Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)

  1. Identity and contact details of the data controller

The following information is prepared pursuant to art. 13 of EU Regulation 2016/679 by Giglio Group S.p.A. (VAT number 07396371002), with registered office in Piazza Generale Armando Diaz 6, 20123 Milan, registered in the Milan Companies Register under no. MI – 2091150 (hereinafter, also, “Giglio Group or the Data Controller”), as the data controller of the users’ personal data provided when accessing the site (“Site”).

This privacy statement, therefore, refers exclusively to the Site and does not also apply to other sites, pages and / or online services that can be reached via hypertext links that may be published within it.

Giglio Group can be contacted at the following addresses:

– Address: Piazza Diaz, 6 – 20123 Milan

– Telephone number: (+39) 0287213341

– e-mail address:

Giglio Group will process the personal data provided by users through the Site under the following conditions.

In this information, the definitions in the singular also include those in the plural, and vice versa.

  1. Contact details of the Data Protection Officer

Users can contact the data protection officer (“Data Protection Officer” or “DPO”) for all matters relating to the processing of their personal data and the exercise of their rights deriving from the GDPR at the address: dpo.gigliogroup @

  1. Purpose and legal basis of the processing. Mandatory or optional conferment. Consequences of refusal to process.

Giglio Group will process the user’s personal data:

To respond by e-mail to user requests sent via the contact form on the Site (“write to us”). The provision of data for this purpose is optional: that is, there is no legal and / or contractual obligation to communicate data, but the user’s refusal to provide the data in question will make it impossible for Giglio Group to respond to the requests of the user. The legal basis of the processing is the legitimate interest of Giglio Group to respond to user requests.


Giglio Group will keep the personal data provided by users on the Site to properly execute user requests no later than the time necessary to satisfy such requests.

  1. Categories of subjects to whom the Data Controller communicates the user’s personal data (recipients)

The subjects to whom Giglio Group communicates the data, act as data processors designated by Giglio Group (“Data Processors”) or as persons authorized to process personal data under the direct authority of Giglio Group (“Persons in charge”) , or in the case of third parties that the Data Processor uses, as “Sub-Managers”, pursuant to art. 28.4 of the GDPR.

Further information

The personal data provided by the user can be communicated by Giglio Group to the categories of recipients indicated below.

– companies of the group to which Giglio Group belongs and / or to employees and / or collaborators of Giglio Group, for the performance of administration, accounting and IT and logistical support activities;

– to all those subjects (including Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions;

– to companies, consultants or professionals who may be in charge of installation, maintenance, updating and, in general, the management of Giglio Group hardware and software, including cloud computing service providers;

– to all those public and / or private subjects, natural and / or legal persons (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Labor Offices, etc.), if the communication is necessary or functional to the correct fulfillment of the contractual obligations assumed in relation to the services on the Site, as well as the obligations deriving from the law or in the case of ascertaining, exercising or defending a right.

The list of recipients is available at the Giglio Group headquarters.

Data concerning users will not be disclosed.

  1. Transfer to third countries

The entire processing of personal data takes place in countries within the borders of the European Union.

In the event of the transfer of personal data to third countries, Giglio Group undertakes, in any case, to ensure that the country to which users’ personal data will be sent guarantees an adequate level of protection, as required by article 45 of the GDPR. , as well as to use the standard contractual clauses for the protection of personal data approved by the European Commission for the transfer of personal data outside the EEA.

  1. Rights of the interested party

The interested party has the right to:

– ask the Data Controller to confirm whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data (right of access);

– obtain from the Data Controller the correction of personal data concerning him without undue delay. Taking into account the purpose of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration (right of rectification);

– obtain from the Data Controller the cancellation of personal data concerning him without undue delay, except in legitimate cases of exemption (right of cancellation);

– obtain from the Data Controller the limitation of the treatment when one of the following hypotheses occurs (right of limitation):

The data subject disputes the accuracy of personal data for the period of time necessary for the data controller to verify the accuracy of such personal data;

The processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited;

Although the Data Controller no longer needs it for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;

The interested party opposed the treatment in the hypothesis of treatment based on the legitimate interest of the Data Controller, for reasons connected to his particular situation, pending verification of the possible prevalence of the legitimate reasons of the Data Controller to those of the interested;

– receive from the Data Controller in a structured format, commonly used and readable by an automatic device, the personal data concerning him and has the right to transmit such data to another data controller without impediments (right to data portability );

– propose a complaint to a supervisory authority (eg: the Guarantor for the protection of personal data) if it believes that the processing that concerns it violates the GDPR.

– to oppose for reasons connected to his particular situation, to the processing of personal data concerning him, having as its legal basis the legitimate interest of the Data Controller (right of opposition). In the case of exercising the right of opposition, the Data Controller refrains from further processing the personal data, unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the ‘interested party or for the assessment or defense of a right in court.

The above rights may be exercised with a request addressed without formalities to the Data Controller at the following email address:, or by writing to the DPO at the following email address:

  1. Changes

The Data Controller reserves the right to make changes to this information at any time, giving appropriate publicity to the users of the Site and ensuring in any case an adequate and similar protection of personal data. In order to view any changes, users are invited to regularly consult this information.