Legal pack v1.0 · 2026-04-27

Italian + EU procurement-ready legal pack.

Everything an Italian or EU enterprise procurement team asks for during a Claresia evaluation: a bilingual EN+IT Data Processing Agreement with all 17 articles + 5 annexes, plus four pre-filled security questionnaires (CAIQ-Lite, SIG-Lite, EU NIS2, Italian Garante). Honest answers throughout — controls Claresia does not yet hold are explicitly marked "Planned Q* 2026" rather than overstated.

View the DPA Download questionnaires Live sub-processor list

Documents

DPA EN + DPA IT + 4 questionnaires

Questionnaire entries

286

EN + IT, honest answers

Languages

EN + IT

Italian primary for Garante

Frameworks

GDPR · Garante · NIS2 · CAIQ · SIG · EU AI Act · ISO 27001 · Schrems II

Data Processing Agreement

Master DPA template — 17 articles + 5 annexes (Description of Processing, Technical and Organisational Measures, Sub-processors, SCC Module 2 + 3, Italian Garante Compliance Statement). Counter-sign-ready once promoted from DRAFT to v1.1 RELEASED after Italian outside-counsel review.

Data Processing Agreement (English)

Updated 2026-04-27 · EN

DRAFT

Master DPA template — 17 articles + 5 annexes. GDPR + Italian Garante + Schrems II + NIS2 aligned. SCC Module 2 + Module 3 + UK IDTA referenced. Italian Statuto dei Lavoratori art. 4 addendum included.

DRAFT v1.0GDPRNIS2Schrems II17 articles + 5 annexes

View as HTML~38 KB Download Markdown~24 KB

Accordo sul Trattamento dei Dati Personali (Italiano)

Updated 2026-04-27 · IT

DRAFT

DPA in formal legal Italian — 17 articles + 5 annexes. GDPR + Codice della Privacy + Garante provvedimenti + NIS2 (D.Lgs. 138/2024) aligned. Statuto dei Lavoratori art. 4 addendum included. Italian version primary for Italian-jurisdiction execution.

DPA in italiano legale formale — 17 articoli + 5 allegati. Conforme a GDPR + Codice della Privacy + provvedimenti del Garante + NIS2 (D.Lgs. 138/2024). Addendum art. 4 Statuto dei Lavoratori incluso. Versione italiana primaria per l'esecuzione in giurisdizione italiana.

BOZZA v1.0GDPRGaranteD.Lgs. 138/2024Statuto Lavoratori art. 4

Visualizza come HTML~38 KB Scarica Markdown~25 KB

Pre-filled security questionnaires

Four canonical questionnaires the Italian + EU enterprise procurement teams ask for during AI vendor due-diligence. Every answer is real — controls Claresia does not yet hold are explicitly marked "Planned Q* 2026" with target quarter.

CAIQ-Lite (Cloud Security Alliance)

Updated 2026-04-27 · EN+IT

DRAFT

CSA CAIQ-Lite v4.0.3 pre-filled with 33 honest answers across 17 control areas (AAC, AIS, BCR, CCC, DCS, DSI, EKM, GRM, HRS, IAM, IPY, IVS, MOS, SEF, STA, TVM, IPV). Bilingual EN+IT.

DRAFT v1.0CSA CAIQ-Lite17 control areas33 questions

EN — JSON~12 KB IT — JSON~13 KB

SIG-Lite (Shared Assessments)

Updated 2026-04-27 · EN+IT

DRAFT

Shared Assessments SIG-Lite 2026.1 pre-filled with 60 honest answers across 16 domains (Risk, Policy, Org, Asset, HR, Physical, Ops, Access, Crypto, AppSec, Incident, BC, Compliance, Privacy, Cloud, Mobile). Bilingual EN+IT.

DRAFT v1.0SIG-Lite 2026.116 domains60 questions

EN — JSON~22 KB IT — JSON~24 KB

EU NIS2 Vendor Due-Diligence

Updated 2026-04-27 · EN+IT

DRAFT

25 questions reflecting NIS2 Article 21 controls + Article 23 incident reporting cooperation. References Italian transposition D.Lgs. 138/2024. Honest "Planned Q* 2026" answers where applicable.

DRAFT v1.0NIS2 Art. 21+23D.Lgs. 138/202425 questions

EN — JSON~13 KB IT — JSON~14 KB

Garante per la Protezione dei Dati Personali

Updated 2026-04-27 · EN+IT

DRAFT

Italian-specific GDPR enforcement questionnaire reflecting binding Garante provvedimenti on automated decision-making, employee monitoring (Statuto dei Lavoratori art. 4), AI in workplace (2023 ChatGPT + 2024 biometric rulings), cookies, and Schrems II. Italian primary; English convenience translation.

Questionario specifico italiano sull'enforcement GDPR del Garante: decisioni automatizzate, controllo dei lavoratori (art. 4 Statuto dei Lavoratori), IA in contesti lavorativi (provv. ChatGPT 2023 + provv. biometrici 2024), cookie e Schrems II. Italiano primario; traduzione di cortesia in inglese.

BOZZA v1.0GaranteStatuto LavoratoriSchrems II25 quesiti

IT — JSON (primary)~16 KB EN — JSON (convenience)~14 KB

Per clienti italiani

La versione italiana del DPA è disponibile sopra ed è la versione di riferimento per i clienti stabiliti in Italia (Art. 17 DPA). L'Addendum Italiano (Art. 16) recepisce esplicitamente lo Statuto dei Lavoratori art. 4, i provvedimenti vincolanti del Garante (provv. n. 232/2024 sul controllo dei lavoratori, provv. ChatGPT 2023, provv. biometrici 2024, provvedimento cookie) e la giurisdizione del Tribunale Ordinario di Milano.

Il questionario del Garante è in italiano come versione primaria; la traduzione inglese è fornita per legali internazionali. Tutti gli altri documenti hanno l'inglese come versione di controllo (traduzione di cortesia in italiano).

DPO Claresia: dpo@claresia.com · Sede legale: Milano, Italia.

Need a custom DPA addendum?

Reach out for vertical-specific addenda (financial services / DORA, healthcare / HDS, public administration, etc.) or sector-specific TIA support.

security@claresia.com

What unblocks production (DRAFT → RELEASED)

Italian outside-counsel legal review (recommended panel: ICT Legal Consulting, Studio Cataldi, Studio Legale Pavia e Ansaldo, Studio Legale Macchi di Cellere Gangemi).
Notarized signature workflow setup (DocuSign EU + qualified electronic signature under eIDAS).
Certified Italian legal translator review (AITI-affiliated, formal Italian legal register).
DPF / SCC bridge updates — re-validate the EU-US Data Privacy Framework status at execution + monitor SCC 2021/914 revision cycles.
Sub-processor list lock — reconcile the Q1-Q4 2026 planned sub-processors with the at-execution-time signed list (currently 3 active + 13 planned).
ISO 27001:2022 certification (Q3 2026 target) promotes several "Planned" answers to "Active" and removes the largest procurement objection.