Login
Request Access

Privacy Policy

Dear Customer/Company/User,

European legislation on the protection of personal data (EU Regulation 2016/679, hereinafter “GDPR”) applies to the processing of data relating to “natural persons” and, in general, does not offer protection to “legal persons”. Personal data within the meaning of the GDPR is defined as “any information relating to an identified or identifiable natural person («data subject»)” (Article 4, par.1, n. 1 GDPR).

However, the concept of “natural person” relevant for privacy purposes under the Italian legal system includes sole proprietorships, freelancers with VAT numbers and partnerships (e.g. S.n.c., S.a.s.), entities with which RE:LAB S.r.l. may have contractual relationships. Even when interacting with corporate customers, RE:LAB S.r.l. processes the personal data of contact persons or collaborators. Furthermore, specific national regulations, such as Article 130 of Legislative Decree 196/2003 (Italian Privacy Code) on electronic communications, may also apply to legal entities.

This policy describes how RE:LAB S.r.l., as Data Controller, collects and processes personal data. It applies both to contractual relationships with its customers (as specified above) and to all individuals who browse and interact with our websites (currently https://www.re-lab.it and https://bancone.ai, hereinafter jointly referred to as the “Websites”).

Given the above, RE:LAB S.r.l., pursuant to Article 13 of the GDPR, provides you with the following information on the processing of your personal data.

Processable personal data: “Personal data” means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Processable personal data

The personal data we may process includes:

  • Customer data (for contractual and pre-contractual relationships): name, surname, company name/firm name/partnership name, VAT number, tax code, registered office/domicile address, telephone number, email address, contact details of internal contacts, bank details for payments/invoicing, details of services purchased and assistance provided.
  • Browsing Data (collected via the Websites): During normal operation, the IT systems and software procedures used to operate the Websites acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
  • Data provided voluntarily by the User (via the Websites): The optional, explicit and voluntary sending of messages to the contact addresses of RE:LAB S.r.l. (e.g. via contact forms on the Websites or by sending direct emails), as well as the completion and submission of forms on the Websites, entails the acquisition of the sender’s contact details necessary to respond, as well as all personal data included in the communications (e.g. name, surname, email address, telephone number, company, message content, CVs attached for unsolicited applications or in response to advertisements). Specific summary information may be displayed on the pages of the Websites set up for particular services on request (e.g. “Work with us” form).
  • Cookies and other trackers: The Websites use cookies, web beacons, pixels, tracking scripts, unique identifiers and other similar technologies to collect information on how users use the services and to improve the browsing experience. For more information on the types of trackers used, their purposes, retention periods and how consent is managed, please refer to the specific Cookie Policy.

1. DATA CONTROLLER

Pursuant to Articles 4 and 24 of EU Regulation 2016/679, the Data Controller is:

RE:LAB S.r.l.

Registered office: Via Monti Urali n. 13 – 42122 Reggio Emilia (RE), Italia

VAT 02131390359

Email: support@bancone.ai

Tel: +39 (0) 522 1409350

2. DATA PROTECTION OFFICER (DPO)

The Data Controller has not appointed a Data Protection Officer (DPO) as the conditions for mandatory appointment under Article 37 of the GDPR do not apply. For any questions regarding the processing of your personal data, you can contact the Data Controller at the addresses indicated in point 1.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

The personal data you provide will be processed in accordance with the conditions of lawfulness for the following purposes:

a) Management of the contractual relationship and provision of services: for the establishment (including any training and initial configuration of the service), management and execution of the contractual relationship relating to the provision of “BANCONE” SaaS services and any additional services requested by you, including registration management, technical support and administrative and accounting management of the contract (e.g. invoicing, payments).

Legal basis: Performance of a contract to which you are party, or performance of pre-contractual measures taken at your request (Art. 6, par. 1, lett. b) GDPR), such as the training phase preparatory to the full use of the service. The communication of personal data for this purpose is a contractual obligation or a necessary requirement for the conclusion of the contract; failure to provide such data will make it impossible to conclude the contract and/or provide you with the requested services.

b) Website management and operation (browsing data): to enable navigation of the Websites, check their correct functioning, ensure system security and obtain anonymous statistical information on the use of the Websites.

Legal basis: Legitimate interest of the Data Controller (Art. 6, par. 1, lett. f) GDPR) to ensure the proper functioning and security of its Websites. For the use of analytical cookies or other types of cookies that are not strictly necessary, the legal basis may be the user’s consent, as detailed in the Cookie Policy.

c) Responding to requests for information and contact (data provided voluntarily): to respond to requests you have sent via contact forms, email addresses published on the Websites or other communication channels.

Legal basis: Implementation of pre-contractual measures taken at your request (Art. 6, par. 1, lett. b) GDPR) or, depending on the context of the request, the consent of the data subject (Art. 6, par. 1, lett. a) GDPR) if provided for specific additional purposes indicated at the time of collection.

d) Compliance with legal obligations: to comply with obligations under national and EU laws, regulations or rules (e.g. tax and accounting obligations, responding to requests from judicial authorities).

Legal basis: Compliance with a legal obligation to which the Data Controller is subject (Art. 6, par. 1, lett. c) GDPR).

e) Sending service communications: to send you communications strictly related to the operation of the services you have purchased (e.g. information on updates, scheduled maintenance, contractual changes).

Legal basis: Performance of the contract (Art. 6, par. 1, lett. b) GDPR) and legitimate interest of the Data Controller (Art. 6, par. 1, lett. f) GDPR) to ensure the correct use of and information about the service.

f) Sending promotional communications on similar products/services (Art. 130, par. 4, Legislative Decree 196/2003): limited to sending promotional communications via email about products or services similar to those you have already purchased, unless you initially or subsequently object (opt-out).

Legal basis: Legitimate interest of the Data Controller (Art. 6, par. 1, lett. f) GDPR) and compliance with the conditions set forth in Art. 130, par. 4, of Legislative Decree 196/2003.

g) Various marketing activities (e.g. sending promotional newsletters on non-similar products/services, invitations to events): only with your specific and separate consent..

Legal basis: Consent of the data subject (Art. 6, par. 1, lett. a) GDPR). The provision of data for this purpose is optional and any refusal will not affect the use of services or the response to general requests.

4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA

I The personal data provided may be disclosed to recipients who will process the data as data processors (Article 28 of EU Regulation 2016/679) and/or as natural persons acting under the authority of the Data Controller (Article 29 of EU Regulation 2016/679), or as independent data controllers, for the purposes listed above. Specifically, the data may be disclosed to:

  • Hosting and cloud service providers (e.g. for the infrastructure of the Websites and the BANCONE service, for backup systems); Customer relationship management (CRM) platform providers; Email and collaboration service providers; Software maintenance and technical support companies for information systems; Web analytics service providers (for aggregated or anonymised data or with prior consent, as per the Cookie Policy).
  • Law firms, consulting firms, accountants or other professionals for administrative, accounting and tax management and legal protection.
  • and credit institutions for the management of collections and payments.
  • Subcontractors and technical partners involved in the provision of “BANCONE” SaaS services, limited to the data necessary for their operations and subject to designation as Data Processors, where required.
  • Debt collection or commercial information companies, where necessary.
  • Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.

The updated list of Data Processors is available by sending a request to support@bancone.ai or at the Data Controller’s registered office.

5. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION AND GUARANTEES

The personal data you provide is mainly processed within the European Union (EU) or the European Economic Area (EEA). However, if we use service providers located in third countries (outside the EU/EEA) for specific technical or operational reasons, your personal data will only be transferred if the European Commission has issued an adequacy decision (Article 45 GDPR) or if appropriate safeguards have been adopted in accordance with Articles 46 and 47 of the GDPR (such as , Standard Contractual Clauses approved by the European Commission, supplemented by any additional technical, organisational and contractual measures necessary to ensure a level of data protection substantially equivalent to that of the EU, or Binding Corporate Rules). In the absence of such conditions, the transfer may only take place under specific derogations provided for in Article 49 GDPR (e.g., your explicit consent, the need to perform a contract with you or in your favour).

You can obtain more information on any third countries involved and the safeguards adopted for the transfer of data by writing to support@bancone.ai.

6. DATA RETENTION PERIOD AND APPLICABLE CRITERIA

The processing will be carried out in an automated and manual form, using methods and tools designed to ensure maximum security and confidentiality.

In accordance with the provisions of Article 5, paragraph 1, letter e) of EU Regulation 2016/679, the personal data collected shall be stored in a form which permits  identification of  data subjects only for as long as is necessary to fulfil the purposes for which the data were collected and processed.

In particular:

  • For contractual purposes (point 3.a) and legal compliance (point 3.d), the data will be retained for the entire duration of the contractual relationship and, after termination, for a period of 10 years (or for the longer period required by law for civil, tax and accounting obligations).
  • Browsing data (point 3.b) is normally deleted within 7 days, unless otherwise required for the investigation of crimes by the judicial authorities. 
  • For data provided voluntarily via contact forms or email (point 3.c), the retention period will be strictly necessary to respond to the request and for any subsequent management of the pre-contractual or contractual relationship that may arise. In the absence of further contact or obligations, they will be deleted within 12 months of the closure of the request.
  • For the purposes of service communications (point 3.e), the data will be processed for the entire duration of the contract and, in the event of a dispute or out-of-court settlement, for the entire duration of the dispute and/or settlement.
  • For the purpose of sending promotional communications on similar products/services (point 3.f), the data will be processed until you object (opt-out).
  • For marketing purposes based on consent (point 3.g), the data will be processed until you withdraw your consent, which can be exercised at any time, resulting in the interruption of processing for this purpose, or, in the absence of withdrawal, for a maximum period of 24 months since the last contact or expression of consent, unless renewed by you.
  • For cookies, the retention periods are indicated in the specific Cookie Policy. 

7. RIGHTS OF DATA SUBJECTS

You may exercise your rights as set forth in Articles 15, 16, 17, 18, 20, and 21 of EU Regulation 2016/679 by contacting the Data Controller via email at support@bancone.ai or by writing to the Data Controller’s headquarters.

You have the right, at any time, to ask the Data Controller:

  • access to your personal data (Art. 15 GDPR);
  • the rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of the same;
  • the restriction of processing concerning you (Article 18 of the GDPR);
  • data portability (Art. 20 GDPR), in the cases provided for;
  • to object to their processing (Art. 21 GDPR), in particular for processing based on the legitimate interest of the Data Controller (including the activities referred to in points 3.b and 3.f).

 If the processing is based on consent (as for the purposes referred to in point 3.g), you have the right to withdraw your consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal. When the processing is based on the legitimate interest of the Data Controller (as for the purposes referred to in points 3.b, 3.e, 3.f), you have the right to request information about the balancing test (Legitimate Interest Assessment – LIA) made by the Data Controller, by contacting the latter at the above addresses.

Without prejudice to any other administrative or judicial remedy, if you believe that the processing of data concerning you violates the provisions of EU Regulation 2016/679, pursuant to Article 77 of the Regulation itself, you have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

8. COOKIE POLICY

For detailed information on the use of cookies by RE:LAB S.r.l. websites, please refer to our Cookie Policy, available at the following address: https://bancone.ai/cookie-policy-eng/. The Cookie Policy provides guidance on how to manage cookie preferences.

Nature of data provision and consequences of refusal

The provision of personal data for the purposes referred to in point 3.a (Management of the contractual relationship) is a necessary requirement for the conclusion and execution of the contract. Failure to provide the personal data requested for these purposes will make it impossible for RE:LAB S.r.l. to enter into the contract and provide you with the requested services.

The provision of browsing data (point 3.b) is necessary to enable the Websites to function.

The provision of data to respond to your requests (point 3.c) is optional, but failure to provide such data may make it impossible for RE:LAB S.r.l. to follow up on your request.

The provision of data for consent-based marketing purposes (point 3.g) is optional, and failure to consent does not affect the use of services or the response to contact requests.

Automated decision-making processes

The Data Controller informs you that there is no fully automated decision-making process pursuant to Article 22 of the GDPR that produces legal effects concerning you or similarly significantly affects you, unless it is strictly necessary for the conclusion or performance of the contract (and in any case with the right to obtain human intervention, express your opinion and contest the decision) or based on your explicit consent.

Last updated: 17 July 2025

Go to RE:LAB website

mail. media@bancone.ai
tel. +39 0522 140 9350

Copyright 2026 RE:LAB – BANCONE