Privacy Policy
This page is intended to inform users of this website about how it is managed with regard to the processing of their personal data, as required by Articles 13 and 14 of European Regulation No. 679/2016 – General Data Protection Regulation (GDPR). This policy also fully complies with Recommendation No. 2/2001 adopted on 17 May 2001 by the European data protection authorities meeting in the Group established under Article 29 of Directive No. 95/46/EC, to identify minimum requirements for the online collection of personal data and, in particular, the methods, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection. When browsing this website, data relating to identified or identifiable persons may be processed.
1) Data Controller and Contact Details
The Data Controller is:
EUROPA RISORSE SGR S.p.A.
VIA DEI BOSSI, No. 4, MILAN
VAT Number: 05953020962
EUROPARISORSESGR@PEC.EUROPARISORSE-SGR.COM
2) Categories of Data Processed
- Browsing data: IP addresses, timestamps, requested URIs/URLs, user agents, response outcomes, security logs and other technical metadata generated by Internet protocols, necessary for the operation of the website.
- Cookies and similar technologies: please refer to the Cookie Policy of this website, which describes the categories, purposes, duration and consent management for non-technical cookies.
- Form/email data: identifying and contact details (e.g. name, surname, email, telephone), message content, any attachments.
- Special categories of data (Art. 9 GDPR): not requested or processed by this website. Users are advised not to submit such data through generic contact forms.
3) Purposes, Legal Bases, Retention Periods and Nature of Data Provision
| Purpose | Data Processed | Legal Basis (Art. 6 GDPR) | Retention | Nature |
| Website operation and security (content delivery, prevention) | Browsing data, technical logs | Legitimate interest of the Controller in ensuring security and operation (Art. 6(1)(f)) | 7–30 days for technical logs, unless further retention is required due to incidents or authority requests | Necessary |
| Responding to requests submitted via contact form | Identifying and contact data, request content | Performance of pre-contractual or contractual measures (Art. 6(1)(b)) or legitimate interest in handling information requests (Art. 6(1)(f)) | Up to 12 months from closure of the request; beyond that only if necessary for legal protection or obligations | Optional; failure to provide data prevents a response |
| Sending newsletters/promotional communications | Contact data, preferences (if expressed) | Consent (Art. 6(1)(a)), withdrawable at any time | Until withdrawal of consent / opt-out; consent logs for 24 months | Optional |
| Legal obligations (tax, accounting) | Personal and identification data | Legal obligation (Art. 6(1)(c)) | Up to 10 years (Art. 2220 of the Italian Civil Code and tax regulations) | Necessary |
| Legal proceedings and abuse prevention | Data relevant to disputes | Legitimate interest (Art. 6(1)(f)) | For the duration of the dispute and until the statute of limitations expires | Necessary if related to claims |
The retention periods indicated above may be extended in the event of requests from the Authority or for the exercise/defence of rights.
Consents are documented and collected separately from other documents, and may be withdrawn at any time with effect for the future.
4) Recipients and Categories of Recipients (Art. 13(1)(e), 28 GDPR)
Data may be processed by:
- Authorised internal subjects designated by the Controller (administrative, commercial, IT, communications staff), duly instructed.
- Data processors (Art. 28 GDPR): hosting providers, IT maintenance, security providers, consultants, strictly within the limits of the stated purposes. An updated list of data processors is available upon request.
- Public authorities and bodies where required by law or pursuant to lawful orders.
5) Place of Processing and Transfers Outside the EU
Data is collected from the data subject. Processing takes place within the European Union/EEA at the premises of the Controller and/or its processors, with data centres located in the EU/EEA.
No transfers of data to countries outside the EU/EEA are envisaged. Should it become necessary in future to use non-EU providers, the Controller will ensure compliance with Chapter V of the GDPR (e.g. adequacy decisions or Standard Contractual Clauses) and will update this policy accordingly.
6) Processing Methods and Security Measures
Processing is carried out by electronic and/or paper-based means, according to logic related to the stated purposes and in compliance with the principles set out in Articles 32 and 5 of the GDPR, always with a view to data minimisation. The Controller adopts technical and organisational measures appropriate to the risk. No automated decision-making processes are carried out that produce legal effects or similarly significantly affect the data subject (Art. 22).
7) Cookies and Consent Preferences
No consent is required for technical cookies.
For non-technical cookies (e.g. non-anonymised statistical or profiling cookies), the website uses a compliant banner: consent is granular, free, specific, informed and recorded; it may be withdrawn at any time via the “Cookie settings” link in the footer or through browser settings.
See Cookie Policy
8) Rights of the Data Subject (Arts. 15–22 GDPR)
You have the right to request from the Controller:
- Access to data and a copy thereof (Art. 15),
- Rectification (Art. 16) and erasure (Art. 17),
- Restriction of processing (Art. 18),
- Data portability (Art. 20, where applicable),
- Objection (Art. 21) to processing based on legitimate interest; objection to direct marketing is always free of charge,
- Withdrawal of consent (Art. 7(3)) without prejudice to the lawfulness of processing based on consent prior to its withdrawal,
- Exclusion from solely automated decision-making (Art. 22), where applicable.
To exercise your rights: amministrazioneer@europarisorse.com
You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
9) Policy Updates
The Controller may update this policy in response to regulatory or technical changes. The updated version will show the date and will be published on this page.
Last updated: 06.03.2026
