Privacy Policy

Privacy policy on the processing of personal data pursuant to Art. 13 GDPR

Your privacy is important to ITSART!

All processing operations of your personal data are carried out in compliance with applicable legislation on the protection of personal data, including Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree No. 196 of 30th June 2003, as amended by Legislative Decree No. 101 of 10th August 2018 (“Privacy Code“).

With this privacy policy, we wish to provide you with information related to the processing operations of your personal data collected through the website (“Website”) and through our applications for smartphones, tablets or smart-TVs (jointly, the “Apps”).


The data controller of your data is ITsART S.p.A., with registered office in via Ambrogio Figino n. 16 (20156) Milan, Italy (“ITsART” or “Data Controller”). You may contact ITsART at the e-mail address and the ITsART Data Protection Officer (“DPO”) at


For the pursuit of the purposes set out in the next section, we process the following categories of data:

1) Browsing Data

During normal operation, the computer systems and software procedures responsible for the functioning of the Website collect certain personal data. This information is not collected in order to identify you but, through processing and association operations with data held (also) by third parties, may allow your identification. This data category includes:

  • the IP addresses of the computers and devices used to access the Website. The data related to the IP addresses, as gathered during the normal use of the Webiste, also allow us to approximately establish your location;
  • information relating to the device used to visit the Website (such as, for example, brand, model, operating system and browser used, etc.);
  • information relating to the Website sections and pages visited (such as, for example, the URI/URL addresses of the resources requested, the time of the request, the method used to submit it to the server, the size of the file obtained in response, the http response code, etc.).

2) Data provided voluntarily by the User

We may collect the following information, provided directly by you:

  • first name, last name, date of birth, e-mail address;
  • company you belong to and your role in the company;
  • telephone number and email address;
  • VAT number;
  • any other personal data communicated to us by email to


We process your personal data for the following purposes:

  • to follow up on your requests received by sending emails to as well as to evaluate the content you send us via the “Send content” section of the Website (art. 6, paragraph 1 letter b GDPR).

The provision of data for this purpose is optional, but without them we will not be able to respond to your requests.

  • to comply with legal obligations to which ITsART is subject to and, therefore, for purposes arising from legal obligations, regulations, EU legislation, provisions issued by authorities entitled to do so by law or by supervisory and control bodies (Art. 6, paragraph 1 letter c GDPR)
  • to pursue the legitimate interests of ITsART (Art. 6, paragraph 1 letter f GDPR). We also process your personal data for purposes of fraud prevention and to assert and defend ITsART rights, as well as to complete a sale of assets, business or business unit as well as a potential merger or corporate and/or financial transactions, in which case we will communicate and transfer the data to the third party(ies) involved in the transaction.


We also use technical, analytic and profiling cookies and other tracking tools, in relation to which we invite you to consult our cookie policy for more details.


Your data may be disclosed to the following:

  • parent companies and/or associated companies of and/or controlled by ITsART;
  • suppliers, agents, sub-contractors, business partners and all those who are part of our support network or who offer us services whose performance requires the processing of personal data. In particular, we use third-party suppliers to optimise our Services, for the IT maintenance of the Website, for the provision of IT and software solutions;
  • freelancers or professional firms that assist ITsART in relation to legal, administrative and/or fiscal matters, including litigation, as well as debt collection companies;
  • potential purchasers of ITsART and entities resulting from the merger or any other form of transformation concerning ITsART;
  • public safety and judicial authorities, individuals, corporations or other authorities to whom it is mandatory to communicate your data under the provisions of the law or orders of those authorities.

The personal data disclosed to third parties will only include data that are necessary to achieve the specific purposes for which they are intended. These subjects will process your personal data, as the case may be, as independent controllers, appointee or data processors under art. 28 of the GDPR.


Your personal data may be transferred freely within the territory of the European Economic Area (EEA).

If, for the purposes set forth in this privacy policy, it becomes necessary to transfer your data outside the EEA and to countries or territories that are not the subject of an adequacy decision by the European Commission pursuant to Art. 45 GDPR (such as, for example, the United States), ITsART will (i) carry out such transfer on the basis of the conditions set out in Articles 46 or 47 GDPR (appropriate safeguards or binding corporate rules) and/or the exemptions set out in Article 49 GDPR, and (ii) take the technical-organizational and/or contractual measures necessary from time to time to ensure a level of protection of your personal data comparable to that guaranteed by the applicable legislation in the EEA.


Your data will be retained for a period of time not exceeding that necessary to pursue the purposes for which they were collected, without prejudice in any case to the exercise of your rights as set out in the following section.

ITsART may keep some data also after the termination of the relationship with you for administrative, fiscal and/or contributory purposes, for the period of time required by laws and regulations in force, as well as for the time necessary to enforce any rights in court.


You have the right to exercise, at any time, the rights granted by articles 15-21 GDPR, as briefly summarised below:

  • Right of access: you can request information about the processing we perform on your data or ask for the confirmation that ITsART is processing your personal data. In this case, you can ask us to provide you with a copy of your data and verify what data are in our possession.
  • Right of rectification: you have the right to ask us to rectify your personal data if they are incorrect (e.g. because they are different from those you provided to us at the time of registration), including the right to request the integration of incomplete personal data.
  • Right to erasure: you have the right to ask us to erase the data (or part of the data) you have provided to us, including data whose retention is unnecessary for the purposes for which the data was collected or otherwise processed.
  • Right of restriction: you have the right to request us to limit the processing of your personal data if the conditions set out by the law are fulfilled.
  • Right to object: you may object to the processing of your data, subject to the existence of an overriding legitimate reason to continue such processing.
  • Right to data portability: you will be able to obtain from ITsART, in a structured, commonly used and machine-readable format, the personal data that you have communicated to us, in order to transmit them to another party.
  • Right to lodge a complaint with the Data Protection Authority: without prejudice to any other administrative or judicial recourse, you have the right to file a complaint to the competent Data Protection Authority in case you consider that the data processing carried out by ITsART breaches the current data protection legislation

You may exercise your rights at any time and free of charge by writing to the Data Controller at or at the addresses indicated above or by writing to the DPO at

Pursuant to Article 2-terdecies of the Privacy Code, the rights listed above may be exercised, in the event of your death, by anyone who has an interest, or is acting on your behalf (as your representative, or for family reasons deserving protection). You may prohibit the exercise of all or some of these rights by the beneficiaries by sending us a written statement at the addresses indicated above.


We will periodically update this policy in order to comply with applicable data protection legislation and/or to the adoption of new systems or internal procedures, or for any other reason that may be appropriate.

Any such changes will be promptly published on the Website. This privacy policy will be binding as soon as it is published. If you do not wish to acknowledge or accept the changes to this policy, you may exercise any of the above rights.

Please consult this page periodically. Version updated 16th July 2021.

Would you like to propose your content or event for publication?

Submit Content / Event