PRIVACY POLICY – Information document article 13 EU Reg. 2016 / 679 – GDPR

In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data), we hereby indicate the necessary information regarding the processing of the personal data provided.


The information is not to be considered valid for other websites that may be consulted through links on the websites in the domain of the owner, who is not to be considered in any way responsible for third party websites.


This is an information notice pursuant to art. 13 of EU Reg. 2016/679 (European Regulation for the protection of personal data) and is also inspired by the provisions of Directive 2002/58 / EC, as updated by Directive 2009/136 / EC on the subject of Cookies, as well as provided for by the Provision of the Guarantor Authority for the protection of personal data of 05.08.2014 regarding cookies.

Use by minors

The Service is not aimed at individuals under the age of 16; SOFAR asks that such subjects do not provide Personal Information through the Service. If your child has sent personal information and you wish to request the removal of such information, you can contact the Data Controller as indicated below. In any case, the Data Controller will immediately delete the data once it becomes aware of it.

Processable personal data

“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); the natural person that can be identified is considered identifiable, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social.

Specific information

Specific information may be presented on the pages of the Site in relation to particular services or processing of the Data provided.


For more information on the cookies used by this website, see the cookies policy at the following link.


Pursuant to art. 4 and 24 of EU Reg. 2016/679 the Data Controller is SOFAR SpA via Firenze, 40 – 20060 Trezzano Rosa (MI) – Italy, in the person of the legal representative, e-mail contact

DATA PROTECTION OFFICER (RPD / DPO – Data Protection Officer)

Pursuant to art. 37 – 39 of EU Reg. 2016/679 the Data Protection Officer is RES EXCELSA Srl., Via Aventina, 7 – 00153 ROME – Italy, e-mail contact






Type of data processed

The following categories of data may be processed:

  • Data provided voluntarily by the user

Data provided directly by the user is not processed by the site.

  • Automatic acquisition data (“Navigation data” and “Cookies”)

Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data (such as the IP addresses or domain names of the computers used by users, the pages visited and the date/time of the visit) whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties but, due to their very nature could, through processing and association with data held by third parties, allow users to be identified.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site.


To make navigation on this Site more efficient and immediate, when users access this Website, cookies are used: small text strings that allow users to maintain connection to the Site.

For more information see our Cookie Policy.

Purposes and methods of processing

The purposes and legal basis of the processing are detailed in the table below.



Management, correct functioning, use and consultation of the site [Common data] Legitimate interest of the Data Controller [Article 6.1f]


Retention: up to 2 years from the browsing session.

Compliance with specific obligations established by law or other binding regulations Fulfillment of legal obligations [Article 6.1c]


The processing of personal information concerning you will be based on principles of correctness, lawfulness and transparency and on the protection of your privacy and your rights.

The treatment will be carried out on computer and paper support. Furthermore, your data are collected and archived both in computer databases and in paper archives.

The processing will be carried out respecting and applying the appropriate security measures to safeguard the confidentiality, integrity, and completeness of the data processed, in accordance with the provisions of Article 32 of the GDPR and in accordance with the instructions given by the Data Controller.


Company personnel belonging to the categories of administrators, IT technicians, product managers, etc. are authorized to process user data and other subjects who need to treat them in the performance of their duties and duly instructed by the Data Controller pursuant to art. 29 of EU Reg. 2016/679


Furthermore, the data may be disclosed to:


  • subjects that provide services for the management of the information system and communication networks (including e-mail), web agencies and suppliers for the management of the website;
  • studies or companies in the context of assistance and consultancy relationships;
  • competent authorities for the fulfillment of legal obligations and/or provisions of public bodies, upon request;
  • the company SB, domiciled at the Owner, for the pursuit of its supervisory activities and application of the Code of Conduct.


The subjects who receive the data treat them as owners, managers, or are authorized to process them, as the case may be, for the purposes indicated above and in compliance with the applicable privacy law.


The list of data processors is constantly updated and available by writing to or at the registered office in via Firenze, 40 – 20060 Trezzano Rosa (MI) – Italy


Personal data are processed in the EU territory.

However, the possible transfer of data to third countries, including countries that may not guarantee the same level of protection provided for by the Privacy Law, the Data Controller informs that the processing will in any case take place according to one of the methods allowed by the Regulation, such as consent, the user, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data or operating in countries considered safe by the European Commission.


The data processing will be carried out in an automated and manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by specifically authorized subjects. In compliance with the provisions of art. 5 paragraph 1 letter. e) of EU Reg. 2016/679, the personal data collected will be stored in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The retention of the personal data provided depends on the purpose of the processing (see table).

The timing is determined on the basis of criteria of which the interested party can have specific information by writing to


You can assert your rights as expressed by EU Regulation 2016/679, by contacting the Data Controller, by sending an e-mail to or by writing to the Data Controller’s office indicated above. You have the right, at any time, to ask the Data Controller for access to your personal data (Article 15), the rectification (Article 16) or cancellation (Article 17) of the same, or the limitation of processing (Article 18) or to oppose their treatment based on legitimate interest (Article 21).

If the processing is based on consent, you have the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

To oppose the processing and to exercise the other rights, you can write to

You have the right to lodge a complaint with a supervisory authority. Communication of personal data is not an obligation. You are free to provide personal data in the dedicated areas on the site. Failure to provide personal data will make it impossible to use the services offered by the data controller.

There is no existence of an automated decision-making process.


Date of update: 16/07/2021