Milano, 16 July 2019 italia inglese

Privacy & policy


GAMM S.r.l. Stp based in Via Bandello n°4/2, 20123 Milano, VAT N. 03747610156 (later, “Controller”), as Data Controller, informs you under the art. 13 Regulation UE n. 2016/679 (later “GDPR”) that your data, according to your browsing on our Internet site, will be processed in ways and as the following purposes:


1) Object of processing

The Data Controller processes personal identifiers and not sensitive data, as (for example and not limited to - such as, name, surname, business name, address, phone, e-mail – later, “personal data” or also “data”) notified by you during the recording of the Controller to the website (later “Site”), through filling forms or through data provided by you in order to get information concerning services given by Data Controller.

2) Purpose of processing

Your personal data will be handled, with your approval where necessary for the following purposes where applicable:

  • • to permit the browsing of the site;
  • • to find specific requests for information towards the data Controller;
  • • to fulfil possible obligations foreseen by current Laws, by Rules or by Community Legislation, or to satisfy requests coming from the Authorities;

3) Way of processing

The data Controller will process personal data for the time necessary to fulfil the procedures as above, anyway not longer than 10 years from the end of job relationship for service aims.

4) Time of storage of data processed

Il Titolare tratterà i dati personali per il tempo necessario per adempiere alle finalità di cui sopra e comunque per non oltre 10 anni dalla cessazione del rapporto per le Finalità di Servizio.

5) Data-processing of browsing

IT systems and software procedure responsible for the working of this website acquire during the normal activity, some personal data whose forwarding is implied in use of communication samples of Internet. It deals with information that are not collected to be associated to identified users, but by their nature could allow to identify users, through processing and associations with data held by third parties. To this category of data belong the IP addresses or the names of domain for PC of users connecting to the website, addresses in notation URI (Uniform Resource Identifier) of required researches, time of request, the way used to submit the request to server, the file size obtained as answer, the number showing the state of the answer (successful, mistake etc.) and other benchmarks related to the operating system and to the IT environment of the user. These data are used only to get anonymous information on the use of website and to check the right operating. The Data could also be used for responsible tasks in case of possible computer crimes against the site.

6) Security measures

Data Controller has adopted several safety measures to protect your data against the risk to lose them, abuse or change. In special way has considered measures of which artt. 32-34 Privacy Code and art. 32 GDPR; uses the technology of data crypt and protected register of documents of data forwarding.

7) Access to data

You can have access to your data for the aims of which art. 2:

  • • to the employees and Data Controllers’ staff, as entrusted and/or internal responsible for the processing;
  • • to third companies or other subjects who carry out activities in outsourcing on behalf of the Data Controller, as responsible for the processing.

8) Data communication

Without your declared approval (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller shall forward your data to supervisory bodies, as well as to every other entity whose communication is compulsory by Law to perform so called purposes.

9) Data transfer

The management and storage of personal data will be in Europe, on server of Data Controller’s own, placed in Italy and /or on third companies entrusted with it and designed as Data Controller.

10) Nature of data transfer and consequences in case of decline to answer

The data transfer for purposes of which art. 2 is compulsory as it is necessary to establish, to carry out and to manage correctly the job relationship. Therefore, the failure of data providing does not give the opportunity to cooperate and carry out the required services.

11) Rights of the parties

In accordance with the provisions in Cape III, Section I, GDPR, you can exercise the rights here mentioned and in particular:
Right for access - to get confirmation that a processing of personal data who regards you is under way and in that case, to get information related to : purposes of processing , categories of personal data handled and period of storage, recipients to whom these data can be forwarded (article 15, GDPR);
Right to correction - to obtain without unjustified delay, the correction of wrong personal data that interest you and the integration of incomplete personal data (article 16, GDPR);
Right to deletion - to obtain, without unjustified delay, the deletion of personal data who interest you, in cases foreseen by GDPR (article 17, GDPR);
Right to restriction - to obtain from Data Controller the restriction for processing, in cases foreseen by GDPR (article 18, GDPR);
Right to the portability - to receive a structured format, of common use and readable also by an automatic device, personal data supplied by data controller who interests you, as well as to make easy the possible forwarding to another Controller, in cases foreseen by GDPR (article 20, GDPR);
Right to object - to object to the data processing concerning you, except valid existing reasons for join Controller to go on with the processing (article 21, GDPR);
Right to claim towards Supervisory Authorities - to claim towards the Supervisory Authority of Data protection, Piazza di Montecitorio n. 121, 00186, Roma (RM).

12) Way to exercise their rights

You can exercise at any time your rights sending:

  • ‐ a registered letter A/r addressed to GAMM S.r.l. STP Via Bandello n°4/2, 20123 Milano
  • ‐ an-mail to the address:

13) Contact “Data Protection Officer” (“DPO”)

According to Art. 37 and following the Regulation UE 679/2016, we inform you that the Data Controller has mentioned “Data Protection Officer” for data processed. You can turn to every request concerning the access to your personal data, to correction, deletion of the same, to object to Data processing or portability sending a written communication to the following contact:

14) Changes of the present policy

The present policy may be modified. We suggest, then, to check regularly this policy and to refer to the most adjourned version. The update side of this policy privacy, anyway, is published on the page, with directions of last update.

Last update on 25th May 2018.