Informativa Privacy





Following the abovementioned Regulation, the personal data treatment will be characterized on the lawfulness, fairness, transparency, and protection of Your privacy and rights.

ConLor S.p.A., having his legal seat in Via Bronzino 8, Milano (MI) as Controller of the data processing, informs You that following parr. 13 and 14 of GDPR that Your personal data will be processed with the following modality and according to the following purpose(s).

1) Object of the processing

The Controller processes personal, distinctive and non-sensitive data (in particular, name, family name, email, telephone number – hereinafter referred to as the “Personal Data” or “Data”) that You will provide it.

2) Purpose of the processing

The basis of Your Data processing is the execution of a contract (letter a.), consent (b.), and legitimate interest of the Controller (c. and d.),

a. for the management and execution of the contract and the pre-contractual negotiation between You and the Controller;

b. for direct marketing purposes, such as forwarding newsletter and/or for setting up mailing lists;,

c. to fulfill legal duties deriving from national of European rules and regulations, or from an order coming from a Jurisdictional Authority;

d. to grant the Controller the possibility to exercise his right, e.g. to defend himself in front of a competent Court.

3) Data processing procedure

Data processing is performed on the basis of the operations listed under par. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, utilization, interconnection, interdiction, communication, cancellation and destruction, Your Personal Data are subject to both in paper and electronic/automated format processing.

4) Data access

Data will be made accessible for the purposes listed under 2 above, to employees and consultants of ConLor S.p.A., as appointed operators and/or system administrators.

5) Data transmission

Your Data may be transmitted to Data Processors appointed by the Controller. We inform you that all collected Data will not be subject to communication unless upon your explicit consent, except for communications to public bodies, consultants, or other processors to whom the transmission of Your Data is mandatory.

6) Data transfer

The management and conservation of Data will be implemented by mean of the servers that are located in the Controller’s and/or Processors’ seat. Collected personal data will not be transferred outside the EU. It is understood that the Controller, if needed, at its own discretion, may move the company server to another location. In such case, the Controller will guarantee thet the Data transfer will be performed according to the regulation in force.

7) Data dissemination. Data subject profiling.

Your Data are not subjet to dissemination. Your data are not subject to profilation.

8) Data subject rights

The Regulation grants Data subject certain rights, amongst which:

(a) to obtain confirmation that a Data treatment of his personal data is in place, and get to access such Data (following par. 15 GDPR);

(b) to obtain the revision of inaccurate personal data (following par. 16 GDPR);

(c) to obtain erasure of any persona data referring to him, following the “right to be forgotten” (following par. 17 GDPR);

(d) to obtain the limitation of Data treatment by the Controller (following par. 18 GDPR);

(e) to receive the personal data concerning him, which he has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller (following par. 20 GDPR);

(f) to object at any time to processing of personal data concerning him (following par. 21 GDPR).

You can anytime revoke the consent you gave to the Controller, without such revocation affecting Data processing that has already been put in place by the Controller.

9) How to exercise your rights

You can anytime exercise any of the rights listed above by mean of a written request to be addressed either to the Controller’s seat, or to the certified email address


10) Underage data subject

The Controller does not collect intentionally underage persons’ personal data. In case such data are somehow stored, the Controller will promptly delete them, upon request.

11) Data processing duration

We underline that, following the principles of lawfulness, limitation of purposes and minimization of Data, according to par. 5 GDPR, following your free and explicit consent, your Personal Data will be stored for the time span that is permitted by the law.

12) Right to file a petition in front of a control authority.

You have the right to file a petition in front of a control authority (for Italy, the Garante della Privacy, at any time, if You believe that the processing of Your data has not been managed appropriately; data subject have the right to file a petition in front of their national control authority, or the control authority of the Country where they work, or the Country where the violation of their right has taken place.

13) Controller, Processors, appointed Operators.

The Data Controller is ConLor S.p.A.. The updated list of Processors and appointed Operators is stored at the Controller’s legal seat.