Privacy Policy

INFORMATION PROCESS OF PERSONAL DATA (GDPR 679/2016) S.p.A. exercises two different roles in relation to its users in relation to the new EU Regulation


For the following services has the role of “Data Controller


  • Cloud Mail
  • Cloud Bag
  • Cloud PBX, Telephony and Voice Over IP services
  • Broadband Connectivity Services Accounting
  • Cloud IaaS
  • Cloud DCaaS
  • Infrastructure & Engineering WEB Services
  • Senior Safety
  • Sanità Digitale




While for the following it has the role of “Data Processor


  • SaaS
  • PaaS



When you use our services, you entrust us with your information. With this document we intend to explain to you that your data are processed exclusively for the purposes envisaged by the provision of the commissioned service or for the obligations and provisions imposed by law.


If prescribed or necessary for the protection of your SaaS or PaaS services, the appropriate security measures  apply  to  the  protection  of  your  data  and  their  protection  against  external attacks. With “by desing” protection systems and consistent with the risk assessments carried out on the data processed, the data of the data subjects will be safeguarded.


As required by current legislation on data protection, pursuant to art. 5 of EU Regulation

679/2016, personal data will be processed in a lawful, correct and transparent way towards the interested party. Collected for specific, explicit and legitimate purposes; adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. They are

collected in an exact manner and, if necessary, updated, respecting the fundamental rights and freedoms, as well as the dignity of the interested party, with particular reference to privacy, personal identity and the right to protection of personal data. This information is subject to updates and / or changes by the Data Controller, which will be publicized on the website as regards the processing of visitor data. Instead it will be directly accessible to Users

through the appropriate “privacy” link reachable from profile.

In the event of a breach of personal data, the data controller shall notify the competent supervisory authority of the violation and, if the data breach represents a high risk for

the rights and freedoms of natural persons, the controller shall disclose the violation to whom it may concerned.



Data Controller is S.p.A., P. IVA 03979950874, registered office in Roberto

Lepetit Street, 8/10 – 20124 Milan.



Data Protection Officer


Data Protection Officer is reachable at the following contact points at the registered office in


Roberto Lepetit Street, 8/10 – 20124 Milan


Tel.: +39 02 97 084 111


Fax.: +39 02 97 084 444 pec:

All reports in terms of non-compliance, possible violations or ex-requests must be addressed to the DPO. Art 17 (right to cancel your personal data)







With this document we explain what we do with the data you entrust us when you use our services, why we use your data, why we collect, store and protect it.


As described in the introduction our services are extensive and can be used in various ways. For some interested we are the “Controller” for others only the “Processor”, but we would like to point out that all data you provide us are used only for the performance of the services and for the obligations required by law and currentregulations.


With this document we illustrate:


  • The collected data and the purposes we have
  • How to use this data
  • How to access, modify and delete thisinformation


We have tried, inspired by the principles of the Regulation, to keep the terms of the discussion broad and easy to understand, but the type of services that we deliver obliges   us to cite terms such as IP Address, Browser, Log, Accounting, Cookie, Internet of Things (IOT). On these important terms we put the references in Italian to Wikipedia in order to allow you a more agile understanding. If we do not succeed, because for the protection of your data is primary and all our customers, large or small, should know our ways to process the data and respect your privacy, we have put an address for your mail to contact us for any specific problem and request for specific clarification.







We collect data on how you use our services in relation to billing requirements and legal requirements, but we do not make any record of the related content in terms, for example, of websites users visited if your service is a Broadband connection, but only the IP address user, of the access and end times of navigation.

For  the  Cloud  Services,  we  only  register  the  allocated  resources,  the  IPs  and  (if  for consumption) the possible times of use, but not how the resources have been used.


We therefore do not collect information on the services used by the interested parties in terms  of  how  they  are  used,  such  as  for  example.  if  a  video  is  viewed,  an  application downloaded, etc.


If the user has given his consent and receives our mails we monitor:


  • Opening the email
  • Any click on the links present
  • The type of device from which it is opened (desktop, mobile, etc.)
  • The IP from which the email is opened




On SaaS, Cloud Bags, Cloud Mail, Cloud PBX, Cloud PaaS we monitor anomalous device activity  both  for  security  reasons  and  for  detecting  abnormal  shutdowns,  system  activity, incorrect hardware settings, types of browsers used, device types used, date and time of the requests and any reference operations that generated the anomaly.


On our websites and portals, we monitor cookies, as specified below, to uniquely identify the user, session and account of the interested party.


For Clients who use the MAPI CloudMail’s services, for the sole purpose of security, we detect the access position by accessing the mobile or fixed device, but requesting its consent, directly from the installed email application.


In this regard, to protect the information to which the party grants access, such as messages, photos, address book, agenda we oblige the user to specify a PIN to access the device.


Data Controller does not use or exercise any processing in relation to these data, which are recorded on multiple databases whose access is protected through procedures that restrict the persons  with access to such data and record all requests on appropriate unalterable syslogger.


Pursuant to Article 9, paragraph 1 of Regulation 679/2016, no personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data relating to health or sexual orientation is memorized, detected or in some way traced by our systems.


For issues related to Accounting, invoicing and legal obligations to the Authorities, the IP assigned to the data subject and the relative access and end time of the connection are recorded.

With regard to the SaaS Services provided in the healthcare sector and for which S.p.A. is the “Data Processor”, appropriate protection and access systems “WAF” or Web Application Firewall have been suitably prepared. Any access of representatives for assistance, debugging and maintenance functions are recorded and stored on unalterable logs.






The processing of personal data connected to the web services of the sites takes place at  the offices of S.p.A. and are only handled by personnel in  charge of  processing accessing the systems through unique credentials and all accesses and related activities are stored on unalterable logs.


The personal data provided by users who request dispatch of informative material, data on electronic traffic, cookies or proposals for applications are used only to perform the service or provision requested and are communicated to third party suppliers and / or employees only if this is necessary for this purpose. The data will be processed by the company S.p.A.  and  may  be  transmitted  to  companies  connected  to  the  same  for  the  purpose  of providing the services.





Personal data are processed using automatic and non-automatic tools, for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.






The interested party has the right to obtain from the Data Controller access to personal data and the following information:


  1. a) the purposes of the processing;


  1. b) the categories of personal data in question;


  1. c) the recipients to whom the personal data have been or will be communicated;


  1. d) when possible, the retention period;


  1. e) the right to request the correction or deletion of data (right to be forgotten) or the limitation of processing or, finally, to oppose the processing itself;


  1. f) the right to withdraw consent. However, this does not affect the lawfulness of the processing based on consent before revocation;


  1. g) the right to receive, in a structured, commonly used and automatically readableform, personal data concerning him / her (portability);

  1. h) the existence of an automated decision-making process; i) the right to lodge a complaint with a supervisory authority. Furthermore, will provide at the data subject:
  2. a) the identity and contact details of the data controller;


  1. b) contact details of the person in charge of data protection (DPO), reachable at the certified electronic e-mail


  1. c) any legitimate interests pursued by the data controller


  1. d) where applicable, the intention of the data controller to transfer personal dataabroad.







We inform Users that, with the exception of navigation data, the communication of data is optional, however any refusal to supply them, or the lack of consent to their processing, may not allow S.p.A. to ensure the timely and correct handling of the request for contact or the provision of the service forwarded by the data subject.


Pursuant  to  the  combined  provisions  of  art.8  of  the  EU  Regulation  679/2016  and  art.2- quinquies of the D.L. 101/2018, laying down the provisions about the Privacy Code, a minor of fourteen years of age may give consent to the processing of personal data when related to the direct offer of services by an information company.


With regard to the aforementioned services, the processing of personal data of a minor below the  age  of  fourteen  shall  be  lawful  only  when  provided  by  those  bearing  parental responsibility.








We point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, the retention period of the personal data  of  the  interested  party  is  established  for  a  period  of  time  not  exceeding  the achievement  of  the  purposes  for  which  they  are  collected  and  processed  and  in compliance with the times prescribed by law.








All information collected on the site is stored and maintained in secure facilities that restrict access to authorized personnel only. The website is checked regularly to check for security breaches, and to ensure that all information collected is safe from those who intend to view

it without authorization. S.p.A. adheres to all security measures described by applicable laws  and  regulations  and  to  all  appropriate  measures  according  to  the  currently  most advanced criteria, to ensure and guarantee the confidentiality of users’ personal data, and to minimize as far as possible the dangers of unauthorized access, removal, loss or damage to users’s personal data.







The voluntary, optional and explicit sending of data to S.p.A. on the part of the user (on the occasion, for example, of the registration in the database of Spa or the insertion of their data by filling in the appropriate “forms”, also in order to verify the possibility of accessing its services, as well as sending e-mail to the addresses indicated on this site), involves the subsequent acquisition of the sender’s address and the data  provided by the same, for which the user also releases express consent to their processing. In case users enter or otherwise treat the data of third parties guarantee from now, assuming all related responsibility, to have previously provided to them the information referred to in Article. 12 of the Regulations and having acquired their consent to the processing.









The computer systems and software procedures used to operate this site acquire, in normal operation, some navigation data that are implicitly transmitted in the use of internet communication protocols. These are data relating to electronic traffic which by their nature are not immediately associated with identified data subjects, but through processing or association with data held by third parties could allow identification of users / visitors to the website (such as, for example, IP addresses, type browser and operating system used by the user, time required to access web pages). This data is used only for anonymous statistical information regarding website visits website visits or to verify the correct functionality of the website. These data are kept by the company S.p.a. for the strictly necessary period and in any case in compliance with the current regulations in force.

Cookie Policy








Cookies are data that are sent from the website and stored by the internet browser on the computer or other device (for example, tablet or mobile phone) of the user. Technical cookies and third-party cookies may be installed on our website. In any case, the user can manage, or  request  general  deactivation  or  cancellation  of  cookies,  modifying  the  settings  of  his internet  browser.  This deactivation,  however,  may  slow down or  prevent  access  to some parts of the website. The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform such operations, we suggest you to consult the manual of your device or the “Help” function or “Help” of your internet browser. Below are the links to the Users that explain how to manage or disable cookies for the most popular Internet browsers.


Internet Explorer: cookies


Firefox: Opera: Safari:






The use of technical cookies, that is cookies necessary for the transmission of communications on the electronic communication network or cookies strictly necessary to the supplier to provide the service requested by the customer, allows the safe and efficient use of our website. Session cookies may be installed in order to allow and access to the reserved area of the portal as an authenticated user. Technical cookies are essential for the proper functioning of our website

and are used to allow users normal browsing and the opportunity to take advantage of the advanced services available on our website. The technical cookies used are distinguished in session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies that are saved in the user’s device memory until their expiration or cancellation by the user itself. Our website uses the following technicalcookies:


  • Technical browsing or session cookies, used to manage normal browsing and user authentication;
  • Functional technical cookies, used to store customizations chosen by the user,such as, for example, the language;
  • Technical analytics cookies, used to know how users use our website so that they can evaluate and improve their functioning.







Third-party cookies may be installed: these are cookies, analytical and profiling, Google Analytics, google maps, Twitter Linkedin and Facebook. These cookies are sent from the websites of the aforementioned third parties external to our site. The analytical cookies of third parties are used to detect information on the behavior of users on the website. The

survey takes place anonymously, in order to monitor the performance and improve the usability of the website. The third-party profiling cookies are used to create profiles related to users, in order to propose advertising messages in line with the choices expressed by the users themselves.

The  use  of  these  cookies  is  governed  by  the  rules  set  by  the  third  parties  themselves, therefore, users are invited to view the privacy policies and indications to manage or disable

cookies published on the following web pages:


For Google Analytics cookies:

privacy policy: indications to manage or disable cookies:

For Google map cookies:

privacy policy:

indications to manage or disable cookies:


For Facebook cookies:

privacy policy: –

indications to manage or disable cookies:

For Twitter cookies:

privacy policy:

indications to manage or disable cookies:

For Linkedin cookies:

privacy policy:

indications to manage or disable cookies:







Information and requests regarding privacy can be directed to S.p.A.


  • by traditional e-mail to the mailbox:
  • by post office S.p.a., Roberto Lepetit street, 8/10 – 20124 Milan at the attention of Data Processor Officer (DPO)
  • by registered email