WIIT S.p.A., with registered office in Via dei Mercanti 12, CF/P.IVA 01615150214 as Data controller (hereinafter, “Data Controller”) informs you pursuant the EU Regulation no. 679/2016 (“GDPR”) and the applicable national Data Protection law that your personal data shall be processed according to the following modalities and for the following purposes:

1. Scope of Data Processing
The Data Controller processes Identifying Data (such as, by way of example, name, surname, telephone number, email address, IP address - hereinafter “Data” or “Personal Data”) communicated by you during the browsing the website (hereinafter referred to as the 'Site') and using the services offered.

2. Purposes and Legal Basis of Data Processing
  A. Your Personal Data shall be processed for the following purposes and legal basis:
  A.1) the execution of the contract and/or the fulfilment of pre-contractual commitments, in particular

  •  use the Site and any technical assistance;
  •  handle a contact request from you through the channels available to you, such as e-mail and/or filling in the contact form;
  •  receive the White-Papers available in the Magazine section.

  A.2) the pursuing of a legitimate interest by the Data Controller, in particular:
  •  the management and maintenance of the Site: the interest of the Data Controller relates to the general interest of a company in guaranteeing the operation of the company, also through the operation of the Site, and possible improvements in the service offered;
  •  preventing or detecting fraudulent activities or abuses harmful to the Site: the Data Controller's interest lies in the general legitimate, real and current interest not to suffer damages as a result of the unlawful conduct of others;
  •  exercise the rights of the Data Controller, such as the right to defence in court: the interest of the Data Controller corresponds to the constitutionally guaranteed right of action (art. 24 of the Italian Constitution) and, as such, is socially recognised as prevailing over the interests of the individual concerned.

  B) With your prior consent expressed through the action with the "Sign up" button on the Site or by selecting the flag for collecting consent to marketing processing for:
  •  marketing purposes, i.e. to send you news about the Data Controller's commercial initiatives and offers via an action with a "Subscribe" button on the Site.

3. Modalities of Data Processing
The processing of your Data is carried out, both via hardcopy (paper) and electronic modalities, by means of data collection, registration, organization, storage, consultation, elaboration, amendment, selection, mining, confrontation, usage, interconnection, blockage, communication, cancellation and destruction operations.

4. Retention of Data
The Data Controller shall process the Personal Data for the time necessary to fulfill the above purposes
set out in point 2 above and in any case for no longer than:
•  7 days for data traffic;
• 10 years, if a contractual relationship is established, and in any case for the period of prescription by law, from the collection of the Data for the Purposes of Service;
•  30 days for data collected for the purpose of downloading the White Paper, unless you have also given consent for Marketing Purposes, in which case your data will be kept for 24 months from collection and/or until you revoke your consent;
•  1 year from collection to respond to your request;
•  24 months from collection, and/or until you exercise your right of revocation by unsubscribing from the link at the bottom of each newsletter, if you exercise this right before the expiry of the 24-month period, to send you newsletters on news, initiatives and services of the Data Controller.

5. Access to Data
Your data may be accessed for the above purposes:
• employees and/or collaborators of the Data Controller (e.g. human resources personnel), in light of their role of persons in charge of the processing and/or internal Data Processors;
• third parties (e.g. tax consultants, payroll consultants, etc.. ) carrying out outsourcing activities on behalf of the Data Controller and processing Data as external Data Processors.

6. Data Communication
Your data may be communicated, even without your consent, for the purposes mentioned above, to supervisory bodies, law enforcement agencies or the judiciary who will process it, at their express request, as independent data controllers for institutional purposes and/or by law during investigations and controls. Your Data may also be communicated to third parties (e.g. professionals, credit institutions, etc.), in their capacity as independent data controllers, for the performance of activities instrumental to the above purposes.

7. Data Transfer
The Data will be transferred in extra-EU countries for the purposes mentioned above. In accordance with privacy regulations, the Data Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (for example, adequacy decisions or standard contractual clauses). 
In particular, for these purposes, Social Networks will process your Data as autonomous data controllers. For further information on the processing of data carried out by Social Networks (e.g. LinkedIn, Facebook, Instagram), we invite you to read the Privacy Policy adopted by the Social Network at the following link:

8. Data Provision
The provision of the Data is mandatory for the purposes under article 2) letter A. Should you decide not to provide the Data, we will not be able to follow up on your request. The provision of the Data is optional for the purposes of art. 2) letter B. If the Data is not provided, you will not be able to receive marketing communications and newsletters.

9. Data Subjects’ rights
The Data Controller informs you that you, as Data Subject, where the limitations provided by law are not applicable, has the right to:
• obtain confirmation over the existence or inexistence of Personal Data relating you, even if not yet registered, and their communication in a comprehensible way;
• obtain the indication and, if necessary, the copy of the: a) source and category of the Personal Data; b) logic applied in case the processing is performed by means of electronic instruments; c) purposes and modalities of the processing; d) identification references of the Data Controller and the Data Processors; e) subjects or categories of subjects to whom Personal Data may be communicated or who may come to know, in particular if recipients are extra-EU countries or international organizations; e) period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period; f) existence of an automated decision-making process and, in this case, information about the logic involved, the significance and consequences for the data subject; g) existence of adequate safeguards in case of transfer of Personal Data to an extra-EU country or international organization;
• obtain, without undue delay, the update, the rectification or, whether you are interested, the integration of incomplete Data;
• obtain the cancellation, the transformation into anonymous form or blocking of the Data: a) processed in breach of the law; b) no longer necessary in relation to the purposes for which the Data have been collected or subsequently processed; c) if you withdraw consent on which the processing is based and  there is no other legal ground for the processing; d) if you object to the processing and there are no overriding legitimate grounds for the processing; e) in compliance with a legal obligation; f) referred to children. The Data Controller may refuse to erase them when the processing is necessary: a) to exercise the right of freedom of expression and information; b) in compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest; d) to achieve purposes in the public interest, scientific or historical research purposes or statistical purposes; e) for making legal claims;
• obtain the restriction of processing when: a) the accuracy of the Personal Data is contested; b) the processing is unlawful and the data subject opposes the erasure of the Personal Data; c) Data are required by you for your exercising of legal claims; d) pending verification whether the legitimate grounds of the controller override those of the data subject;
• receive the Personal Data concerning you in a structured, commonly used and machine-readable format and transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is carried out by automated means
• regarding you, even if pertaining the purpose of Data collection; b) to the processing of Personal Data that relates to you for the purpose of sending advertising material or of direct sale or for market researches or commercial communication, by means of automated call systems without the intervention of an operator, e-mail and/or traditional marketing methods by telephone and/or paper mail;
• submit a data protection complaint to the competent supervisory authority.

10. Modalities of exercise of rights
You shall be able to exercise your rights anytime:
• by sending a registered mail with return receipt to the address of the Data Controller;  
• by sending an email to;
• by phoning the number 02.36607500.

11. Data Controller, data processor and persons in charge of the data processing
The Data Controller is WIIT S.p.A., with registered office in, Via dei Mercanti 12, CF e P.IVA 01615150214.

The appointed Data Protection Officer is Rödl & Partner Professional Association, contacted by sending an email to

The updated list of data processors and system administrators is kept at the Data Controller's headquarters in Via dei Mercanti 12, Milan.

Milan, 8 March 2022