Personal data

Information on the personal data processing

The user’s personal data are used by Ksenia Security SpA, which is the data controller for the processing, in compliance with the principles of protection of personal data established by the GDPR 2016/679 Regulation.

METHOD AND PURPOSE OF DATA PROCESSING

1) We inform you that the data will be processed with the support of the following means:
a) Mixed – electronic and paper with the following purposes:

  • Fulfillment of legal obligations related to commercial relationships
  • Fulfillment of tax or accounting obligations
  • Statistical analysis
  • Promotional activities
  • Provision of the product service
  • Supplier management (contracts, orders, arrivals, invoices)
  • Dispute management (contracts, orders, arrivals, invoices)
  • Customer management (contracts, orders, shipments and invoices)
  • Offer of goods and services through mailing lists
  • Freight operations
  • Profiling for promotional purposes
  • Services for the protection of consumers and users
  • Internal control services (safety, productivity, quality of services, asset integrity)

Any refusal to allow the processing of data makes it impossible to use the service requested by the user.

Unless explicitly refused by the interested party, the user’s data will also be processed for the following purposes:

  • sending of proposals and commercial communications by e-mail or SMS or fax, by both Ksenia Security SpA and partner companies; market surveys and statistics, marketing, references on advertising communications (press, radio, TV, internet, etc.), product preferences and verification of the degree of customer satisfaction;

LEGAL BASIS

2) The provision of data is mandatory for all that is required by legal and contractual obligations and therefore any refusal to provide them in whole or in part may make it impossible to provide the requested services.

The company processes the users’ optional data on the basis of consent, i.e. through the explicit approval of this privacy policy and in relation to the methods and purposes described below.

CATEGORIES OF RECIPIENTS

3) Without prejudice to communications made in fulfillment of legal and contractual obligations, all data collected and processed may be communicated exclusively for the purposes specified above to the following categories of interested parties:

  • High public administrations;
  • Supervisory and control authority;
  • Customers and users;
  • Consultants and freelancers also in associated form;
  • Businesses;
  • Insurance companies;
  • Authorized persons;
  • Internal managers;
  • Companies that carry out warehouse and transport logistics services;
  • Companies and businesses;

Furthermore, in the management of your data, authorized persons and / or internal and external managers identified in writing by Ksenia Security and to whom specific written instructions on data processing have been provided may become aware of the same.

DATA RETENTION PERIOD

4) The data required for contractual and accounting purposes are kept for the time necessary to carry out the commercial and accounting relationship.

The data of those who do not purchase or use products / services, despite having had a previous contact with company representatives, will be immediately deleted or processed anonymously, where their conservation is not otherwise justified, unless it has been validly acquired. the informed consent of the interested parties relating to a subsequent commercial promotion or market research activity.

The data retention period is: 3 years.

RIGHTS OF THE DATA SUBJECT

5) Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the interested party may, according to the methods and within the limits established by current legislation, exercise the following rights:

  • request confirmation of the existence of personal data concerning him (right of access);
  • know its origin;
  • receive intelligible communication;
  • have information about the logic, methods and purposes of the processing;
  • request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
  • in cases of treatment based on consent, to receive their data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
  • the right to lodge a complaint with the supervisory authority.

6) The data controller of your personal data is Ksenia Security SpA.

Customer Information

Information on Customer Data Processing

(Art. 13, EU Regulation 679/2016)

Ksenia Security Spa, with its registered office in Ripatransone, Strada Provinciale Valtesino 49, VAT No. 02027680442, in its capacity as Data Controller

INFORMS

its customers—and potential customers—that the personal data collected by the Data Controller, acquired from third parties, or voluntarily provided by the data subjects through various collection channels (stores, website, events, product and service inquiries, etc.) will be processed lawfully and fairly, in compliance with the principles established by European and Italian regulations. The main legal provisions governing the processing of personal data are European Regulation 679/2016 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.. 

DEFINITIONS

Data Subject The natural person to whom the data processed by the Data Controller or the Data Processor pertains.
Data Controller The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller based on a contract that governs the conditions of the assignment.

PURPOSES OF DATA PROCESSING

Data processing activities are carried out by the Data Controller at the company’s premises, in compliance with the security measures and requirements imposed by European Regulation 679/2016, by authorized or delegated personnel carefully selected and possessing the necessary expertise, through both manual and computerized procedures to execute specific requests from the Data Subject, fulfill pre-contractual and contractual obligations, carry out routine administrative, financial, and accounting activities, manage customer inquiries during product sales and service provision, provide after-sales assistance, comply with legal obligations, and conduct statistical analyses in anonymous form or after a pseudonymization process. Upon the Data Subject’s request or with their specific consent, data processing may also be carried out to measure customer satisfaction, preferences, and habits, send commercial information or advertising materials, conduct direct marketing campaigns, allow participation in contests, promotions, or prize-based initiatives, invite customers to events and exhibitions, provide additional services, conduct market research, and perform other activities directly or indirectly related to marketing. The Data Controller may use the Data Subject’s email address to verify their membership in social networks such as Facebook and leverage the tools provided by these platforms, including retargeting and look-alike features, to promote its products and activities, in which case the necessary consent for commercial communications has already been obtained by the platform. Additionally, Data Subjects may submit personal data to the Data Controller for potential employment or business collaboration opportunities. For large clients who maintain banking relationships with the company, including mutual transfers, order-related credit lines, or deferred payments, data collection may also include assessments of solvency, financial reliability, and market reputation.

DATA SUBJECT TO PROCESSING

Information Requests Common Data Name, surname, e-mail address, telephone and postal contacts, and other data necessary to fulfill the data subject’s requests (e.g., model, size, color, etc.)
Purchases Common Data Name, surname, e-mail address, telephone and postal contacts, and other data useful to ensure contract execution and after-sales support.
Newsletter Common Data Data subject’s e-mail address for sending periodic communications about the Controller’s products, services, and initiatives.
Communications Common Data Name, surname, e-mail address, telephone and postal contacts for sending commercial communications and conducting marketing activities, retargeting, look-alike campaigns, etc., including via social networks.
Loyalty Program Common Data Name, surname, e-mail address, telephone and postal contacts, and other data useful to tailor commercial offers (e.g., purchase history for assigning benefits and discounts).

MINORS’ DATA

The Data Controller has no interest in processing data of minors.

NATURE OF DATA PROVISION

The processing of contact data is essential to fulfill the Data Subject’s requests and contractual obligations. Therefore, providing such data is necessary; otherwise, the processing cannot take place. Any incorrect or insufficient communication of the required data may result in the partial or total inability to fulfill the Data Subject’s requests and in potential discrepancies between the processing results and the agreements made or the obligations imposed by laws and regulations. Additional information may be required for customer verification purposes, such as financial solvency and consumer credit assessments. Other data are collected solely to tailor navigation experience, promotional campaigns, offers, production, and inventory, as well as the overall business activities, to the tastes and interests of customers. Their provision is not mandatory, and any refusal to process them or the withdrawal of previously given consent does not affect the establishment or continuation of the primary relationship.

The legal bases for processing by the Data Controller include compliance with pre-contractual and contractual obligations, legal requirements, the legitimate interest of the Controller in managing data to improve the offer of products and services, and the explicit consent of the Data Subjects. The Data Subject may request the Data Controller to specify the legal basis for each type of processing.

RETENTION TERMS

The data processed by the Data Controller, subject to legal obligations, will be retained until an explicit deletion request is made by the Data Subject. In any case, data will be periodically reviewed, including through automated procedures, to ensure their accuracy and relevance to the purposes of processing. If the purpose for which the data was collected no longer exists, the data will be deleted unless processing is required to comply with legal obligations, protect rights in judicial proceedings, or upon the explicit request of the Data Subject (currently, a maximum of 10 years from the termination of the relationship). Once processing has ended and the data has been deleted, the Data Subject will no longer be able to exercise their rights. A copy of the data retention policy detailing specific retention periods may be requested from the Data Controller.

AUTOMATED DECISION-MAKING PROCESSES

The Data Controller does not use automated decision-making processes.

COMMUNICATION AND DISCLOSURE

The data processed by the Data Controller are exclusively of a common nature and are not intended for public disclosure. The Data Controller does not request, nor has any interest in collecting or processing, data classified as special categories under the Regulation (e.g., health, genetic, biometric, or criminal records). Data may be shared with third parties, who, depending on their role, may act as Data Processors under Article 28 of EU Regulation 679/2016 or as mere recipients of the communication. Such sharing occurs solely for activities related to or deriving from the Data Controller’s operations or to comply with legal and regulatory obligations (e.g., Institutions, Law Enforcement, Judicial Authorities). By way of example, data may be shared with:

  • Entities that need access to the Data Subject’s information for purposes related to their relationship with the Data Controller, including banks, insurance companies, financial intermediaries, electronic money institutions, payment service providers, debt collection agencies, customer verification companies, and communication firms
  • Consultants, collaborators, and service companies within the scope of their assignments from the Data Controller
  • Subsidiaries and/or affiliated companies that may access data strictly for carrying out tasks assigned by the Data Controller
  • Postal services, couriers, and transportation providers
  • Social networks for marketing activities, where consent has already been obtained by the platform

The updated list of Data Processors is available at the Data Controller’s registered office.

TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

Data is not transferred outside the European Economic Area, unless the consent provided by the data subject and the contractual agreements entered into by the Data Controller allow for a level of protection that is equivalent to or greater than that required by EU Regulation 679/2016. To this end, the Data Controller uses the standard contractual clauses recommended by the European Commission.

RIGHTS OF THE DATA SUBJECT

Data subjects are granted the rights set out in Articles 15 to 22 of GDPR 679/2016. In particular, the Data Subject has the right to access their data (Article 15), to request rectification, updating, or supplementation (Article 16), and deletion (Article 17), to limit its use by the Data Controller (Article 18), to obtain a copy in a structured, commonly used, and machine-readable format (Article 20), and to object to processing if the conditions are met (Articles 21 and 22). These rights can be exercised to the extent that the processing is not mandatory by law or regulation. Requests related to the exercise of the Data Subject’s rights can be sent to the Data Controller at the email address privacy@kseniasecurity.com. If the Data Subject is not satisfied with the response to their request, they can file a complaint with the Italian Data Protection Authority, located in Rome, Piazza Venezia 11. Citizens of other EU Member States have the right to contact the supervisory authority of their country.

Website Information

Information for Website Users

(under Article 13 of EU Regulation 679/2016. Includes the processing of browsing data and cookies)

Ksenia Security Spa, with its registered office in Ripatransone, Strada Provinciale Valtesino 49, VAT No. 02027680442, in its capacity as Data Controller

INFORMS

users who access the website www.kseniasecurity.com, whether registered or unregistered, that the personal data collected by the Data Controller, obtained from third parties or voluntarily provided by the data subjects, will be processed lawfully and fairly, in compliance with the principles established by European and Italian regulations. The main laws governing the processing of personal data are European Regulation 679/2016 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.

DEFINITIONS

Data Subject The natural person to whom the data processed by the Data Controller or Data Processor belongs.
Data Controller The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller under a contract that regulates the terms of the assignment.

PURPOSE OF DATA PROCESSING

The data processing activities carried out through the website are conducted by the Data Controller at the company’s premises, in compliance with the security measures and requirements imposed by European Regulation 679/2016. These activities are performed by appointed or delegated individuals, carefully selected and adequately qualified, using both manual and computerized procedures to provide users with a simple and satisfactory browsing experience, to collect useful information for improving the online offering of products and services, to fulfill specific requests made by the Data Subject, to comply with pre-contractual and contractual obligations, to carry out standard administrative, financial, and accounting activities, to manage customer requests during product marketing and sales or service provision, to provide after-sales support, and to comply with legal obligations.
Data processing is also aimed at generating statistics in an anonymous form or after a pseudonymization process. Upon the Data Subject’s request or with their explicit consent, processing may also be carried out for assessing customer satisfaction, preferences, and habits, for sending commercial information or advertising materials, for conducting direct marketing campaigns, for participation in games, contests, or reward programs, for involvement in events and exhibitions, for providing services and conducting market research, and for any other activities directly or indirectly related to marketing operations.

PROCESSED DATA

Browsing data Common IP address, operating system and browser used for navigation, connection and disconnection date and time, time spent on the website, pages visited, activities performed, location (if the related service is enabled), and any other information made available or transmitted by the Data Subject’s device based on the selected security settings.
Contact Information Common First name, last name, email address, and other data sent by the Data Subject to the Data Controller’s email addresses or through pre-configured forms.

Newsletter

 

 Common Data Subject’s email address used for sending periodic communications about the Data Controller’s products, services, and initiatives.

Job Applications

 

 Common, Special Categories First name, last name, email address, phone and postal contacts, educational background, and previous work experience, as well as any other information useful for personnel selection and potential employment. Among the data submitted by the Data Subject, there may be special category data that are still relevant to the pursued purposes.
Secureweb Common First name, last name, email address, phone and postal contacts, and other information about the installer necessary to ensure access to services provided through the portal.

Filling out the forms on the website to request information about products and services results in acquiring the customer’s data in the Data Controller’s IT system. An authentication system protects the information and can only be accessed by those with the necessary credentials. In other cases, the procedure generates an email message addressed to the Data Controller, which is processed based on the Data Subject’s requests. Email communications involve storing the email address in the company’s archive, as it is necessary to respond to submitted requests and maintain the continuity of conversations. The data contained in the message is also stored. The Data Controller advises against transmitting third-party data or personal information unless it is absolutely necessary and the sender has full rights to do so.

MINORS’ DATA

The Data Controller has no interest in processing the minor’s data.

NATURE OF DATA PROVISION

The processing of contact data is essential to fulfill the Data Subject’s requests and comply with contractual obligations. Therefore, data provision is necessary, as processing cannot take place otherwise. Incorrect or insufficient communication of the requested data may result in the total or partial inability to fulfill the Data Subject’s requests and could lead to discrepancies between the processing results and the agreements made or the obligations imposed by laws and regulations. Additional information is required for personnel selection purposes (such as professional training and previous work experience), in the case of business collaborations (such as previous work experience and financial reliability), and for access to the SecureWeb portal. Other data, however, are collected solely to tailor navigation, promotional campaigns, offers, production, inventory, and overall business activities to users’ preferences and interests. Their provision is therefore not mandatory, and any refusal to process such data or the withdrawal of previously given consent does not affect the establishment or continuation of the primary relationship.

The legal bases for processing carried out by the Data Controller include compliance with pre-contractual and contractual obligations, legal requirements, the Data Controller’s legitimate interest in managing data necessary to improve the offering of products and services, and the explicit consent of the Data Subjects. The Data Controller may be requested to specify the legal basis for each type of processing.

RETENTION TERMS

The data processed by the Data Controller through the website can be divided into navigation data and data voluntarily provided by filling out available forms or sending communications to the company. The former are kept for the time necessary to verify the system’s functionality and security (usually a few days) and are retained for longer periods only in case of anomalies detected by the system (no longer than six months).
The latter, being voluntarily transmitted by the data subject and subject to legal obligations, are stored until an explicit request for deletion by the data subject, and in any case periodically checked, even through automatic procedures, to ensure their update and actual alignment with the purposes of the processing. If the purpose for which they were collected is no longer relevant, the data will be deleted, unless they must be processed to comply with legal obligations, to protect rights in judicial proceedings, or at the express request of the data subject. After the processing is completed and following the deletion, the data subject’s rights can no longer be exercised. For detailed information about the retention terms, a copy of the data retention policy can be requested from the data controller.

NAVIGATION DATA

The IT system and the software used for the company website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication products: IP addresses and domain names of the computer used by the user to connect to the site, URL (Uniform Resource Locator) of the requested resource, time of the request, method used to send the request to the server, size of the received file, numerical code used to indicate the status of the response given by the server (e.g., executed or error), and other parameters related to the user’s operating system and computer. These details are not stored to identify the data subjects, but by their nature, through processing and association with other data, they could allow for retrospective identification of the user. They are used to create anonymous statistics on the use of the site and to monitor its correct functioning. They are usually deleted immediately after processing. They may be used and provided to law enforcement and judicial authorities to investigate liability in the event of damage to the site or illegal activities carried out through the network.

COOKIES

Some navigation information is stored on the user’s computer and read by the system upon the next connection. This file, called a “cookie,” contains data that is not personally identifiable, as it does not allow for specific identification of the user. However, through interconnection with other data, it could allow for such identification. The information contained in cookies enables the tracking of site visit frequency and activity during navigation. In this way, over time, it is possible to improve the content of the site and make it easier for the user to navigate. Companies that transmit content to the site or whose sites are accessible via links may also use cookies when the user selects the corresponding link. In these cases, the use of cookies is not under the direct control of the Data Controller. Most browsers automatically accept cookies, but users can refuse them or select only certain cookies, based on the preferences set by the user. However, if the user disables the loading of cookies, some components of the site may stop functioning, and some pages may appear incomplete.

Essential Technical Cookies These are cookies necessary to ensure the correct and smooth functioning of the website: they allow for page navigation, content sharing, storing login credentials to make site access faster, and maintaining preferences during browsing, improving the browsing or shopping experience. Without these cookies, it is not possible to provide, either partially or entirely, the services for which users access the site.
Statistical Cookies These cookies help understand how users interact with the website so that its functioning can be evaluated and improved to create increasingly appropriate content. They provide insights into which pages are most and least visited, the number of website visitors, the average time spent on the website, and how visitors arrive at the website. This allows for identifying optimal functions and preferred content, as well as ways to improve content and page functionality.
Analytical Cookies These cookies track the searches made by the user to present products and services that align with their previous navigation and searches. They are typically used for remarketing operations, through which advertisements related to previously visited content and similar products or services are shown to the user during browsing.
Profiling Cookies These cookies are designed to store the choices made by the user during browsing and consultation to create personal profiles that classify and record tastes, preferences, browsing habits, and consumption patterns. By generating these profiles, the user’s browsing experience can be improved, and it can be tailored to their preferences, abilities, and potential for purchasing or using services. These cookies can be disabled without creating any obstacle or hindrance to browsing.
Third-Party Cookies

These cookies are used by third parties not directly controlled by the Data Controller. The company cannot guarantee how the data will be used, as its processing is handled directly by an external party.

Cookies from third-party operators enable the offering of advanced functionalities, more information, and personalized features, including the ability to share content through social networks and have a customized website experience based on preferences expressed through the pages visited.

If such external services are used, the provider may be able to know that the user has visited the Data Controller’s website. The use of data collected by these external operators is subject to their own data protection policies. Third-party cookies are identified by the names of the respective operators and can be disabled.

COOKIE MANAGEMENT

Through the buttons displayed in the overlay banner, it is possible to accept, select, or reject the installation of cookies on the device used by the data subject. Cookie settings can also be modified later, using the specific selectors or through the browser’s functionalities.
It is possible to prevent the installation of third-party cookies and remove previously installed cookies, including those containing preferences, habits, and tastes. To adjust or modify browser settings, it is necessary to consult the guide provided by the software or application manufacturer.
Information on how to manage cookies in your browser can be found at the following links: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, Microsoft Edge. Further information about the cookies used by the site can be requested directly from the Data Controller.

TRACKING SYSTEMS

Notwithstanding the above, users are informed of the possibility to make use of the information available on YourOnlineChoices (EU), Network Advertising Initiative (USA), Digital Advertising Alliance (USA), DAAC (Canada), or other similar services to check which tracking systems are active, including those related to third-party activities. These services allow users to understand and manage the tracking preferences of most advertising tools. The Data Controller recommends using these resources in addition to the information provided in this document.

INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS

The website, through widgets and buttons, can interact with external platforms and social networks. In such cases, the information collected depends on the settings of the profiles used by the user and not the Data Controller.

The “Like” button on Facebook, the “Tweet” button on Twitter, the “Recommend” button on LinkedIn, etc., allow users to share pages or topics from the site with their respective social platforms and acquire the data of the data subject. Further information can be obtained from the companies offering these services. These data are not managed by the Data Controller, who merely links these buttons to provide an additional service to the data subject but has no control over them.

LINKS TO THIRD-PARTY WEBSITES

The website may, periodically, contain links to third-party websites and applications to provide additional services and information to the user. When the user uses these links, they leave the company website and access other resources that are not under the direct control of the Data Controller, who therefore will not be responsible for the procedures related to browsing, security, and the processing of personal data carried out by other websites, even in the case of co-branding or the display of the company logo. It is recommended to carefully review the security and privacy practices of the visited website, which may transmit additional cookies, read those already present on the user’s hard drive, and request/acquire further personal information.

NEWSLETTER SUBSCRIPTION

The informational newsletter is managed by software that uses a database of email addresses to send communications to registered users (via the designated section of the website) and includes an automatic unsubscription procedure that the data subject can use independently, which can be accessed from each communication sent by this tool.

JOB APPLICATION FORMS (OPEN POSITIONS)

The section on the website allows users to review open positions and send their CV to the Data Controller, who will then assess whether to invite the applicant for an interview and evaluate the actual suitability for the position they would hold within the company. Typically, a set of standard information (name, surname, phone and postal contacts, email contacts, education level, and previous work experience) should be followed by specific information regarding the position being applied for. If the selection is successful, the data is forwarded to the relevant department for hiring. Otherwise, the data is retained for a period deemed appropriate for the candidate’s necessary updates (usually 12 months from submission) and then deleted.

AUTOMATED DECISION-MAKING PROCESSES

The Data Controller does not use automated decision-making processes.

COMMUNICATION AND DISCLOSURE

The data processed through the website are exclusively of a common nature and are not intended for dissemination. The Data Controller does not request or have an interest in collecting or processing data classified by the Regulation as “special” (e.g., health, genetic, biometric data, etc.) or “criminal,” except for legal obligations and the acquisition of CVs through the “Open Positions” section or those sent spontaneously by the data subject via email (which will in any case be processed in accordance with labor relationship management regulations, whether existing or potential).

The data will be communicated to third parties, who may assume, based on the type of relationship, the role of data processors pursuant to Article 28 of EU Regulation 679/2016 or as mere recipients of the communication, for activities related to or arising from the Data Controller’s activities or for the fulfillment of obligations under laws or regulations. For example, but not limited to:

  • Entities that need to access the data of the data subject for purposes related to the relationship with the Data Controller (e.g., credit institutions, insurance companies, financial intermediaries, electronic money institutions and payment management, debt collection agencies, customer verification companies, communication companies, etc.);
  • Consultants, collaborators, service companies, as necessary to carry out the task assigned by the Data Controller;
  • Parent and/or affiliated companies that may access the data, only to the extent necessary to carry out tasks entrusted by the Data Controller;
  • Postal services, couriers, transporters;
  • Public Authorities, Law Enforcement, Judiciary, as required by law.

The updated list of data processors is available at the Data Controller’s office.

TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

The data is not transferred outside the European Economic Area, unless the consent provided by the user and the contractual agreements signed by the Data Controller allow for a level of protection equivalent to or higher than that required by EU Regulation 679/2016. To this end, the Data Controller uses the standard contractual clauses suggested by the European Commission.

RIGHTS OF THE DATA SUBJECT

Data subjects are granted the rights set out in Articles 15 to 22 of GDPR 679/2016. Specifically, the Data Subject has the right to access their data (Article 15), request rectification, updating, or completion (Article 16), and erasure (Article 17), to limit its use by the Data Controller (Article 18), to obtain a copy in a structured, commonly used, and machine-readable format (Article 20), and to object to processing when the relevant conditions apply (Articles 21 and 22). These rights may be exercised to the extent that the processing is not mandatory under law or regulation. Requests regarding the exercise of the Data Subject’s rights can be sent to the Data Controller at privacy@kseniasecurity.com.

If the Data Subject is not satisfied with the response to their requests, they can file a complaint with the Italian Data Protection Authority at Piazza Venezia 11, Rome. A citizen from another EU Member State may also contact the Data Protection Authority in their own country.

Back To Top