Mod.: IS – Last Updated: 03/2026
Privacy Policy for the Processing of Personal Data
Articles 13 and 14 of European Regulation No. 679/2016
Legislative Decree 196/2003 as amended by Legislative Decree 101/2018
Dear Data Subject,
This notice describes the website's data management practices with regard to the processing of personal data of users who visit it, as well as the data processing practices carried out through this website. In compliance with Articles 13 (for data collected directly from the data subject) and 14 (for data not collected directly from the data subject) of Regulation (EU) 2016/679 (hereinafter "GDPR"), the following information is provided to users of this website. This information refers exclusively to processing carried out through this website and not through other websites that may be visited via links from this site; users are advised to read the respective privacy notices provided by the relevant controllers of those sites. This website and any services offered through it are intended for individuals who have reached the age of eighteen. The Controller therefore does not process personal data relating to individuals under the age of 18. Upon request from such users, the Controller will promptly delete all personal data inadvertently collected.
1. Data Controller
The Data Controller is S.O.S Bonifiche Srl, with registered office at Via San Crispino, 12 – 35129 Padova (PD) and operational offices at Via Makallè, 73 – 35138 Padova (PD) and Piazza Dante, 17 – 25045 Castegnato (BS), Tax Code and VAT No. 01543200289 (hereinafter "Controller"). The Controller reserves the right to appoint a web agency or consultant as Data Processor for personal data managed for the purposes of technical assistance, maintenance, technical management and similar activities relating to this website; their details may be provided upon request at the addresses indicated above. The Controller and the Processor also handle users' data through their own internal authorised personnel, specifically designated and instructed accordingly.
2. Categories of Data Processed and Sources
- Browsing data (the IT systems and software procedures used to operate this website automatically acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes: IP addresses, browser type, operating system, domain name and addresses of websites from which access was made or exited, information on pages visited by users within the site, access times, time spent on individual pages, internal navigation path analysis and other parameters relating to the user's operating system and IT environment. Such technical/IT data are collected and used exclusively in an aggregated and anonymous manner. These data are processed for the purpose of enabling and monitoring the correct use of this website and for obtaining anonymous statistical information on its use, and are deleted immediately after processing.)
- Cookies, for which we invite you to read our Cookie Policy.
- Data voluntarily provided by the user, including:
- Common data (identification, personal, billing and similar data)
- Only exceptionally, special category data (Art. 9 GDPR)
- Only exceptionally, criminal data (Art. 10 GDPR)
Sources: browsing, other websites, cookies and similar; user; public sources.
We may process browsing data and cookies in the first instance. We may also process data voluntarily provided by the user, for example through the contact form or by sending an email, including common personal data (identification, personal, billing and similar data) and, exceptionally, special category data pursuant to Art. 9 GDPR or criminal data pursuant to Art. 10 GDPR, strictly to the extent required by the information request received and subject to the data subject's consent.
Data may originate from automated or voluntary sources, as well as from public sources. For example, it may derive from the user's browsing activity, which may carry information relating to previous visits to other websites, including in particular cookies and similar technologies. Data may also be voluntarily provided by the user or by related parties. Other data may come from public sources, such as those processed in the context of searches and derived from company registers, public databases and similar.
3. Purposes of Processing
The personal data of website users, as described above, will be processed in the manner and forms prescribed by the GDPR, for the purposes of carrying out the website's own functions, with particular but not exclusive reference to page browsing and the data collection procedures described therein, including contact forms, any registration/login procedures for reserved areas, newsletter subscriptions and similar. In particular, personal data provided to the Controller will be processed for the following purposes:
- to respond to specific requests addressed to the Controller by the user through the website and its communication tools (contact forms, information request forms and similar);
- for informational communications relating to the Controller's services, following a request for information submitted via email or by completing the contact form and other communication tools;
- for any registration for events organised by the Controller and related activities (for example, attendance verification, notices regarding any updates or changes to the event, etc.);
- for other ancillary or related purposes to those indicated above, and in any case falling within the scope of the website's activities.
The processing of data provided in a general manner will be carried out, including following automatic collection during browsing, solely for the purpose of verifying and monitoring access to the website. This also applies to technical cookies, understood as session, functionality or analytics cookies that meet the requirements specified by the Data Protection Authority. With regard to the latter in particular, it is clarified that they may be treated as technical cookies where they are created and used directly by the website. In any case, for analytics cookies, the website, also in accordance with the Authority's guidance, has implemented the anonymisation of IP addresses and data processing amendments; the collection and use of the aforementioned browsing data (subject to IP address anonymisation) allow for the monitoring of the website's performance and enable the improvement of the service offered, providing the user with a better browsing experience. Please refer to the dedicated Cookie Policy for further information.
4. Legal Basis for Processing
The processing of personal data is based on the fulfilment of contractual or pre-contractual obligations relating to the user's request (for example, requests for information about the Controller's services, requests for quotes, etc.), as well as, where necessary, on consent given by freely and knowingly completing the relevant fields in the dedicated data collection and submission form and ticking the appropriate checkbox where provided.
It is noted that the completion of specific fields in information request forms is inherent to the request itself and therefore constitutes the fulfilment of a pre-contractual or contractual obligation, depending on the context. Consent may subsequently be requested for the processing of additional data.
A specific privacy notice will be provided wherever necessary (a notice separate from this one).
Processing is also based in all cases on legitimate interest, including the right to information, as referred to in the following paragraph.
5. Legitimate Interest of the Controller
The processing of personal data is also based on the legitimate interest of the Controller, such as the exercise of its rights in the context of the information society, the performance of contractual obligations and the carrying out of direct marketing activities (in the manner, by the means and within the timeframes provided for by applicable regulations).
6. Obligation to Provide Data
The provision of browsing data by users, for the purposes described above, depends on the level of privacy that the user has enabled or disabled through their browser. In some cases, disabling certain settings may affect browsing on this website. For certain modules of this website, the provision of browsing data and/or the use of technical cookies is mandatory for the correct functioning of the site itself.
The provision of certain personal data is in any case necessary for the structure of the website and its procedures. Any requests for other optional data will be preceded by an appropriate consent checkbox. The provision of all other data is optional, in accordance with the type of information the user wishes to provide to the website.
Without prejudice to the above, for example, providing an email address is necessary in order to respond to a request submitted via the contact form, as are the other mandatory fields indicated with an asterisk. All other data are optional.
Failure to provide data necessary for the requested action (for example, an email address via the information request form) makes it impossible for the Controller to process the request.
PROVISIONS APPLICABLE TO ALL PROCESSING ACTIVITIES
In any case, even where the data subject has given consent authorising the Controller to pursue all the purposes mentioned above, they will remain free at any time to withdraw it.
It is specifically and separately noted, as required by Article 21 of the Regulation, that the data subject has the right to object at any time to the processing of their personal data carried out for the above purposes, and that, should the data subject object to the processing, the personal data may no longer be processed for such purposes.
7. Possible Recipients of Personal Data
Data may be communicated to companies connected, affiliated or controlled by the Controller, as well as to consultants, or to third parties operating, including on behalf of the Controller, for the fulfilment of services related to the purposes set out in this notice, both within and outside the EU (in the latter case, exclusively to parties complying with applicable regulations).
Browsing data and similar data (as referred to above), as well as profiling cookies including third-party cookies (as referred to in the Cookie Policy of this website), will be communicated to the respective third parties concerned, where these do not manage them directly as independent controllers.
In any case, data may be communicated to Data Processors, as well as to duly instructed authorised persons, always within the scope of the processing purposes.
For the sake of brevity, the detailed list of such figures is available at our office.
8. Retention Period
Data voluntarily provided by the data subject will be retained until the data subject expressly withdraws consent, including by acting on their browser settings, clearing cookies, or submitting an express request or otherwise manifesting their wish to do so. Browsing data will be retained, in compliance with the principle of proportionality, in a form that allows the identification of the data subject for no longer than necessary for the purposes for which they were collected or subsequently processed.
Excluded from the above terms are cases where it is necessary to retain data for a longer period in order to defend or assert a right, or to comply with any legal obligations or orders from the Authorities.
9. Rights of the Data Subject
Each data subject has the right of access, rectification, erasure (right to be forgotten), restriction, notification in the event of rectification, erasure or restriction, portability, objection, and the right not to be subject to automated individual decision-making, including profiling, pursuant to Articles 15 to 22 of the GDPR. These rights may be exercised in the manner and within the timeframes set out in Article 12 of the GDPR, by means of a written communication sent to the Controller (see point 10).
The Controller will provide an adequate response as soon as possible and in any case within 1 month of receipt of the request.
10. Right to Withdraw Consent (How to Exercise Your Rights)
Where applicable, consent may be withdrawn at any time and/or rights may be exercised by sending:
- a registered letter with acknowledgement of receipt to the Controller with an express request (see the address indicated in the letterhead);
- an email to amministrazione@sosbonifiche.it
11. Complaints
Each data subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which for Italy is the Garante per la protezione dei dati personali (Italian Data Protection Authority). The forms, procedures and timeframes for lodging complaints are set out and governed by applicable national legislation. The complaint is without prejudice to administrative and judicial remedies, which in Italy may be brought alternatively before the same Authority or before the competent Court.
12. Profiling
Personal data provided through browsing on this website and any completion of forms published thereon may be subject to profiling by third-party providers through third-party cookies.
Profiling allows such third-party providers — acting as independent controllers of their respective personal data processing activities for profiling purposes, distinct from the controller of this website — to evaluate certain personal aspects of the data subject relating in particular to their preferences, interests and tastes with reference to the pages visited and activities carried out, in order to enable such independent and separate controllers to offer the data subject a more specific and tailored service.
For further information, users are invited to read the
cookie policy.
13. Controller, Authorised Persons and Data Processors
Below we provide certain information that it is necessary to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are a fundamental part of our activities.
Data Controller. The Data Controller of your personal data is S.O.S. Bonifiche Srl, responsible to you for the lawful and correct use of your personal data, which you may contact for any information or request at the following details: telephone +39 049 9903228, email:
amministrazione@sosbonifiche.it.
Authorised Personnel. The updated list of authorised personnel is kept at the Controller's registered office.
Data Processors. For the sake of brevity, the detailed list of such figures is available at our office.
14. Social Media Plug-ins
This website may contain plug-ins from certain social media platforms (e.g. Facebook). Social plug-ins are special tools that allow the functionality of social networks to be embedded directly within the website (e.g. the Facebook "like" button) and are identified by the logo of the respective social platform. When a page on this website is visited and the user interacts with the plug-in (e.g. by clicking the "like" button) or decides to leave a comment, the corresponding information is transmitted directly by the browser to the social network platform (in this case Facebook) and stored by it. For information on the purposes, type and methods of collection, processing, use and retention of personal data by the social network platform, as well as on how to exercise your rights, please consult the privacy policy of the relevant social network.
15. Links to Third-Party Websites
This website may contain links to other third-party websites. The Controller accepts no responsibility for the possible processing of personal data by third-party websites or for the management of authentication credentials provided by third parties.
16. Consent to the use of cookies.
For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).
Data processing agreement
We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
- Your consent status or the withdrawal of consent
- Your anonymised IP address
- Information about your Browser
- Information about your Device
- The date and time you have visited our website
- The webpage url where you saved or updated your consent preferences
- The approximate location of the user that saved their consent preference
- A universally unique identifier (UUID) of the website visitor that clicked the cookie banner
The Data Controller
S.O.S. Bonifiche Srl
