Privacy Policy

Information on Personal Data Protection

Art. 13 Reg. EU 679 of 27 April 2016

In accordance with article 13 of the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter “GDPR”), ITAKA S.r.l. (hereinafter ITAKA) with registered office in via Monte Napoleone 8, Milan 20121 (MI) Italy, as the Controller, is obliged to provide users who connect to the domain (regardless of their purpose in connecting) with information relating to the personal data processing carried out therein.
This document represents the “Privacy Policy” (subject to appropriate future updates) of this website. For the purposes of this statement, without affecting any of the definitions covered by article 4 of the GDPR, the term: Domain: refers to the domain at the address, which can be accessed via the Internet’s world wide web service, made up of the data, applications, technological resources, human resources, organisational regulations and procedures in place for the purpose of acquiring, saving, processing, exchanging, recovering and transmitting information.

Data collection points: areas within the domain used for the collection of personal data.

  1. Notices and Protection of Minors
    The processing of personal data shall apply the principles of lawfulness, fairness and transparency. Personal data shall be collected for specified, explicit, legitimate purposes (purpose limitation) and shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation). They shall always be kept up to date and accurate and kept for no longer than is necessary for the purposes of implementing the Contract, subject to compliance with legal and fiscal requirements which may call for longer storage periods (storage limitation). The personal data shall be processed using all appropriate security measures to ensure their integrity, confidentiality, and prevention of access by non-authorised third parties (integrity and confidentiality). Where not expressly stated otherwise, the provision of personal data through the data collection points present on the website is reserved exclusively for persons of legal age.
  2. Reference standards and legal grounds for processing.
    Processing operations, which we shall describe in detail below, have their legal basis in the rules which govern your right to the protection of your personal data, in those which govern your right to confidentiality, and finally in those which allow you to grant or withdraw your consent to processing operations at any moment, namely:
  • General Regulation EU 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
  • Your informed consent, expressed in compliance with the existing legal provisions regarding the protection of personal data (Art. 6 GDPR).
  • The fulfilment of the contractual obligations undertaken by ITAKA towards you at the time of Your registration with the Service (Art. 6 GDPR);
  • Fulfilment of the obligations or orders which the Data Controller is obliged to observe by law or by an order of the Authority (Art. 6 GDPR).

III. – Nature of the data subject to processing.
III.1. – The optional, explicit and voluntary sending of an e-mail to the addresses provided on this site will lead to the subsequent acquisition of the sender’s address, which is necessary to allow a response to requests, as well as any other personal information contained in the message. Specific brief notices shall be shown or displayed from time to time on the pages of the site set up for special services by request. In any case, where required by law, you will on each occasion be required to consent to the processing of your personal data.
III.2. – Only after your consent, and where necessary, the following categories of personal data pertaining to you can and shall be processed for the purposed indicated:
(a). – General personal data, identifying data.
Such as, for example, Name and Surname, Birth year, Gender, Address, City, Province, Email address, Telephone number, Post code, Links to profiles on the following social networks: Facebook, Instagram and Twitter.
(b). – Technical processing.
Your IP number and the type of browser that you use to connect to the domain (non-identifying data) are also processed, being automatically recorded by the logical protection and security devices for domain access (LOG FILES). Such personal data shall be used exclusively for the purposes of controlling network traffic to the domain.
This is information that is not collected to be associated to the identified data subject but, due to its nature, could be used to identify users through processing and associating it with information held by third parties. Such data is used solely to formulate anonymous statistical information concerning the use of the site and to ensure that the site is functioning properly and is deleted immediately after it has been processed. The data in question may be used to investigate the parties responsible for any cybercrimes committed against the site; apart from in this circumstance, online contact data is not retained for more than seven days.
(c). – Cookies.
In addition, ITAKA anonymously processes and analyses data about the pages of the domain that you visit, detected through files called cookies. By using this technology, (which allows your navigating preferences to be learned by monitoring the areas of the domain already visited on previous occasions) ITAKA can customise its services to suit your needs without going through unnecessary registrations. (A cookie consists of a series of data sent by a Website to a browser. This data may also be stored on the computer through an anonymous tag which identifies the computer but not the user. Some ITAKA pages use cookies sent by ITAKA or by third parties, and other technologies, to offer a better navigation service on the Website. You can set your browser to receive a warning before a cookie is transmitted, thus offering you the chance to accept or reject it. It is also possible to completely disable cookies. Some Websites may not work correctly with cookies disabled). For more detailed information on the use of cookies on the website, you can consult our Cookie Policy available here.
(d). – Special categories of personal data.
In the case that special categories of personal data as per art. 9 Reg. EU 679/2016 are collected through the ITAKA domain, you will be given prior notice of this and given the opportunity to grant the necessary consent in accordance with the law.

  1. – Nature of data provision, data sources.
    It is not generally obligatory to provide your personal data, however, in some cases, it is necessary in order to allow you to make use of the services and functions on the site and is therefore obligatory.
    IV.1. – Data which it is necessary to provide.
    IV.1.1. – Certain personal data is necessary to carry out your specific requests, and it is therefore obligatory to provide them. You are always free to refrain from providing your personal data, but in such a case it may be impossible for the Controller to fulfil your requests, respond to your needs, or allow all the functions available on the website to be used fully.
    IV.1.2.– It is necessary to provide identifying personal data to:
  • (a). – be able to register on the website and receive, as well as the other advantages, the desired information on ITAKA products, services and initiatives.

IV.1.3. – Such data shall be processed both in paper and electronic format and shall be kept by ITAKA solely for such time as the data subject maintains their membership of the Website, or for a maximum term of three years after the last action performed on the Website. After those storage times have passed, the identifying personal data shall be automatically deleted.
IV.2. – Data used for authentication.
Once you have completed registration, during which you can choose your access credentials – including your password, known only to you – you may access the ITAKA website from a mobile device or a desktop, using the fields provided to insert your chosen, personal authentication credentials, which you should guard with the greatest care.
We recommend that you choose a password with the following minimum characteristics: a length of no less than eight characters, including at least one special character. If you forget your password, the recovery process consists of a link allowing you to reset it autonomously. Authentication data will be encrypted from the first time they are used and ITAKA will not be able to learn them in any way.
IV.3. – Data Sources.
We collect your data directly from you, through your interactions with the website

  1. Purposes for the Processing.
    In addition to the processing which is necessary under the obligations of the law, the regulation, or which come from an order of the Authority, ITAKA will carry out, if necessary and exclusively with your consent, the operations necessary to allow you to take advantage of the services and functions of the website, namely:
  • managing your relationship with ITAKA;
  • purposes strictly connected and instrumental to the management of the above-mentioned relationship (such as the acquisition of pre-contractual information and to provide services as contractually agreed);
  • purposes related to the analysis of information obtained in order to propose, through newsletters and/or promotional or advertising-related information sent by ITAKA, products and/or services from ITAKA or third parties which ITAKA believes may be of interest to you, as well as to allow ITAKA to carry out opinion surveys;
  • purposes related to monitoring trends in customer relations and monitoring credit risks and fraud in relation to the services offered by ITAKA;
  • fulfilling specific requests by the data subject.
  1. Personal data processing methods.
    With regard to all the purposes outlined in the above paragraphs, your personal data will be subject to computerised and on-paper processing, conducted through specific computer procedures in order to personalise the services which ITAKA can offer you. The data will be processed in a way that ensures their physical and logical security and confidentiality, and this may be carried out using manual, computerised and remote tools suitable for storing, transmitting and sharing the data. Processing logics are strictly linked to the purposes to be achieved.
    VI.1. – Data Retention Policy.
    In relation to the purposes referred to in letter (V.3), namely the proposal of commercial or promotional information, such processing – which, in accordance with the provisions of web Document 1103045 of the Italian Authority for the Protection of Personal Data, shall not make use of sensitive data – shall be carried out by the data controller, with the subject’s prior consent, for no more than 24 months after data collection exclusively on aggregate data.
    VI.2. – Data security and storage.
    VI.2.1.– Your personal data will be stored within the European Union, and security policies in this regard have been revised in accordance with the sector’s Best Practices.
    VI.2.2.– Access and Operations Traceability. Audit Log.
    Each instance of access to the data is stored in specific Log tables. This information contained in this record will include the access timestamp, the identification of the user who accessed the data, the type of data which was accessed, the user who owns the data, the operation carried out, and the application from which access was made.
    (E.6). – Profiling, automated decision-making;
    Beyond what is necessary to allow us to enact the functions allowing you to take advantages of the services offered on the website, with the exception of the provisions set out in our cookie policy, we will not carry out profiling operations in relation to the data collected through this website.
    (E.7). – Data Protection Impact Assessment.
    In relation to the personal data processing operations linked to its website’s operation, and with the aid of the specific assessment tool made available by the French Authority for the Protection of Personal Data (Commission Nationale de l’informatique et des libertés), ITAKA is preparing its own Data Protection Impact Assessment (DPIA) the results of which will be available upon request by the data subject.

VII. – Data recipients and transfer overseas.
VII.1. – Data processing managers and officers.
The following persons, in their roles as processing Managers or Officers, may come to know of the personal data covered by this document:

  • within ITAKA, qualified personnel, each one in a limited way according to their own responsibilities and duties and on the basis of the tasks and instructions given to them.
  • outside of ITAKA, third parties, who have also been designated as processing Managers or Officers, used by ITAKA for various services and exclusively to fulfil those services, each one in a limited way according to their own responsibilities and duties and on the basis of the tasks and instructions given to them.

VII.2. – Communication of the data (to specific external parties).
For its ordinary activities of management, accounting and administration, ITAKA may communicate your personal data – subject to obtaining your prior consent, where required, in accordance with law and in compliance with security measures – to subcontractors for services for the sole purpose of performing the service requested by you, such as: – postal service companies, – legal and notarial offices, – consultants, including associates, – other service companies, as well as other parties in compliance with any legal obligations (such as insurance institutions, police forces, judicial authorities, etc.). The list of parties to whom the data may be communicated is available at the headquarters of the Data Controller.
VII.3. – Transfer of personal data overseas.
ITAKA does not transfer personal data overseas of its own initiative. However, some third party service suppliers may have their servers physically located overseas (such as, for example, email service providers). In such cases, the transfer of data overseas shall take place exclusively under the terms of and in compliance with Reg. EU 679/2016 Art. 44 et seq.
VII.4. – Dissemination of the data (to non-specific external parties).
In no case may personal data be disseminated.

VIII. – Rights of data subjects.
Articles 15 to 22 of the GDPR grant data subjects certain rights to be exercised. Article 15 of the GDPR grants data subjects the right to access their own personal data and to obtain a copy thereof. The right to obtain a copy of the data shall not adversely affect the rights and freedoms of others.
By requesting access, the data subject has the right to obtain confirmation from ITAKA as to whether or not personal data concerning him or her is being processed and to know the purposes of the processing, the categories of data concerned, third parties to whom the data has been communicated, and whether the data has been transferred to a country outside of the EU with suitable safeguards. The data subject also has the right to know the storage times of their personal data, and has the right to ask for the rectification of inaccurate data and the completion of incomplete data, for erasure (the right to be forgotten) under the conditions outlined in art. 17 of the GDPR, for the restriction of processing, for the withdrawal of consent, and for data portability and has the right to object, at any moment and without the need to provide a reason, to processing for the purposes of direct marketing.
These rights may be exercised via an email to the address of ITAKA’s Data Protection Officer, or via ordinary post to the address given below. The Data Protection Officer may need to ensure the identity of the data subject by requiring him/her to provide a copy of his/her identification.
A data subject who believes the processing of his/her personal data is in violation of the provisions of the GDPR or national legislation regarding the protection of personal data has the right to lodge a complaint with the Italian Authority for the Protection of Personal Data, which has its headquarters in Rome, in accordance with art. 77 of the GDPR, and/or to appeal to the judicial Authority.
To exercise these rights, or to obtain any further information regarding these rights or, more generally, the processing of your personal data, requests can be sent via email to the following address:; – by ordinary post to Itaka s.r.l., company with registered office at via Monte Napoleone 8 – 20121 – Milan (MI), Italy.

  1. Withdrawal of Consent, Privacy Enquiries, Access and Reply
    You have the right, at all times, to withdraw your consent to the processing of your personal data, communicating your decision to us. If you have questions or wish to have more information regarding the processing of your personal data or to exercise the rights described above in point no. VI, you can send an email to the ITAKA Website administrator by writing to You can contact us at the same address to receive replies regarding ITAKA’s management of information. You may need to verify your identity and answer some questions before ITAKA will be able to supply you with, or modify, any information. We will respond as soon as possible.
  2. – Data Controller.
    The Data Controller is ITAKA, with registered office in via Monte Napoleone 8 – 20121 – MILAN (MI) Italy.
    XI. – Personal Data Protection Officer.
    The Data Protection Officer is ITAKA, with registered office in via Monte Napoleone 8 – 20121 – MILAN (MI) Italy.
    XI.1. – Data Processors.
    The full list of Data Processors is available at the Registered Office. This obligatory information is subject to revision in accordance with any alterations to the provisions of the applicable laws.