This information, made persuant to art. 13 GDPR (EU Reg. 2016/679), describes how the site is managed with reference to the processing of personal data of Users who consult it. In particular, the processing of User data, made necessary by the purposes described below, will be carried out in full compliance with current legislation and the principles of correctness, lawfulness and transparency, purpose limitation, minimization, accuracy, integrity and confidentiality.

Holder of the treatment

The holder data treatment is Ethicalfin NPL S.r.l., with headquarters in Via Aureliana, 25 – 00187 Rome (RM). Contacts: tel. + 39 06.83927740, email: – PEC

Data protection officer (DPO)

The Holder data treatment has appointed Data Protection Officer (DPO) Mauro Epifanio, who can be contacted at the following email address:

Type of data processed

The following personal data are subject to processing: a) browsing data, for which reference is made to the cookie policy; b) personal data and contact details, in particular: name, surname, email and telephone number. All the data processed are provided directly by the site visitors. The optional, explicit and voluntary sending of the aforementioned data entails their subsequent acquisition, necessary to respond to requests, as well as to execute the services provided by sending the forms.

Purpose of the treatment and legal bases

Personal data are collected with the consent of the users to follow up the requests and response to the questions posed by the interested party through the appropriate contact form. The provision of data by the interested party is optional but essential for the aforementioned purposes.

Processing methods, duration and scope of dissemination and communication of data to third parties

The processing and storage of data related to the services provided on the site are carried out both on paper and automated supports for the time strictly necessary to achieve the purposes for which they were collected; they take place at servers in Italy or in the EU or in any case in third Countries, included in the list of countries considered reliable, prepared by the European Commission, which offer an adequate level of data protection, with which specific agreements are entered into, and they are only managed by personnel authorized to process or by Companies expressly appointed as data processors (e.g. for technological maintenance of the site). Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access and loss of confidentiality. The structure is equipped with anti-intrusion devices, firewalls, logs and disaster recovery. Specific data encryption and segregation mechanisms are used. No automated decision-making process (e.g. profiling) is carried out.

The data will not be disclosed unless otherwise provided by law. Except as specified for cookies and third-party elements, without the prior general consent of the interested party to communicate to third parties, it will be possible to proceed only with services that do not provide for such communications. In case of need, specific and prompt consents will be requested and the subjects who will receive the data will use them as autonomous owners.

In any case, the data (only the indispensable ones) can be communicated to: a) data processors and processors, both internal to the organization of the Holder data treatment, and external, who perform specific tasks and operations; b) Public authorities or offices in execution of legal obligations.

Rights of the interested parties

Pursuant to articles 7, 15 – 22 GDPR, the interested party has the right to obtain confirmation that a processing of data concerning him or her is in progress and in this case to obtain access to the data and the indication of the: a) purposes of the treatment; b) categories of personal data in question; c) recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations; d) whenever possible, the expected retention period of personal data or, if not possible, the criteria used to determine this period; e) all available information on the origin of the data if it is not collected from the interested party; f) the existence of an automated decision-making process, including profiling.

The interested party also has: 1) the right to obtain the correction of inaccurate personal data concerning him without undue delay; 2) the right to obtain the cancellation of personal data concerning him without undue delay; 3) the right to obtain the limitation of the treatment; 4) the right to object at any time, for reasons related to your particular situation, to the processing of personal data; 5) the right to receive personal data concerning him in a structured, commonly used and machine-readable format; 6) the right to withdraw your consent at any time; 7) the right to lodge a complaint with the Guarantor Authority for the protection of personal data, pursuant to art. 77 GDPR and / or to appeal to the appropriate judicial offices pursuant to art. 79 GDPR; 8) the right to be informed of the existence of adequate guarantees, if personal data are transferred to a third country or to an international organization; 9) the right to obtain a copy of the data being processed.

To exercise these rights, the interested party can contact the Holder data treatment at the addresses indicated in paragraph 1- Data Controller, by sending a specific request by registered letter and / or e-mail.

Privacy Policy