Information notice on the protection of personal data.


Art. 13, EU Reg. 679, 27 April 2016

Pursuant to Article 13, “European Regulation 2016/679 on the protection of natural persons with regard to the Processing of Personal Data and to the free movement of such data” (hereinafter “GDPR”), C.I.P.S. Informatica s.r.l. (hereinafter C.I.P.S.), with registered office in Via G. Marconi, 18 – 06012 – Città di Castello – (PG), as Data Controller is obliged to provide users, who connect to the domain (regardless of the reasons for that connection), with some information regarding the processing of their personal data carried out therein. This document is the “Privacy Policy” (subject to any future opportune update) for this website. For the purposes of this policy, without prejudice to all the definitions given in Art. 4 of the GDPR, the following is understood by:

Domain the domain accessible via the World Wide Web service of the Internet at the address, consisting of data, apps, technological resources, human resources, organisational rules and procedures to purchase, store, process, exchange, retrieve and transmit information.

I. Warnings and Protection of Minors

The processing of personal data will apply the principles of lawfulness, fairness and transparency. Personal data will be collected for specific, explicit, legitimate purposes (with limited purposes). It will be adequate, pertinent and restricted to the purposes for which it is processed (data minimisation). It will always be up-to-date and correct and stored for a period of time that does not exceed the time required for the purposes to execute the Contract, with the exception of fulfilling legal and tax obligations, which demand longer storage times (storage limitation) Personal data will be processed using all adequate security measures to guarantee it remains integral, confidential and unavailable for unauthorised third parties (integrity and confidentiality). If not expressly indicated, only persons of legal age may provide their personal data via the collection points on the website.

II. – Reference laws and legal foundations for processing

The processing operations, which we will explain in detail below, are legally based on the laws that govern your right to the protection of your personal data, your right to confidentiality and lastly on those that allow you to grant or revoke your informed consent to the processing operations at any time, i.e.: the EU General Regulation No. 679, 27 April 2016, on the protection of natural persons as regards the processing of personal data and the free circulation of that data; Informed consent shown in compliance with the current legislation in force (Art. 6 GDPR).
Fulfilment of obligations or orders to which the Data Controller is obliged by law or by order of the Supervisory Authority (Art. 6 GDPR).

III. – Nature of the data subjected to processing.

III.1. – The optional, explicit and voluntary sending of not only an e-mail to the addresses given on this website entails the subsequent acquisition of the sender’s address, required to respond to requests, but also any other personal data entered in the communication. Specific information sheets summarising the details will be gradually recorded or shown on the website pages prepared for special services on request. In any event – where envisaged by law – you will be asked each time for your consent to the processing of your personal data. Only after your consent, where necessary, will the following categories of your personal data be or may be subjected to processing for the purposes indicated.

(a). – Common personal data, identification data.

E.g. Name and Surname, Year of birth, Sex, Address, City, Province, E-mail address, Telephone number, Post Code.

(b) – Technical processing

Your IP number and the browser type you use to connect to the domain are also subject to processing (non-identifying data), automatically recorded by the logic devices to protect and control access to the domain (LOG FILES). This personal data will be used exclusively to control network traffic towards the domain This information is not collected in order to be associated with identified data subjects, but could by their very nature enable users to be identified by processing and associations with data held by third parties. This data is used solely to gain anonymous, statistical information regarding website use and to check it is operating correctly and is erased immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer offences damaging the website: apart from this circumstance, data from website contacts currently remain no longer than seven days.

(c) – Cookies.

Furthermore, C.I.P.S. uses cookie files to anonymously process and analyse the data regarding the pages you have visited on the domain uses these technologies (which enable us to understand your browser preferences and check the areas of the domain you have previously visited) so it can customise its services to fit you requirements without any unnecessary registrations. (A cookie consists of a series of data that a website sends to your browser. The aforementioned data can also be stored in your computer by an anonymous tag that identifies the computer but not the user.

Some C.I.P.S. pages use the cookies sent by C.I.P.S. or by third parties together with other technologies to offer better browsing on the website.

You can set your browser to receive a warning before receiving a cookie that gives you the opportunity to accepte or refuse it. You can also completely disable the cookies. If you disable cookies, some websites may not operate correctly.) For more detailed information on the use of cookies on the website, please read our Cookies Policy available here.

(d) – Special categories of personal data.

If special categories of personal data have been collected via the C.I.P.S. domain according to Art. 9, EU Reg. 679/2016, you will be notified in advance and given the opportunity to give your consent according to law.

IV. – Conditions of consent, data sources.

Providing your personal data is not generally mandatory. However, in some circumstances, it becomes necessary and is, therefore, mandatory, in order to enable you to take advantage of our website services and functions.

IV.1 – Data which needs to be provided.

IV.1.1. – Certain personal data need to be provided, and are, therefore, compulsory in order to fulfil your specific requests. You are always free to refuse your personal data. However, in that case, it could be impossible for the Data Controller to fulfil your requests, keep up with your requirements or enable you to fully use all the functions available on the website. C.I.P.S. will use paper and electronic supports to process identification data, which will be stored strictly for the necessary period of time. Once storage time has concluded, personal identification data will be automatically erased.

IV.1.2. – Data Sources.

We will collect your data directly from you via your interactions with our website or from the social media channels or other websites linked to CIPS srl.

V. – Purposes of the Processing.

In addition to the processing required due to legal obligations, or by order of the Supervisory Authority, C.I.P.S. will carry out the operations required to enable you to take advantage of the services and functions indicated on our website exclusively with your consent, if necessary.

VI. – Procedures to process your personal data.

As regards all the purposes mentioned in the preceding paragraphs, your personal data will be subjected to electronic and paper processing, using specific electronic procedures in order to customise the services C.I.P.S. is able to offer you. Our data processing will guarantee logic and physical security and confidentiality and may use manual, electronic and telematic instruments to store, transmit and share your data. Processing logics will be directly correlated to the intended purposes.

VI.1. – Data security and storage.

VI.1.1. – Your personal data will be stored within the European Union. The relevant security policies are reviewed in compliance with the Best Practices on the subject.

VI.1.2. – Profiling, automated decisional process.

We do not carry out profiling on the data collected via our Internet website other than what is strictly required to offer the services that enable you to use the services offered on our website, with the exception of what is specified in our cookie policy.

VII. – Data recipients and transfer abroad.

VII.1. – Data Processing Supervisors and data processors

Your personal data may come to the knowledge of the Data Processing Supervisors and data processors according to this privacy policy: these are qualified personnel within C.I.P.S., all of whom have their own restricted competencies and duties and who work on the tasks assigned to them according to the instructions they have been given. This includes third parties outside C.I.P.S., also specifically appointed as Data Processing Supervisors and data processors, employed by C.I.P.S. to specifically carry out various services, all of whom have their own restricted competencies and duties and who work on the tasks assigned to them according to the instructions they have been given.

VII.2.- Data communication (to specific external parties).

For ordinary management, accounting and administrative activities, C.I.P.S. may communicate your personal data to third party service providers with your prior consent according to law, where envisaged, in compliance with security measures, for the sole purpose of fulfilling the service you requested, e.g.: postal service companies, legal and notarial offices, consultants even operating as an association, other service companies and additional parties to fulfil any legal obligations (e.g. insurance companies, the police, judicial authorities, etc.). The list of these parties to which we may communicate your data is available at the Data Controller’s head office.
VII.3. – Transfer of personal data abroad.

C.I.P.S. has decided not to transfer any personal data abroad. However, some third party service providers may have servers physically located abroad (e.g. e-mail providers). In this case, the transfer of data abroad will take place exclusively according to and in compliance with Art. 44 et seq, EU Reg. 679/2016.

VII.4. – Data communication (to unspecified external parties).

Personal data may not be distributed under any circumstance.

VIII. – Data subject’s rights.

Articles 15 to 22, GDPR, grant the exercise of specific rights to the data subjects. Art. 15, GDPR acknowledges that data subjects have the right to access and obtain a copy of their personal data. The right to obtain a copy of the data must not harm the rights and freedom of others. A request for access gives the data subject the right to obtain confirmation or otherwise from C.I.P.S. that processing is in progress of his/her personal data and to know the purposes and categories of the processed data, the third parties to whom the data will be communicated and whether data transfer to a country outside the EU is adequately guaranteed. The data subject also has the right to know the storage time of his/her personal data and has the right to ask for any incorrect data to be rectified and any incomplete data to be integrated, erased (right to be forgotten) according to the terms and conditions indicated in Art. 17, GDPR, processing to be restricted, to withdraw consent, to data portability and the right to object at any time and without having to provide any justification to processing for direct marketing purposes. The rights may be exercised via e-mail to the address of C.I.P.S. or via ordinary mail to the address given below. The Data Controller may need to identify the data subject by requesting a copy of his/her identity document. The data subject, who believes the processing of his/her personal data breaches the measures of the GDPR or national legislation on the subject of the protection of personal data, has the right to file a complaint with the Italian Data Protection Authority with headquarters in Rome, pursuant to Art. 77, GDPR and/or to take legal steps with the judicial Authority. In order to exercise these rights or obtain any further information about them and, more generally speaking, about the processing of your personal data, please send your requests via e-mail to the following address:; or via ordinary mail to C.I.P.S. Informatica s.r.l. – Via G. Marconi, 18, 06012 – Città di Castello – (PG) – Italy.

IX. – Withdrawal of Consent, Questions on Privacy, Access and Verification.

If you have a question or require further information regarding the processing of your personal data or about exercising your rights mentioned in the previous section No. VI, please send an e-mail to the C.I.P.S. website’s administrator, by writing to You can also contact us at the same address for answers on how C.I.P.S. handles your information. Before C.I.P.S. can provide or modify any information, it may need to check your identity and ask you a few questions. We will get back in touch with you as soon as possible.

X. – Data Controller

The Data Controller is C.I.P.S. Informatica s.r.l. with head office in Via G. Marconi, 18, 06012 – Città di Castello – (PG) – Italy.

XI. – Data Protection Officer

The Data Protection Officer is Mr Paolo Biccheri at the head office of C.I.P.S. Informatica s.r.l. – Via G. Marconi, 18, 06012 – Città di Castello – (PG) – Italy. E-mail:

XL.1. – Data Processing Supervisors

The complete list of Data Processing Supervisors is available at our head office. This mandatory information is subject to updates, depending on any changes in the provisions of applicable laws.

Città di Castello (PG) – Italy, December 15, 2020

The Data Controller
C.I.P.S. Informatica s.r.l.