Privacy policy

Contact us – Information on the processing of personal data collected pursuant to Article 13 of Regulation (EU) 2016/679

Dear user,

We need to process information concerning you, your personal data, for the purposes indicated below; to this end, as required by European legislation for the protection of personal data (European Regulation 679/2016), we provide you with the following information.

  1. Data Controller and Data Protection Officer

The Data Controller, i.e. the entity responsible for making decisions regarding the purposes, methods and security of personal data, is CONAI, Business offices in Via Pompeo Litta 5, 20122 – Milan. Contact details for privacy: tel 02.540441. fax 02.54122648.

Purposes and legal grounds of processing

The personal data that you provide to us and which will be collected during the provision of services requested by you will be processed for the purposes according to the legal grounds indicated below:



(Why we process your data)

Legal grounds


(Based on which provision of the law we process it.)

Consequences in case of refusal of processing


(What happens if you refuse to provide your personal data and/or authorise its processing)

To allow you to receive a reply to your requestArt. 6, point b (pre-contractual measures)Should you refuse to provide the data we will not be able to send you the answer
  1. Recipients and categories of data processed

The personal data you have provided or acquired during the course of the service will only be processed by specifically authorised personnel or by specifically designated data processors. Other than to any parties entitled by law, your data will not be disclosed to third parties.

  1. Transfer abroad

Your personal data is not transferred outside the European Union.

  1. Period of retention of personal data and criteria used

The personal data processed is collected and stored in electronic format through the ROTOSTAMPA information system until the contract is revoked.

  1. Data subject rights

The Regulation recognises the following rights that you may exercise vis-a-vis and against each co-controller.

  • Right of access: Art.15 of the European Regulation allows you to obtain from the Data Controller confirmation of whether or not data is being processed and, if so, obtain access to such data.
  • Right of correction: Art. 16 of the European Regulation allows you to obtain from the Data Controller the correction of inaccurate personal data concerning you without undue delay. Taking into account the processing purposes, data subjects have the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
  • Right of deletion: Art. 17 of the European Regulation allows you to obtain from the Data Controller the deletion of personal data concerning you without undue delay in the presence of one of the reasons envisaged by the regulation.
  • Right of restriction: Art. 18 of the European Regulation allows you to obtain from the Data Controller the restriction of processing in the presence of one of the cases envisaged by the regulation.
  • Right of objection: Art. 21 of the European Regulation allows you to object at any time, for reasons connected with your particular situation, to the processing of your personal data pursuant to Article 6, paragraph 1, points e) or f), including profiling on the basis of these provisions.
  • Right to portability: Art. 20 of the European Regulation allows you to receive the personal data concerning you which you have provided to a Data Controller in a structured, commonly used and machine-readable format and have the right to transmit such data to another Data Controller without hindrance from the Data Controller to which the personal data was provided according to the conditions established by the regulation
  • Right of withdrawal of consent: Art. 7 of the European Regulations allows you to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before withdrawal.
  • Right to complain: Art. 77 of the European Regulation, if you believe that the processing that concerns you is in violation of the regulation, recognises you the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you normally reside, work or of the place where the alleged violation occurred.
  1. Further information

Further information, or privacy policy and this information sheet are available on our website at

A complete extract of the above mentioned legal articles is available from the Legal and Corporate Affairs Department.

This department can provide you with all the explanations you might need regarding the exercise of your rights; requests can be sent in writing, accompanied by a valid identity document, to the General Data Processor, at the business offices in Via Litta 5, Milan.

  1. Collaboration

The protection of the data concerning you and compliance with the principles established by the regulation, with particular reference to the principle of transparency, are values of primary importance for us. We would be grateful if would help us by reporting any points in this document which are unclear or suggesting improvements to the contact details of the Data Controller as indicated above.