This page describes the Policy implemented by VENISTAR SRL on personal data processing with reference to personal data acquired from website users.

This Privacy Policy is provided pursuant to Articles 13 and 14 of GDPR 2016/679 and the national legislation in force to all those interacting with the web services of VENISTAR SRL, accessible electronically starting from the address: 

corresponding to the home page of the official website of VENISTAR SRL.

The Privacy Policy is provided solely for the VENISTAR SRL website and its sub-domains (e.g.: sub-domain), and not for other external sites consulted by the user using any links on the website.

The Privacy Policy is also based on Recommendation No. 2/2001 that the European personal data protection authorities, who met in the Group established by Article 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, times and nature of the information that data controllers must provide users when they connect to web pages, regardless of the purpose of the connection.

Controller of data processing.

The Data Controller is VENISTAR SRL, with registered office at Viale Francesco Restelli 1, 20124 Milan - Italy.

Data Protection Officer (DPO).

The Data Controller has appointed a Data Protection Officer (DPO) who may be contacted by the Data Subject for all matters relating to the processing of personal data and the exercise of the rights under the GDPR 2016/679. The contact address of the DPO is:

Type of data processed and purpose of processing.

Surfing data.

The computer systems and software procedures used to operate this website acquire, during normal course of their operations, some personal data that are then transmitted implicitly in the use of Internet communication protocols.

This information is not collected to be associated with identified users, but by its very nature could allow users to be identified, through processing and association with data held by third parties.

This category of data includes IP addresses and domain names used by users connecting to the website, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the dimensions of the file obtained in response, the numerical code indicating the status of the data response from the server (successful, error, etc.) and other parameters relating to the operational system and the IT environment of the user. 

These data are used for the sole purpose of obtaining anonymous statistical information about the use of the website and to ensure proper functioning and are deleted after processing. The data could be used to ascertain liabilities in the event of potential IT crimes against the website.

Data provided voluntarily by the user.

The optional, explicit and voluntary sending of emails to the addresses indicated on this website, also by filling in specific forms, involves the subsequent acquisition of the sender’s address, which is needed in order to respond to requests, and any other personal data included in the message.

The personal data collected may be processed for the following purposes:

  • responding, upon specific request of the Data Subject, to requests for information on the services provided and products/solutions marketed directly by VENISTAR SRL, and the processing of reports of any kind, also submitted via the contact form (Article 6(1) b) of GDPR 2016/679);
  • the management, upon specific request of the Data Subject, of E-recruitment applications and/or other forms of professional collaboration (Article 6(1) b) of GDPR 2016/679);
  • the sending, upon specific request of the Data Subject, of the informative and/or promotional newsletter (Article 6(1) b) of GDPR 2016/679).

Any specific information will be progressively provided or displayed in the website’s pages prepared for particular services which may be requested.

The collection and recording of data will take place for specific, explicit and legitimate purposes and in a manner compatible with such purposes, as part of the processing that is required for conducting business activities. Such data will be processed in accordance with the principle of accuracy and, where necessary, updated, so that they are always adequate, relevant and limited to what is necessary and kept for no longer than their intended use in relation to the purposes for which they are collected and subsequently processed in accordance with the GDPR 2016/679 and current national legislation.

Personal data may be processed with the aid of both paper and electronic means, or in any case suitable for recording and storing the data, and in any case in such a way as to guarantee their safety and the utmost confidentiality of the Data Subject. Specific security measures will be observed to prevent data loss, unlawful or incorrect use and unauthorised access in full compliance with Article 32 of GDPR 2016/679 and current national legislation.

Cookies, plugins and services for interaction with external platform.

Complete information on the use of cookies and services for interaction with external platforms (e.g. Social Networks) by this website is available at the following link: Cookie Policy.

Mandatory or optional nature of providing data and consequences of refusal to provide such data.

Apart from what is specified for surfing data, the user’s consent is to be considered optional. However, failure to provide consent may make it impossible for VENISTAR SRL to provide the services requested. If consent is given, it may be revoked at any time by sending a request to the following address:

Communication of data.

Apart from to the communication and dissemination of data in the performance of legal obligations, all data collected and processed may be communicated to:

  • Professionals and consultants, in particular those who provide services for the management of the information system and telecommunications networks, including emails;
  • Entities who process data on behalf of the Controller as Data Processors pursuant to Article 28 of GDPR 2016/679, including but not limited to entities who provide services for the management of the information system and telecommunications networks, including emails. The complete and up-to-date list of Data Processors is is available, to those entitled to it, by simple request to the Data Controller’s head office;
  • Entities legally entitled to access the data in accordance with the regulations in force and/or to whom the data must be communicated in compliance with legal obligations.

Personal data may be processed by employees and co-workers assigned to the competent offices of the Company, explicitly authorised to process the data in accordance with Article 29 of GDPR 2016/679 and current national legislation.

Transfer of data abroad.

Personal data may be communicated and/or transferred abroad only for the purposes stated in this Policy, or for exclusively technical reasons related to the structure of the company’s IT System and/or the implementation of technical and organisational security measures deemed appropriate by the Data Controller (Article 32 of GDPR 2016/679), and exclusively in compliance with Articles 44 et seq of GDPR 2016/679.

Data retention times.

The data provided shall be retained in our filing systems according to the following parameters:

  • Data provided voluntarily by the user: until the date of termination of the service (‘storage limitation’ principle, Article 5 of GDPR 2016/679) or according to the deadlines set by the law.

Depending on the specific limitation periods provided for by law, data required for ascertaining, exercising or defending a right in court may be subject to longer retention times.

Verifications on the obsolescence of the retained data in relation to the purposes for which they were collected are performer periodically.

Rights of the data subject.

With regard to personal data, the Data Subject may exercise the rights provided for within the limits and under the conditions set out in Articles 15 to 22 of GDPR 2016/679 and current national legislation. In particular, the GDPR 2016/679 grants the Data Subject the following rights:

  • Right of access (Article 15 of GDPR 2016/679);
  • Right to rectify inaccurate personal data and right to integrate incomplete personal data (Article 16 of GDPR 2016/679);
  • Right to erasure (Article 17 of the GDPR 2016/679);
  • Right to restriction of processing (Article 18 of GDPR 2016/679);
  • Right to be informed about the recipients to whom any rectification or erasure of personal data or restriction of processing has been communicated (Article 19 of GDPR 2016/679);
  • Right to data portability (Article 20 of GDPR 2016/679);
  • Right to object (Article 21 of GDPR 2016/679);
  • Right not to be subject to a decision based solely on automated processing (Article 22 of GDPR 2016/679).

In the event of signing any kind of consent to data processing, it should be noted that the Data Subject may revoke it at any time, without prejudice to the mandatory obligations provided for by the legislation in force at the time of the request, by contacting the Data Controller at the following email address:

Right to lodge a complaint.

The Data Subject who believes that the processing of his/her personal data carried out through this website is in violation of the provisions of GDPR 2016/679 has also the right to lodge a complaint with the supervisory authority for the protection of personal data, as provided for in Article 77 of GDPR 2016/679, or to apply to the competent judicial authorities (Article 79 of the GDPR 2016/679).

For further information you may contact the Data Controller:

Viale Francesco Restelli 1 - 20124 Milan (MI)
Tel.: +39 041 5102754 - Fax: +39 041 464464

Milan, 1 April 2022

[1] Pursuant to Article 4 of the Privacy Regulation, ‘personal data’ means: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.