Skip to content

Information on the processing of personal data
Rights of the interested party
Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA of users who consult the websites of Top Consult S.r.l. pursuant to article 13 of Regulation (EU) 2016/679

In compliance with EU Reg. 2016/679 (European Regulation for the Protection of Personal Data, hereinafter ‘GDPR’), we are hereby providing you with the necessary information regarding the processing of the personal data provided.

This page describes the methods of processing the personal data of users who consult the websites of the Top Consult Company accessible electronically at the following addresses:

The information is not to be considered valid for other websites that may be consulted via links on the websites in the Owner’s domain.
This is a disclosure that is provided pursuant to art. 13 of EU Reg. 2016/679, i.e. for data collected directly from the interested party.

1. Owner of the treatment

The Data Controller is:
  • Business name – Top Consult S.r.l.
  • VAT number – 05370340019
  • Address – Via Valeggio 22/E, 10128 – Torino
  • Email –
  • PEC –
  • Telephone  +39 0115805994

2. Data protection officer

The Data Controller has appointed a Data Protection Officer (RPD, or DPO, Data Protection Officer) who can be contacted at the address:

3. Purpose of the treatment and legal basis of the treatment

The website can be consulted without communicating any personal data (with the exception of navigation data (see Cookie policy). Data of a personal nature, voluntarily provided by the user, will be processed for the purposes indicated below.

Legal basis
Duration of treatment
1. Navigation of this website
Legitimate interest of the Data Controller (art. 6 letter f) GDPR).
For the entire duration of the navigation
2. Sending the information requested by filling in the ‘Contact Us’ form
Legitimate interest of the Data Controller (art. 6 letter f) GDPR).
If a contract is not stipulated, the data will be kept for 2 years from the last contact*
3. Sending information requested through the social channels connected to this website
Legitimate interest of the Data Controller (art. 6 letter f) GDPR).
If a contract is not stipulated, the data will be kept for 2 years from the last contact*
4. Sending information requested through the chatbot on the Company’s website
Legitimate interest of the Data Controller (art. 6 letter f) GDPR).
If a contract is not stipulated, the data will be kept for 2 years from the last contact*
5. Sending newsletters with the latest news from the Company
Consent of the interested party (art. 6 letter a) GDPR)
Until withdrawal of consent**
6. Sending commercial communications about our products or services
Consent of the interested party (art. 6 letter a) GDPR)
Until withdrawal of consent**
7. Search and selection of new personnel
Pre-contractual obligations at the request of the interested party (art. 6 letter b) GDPR)
If a contract is not stipulated, the data will be kept for 2 years from the last contact*

* At the end of the indicated period, the data is updated, where possible, and subsequently anonymised for statistical purposes or permanently cancelled.
** Consent can always be revoked by clicking on the “Unsubscribe” button at the bottom of each communication.

4. Field of communication and diffusion

The data being processed will not be disclosed, but may be communicated to companies contractually linked to Top Consult, in order to comply with the contracts or related purposes.
The personal data provided will be communicated to recipients, who will process the data as managers (Article 28 of EU Reg. 2016/679) and/or as natural persons acting under the authority of the Data Controller and the Manager (art. 29 of EU Reg. 2016/679), for the purposes listed in point 3 above.
The data may be communicated to third parties belonging to the following categories:

  • Corporate and affiliated companies;
  • Subjects that provide services for the management of the information system used by Top Consult and of the telecommunications networks (including e-mail); –
  • Competent authorities for fulfillment of legal obligations and/or provisions of public bodies, upon request.

The list of managers is constantly updated and can be requested by writing to the address:

5. Transfer of data to a third country and/or an international organization

Your data, subject to processing, may also be transferred abroad to countries belonging to the European Union and/or to non-EU countries in order to comply with the related purposes indicated above but always in compliance with the limits and conditions set in the Reg. EU 2016/679 for the protection of personal data.

 In case of transfer, the data will be transferred in accordance with and within the limits set forth in articles 44 (General principle for the transfer), 45 (Transfer based on an adequacy decision) and 46 (Transfer subject to adequate guarantees) of EU Reg. 2016/679.

For more information, please write to:

6. Nature of the provision of data and possible consequences

Apart from that specified for navigation data, the User is free to provide personal data or not. The provision of data marked with ‘*’ is free, but necessary. Failure to provide such data may make it impossible to obtain a response to the request or to use the services of the data controller.

The provision of data not marked with ‘*’ is optional. Failure to provide them cannot make it impossible to obtain a timely response to what has been requested.

7. Rights of interested parties

You have the right to exercise the rights provided for in articles 15 to 22 of EU Reg. 2016/679 by sending an email to the address at any time:
Therefore, you have the right to ask the Data Controller to access your personal data, correct it, cancel it, limit the processing. Furthermore, you have the right to data portability and to oppose, at any time and for legitimate reasons, their treatment.
You also have the right to lodge a complaint with the Personal Data Protection Authority if you believe that the processing of your Personal Data is contrary to current legislation.
There is no automated decision-making process.
If you contact the Data Controller to exercise your rights, please provide your e-mail address, name, address and/or telephone numbers, in order to allow the correct management of the request.

Information Security Management System Policy

Top Consult considers information security a strategic element for its activities

The organization has set itself the goal of preserving its own interests and those of its customers, paying particular attention to the aspects of:

  • Legal requirements
  • Service level
  • Business continuity
  • Confidentiality, integrity and availability of information

To this end, Top Consult undertakes to pursue information security:

    • using best practices to protect the organization’s information assets from intentional or accidental internal or external information security threats
    • aligning information security management with the organization’s strategic risk management context
    • setting information security objectives and establishing direction and principles for action
    • establishing criteria for risk assessment and risk acceptance
    • controlling access to information resources based on business and security needs
    • protecting information and physical media in transit
    • protecting the information associated with the interconnection of corporate information systems
    • applying safeguards for information sharing
    • observing the clean desktop policy for documents and removable storage media
    • observing the clean screen policy for information processing services
    • implementing adequate security measures for mobile computing and communications
    • using adequate cryptographic controls to protect information
    • ensuring protection, durability and correct use of cryptographic keys throughout their life cycle
    • establishing rules for the development of software and systems and applying these rules to developments within the organization
    • ensuring the protection of the organization’s assets that are accessible by suppliers
    • prohibiting the use of unauthorized software and respecting the laws on intellectual property rights
    • protecting organizational data and privacy protection
    • making backup copies of information, software and system images and testing them regularly
    • maintaining records for an appropriate period before carefully disposing of them
    • applying disciplinary action and discouraging misuse of information services by staff
    • complying with applicable information security requirements, including the requirements set out in ISO/IEC 27001:2013
    • reviewing the effectiveness of the ISMS at regular intervals
    • continuously improving the ISMS.

    The Information Security Management System (ISMS) ensures that business continuity management, backup procedures, malware protection, system and information access management and incident management are effectively and adequately implemented supported by specific policies and documented procedures.
    Information security requirements are continuously aligned with the company’s strategic business objectives and ensure that information is shared and usable while keeping the risk, which this entails, at an acceptable level.
    The Management supports information security through a clear direction, a clear commitment, explicit assignments and acknowledgment of responsibilities.
    All personnel contribute, each with their own competence and professionalism, to the effective effectiveness of the Information Security Management System and to compliance with this policy. The Information Security Management System is subject to systematic review and improvement.

    Date of last update: 28.02.2023