PRIVACY POLICY
LEGAL NOTICES
AXACTOR ITALY SPA (hereinafter the “Company”), with its registered office in Milan (MI) at Via Santa Marta No. 25, ZIP Code 20123, registered with the Milan Register of Companies, R.EA. MI-2552310, VAT No. 02417100043, and listed in the register pursuant to Article 106 of Legislative Decree No. 385/93, No. 31482, based on the data processing activities carried out in the course of its business operations, acts as the data controller for some of these activities and as the data processor for others, as further specified below:
Data Controller:
The company acts as the Data Controller for all data pertaining to its employees/contractors, its suppliers, data processed on its payment portal, and data exchanged via corporate chat systems.
AXACTOR ITALY SPA is also a joint data controller, together with Axactor Italy Servicing Srl, of the personal data of users collected on this website and its sections, pursuant to and for the purposes of EU Regulation 679/2016 (GDPR).
Data Processor:
Please be advised that, pursuant to and for the purposes of Articles 1264 and 1265 of the Italian Civil Code and in compliance with the provisions of Articles 15 –22 of the GDPR and applicable national data protection laws, all receivables held by Axactor Italy Spa—for which it was identified as the Data Controller, with all privileges, personal and/or real guarantees, and other ancillary rights vis-à-vis customers, have been assigned without recourse (hereinafter the “Transaction”) to AXACTOR ITALY INVESTMENT S.R.L., Via San Prospero 4, Milan (MI) ZIP Code 20121, Tax ID No., Business Registry No. 14645840969 (hereinafter the “Assignee” or “Special Purpose Vehicle”).
Following this Transaction, duly and properly published in the Official Gazette No. 41 of April 9, 2026, ID TX26AAB3590, Axactor Italy Spa is no longer the data controller with respect to the files subject to the assignment. Instead, the Assignee will be designated as the sole data controller for the assigned receivables referred to in the Transaction.
The Assignee, through a specific servicing agreement, subsequently appointed, pursuant to Article 28 of Regulation (EU) 2016/679, Axactor Italy S.p.A. as the sole Data Processor for personal data related to the cases covered by the Transaction, entrusting it with all operations, activities, and processing related to debt collection activities performed and to be performed on the accounts.
AXACTOR ITALY S.p.A. is also designated as the Data Processor for all data pertaining to the management of the accounts entrusted to it by the individual creditor companies (Clients), including the Special Purpose Vehicle, based on a valid servicing agreement, for the purpose of protecting the claims and interests of such creditors, who are designated as the Data Controllers of said data.
Applicable Law:
The processing of personal data is governed by European Regulation (EU) 2016/679 and current national legislation on the protection of personal data, as well as the provisions of the
Italian Data Protection Authority. This Regulation aims to ensure that the processing of “personal data” is carried out in a manner that respects the rights, fundamental freedoms, and dignity of natural persons, with particular regard to confidentiality and personal identity.
For these reasons and in compliance with the provisions of Articles 13 et seq. of EU Regulation 2016/679, the Company is required to provide comprehensive information regarding:
-
The use of personal data pertaining to individuals with whom the Company has come into contact in the course of its debt collection activities, namely debtors from whom it has requested payment of a debt via a phone call, a written communication, and/or a home visit.
-
The processing of personal data of individuals who access the restricted area of the portal intended for making payments, the “Payment Portal.”
-
The processing of personal data used for aggregated Business Intelligence analysis.
In order to ensure high quality standards and compliance with industry regulations, including those at the supranational level, theCompany collaborates with and maintains a strong membership in the trade association UNIREC ( NATIONAL UNION OF CREDIT PROTECTION COMPANIES), with which it works closely to develop and update issues related to the debt collection industry.
Data provided by the user:
The optional, explicit, and voluntary sending of messages to contact addresses, private messages sent by users to social media profiles (where this option is available), as well as the completion and submission of forms on this website, entail the collection of the sender’s contact information—necessary to respond—as well as all personal data included in the communications. Specific privacy notices will be published on the pages designated for this purpose.
Browsing Data:
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the user’s IP address, the date and time of access, and the name and version of the browser and operating system. The system temporarily stores the IP address to enable the website to be delivered to the user’s computer. This requires the user’s IP address to be stored for the duration of the session. The data is stored to ensure the website’s functionality. This data is also used to prevent fraud, secure evidence in the event of cyberattacks or fraud attempts, optimize performance, review security standards, correct errors on the website, and ensure the security of our IT systems. The data will not be analyzed for marketing purposes in this regard. Browsing data is not retained for more than 12 months.
Rights of Data Subjects:
With regard to the processing described in this Privacy Policy, as a data subject, you may, under the conditions set forth in the GDPR, exercise the rights established in Articles 15 through 21 of the GDPR and, in particular:
-
Article 15 Right of Access by the Data Subject
to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data—including a copy thereof—and to be provided with, among other things, the following information: the purposes of the processing, the categories ofprocessed, recipients to whom the data have been or will be disclosed, the data retention period, and the rights of the data subject.
-
Article 16 Right to Rectification
to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data. -
Article 17 Right to erasure (“right to be forgotten”)
to obtain, without undue delay, the erasure of personal data concerning you. -
Article 18 Right to restriction of processing
to obtain restriction of processing. -
Article 20 Right to Data Portability
to receive the personal data concerning you in a structured, commonly used, and machine-readable format; to transmit that data to another controller without hindrance; and, where technically feasible, to have your personal data transmitted directly to that other controller, provided that the processing is based on consent and is carried out by automated means.
-
Article 21 Right to Object
to object to the processing of your personal data, unless the Data Controller has legitimate grounds to continue the processing.
-
Article 77 Right to lodge a complaint with the supervisory authority
to lodge a complaint with the Italian Data Protection Authority, Piazza di Montecitorio No. 121, 00186, Rome (RM).
-
Article 82 Right to Compensation
to request compensation for damages resulting from a violation of the law.
All of the aforementioned rights may be exercised by the data subject directly with the relevant data controllers (e.g., Client Companies, the Vehicle Company, etc.) at their respective addresses and contact information.
Below, we provide the appropriate forms for this purpose:
Form for Exercising Rights Regarding Personal Data Protection
However, you may also contact Axactor Italy Spa in its capacity as Data Processor, which will forward the request to the Data Controller and assist in its handling. Similarly, data subjects may exercise the above rights directly with Axactor Italy Spa—but this time in its capacity as the data controller—whenever such rights pertain to data processed through this website.
Personal Data of Minors:
Please be advised that AXACTOR ITALY S.p.A. does not process the personal data of minors.
Therefore, we urge anyone under the age of 18 not to disclose their personal data under any circumstances. AXACTOR ITALY S.p.A. reserves the right to deny access to its services and does not guarantee the successful completion of any requested activities or services for anyone who has concealed their minor status.
Data Protection Officer:
Requests regarding data processing carried out by Axactor Italy S.p.A. should be directed to the Data Protection Officer at privacy@axactor.com.
For processing related to transferred files, please contact the Data Controller.
This privacy notice is a general obligation that must be fulfilled before or, at the latest, at the time of initiating the direct collection of personal data. In the case of personal data not collected directly from the data subject, the notice must be provided within a reasonable timeframe, or at the time of communication (not registration) of the data (to third parties or to the data subject). The notices for the various categories of data subjects follow.
+ NOTICE ON THE PROCESSING OF PERSONAL DATA