Privacy policy regarding the Web processing of data

Pursuant to Article 13 of the EU regulation 2016/679 (“GDPR”), we hereby inform you that LATTANZIO KIBS S.p.A. Benefit Corporation (the “Company” or the “Data Controller”) will process the personal data you supply (“Data”) acting as Data controller.

This privacy policy shall only be applied to online activities on this web site and to any visitor/user of this web site. It shall not be applied to any information collected through any channels other than this web site, which channels can be found through hyperlinks included in any website referring to any resource not belonging to our domain.


Your Data shall be processed by the Data Controller based on your consent. By using or visiting this Web Site, both visitors and users explicitly approve this privacy policy and consent to the processing of Data related to them according to the following terms and purposes, they hereby approve and consent to the disclosure to third parties, if requires for a service to be rendered.

Pursuant to Article 5 of the GDPR, both Data supply and the relevant consent to collect and process such Data are voluntary. A web user may deny his/her consent and he/she is allowed to revoke any existing consent at any time (by email: However, should the web user deny his/her consent, some services might not be provided and such denial might prejudice his/her navigation experience.

This Web Site also processes some Data even for legitimate interests of the Data Controller.

Therefore, the Company shall process Data by transferring them to companies of LATTANZIO KIBS (, or to any third party company, for information and promotion of consulting activities related-purposes, including the use of such Data for future surveys or similar activities, such activities being in line with the main purposes of this processing.

Data collected for purposes related to the Data Controller’s legitimate interest shall be held until such interest is met.


This Web Site is a processing the users’ Data while applying appropriate safety measures in order to prevent any unauthorised access, disclosure, alteration or destruction of the Data. Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject, by way of computer and/or computerised systems, as well as according to organisational methods and logic strictly related to the purposes stated. Our Web Site management software is being continuously updated and regularly scanned, in order to detect any virus and dangerous codes. Some appropriate organisational measures (different positions and tasks as regards the performance of both the processing activity and check have been established), as well as procedural and technical measures (such as  a firewall, antivirus and other advanced technologies) may have been adopted in order to protect Data.

The Company is ISO/IEC 27001:2013 certified with regard to its information security management system.

In some circumstances, different staff representatives involved in the Web Site organisation (such as administrative, commercial, marketing, legal affairs staff and system administrators) or external third parties (such as third-party technical service providers, hosting providers, computer companies and communication agencies) may access to Data in addition to the Data Controller.

Data supplied by the Web Site user

Any voluntary and deliberate transmission of messages to the Data Controller addresses, as well as any willing completion and submission of Web Site forms included on the Web Site being completed and sent shall result in collecting the sender's contact details, together with all his/her personal details included in his/her communications. Personal data supplied by the data subject in order to make use of the services offered on the Web Site shall be processed to act on his/her request in compliance with this policy and the specific privacy policies delivered during the acceptance of each service. Such Data shall be stored for a period enabling the supply of the service requested and/or necessary to handle any claims.

Navigation data

Data being automatically collected by systems and software for the Web Site to function shall be used to both produce anonymous statistics regarding the Web Site visit and to check it functioning correctly. In these circumstances, navigation data does not allow the identification of any user and shall be deleted soon after such anonymous processing.


The Web Site uses different cookies as outlined in the Cookie Policy (


The data will be entered in the company database and kept for the time necessary for the purposes of the processing. Once this storage period has expired, the Data will be destroyed or made anonymous.


The Web Site user shall be entitled to exercise his/her rights according to the EU regulation 2016/679, Chapter III, Article 15 et seq., according to the terms and conditions set by the laws in force. Namely, he/she shall have the right to:

  • partially or totally object, for legitimate grounds, to the processing of data concerning him/her for purposes of sending advertising material or direct selling or for purposes of market research or business communication;
  • obtain confirmation as to whether or not personal data concerning him or her are being processed (right of access);
  • know from which source the personal data originate;
  • obtain clear communications;
  • obtain information about the logic involved, as well as the means and purposes of such processing;
  • obtain the update, the erasure, the rectification, as well as the right to have incomplete personal data completed, or have such personal data concerning him/her be anonymised. He/she shall also have the right to obtain a data stoppage concerning Data being processed and infringing any law, and the data being no longer required for the purposes for which they have been collected;
  • where the data processing is not based on the data subject’s consent, he/she shall have the right to receive the data he/she has provided to the Data Controller, in a structured, commonly used by an electronic device and machine-readable format for a data processor, only paying for the support provided;
  • generally speaking, he/she shall be entitled to exercise all rights being enforceable according to the laws in force.

Where Data are being processed on grounds of any legitimate interest, the data subjects' rights shall be ensured in any case (other than the right to data portability, which is not provided for by any legislation or regulation, GDPR included), with a special view to the right to object to the processing, which can be exercised by sending a request to the Data Controller to that regard.

Right to lodge a complaint

Every data subject shall have the right to lodge a complaint with a supervisory authority (Article 77 of GDPR) or to an effective judicial remedy (Article 79 of GDPR) if he/she considers that the processing of Data relating to him/her, which is performed by means of this Web Site, infringes the above said EN regulation.

The above mentioned rights may be exercised by writing to LATTANZIO KIBS S.p.A. Benefit Corporation at the following address: via D. Cimarosa n. 4, 20144 Milan (Italy), or by sending an email to:

It is understood that where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic form.


Data collected through the web site shall be processed at Data Controller, i.e. LATTANZIO KIBS S.p.A. Benefit Corporation, registered office in via D. Cimarosa n. 4, 20144 Milan (Italy), by way of a service contract entered into with EKO Srl, registered office in via A. Saffi n. 21, 20123 Milan (Italy), which process data on servers located in Milan and operate according to GDPR.


The Data Controller is LATTANZIO KIBS S.p.A. Benefit Corporation, whose legal representative is Mr. Valerio Torda, registered office in via D. Cimarosa n. 4, 20144 Milan (Italy).



Computer infrastructure is being managed by EKO Srl, registered office in via A. Saffi n. 21, 20123 Milan (Italy), who are in charge of processing Data on behalf of the Data Controller and act in compliance with the European legislation.