Skip to content. | Skip to navigation

Information for the processing of personal data for the website users

Agenzia italiana per l’internazionalizzazione - Promos Italia S.c.r.l., with registered office in Milan, via Meravigli No. 9/B, as data controller (hereinafter, "Data Controller"), hereby informs You, pursuant to Regulation (EU) 2016/679 ("GDPR") and applicable national legislation on personal data protection, that Your data will be processed in the following ways and for the following purposes:

  1. Object of the Data Processing

The Data Controller processes personal, identifying and non-particular/sensitive data (hereinafter, "Personal Data" or also "Data"), communicated by You during your navigation on the website www.investinlombardy.com (hereinafter, "Site"). In particular:

  • browsing data such as IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. This information is also collected by means of the cookies described in the website's Cookie Policy, to which reference should be made;
  • Data collected through cookies described in the Cookie Policy, to which we refer You for more information;
  • Data send by contact form.
  1. Purposes and legal bases of the processing

Your Personal Data are processed for the following purposes and legal bases:

without Your prior consent for:

the performance of the contract and/or the fulfilment of pre-contractual commitments, in particular to:

  • manage and maintain the Site;
  • reply to requests sent via the contacts on the Site;
  • allow You to navigate the Site;

the fulfilment by the Controller of legal obligations, such as:

  • compliance with the obligations provided for by laws, regulations or national and Community legislation or imposed by the competent Authorities.

the pursuit of a legitimate interest of the Controller, in particular:

  • preventing or discovering fraudulent activities or abuses harmful to the Site, as well as exercising the rights of the Owner in court and the management of litigation: the Owner's interest corresponds to the general legitimate, real and current interest not to suffer damages as a result of the unlawful conduct of others, as well as to the constitutionally guaranteed right of action (art. 24 of the Italian Constitution) and, as such, is socially recognised as prevailing over the interests of the individual concerned;
  • to manage and maintain the Site: the interest of the Data Controller relates to the general interest of a company in guaranteeing business operations, also through the operation of the Site, and possible improvements in the service offered.

with Your prior consent to

  • send You informative and promotional communications and newsletters;
  • use profiling cookies.
  1. Processing methods

The processing of Your Personal Data is carried out, both in paper and electronic form, by means of the operations of collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Your Personal Data is processed electronically and, if necessary, automatically. Your Personal Data is protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the original purpose of collection. This is achieved by the technical and organisational

  1. Data Retention

The Data Controller processes browsing Data to the extent strictly necessary and proportionate to ensure network and information security, i.e. the ability of a network or an information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the Personal Data stored or transmitted and the security of the related services offered by or accessible through such networks and systems.

The Data Controller processes the Data collected through cookies for the time indicated in the Cookie Policy.

Personal Data:

  • provided by filling in contact forms or writing to e-mail addresses on the Site will be processed for the time necessary to process the request sent and stored for a maximum of 60 days;
  • will be processed for sending information and promotional communications and newsletters for a maximum of 2 years from the consent collection.
  1. Provision of Data

The provision of Data is, in general, necessary to allow You to navigate on the Site. If You decide not to provide the Data, we will not be able to guarantee Your navigation. The provision of Personal Data for marketing purposes is optional and failure to provide it will not prevent You from continuing to browse and access the services. The provision of Data filling in forms is obligatory in the cases indicated as such and optional in the others. Failure to complete the mandatory fields will prevent You from continuing with the action taken. The provision of Data for the consent-based purposes is always optional.

  1. Access to Data

Your Data may be made accessible for the above purposes to:

  • employees and/or collaborators of the Data Controller, in their capacity as data processors and/or internal data controllers and/or system administrators;
  • third parties (e.g. IT suppliers, etc.) who perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
  1. Communication of Data

Your Data may be communicated, even without your consent, to control bodies, law enforcements or judicial bodies, administrative authorities, chambers of commerce upon their explicit request. Such entities shall process your Data in their capacity of independent controllers, for institutional and/or law purposes in the event of controls or investigations.

  1. Transfer of Data

The Data Controller may transfer the Data outside the European Union. To this end, in accordance with privacy legislation, the Data Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (for example, adequacy decisions or standard contractual clauses).

  1. Rights of the interested party

The Data Controller informs You that, as a data subject, if the limitations provided for by law do not apply, You have the right to

  • obtain confirmation of the existence or otherwise of Your Personal Data, even if not yet recorded, and that such Data be made available to You in an intelligible form;
  • obtain an indication and, where appropriate, a copy of: a) the origin and category of Your Personal Data; b) the logic applied in the event of processing carried out with the aid of electronic instruments; c) the purposes and methods of processing; d) the identity of the data controller and data processors; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it, in particular if it is received from third countries or international organisations; e) where possible, the period of storage of the data or the criteria used to determine this period;
  • obtain, without undue delay, the updating and rectification of inaccurate data or, where interested therein, the integration of incomplete data;
  • obtain the cancellation, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in the event of withdrawal of the consent on which the processing is based and if there is no other legal basis, d) if You have opposed the processing and there is no overriding legitimate reason to continue processing; e) in the event of compliance with a legal obligation; f) in the case of data relating to minors. The Data Controller may refuse erasure only in the case of: a) exercise of the right to freedom of expression and information; b) performance of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
  • obtain the restriction of processing in the event of: a) contestation of the accuracy of Personal Data; b) unlawful processing by the Data Controller to prevent their deletion; c) exercise of a right of Yours in a court of law; d) verification of whether the legitimate reasons of the Data Controller prevail over those of the data subject;
  • receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the Personal Data concerning You in order to transmit them to another data controller or - if technically feasible - to obtain direct transmission by the Data Controller to another data controller;
  • to oppose, in whole or in part, for legitimate reasons, the processing of Your Personal Data, even if pertinent to the purpose of collection;
  • to lodge a complaint with the Guarantor Authority for the Protection of Personal Data.

In the above cases, where necessary, the Data Controller will inform the third parties to whom Your Personal Data are communicated of the possible exercise of Your rights, except in specific cases (e.g. when this proves impossible or involves the use of means manifestly disproportionate to the protected right).

  1. How to exercise Your rights

You may exercise these rights at any time:

  1. Data Controller, Data Protection Officer and Data Processor

The data controller is Agenzia italiana per l'internazionalizzazione - Promos Italia S.c.r.l., with registered office in Milan, Via Meravigli n. 9/B - 20123, Tax Code and VAT number 10322390963.

The Data Controller has also appointed a Data Protection Officer who can be contacted by sending an email to dpo@promositalia.camcom.it.

The updated list of data processors, persons in charge of processing and system administrators is kept at the Data Controller's head office.

[Last updated: 03/08/2023]

If you have any questions, do not hesitate to contact us

Contact us