Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”)

Information to be provided where personal data are collected from the data subject


According to Regulation (EU) 2016/679 (General Data Protection Regulation) we provide you with the due information concerning the processing of the collected personal data. This privacy policy is given pursuant to art. 13 Regulation UE 2016/679 ( General Data Protection Regulation).

Personal data that can be treated: “ personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 Reg. UE 679/2016)


  1. DATA CONTROLLER, pursuant to art. 4 and 24 of the Regulation (EU) 2016/679, is APEN GROUP SPA, with legal headquarter in 20900 Monza (MB) – Italia, Via Zucchi, 1 and operational headquarter in 20060 Pessano con Bornago (MI), Italia – Via Isonzo, 1, Tax number 08767740155, as represented by the pro tempore legal representative.

Your personal data shall be processed in accordance to the requirements for the lawfulness of processing set forth by Art.  6 lett. f) (legitimate interests) of the Regulation (EU) 2016/679 for the following purposes:

– to fill in the form with the required personal data to answer to your contact and or information request and to send you the required information.

The data processing is based on art. 6, paragraph no. 1, lett. f), Recital no. 47): taking into consideration the reasonable expectations of data subjects based on their relationship with the controller, whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.


Personal data provided by you may be communicated to recipients, appointed pursuant to art. 28 of the Regulation EU 2016/679, which shall process your data as processors and/or persons acting under the authority of the Controller and the Processor, in order to perform agreements or related purposes. Precisely, your data may be communicated to recipients part of the following categories: – management services providers of IT systems and communication networks of Apen Group Spa (including emails); – advisory and consultancy firms and companies; – competent Authorities for the fulfillment of obligations of law, if required; – in case of administrative accounting purposes, the data may be sent to commercial information companies for the assessment of solvency and payment habits and / or subjects for debts collection purposes.

The subjects belonging to the aforesaid categories act as data Processors or act in complete autonomy as separate data Controllers. The list of designated data Processors is constantly updated and available by sending an e-mail to and at the offices of the Data Controller, in 20060 Pessano con Bornago (MI), Italia – Via Isonzo, 1.


Personal data may be transferred to a third Country within or outside the European Union, subject to the limits and conditions set forth by art. 44 and subsequent articles of the Regulation EU 2016/679, in order to comply with purposes related to the transfer. The data subject may obtain a copy of such data by writing an email to the address


The processing shall be carried out in automated and / or manual manner, with methods and tools aimed at ensuring the best security and confidentiality, by persons specifically appointed to do so.

According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation EU 2016/679, collected personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Data retention period depends on the purposes:

– request for contact, information and appointment reservation (1 year maximum);

The Data Subject can receive information regarding the criteria of the retention period contacting


With exception of what above specified concerning navigation data, the User is free to provide personal data.

The provision of personal data is optional or necessary depending on the specific purpose of the data processing. The non submittal of personal data marked by the symbol *may result the impossibility to obtain the required services.


You may exercise your rights pursuant to the Regulation EU 2016/679, by contacting the Data Controller by sending an e-mail to or writing to the Data Controller’s headquarter.

You have the right, at any time, to request the data Controller to access (art. 15), rectify (art. 16), cancel (art. 17) your personal data or limit their processing (art. 18) or to object to the processing of your data based on the legitimate interest (art. 21).

Withdrawal of the consent. The processing is not based on the consent, but on the legitimate interest. When the processing of the personal data is based on the consent, you have the right to withdraw the consent given at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

To object the processing of your data or to exercise your rights you may sending an e-mail to

you have the right to lodge a complaint with the Data Protection Authority. The provision of the personal data is not mandatory. You may provide your personal data in specific pages of the present website. The non submittal of personal data may result the impossibility to obtain the required services of the Data Controller. There is not decision based solely on automated processing.

Update: 01.06.18