Privacy Policy

Notice provided in accordance with article 13, GDPR

Filippetti SpA (hereinafter “Filippetti” or the “Data Controller”), with registered office at Via G. Gozzi 1/A – 20129 Milano / Italy, in the person of its legal representative, provides you with this notice in accordance with article 13, GDPR (abbreviated to the “Notice”).


a) Identity and contact details of the Data Controller

Filippetti SpA | Via G. Gozzi 1/A – 20129 Milan (MI)
VAT no. 02835110426 | mail: info@gruppofilippetti.it

b) Contact details of the data protection officer

Data Protection Officer
Via G. Gozzi 1/A – 20129 Milan (MI)
Indirizzo mail: dpo@gruppofilippetti.it

c) Purposes of the processing for which the personal data is intended and associated legal basis

Your personal data is processed:
(i) without your consent (article 6, paragraphs b, c, f, GDPR), for the following purposes:

  1. to fulfil precontractual and contractual obligations deriving from assigning a professional task/commissioning a service,
  2. to comply with legal and regulatory (national or Community) provisions, or to follow an order issued by a legal authority or supervisory body with jurisdiction over the Data Controller,
  3. to exercise the rights of the Data Controller, including in particular to defend itself in the courts;


(ii) with your consent (article 7, GDPR), for the following purposes:

  1. to organise events, meetings, conferences and seminars, including professional training events,
  2. for various kinds of marketing activity, including the promotion of professional services, the distribution of informative and promotional material, sending newsletters and publications, invitations to attend events,
  3. to manage surveys and questionnaires, including those relating to customer satisfaction.


The provision of data for the purposes described in section (i) above is obligatory. Missing data and/or explicit refusal of consent for processing will mean that the Data Controller will not be able to carry out the task assigned to it or requests made by the competent authorities will not be fulfilled.

The provision of data for the purposes described in section (ii) above is optional, with the result that you may decide not to give your consent, or to withdraw it at any time.

d) Categories of data processed

Within the context of the purposes of processing described in paragraph (c) above, only the following personal data, for example, will be processed: surname and first name, tax code, VAT number, residence, domicile, head office of place of work, email or certified email address, telephone and fax number, employing company, role and/or business classification, etc.

e) Categories of recipients of personal data

or the purposes described in paragraph (c) section (i) above, the personal data provided by you may be made available:

  1. to the Data Controller’s employees and staff, in their capacity as representatives authorised to process data (or so-called “data processors”),
  2. to third parties carrying out outsourcing activities on behalf of the Data Controller, in their capacity as data controllers,
  3. to legal or supervisory and administrative authorities, public bodies and organisations (national and foreign).


If you give your consent for the use of personal data for the purposes described in paragraph (c), section (ii) above, it may be made available to the individuals mentioned in points (1), (2) and (3), as well as, where appropriate and always with prior consent, to other legal bodies mentioned when consent is requested.

f) Storing and transferring personal data abroad

Personal data is managed and stored in the cloud and on servers hosted within the European Union owned by and/or made available to the Data Controller and/or appointed third-party companies, duly appointed as data processors. The transfer of data abroad to countries outside the EU is not planned or carried out. Your personal data will not be shared.

g) Period of time that personal data is stored

The personal data collected for the purposes described in paragraph (c), section (i) above will be processed and stored for the duration of the professional relationship. After this relationship has been terminated, for whatever reason or cause, the data will be kept for the applicable periods required ex lege. The personal data collected for the purposes described in paragraph (c), section (ii) above will be processed and stored for the time needed to fulfil these purposes and in any case for no more than 2 years from the date on which we are given your consent.

h) Your rights

In accordance with the provisions of Chapter III, Section I, GDPR, you can exercise the rights indicated therein, including in particular:

  1. Right of access – Obtain confirmation as to whether or not your personal data is being processed and, if it is, receive information about, among other things: the purposes of processing, the categories of personal data being processed and how long it is being kept, recipients to whom it might be communicated (article 15, GDPR),
  2. Right to rectification – Obtain, without undue delay, the rectification of inaccurate personal data about you and have incomplete information completed (article 16, GDPR),
  3. Right to erasure – Obtain, without undue delay, the erasure of personal data about you, in the circumstances stipulated in the GDPR (article 17, GDPR),
  4. Right to restriction – Obtain from the Joint Controllers the restriction of processing, in the circumstances stipulated by the GDPR (article 18, GDPR)
  5. Right to data portability – Receive, in a structured, commonly used and machine-readable format, personal data about you from the Joint Controllers and have it transmitted to another data controller without any impediment, in the circumstances stipulated by the GDPR (article 20, GDPR)
  6. Right to object – Object to the processing of your personal data, unless there are legitimate reasons for the Joint Controllers to continue to process it (article 21, GDPR)
  7. Right to complain to the competent supervisory authority – Lodge a complaint with the Autorità Garante per la protezione dei dati personali, Piazza di Montecitorio n. 121, 00186, Rome (RM).


You can exercise these rights by sending a request by email to the certified email address of the abovementioned Data Protection Officer.

i) Processing methods

Your personal data is processed using the operations mentioned in article 4, no. 2), GDPR – with or without computer systems – and more specifically: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In any case, the logical and physical security of data will be guaranteed, as well as, in general, the confidentiality of personal data being processed, by the implementation of all adequate technical and organisational measures to guarantee its security.