This privacy policy contains the information requested pursuant to Article 13 of EU regulation 2016/679 (hereinafter referred to as the “GDPR”) concerning the protection of data subjects in relation to the processing of personal data, as well as pursuant to national and European legislative measures put in place by supervisory authorities following the publication of this privacy policy.



The Data Controller is Itaca Equity S.r.l. with registered office at 10, Via Pontaccio, Milano (MI) – 20121, Phone: 02 8858801, email address:, in the person of its pro tempore legal representative.



The Data Controller will inform you in the event that a Data Protection Officer is appointed pursuant to Article 37 of the GDPR. Said DPO’s contact details will be published on the company website to supplement this privacy policy.



Personal data collected in relation to the company website will be processed for the following purposes:

  1. Navigation data acquired by this website during routine browsing, including personal data, whose transmission is connected to the use of Internet communication protocols (IP addresses, domain names of the computers used by users to access the website, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, etc.) and other parameters relating to the user’s operating system and IT environment. Said data is solely used to compile anonymous statistics on website use and to verify its correct operation. The data may be used to establish liability in case of cybercrimes against the website, if any. The legal basis for data processing is the legitimate interests of the Data Controller.
  2. Data relating to users who send information to the Data Controller using the contact form on, whose personal data and email addresses will be processed in order to satisfy user requests. The processing of data is necessary to execute a contract in which the data subject is a party, as well as to adopt pre-contractual measures requested by the data subject prior to entering into an agreement.
  3. Contact data such as personal data and email addresses may only be used to send marketing communications, including through our newsletter, with your explicit consent. The legal basis for data processing is the explicit consent of the data subject.
  4. This site uses “cookies,” i. e. small portions of text files that are stored on the user’s computer and which serve to make the website easier to use, more effective and more secure. The cookies used are “session cookies,” which are not stored permanently on the user’s computer and disappear when the browser is closed. The site also makes use of “technical cookies,” installed by the website developer for the sole purpose of improving the user browsing experience. As per current provisions, technical cookies do not require the consent of users.
  5. This site also uses third-party “analytical cookies” to monitor website use. These cookies are not deleted at the end of the session. Technical tools have been adopted with regard to these cookies to reduce their identifying power (data anonymization) and as such, user consent is not required. However, users can decide whether or not to accept these cookies via their browser settings. Read more information about the choices you have on the cookies we use, please visit our Cookie Policy.

The provision of your personal data for the purposes referred to in points A, B, D and E is mandatory as it is necessary for the objectives pursued. Failure to provide said data will make it impossible to fulfil these objectives. The data processing referred to in point C requires your explicit consent. If we have previously acquired your explicit consent, it can be withdrawn at any time by writing to:

The legal basis for the processing of navigation data and session cookies is the Data Controller’s legitimate interests to process personal data relating to website traffic, to the extent strictly necessary and proportionate in order to guarantee system security, and to perform statistical analysis.



Our website features plugins and/or buttons that allow users to easily share content on their social network profiles. By visiting a page on our website that contains a plugin, your browser will connect directly to the social network servers associated with the plugin. Social network servers can track your visit to our website and associate it with your social media account if you are logged in at the time of your visit, or if you have recently browsed one of the websites containing social media plugins. If you do not want social networks to record data relating to your visit to our website, you must log out of your social media account before visiting our website and delete any cookies the social network has installed on your browser. The presence of these plugins on our website involves the sending of cookies to and from all sites managed by third parties. Data collected by “third parties” is not available to us and we cannot access it. More information on the data collected and how to manage cookies belonging to the various social networks linked to our site can be consulted via the websites listed below:

Facebook information:

Facebook (configuration): Log in your account. Privacy section.

Instagram information:

Linkedin information:

The Data Controller is the service provider for data processed on the company’s official social media pages (Facebook and Instagram). Facebook collects and uses information to provide statistical data collection services known as “insights” to website administrators in order to allow them to better understand how people interact with their products and the content associated with them. The processing of personal data for page insights may be subject to a joint-controller agreement.



Your personal data will be processed lawfully, fairly and in a transparent manner and may also be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’). Your personal data will be accessed only by the appointed managers and by authorized and suitably trained staff. We do not use automated decision-making processes, such as profiling.



For the purposes described in section 3 above, your personal data will be processed by employees, persons treated as such and those working for the Data Controller. These individuals will operate in their capacity as people authorized and instructed to process personal data by the Data Controller. Furthermore, your personal data will be processed by third-parties belonging to the following categories:

  • people who deal with administrative and tax obligations for the Data Controller
  • companies and consultants providing legal advice
  • insurance companies and credit institutions
  • third-party companies providing services relating to creditworthiness, capital strength, risk profiling and regulatory compliance (e. g. anti-money laundering)
  • third-party companies providing logistics services
  • third-party companies providing technical coordination, assistance and IT maintenance services

In some instances, individuals and third-parties belonging to the above categories operate in total autonomy qualified as autonomous Data Controllers. In other cases, they process personal data as Data Processors on behalf of the Data Controller in compliance with Article 28 of the GDPR. A complete, up-to-date list of the people to whom your personal data may be sent can be requested from the Data Controller’s registered office. Your personal data will not be transferred to third parties outside the European Union and are not subject to disclosure.


Your personal data will be stored for the period of time strictly necessary to pursue the specific purposed referred to in section 3 of this privacy policy and, specifically:

  • For the purposes indicated in points A, D and E of section 3. Your personal data will be stored for the time necessary to execute the existing relationships between the parties and subsequently for the period of time determined by the regulations in force. Data relating to invoicing will be kept for ten years from the invoice date, after which they will be deleted or anonymized.
  • Data will be stored for up to 10 years with regard to the purposes listed in point B of section 3, after which they will be anonymized or deleted.
  • Data will be stored for the purposes indicated in point C of section 3 (newsletter subscriptions) until the user requests to halt the activity (opt-out), and in any case no later than 24 (twenty-four) months from the date of the last communication, of which there is evidence of direct interaction. Users can withdraw their consent at any time by clicking on the specific link in the electronic newsletter or by sending an email to


  • Right to access by the data subject (Article 15 of the GDPR): The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
  • Right to rectification and erasure (‘right to be forgotten’) (Articles 16 and 17 of the GDPR). The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
  • Right to restriction of processing (Article 18 of the GDPR). The data subject shall have the right to obtain from the controller restriction of processing where one of the situations referred to in Article 18 of the GDPR occurs.
  • Right to data portability (Article 20 of the GDPR) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
  • Right to object (Article 21 of the GDPR). The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • Right to withdraw consent. The data subject shall have the right to withdraw consent to the processing of his or her data at any time, without prejudice to the lawfulness of data processing based on consent before withdrawal.
  • Right to submit a complaint to the independent supervisory authority.

These rights may be exercised by contacting the Data Controller at the physical or telematic addresses:

The exercise of your rights as data subject is free of charge within the meaning of Article 12 of the GDPR.