Document updated on 10 October 2025
This notice describes, in a clear and transparent manner, how Forlani Consulting Srl SB processes the personal data of natural persons who interact with its services, with the website www.forlaniconsulting.eu, and with the Company’s other informational channels, including contact forms, the newsletter, and periodic communications relating to calls for funding, grants and incentive measures for businesses.
This notice is drafted pursuant to Regulation (EU) 2016/679 (GDPR) and the relevant national rules on the protection of personal data. Its purpose is to provide anyone interacting with Forlani Consulting with the information necessary to understand: which data are collected; for what purposes they are used; to whom they may be disclosed; whether they are transferred outside the European Union; how long they are retained; which rights data subjects have; and how such rights may be exercised.
Forlani Consulting Srl SB is a consulting firm that supports businesses in identifying, applying for, and managing incentives, grants and public funding. In the context of these activities, the Company collects and uses personal data in a proportionate manner and in compliance with the principles of lawfulness, fairness and transparency.
To help you better understand this notice, we set out below, in simple terms, two key GDPR definitions:
🔹 Personal Data: Any information that makes it possible to identify a natural person, directly or indirectly. Personal Data include, for example: first and last name, date and place of birth; address, telephone number, e-mail address, tax code; banking and payment details; website browsing data; and information contained in CVs. In short, any information that allows a person to be identified, whether directly or indirectly, is considered Personal Data.
🔹 Processing: Any operation carried out on Personal Data, including by electronic means. This includes, by way of example: collection and recording, organisation and storage, consultation and use, disclosure to third parties, erasure or destruction. Processing must always comply with the principles of lawfulness, fairness and transparency set out in the GDPR.
The Data Controller of personal data is Forlani Consulting Srl SB, a consulting firm specialising in supporting businesses in obtaining public grants, incentive measures and funding, with its registered and operational office at Via Flaminia 134/N – 47923 Rimini (RN), Italy.
Forlani Consulting Srl SB independently determines the purposes and means of processing the personal data collected, ensuring that all processing activities comply with the principles of lawfulness, fairness, transparency, proportionality and security set out in Regulation (EU) 2016/679 (GDPR) and in the applicable national data protection legislation.
For any communication or request concerning the protection of personal data, you may contact the Company at the following details:
E-mail: info@forlaniconsulting.eu
PEC (certified e-mail): forlaniconsulting@pec.it
Phone: +39 0541 857674
Address: Via Flaminia 134/N, 47923 Rimini (RN), Italy
The Data Controller undertakes to handle all personal information collected in the course of its consulting, information and communication activities with the utmost confidentiality and responsibility, including through the website and the newsletter.
Forlani Consulting Srl SB processes personal data solely for specific and lawful purposes, in compliance with the principles of necessity and proportionality set out in Regulation (EU) 2016/679 (GDPR). The processing activities relate both to the Company’s professional consulting services and to informational communications concerning calls for funding and incentive measures for businesses.
| Category of Purpose | Examples of Processing Activities | Relevant Legal Basis (Art. 6 GDPR) |
|---|---|---|
| ⚖️ Consultancy activities and management of client relationships | Handling consultancy or quotation requests, execution of contracts, administrative and accounting management of client relationships | b) Performance of a contract or pre-contractual measures; c) Compliance with legal obligations |
| 🧾 Regulatory and tax compliance | Invoicing, payment management, storage and retention of accounting and tax documentation | c) Legal obligation |
| 📩 Informational communications and newsletters | Periodic dissemination of information on calls for tenders, incentives and opportunities for businesses; updates on the Company’s activities and results | f) Legitimate interest of the Controller; a) Consent of the data subject |
| 📣 Publication of results and testimonials | Dissemination, subject to prior consent, of success stories and projects carried out on behalf of clients on the website or corporate social media channels | a) Explicit consent of the data subject |
| 📬 Contact requests and applications | Management of messages and requests submitted via website forms or e-mail; assessment of spontaneous applications | b) Pre-contractual measures; f) Legitimate interest of the Controller |
| ⚖️ Management of requests for legal information | Where the user requests further information on articles or legal content disseminated through the newsletter, use of contact details to provide feedback and, where necessary, disclosure of data to the partner law firm for the provision of the requested information or consultancy | b) Performance of pre-contractual measures adopted at the request of the data subject |
| 🛡️ Protection of rights and system security | Prevention of abuse, dispute management, exercise or defence of rights in judicial proceedings, protection of IT systems | f) Legitimate interest of the Controller; c) Legal obligation |
The provision of personal data may be mandatory or optional, depending on the purpose for which the data are requested.
In general, data that are necessary for the performance of a contract or for compliance with legal obligations must be provided, while other data may be freely provided by the data subject in order to receive informational services or updates.
| Type of Data | Purpose of the Provision | Nature of the Provision | Consequences in Case of Failure to Provide |
|---|---|---|---|
| 📄 Identification and contractual data | Conclusion and performance of consultancy contracts or management of calls for tenders | Mandatory | Impossibility to establish or manage the contractual relationship |
| 🧾 Tax and accounting data | Compliance with legal, tax and administrative obligations | Mandatory | Impossibility to comply with legal and accounting obligations |
| 📞 Contact data (telephone, e-mail, forms) | Communications and responses to information requests | Optional | It may not be possible to receive responses or clarifications |
| 📩 Data for newsletter subscription | Receipt of informational communications on calls for tenders and incentives | Optional (subject to consent or legitimate interest) | No consequences, except for the failure to receive the communications |
| 📣 Data for testimonials and publications | Publication of results, references or success stories | Optional (only subject to prior consent) | No consequences; the data will not be published or disseminated |
Forlani Consulting processes Personal Data with the utmost attention to security, confidentiality and protection of information, in compliance with Articles 5 and 32 of the GDPR.
⚙️ Processing methods
Personal Data are processed primarily by means of IT and electronic tools and, only in limited cases, on paper-based media. All processing activities are carried out in compliance with the principles of lawfulness, fairness, data minimisation and storage limitation, for the period strictly necessary to achieve the purposes for which the data are collected.
📍 Place of storage
Personal Data are stored at the premises of Forlani Consulting, located at Via Flaminia 134/N – 47923 Rimini (RN), Italy, and, for security and backup purposes, on portable IT media directly controlled by the Controller and protected by passwords. Appropriate technical and organisational measures are implemented to prevent unauthorised access, loss, destruction or unlawful disclosure of data.
Forlani Consulting also uses, among its electronic processing tools, an internally developed management platform, dedicated to the collection, organisation and archiving of information relating to clients, assigned matters and the tracking of activities performed and professional services rendered. The system is accessible exclusively to authorised personnel, protected by personal credentials and hosted on an infrastructure compliant with the security and confidentiality requirements set out in Regulation (EU) 2016/679 (GDPR).
Forlani Consulting Srl SB adopts appropriate technical and organisational measures to ensure the security of the Personal Data processed, preventing unauthorised access, alteration, accidental loss or processing not aligned with the stated purposes.
Such measures are periodically reviewed and updated in line with regulatory, technological and organisational developments.
| Protection Area | Measures Implemented | Purpose |
|---|---|---|
| 💻 IT security | Antivirus systems, firewalls and secure connections (HTTPS/TLS); regular software updates | Prevent unauthorised access and protect data integrity |
| 🔐 Access management | Individual user authentication; limitation of access privileges to authorised personnel only | Ensure that data are accessible solely to duly instructed and authorised persons |
| 💾 Data retention and storage | Automated backups on servers located within the EU; emergency recovery procedures | Ensure availability and resilience of IT systems |
| 🏢 Organisational security | Appointment of Data Processors; operational instructions to collaborators; confidentiality agreements | Ensure compliance with internal procedures and protection of confidentiality |
| 📁 Protection of paper-based data | Storage in locked premises accessible only to authorised personnel | Prevent loss or unauthorised access to physical files |
| 🎓 Staff training | Periodic training sessions on GDPR, confidentiality and cybersecurity | Strengthen staff awareness and accountability |
| 🔍 Monitoring and audit | Periodic review of internal processes and external service providers | Ensure ongoing compliance with data protection policies |
◆ Internal contact person for request management
In order to ensure proper and traceable handling of requests, the Firm has identified an internal privacy contact person responsible for receiving and processing data subject requests. At present, no Data Protection Officer (DPO) has been appointed, as such appointment is not mandatory in light of the nature of the processing activities carried out.
◆ External Data Processors
The Firm may engage qualified external service providers, appointed as Data Processors pursuant to Article 28 GDPR, for specific activities such as accounting and tax management, maintenance of IT systems and servers, e-mail services or cloud storage, technical assistance, or specialised consultancy in the field of data protection.
An up-to-date list of Data Processors is available upon written request to the Controller’s e-mail address.
◆ Authorised internal personnel and collaborators
Collaborators, trainees and employees of the Firm process Personal Data strictly on the basis of the Controller’s instructions, in accordance with Articles 29 and 32 GDPR, and are duly trained and bound by confidentiality obligations.
Pursuant to Article 13 of Law No. 132 of 23 September 2025, it is hereby informed that, in the course of performing the assigned engagement, tools based on Artificial Intelligence (AI) technologies may be used, where deemed appropriate, exclusively for instrumental and support purposes related to the activity.
By way of example, the AI tools employed may include solutions such as ChatGPT, AI-assisted analysis platforms, or other similar tools for assisted text generation and content analysis, limited to internal support activities only. Such use shall always take place in full compliance with Regulation (EU) 2016/679 (GDPR), applicable national data protection laws, and the ethical and deontological principles governing the legal profession, with the aim of ensuring the highest level of confidentiality of the information processed.
In particular, AI systems may be used, by way of example and without limitation, for activities such as: document and organisational management within the Firm; conducting legal and case-law research; preliminary document analysis; drafting outlines or internal working summaries.
It is expressly specified that any content generated or assisted by such tools is always subject to critical assessment and thorough verification by the authorised personnel, both during the drafting phase and in the review of sources, prior to any professional use.
The Personal Data collected by Forlani Consulting Srl SB are processed in compliance with confidentiality obligations and may be disclosed to internal or external parties collaborating with the Company, solely for purposes related to consultancy activities, case management or compliance with legal obligations.
| Category of Recipient | Who Is Included | Purpose of the Disclosure | Recipient’s Role |
|---|---|---|---|
| 👥 Collaborators and internal staff | Consultants, employees and authorised collaborators of the Company | Case management, client communications, organisational and operational activities | Authorised persons / persons authorised to process data |
| 📑 External consultants and professionals | Chartered accountants, legal or technical consultants, auditors, reporting experts | Administrative, accounting, tax and technical support | External Data Processors (Art. 28 GDPR) |
| 🏦 Credit institutions and insurance companies | Banks, leasing companies, insurance undertakings | Management of collections, payments, guarantees and financial instruments related to projects | Independent Data Controllers |
| 🏛️ Public bodies and authorities | National or regional public administrations, granting authorities, supervisory and control bodies | Obligations related to submission, assessment, management and reporting of grants and incentives | Independent Data Controllers |
| 🌐 Technology providers and web hosting services | IT service providers, cloud services, newsletter and e-mail service providers | Technical management and data security; operation of the website and operational platforms | External Data Processors |
| ⚖️ Forlani Consulting Law Firm | Forlani Consulting Law Firm, VAT No. 03581580408, with registered office in Rimini (RN), Via Flaminia 134/N, PEC: roberto.forlani@ordineavvocati.rimini.it | Provision of responses to legal queries submitted by users, including in relation to content or articles disseminated via the newsletter | Independent Data Controller |
The contact details provided by the user may be disclosed to Forlani Consulting Law Firm, which acts as an independent Data Controller with respect to Forlani Consulting, solely for the purpose of responding to requests or legal queries submitted by the data subject, including those relating to informational or legal content disseminated via the newsletter.
In such cases, the Law Firm will process Personal Data as an independent Data Controller, in accordance with its own privacy policy, available at the following link:
https://www.forlaniconsulting.eu/privacy-policy-legal/
Forlani Consulting Srl SB processes and stores Personal Data primarily within the European Union.
In certain specific cases, the use of digital services or IT tools (for example, for e-mail services, document management or newsletters) may involve the transfer of data to countries outside the European Economic Area (EEA).
Any such transfers are carried out in full compliance with the safeguards provided for by Regulation (EU) 2016/679, in particular Articles 44–49 GDPR.
| Scope of Storage and Transfer | Physical or Virtual Location of Data | Purpose of Processing or Service | Safeguards Applied |
|---|---|---|---|
| 🇪🇺 Within the European Union | Servers and archives located at the Rimini headquarters and European cloud providers | Data storage and management of cases and consultancy activities | Technical and organisational measures compliant with the GDPR; restricted and traceable access |
| 🌐 Non-EU cloud service providers | Servers located in third countries (e.g. United States, United Kingdom, Switzerland) | Backup, e-mail services, document management platforms or newsletters | Standard Contractual Clauses (SCCs) approved by the European Commission; adequacy decisions where available |
| 🤝 Collaboration and communication platforms | Digital services with non-EU components (e.g. videoconferencing, workspaces, CRM systems) | Internal management and communications with clients and partners | Contractual agreements ensuring GDPR compliance and IT security protocols |
| 🔒 Occasional transfers | Third countries not covered by an adequacy decision | Management of specific engagements or international projects on behalf of clients | Ad hoc contractual safeguards (Art. 46(2)(c) GDPR) and specific information provided to the data subject |
Forlani Consulting Srl SB retains Personal Data for a period of time proportionate to the purposes for which they are collected and processed, in compliance with the principles of storage limitation and data minimisation set out in Regulation (EU) 2016/679 (GDPR).
Retention periods vary depending on the nature of the relationship and the applicable legal obligations.
| Type of Personal Data | Purpose of Processing | Retention Period | Deletion and Anonymisation Criteria |
|---|---|---|---|
| ⚖️ Clients’ contractual and identification data | Case management, contracts and consultancy activities | Duration of the contractual relationship + 11 years from termination | Deletion or secure archiving upon expiry of the statutory limitation period |
| 🧾 Tax and accounting data | Tax and administrative compliance | 11 years from accounting registration | Deletion or separate archiving after the statutory retention period |
| 📩 Contact data (requests and e-mail/forms) | Management of requests and communications | 12 months from completion of the request or last contact | Automatic deletion or periodic anonymisation |
| 📄 Curriculum vitae (CV) data | Assessment of applications and collaborations | 6 months from receipt (unless consent to extension is provided) | Deletion or anonymisation upon expiry |
| 📬 Newsletter and informational communication data | Sending updates on calls for tenders, incentives and company activities | Until withdrawal of consent or objection (opt-out) | Immediate deletion following the unsubscribe request |
| 📣 Data for testimonials and publications | Publication of results and successfully completed projects | Until withdrawal of consent | Immediate deletion upon request of the data subject |
| 🛡️ Data relating to disputes or inspections | Protection of the Company’s rights in judicial or administrative proceedings | Until expiry of limitation periods (generally 10 years) | Protected archiving and deletion upon completion of the proceedings |
| 🤖 Data processed via digital and cloud-based tools | Internal operational and organisational activities | Strictly necessary time for service provision | Immediate deletion or replacement with anonymised data |
Forlani Consulting Srl SB retains Personal Data for a period of time proportionate to the purposes for which they are collected and processed, in compliance with the principles of storage limitation and data minimisation set out in Regulation (EU) 2016/679 (GDPR).
Retention periods vary depending on the nature of the relationship and the applicable legal obligations.
| Type of Personal Data | Purpose of Processing | Retention Period | Deletion and Anonymisation Criteria |
|---|---|---|---|
| ⚖️ Clients’ contractual and identification data | Case management, contracts and consultancy activities | Duration of the contractual relationship + 11 years from termination | Deletion or secure archiving upon expiry of the statutory limitation period |
| 🧾 Tax and accounting data | Tax and administrative compliance | 11 years from accounting registration | Deletion or separate archiving after the statutory retention period |
| 📩 Contact data (requests and e-mail/forms) | Management of requests and communications | 12 months from completion of the request or last contact | Automatic deletion or periodic anonymisation |
| 📄 Curriculum vitae (CV) data | Assessment of applications and collaborations | 6 months from receipt (unless consent to extension is provided) | Deletion or anonymisation upon expiry |
| 📬 Newsletter and informational communication data | Sending updates on calls for tenders, incentives and company activities | Until withdrawal of consent or objection (opt-out) | Immediate deletion following the unsubscribe request |
| 📣 Data for testimonials and publications | Publication of results and successfully completed projects | Until withdrawal of consent | Immediate deletion upon request of the data subject |
| 🛡️ Data relating to disputes or inspections | Protection of the Company’s rights in judicial or administrative proceedings | Until expiry of limitation periods (generally 10 years) | Protected archiving and deletion upon completion of the proceedings |
| 🤖 Data processed via digital and cloud-based tools | Internal operational and organisational activities | Strictly necessary time for service provision | Immediate deletion or replacement with anonymised data |
Any natural person whose Personal Data are processed by Forlani Consulting Srl SB has the right, at any time, to obtain clear and transparent information on the processing of their Personal Data and to exercise the rights provided for under Articles 15–22 of Regulation (EU) 2016/679 (GDPR).
| Right Recognised | Content of the Right | When It May Be Exercised | How to Exercise the Right |
|---|---|---|---|
| 📄 Right of access | Obtain confirmation as to whether Personal Data are being processed and receive a copy thereof | At any time | Written request to the Controller |
| ✏️ Right to rectification | Correct inaccurate data or update incomplete data | When errors or changes are identified | Written communication to the Controller |
| ❌ Right to erasure (“right to be forgotten”) | Obtain the deletion of Personal Data | When the data are no longer necessary or consent has been withdrawn | Written request to the Controller |
| ⏸️ Right to restriction of processing | Temporarily block the use of data while retaining their storage | Pending verification, objection or correction | Reasoned request to the Controller |
| 🔄 Right to data portability | Receive data in a structured format and transmit them to another controller | For automated processing based on consent or contract | Written request to the Controller |
| ⚖️ Right to object to processing | Object, in whole or in part, to the processing of data | Where the processing is considered unlawful or for marketing purposes | Written request to the Controller |
| 🛡️ Right to lodge a complaint with a Supervisory Authority | Lodge a complaint with the Data Protection Authority | In the event of a breach of the applicable legislation or failure to respond | Via www.garanteprivacy.it |
The exercise of your rights is simple, free of charge and does not require any specific formalities.
You may contact the Data Controller at any time, clearly indicating:
Where necessary, the Firm may request additional information to verify your identity, solely for the purpose of ensuring that the request is made by the data subject concerned.
The Data Controller will respond within 30 days of receipt of the request. In the case of particularly complex or numerous requests, this period may be extended by up to 60 days, with reasoned notice to the data subject. Where the request is manifestly unfounded or excessive, the Data Controller may refuse to act.
| Communication Channel | Address or Reference | Purpose of Use |
|---|---|---|
| 📧 Standard e-mail | info@forlaniconsulting.eu | General requests and privacy-related communications |
| 📮 PEC (Certified Electronic Mail) | forlaniconsulting@pec.it | Official communications or communications with legal value |
| 📞 Telephone | +39 0541 857674 | General information and assistance regarding data subject rights |
| 📍 Postal address | Via Flaminia 134/N – 47923 Rimini (RN), Italy | Submission of paper documentation or formal complaints |
Forlani Consulting Srl SB reserves the right to amend or update this Privacy Notice from time to time, in order to reflect changes in applicable legislation, technological developments or internal organisational modifications that may affect the processing of Personal Data.