary. In both cases, we use Standard Contractual Clauses or an equivalent legally recognized transfer mechanism.

6. Data Retention Periods

We retain personal data for different durations depending on the purpose:

Providing Contracted Services Up to 2 years from first contact
Legal and Accounting Obligations 10 years from the last invoiced service
Browsing Data (Analytics Cookies) Up to 24 months
Marketing Data Until consent is withdrawn
Legal Obligations Period mandated by law (generally up to 10 years)

7. Data Sharing with Third Parties

We may share personal data with the following categories of recipients, acting as either data processors or independent controllers:

IT and Technological Providers

  • Hosting and server maintenance providers (data centers)
  • Cloud service providers
  • Email marketing and CRM platforms

Professional Service Providers

  • Legal counsel and consultants for regulatory compliance
  • Accountants and tax advisors
  • External security auditors and compliance assessors

Public Authorities and Judicial Authorities

  • When required by law or in response to valid legal orders
  • To law enforcement agencies for the prevention of Data Protection Authority, Guardia di Finanza

Marketing Partners (With Prior Consent)

  • Digital advertising specialists and social media platforms for targeted campaigns
  • Only if the user has granted consent

All third-party recipients act under our instruction and are contractually bound by confidentiality and data-protection obligations per the GDPR.

8. Data Subject Rights

Under Articles 15–22 of the GDPR, data subjects have the following rights:

Right of Access

Obtain confirmation of whether personal data are being processed and receive a copy of the data.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Erasure

Request deletion of data when no longer necessary or if consent is withdrawn.

Right to Restrict Processing

Request suspension of processing in certain circumstances.

Right to Data Portability

Receive data in a structured, machine-readable format and request transfer to another controller.

Right to Object

Object to processing based on legitimate interest or to direct marketing at any time.

Right to Withdraw Consent

Withdraw consent at any time where processing is based solely on consent.

9. Security Measures

We have implemented technical and organizational measures appropriate to the risk of processing.

Access Control

Only authorized personnel with unique credentials and 2FA

Encryption

TLS/HTTPS protocols for secure transmissions

Backup & Recovery

Regular backups and disaster recovery plan

Periodic Audits

Vulnerability scans and security audits

10. International Data Transfers

If personal data are transferred outside the European Union, we ensure adequate safeguards are in place, such as:

Standard Contractual Clauses (SCCs)

Adopted under the European Commission's approval

Certified Frameworks

Use of recognized schemes (e.g., Privacy Shield, where applicable)

All international transfers are carried out in compliance with GDPR provisions and ensure an adequate level of protection for personal data.

11. Policy Updates

We may update this Privacy Policy due to changes in laws, new services, or internal policy adjustments.

  • All revisions will be published at www.idrak-security.com, indicating the effective date.
  • For significant changes impacting data subjects, we will notify registered users via email wherever possible or place a prominent notice on our homepage.

Update Publication

All revisions published on website with date of update

Email Notifications

Direct communications for significant changes

Homepage Notices

Prominent notifications for important changes

Contact and Complaints

For questions, clarifications, or to exercise your data subject rights, you may contact our Data Protection Officer (DPO) at:

Standard Contractual Clauses (SCCs)

dpo@idrak-security.com

Idrak Security SRL Privacy Office

Via Pietro Micca 15, 10122 Turin, Italy

Complaints

If you believe that our processing of your personal data violates the GDPR, you have the right to file a complaint with the Italian Data Protection Authority at www.garanteprivacy.it

We will respond within 30 days of receiving the request.

Contact DPO → Effective Date: June 6, 2025