Legal document

Privacy Policy

Last updated: 1 ottobre 2026

Pursuant to EU Regulation 2016/679 (GDPR) and applicable Italian law, Soraia S.r.l. provides the following information on the processing of personal data collected through the website soraia.io and in the course of commercial relationships with clients and prospects.

This English translation is provided for convenience. The Italian version prevails in case of discrepancy.

1. Data Controller

Soraia S.r.l.
Via Losana 13, 13900 Biella (BI), Italia
P.IVA e Codice Fiscale: 02820060024
Email: [email protected]

Soraia is not required to appoint a Data Protection Officer (DPO). For any privacy-related enquiry, please write directly to the email address above.

2. Categories of Data Processed

Soraia processes the following categories of personal data:

  • Contact data: first name, last name, email address, phone number, company name and role, country.
  • Browsing data: IP address, browser type, operating system, pages visited, time spent on site — in aggregate and anonymised form.
  • Communication content: text of messages submitted via contact forms, emails, and call-booking requests.
  • Data relating to Soraia solutions in use by clients (e.g. Linkly): processed separately as Data Processor pursuant to art. 28 GDPR, governed by a specific Data Processing Agreement (DPA).

3. Purposes of Processing and Legal Bases

Personal data are processed for the following purposes:

  • Responding to requests for information, demos, or assessments submitted via forms, email, or other contact channels on the site.
    Legal basis: performance of pre-contractual measures at the data subject's request (art. 6.1.b GDPR).
  • Provision of contracted services: consulting, AI Adoption, AI agent-building Sprints, maintenance, and support.
    Legal basis: performance of a contract (art. 6.1.b GDPR).
  • Sending commercial communications regarding Soraia's new services, products, content, and events.
    Legal basis: freely given, specific, informed, and revocable consent (art. 6.1.a GDPR).
  • Legal obligations: invoicing, accounting, tax and social-security compliance.
    Legal basis: legal obligation (art. 6.1.c GDPR).
  • Assertion or defence of a legal claim.
    Legal basis: legitimate interest of the Data Controller (art. 6.1.f GDPR).

4. Nature of Data Provision

Providing personal data is optional. However, failure to provide the data requested in our forms makes it impossible to respond to the data subject's request or to deliver the service. For marketing purposes, provision is always optional and withholding consent does not affect the delivery of the requested services.

5. Recipients of Data

Personal data may be shared with the following categories of recipients, always within the limits of the purposes described above:

  • Authorised internal personnel of Soraia, duly trained and bound by confidentiality obligations.
  • Technology providers appointed as Data Processors pursuant to art. 28 GDPR (hosting, transactional email, CRM, anonymised analytics, AI providers used for service delivery). An up-to-date list is available upon written request.
  • Professional advisors (accountants, lawyers, auditors) for contractual and legal compliance purposes.
  • Competent authorities upon legitimate request.

Data are not disclosed to, or sold to, third parties.

6. Transfers Outside the EU

The primary infrastructure of Soraia's website and services is hosted within the European Union. Certain global technology providers (e.g. language model and cloud providers) may involve transfers of data outside the EU/EEA. In such cases, transfers take place exclusively to countries that ensure an adequate level of protection (European Commission adequacy decision) or on the basis of Standard Contractual Clauses (SCC) adopted by the European Commission, with supplementary technical and organisational measures where necessary.

7. Retention Period

Personal data are retained for the time strictly necessary to pursue the relevant purposes, and in particular:

  • Contact data collected for information requests: up to 24 months from the last contact, unless the relationship continues.
  • Data relating to active clients: for the duration of the contractual relationship and, thereafter, for 10 years as required by civil and tax law.
  • Data for marketing purposes: until the data subject withdraws consent and in any event no longer than 24 months from the last contact.
  • Technical browsing logs: maximum 12 months.

8. Data Subject Rights

At any time, data subjects may exercise the rights provided by articles 15–22 of the GDPR, namely:

  • Right of access to their personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (right to be forgotten) in the cases provided by law.
  • Right to restriction of processing.
  • Right to data portability in a structured, machine-readable format.
  • Right to object to processing on grounds relating to the data subject's particular situation, and at any time for direct marketing purposes.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent given prior to its withdrawal.
  • Right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the supervisory authority of the data subject's habitual place of residence.

To exercise these rights, please write to [email protected]. Soraia will respond within 30 days of receiving the request.

9. Security Measures

Soraia implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. Measures in place include: encryption in transit (TLS), role-based access controls, operational logs on systems, regular backups, ongoing staff training, and cloud infrastructure hosted on EU-certified providers.

10. Changes to This Policy

This Privacy Policy may be updated to reflect regulatory, organisational, or technical changes. The current version is always available on this page, together with the date of last update. For material changes, Soraia will provide notice through available contact channels.

11. Contact

For any enquiry relating to this notice or to the processing of your personal data:

Soraia S.r.l.
Via Losana 13, 13900 Biella (BI)
Email: [email protected]

20 min with Daniel