Information pursuant to Article 13 of the Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), regarding the processing of the users’ personal data of the website (hereinafter referred to as “Site”).


  1. Data Controller

The data controller is Agenzia italiana per l’internazionalizzazione – Promos Italia S.c.r.l., with registered office in via Meravigli 9/b, 20123 Milano (IT), VAT number IT10322390963, certified email address


  1. Data protection officer

The data controller has designated the Data Protection Officer in accordance with art. 37 of the GDPR. Contact:


  1. Purposes and legal basis for the processing

The personal data provided or collected while browsing the website are processed for the following purposes:

  1. a) guarantee the correct technical functioning and navigability of the website;
  2. b) manage requests sent to the e-mail addresses available on the website;
  3. c) prior consent, to send information and promotional communications via e-mail to users who subscribe to the newsletter;
  4. d) prior consent, to use third-party analytical cookies.


  1. Type of processed data

Navigation data: the computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, the URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used in the submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data, necessary for the use of web services, are also processed for the purpose of:

  • obtain statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
  • check the correct functioning of the services offered.

Data communicated by the user: the optional, explicit and voluntary sending of messages to the contact addresses as well as the completion and forwarding of the forms available on the Site, entail the acquisition of the sender’s contact data, which are necessary to reply, as well as all personal data included in the communications.

Cookies and other tracking systems: read the information on cookies.

Providing data

The provision of data for the purposes referred to in point 2:

  • a), it is necessary for browsing the Site and cannot be optional;
  • b), it is necessary for the management of requests sent, otherwise, it is impossible to respond to received requests;
  • c), it is mandatory only for fields marked with “*”, otherwise, it is impossible to proceed with the registration to the newsletter;
  • d), it is optional, but failure to provide or consent could limit the functionality of some components of the Site.


  1. Recipients of the data

Personal data are processed by personnel authorized from the owner. Browsing and registration data can be processed by external subjects in charge of managing the Site and IT systems. The data could be communicated to the judicial authority at its request for any investigation needs in case of offenses. The data may also be communicated to the Lombardy Region and Unioncamere Lombardia, as project partners.


  1. Storage period

Browsing data do not persist beyond the end of the browsing session. The data processed with the consent of the interested party will be kept until revocation of the same consent to processing, which can be expressed at any time. In the case of particular legal obligations, the processing of information will continue in accordance with current legislation.


  1. Rights of the interested party and forms of protection

The exercise of the rights is guaranteed to the interested party, which is recognized by articles 12 and following of the GDPR. In particular, he/she is recognized the right to:

– access his/her personal data;

– request the correction of inaccurate personal data;

– request the deletion of personal data;

– obtain the limitation of the treatment;

– oppose the treatment;

– ask for the portability of personal data;

– withdraw consent to the treatment, without prejudice to the lawfulness of the treatments already performed;

– propose a report to the Guarantor Authority for the protection of personal data, according to the methods provided by the Authority itself.

For the exercise of the aforementioned rights, the interested party can contact the owner, through the contacts above mentioned.