The following information (“the Notice“) is provided, pursuant to article. Article 13 of the Reg. EU 2016/679 (“GDPR“), in order to illustrate the purposes and methods of processing personal data referring to users who access the website (“the Site“), carried out by Harpalis S.p.A.

This Notice exclusively concerns the processing of personal data referring to users of the Site (“the Data Subjects“), and does not pertain to the processing of personal data carried out during the visit of pages and websites accessible through links that may be present on the Site.

In addition to this Notice, the Data Controller may provide more specific information regarding certain processing activities carried out through certain forms contained in the Site.


The Data Controller of your personal data, described in this Notice, is Harpalis S.p.A. (Tax Code and P.I number 07095490483), located at Lungarno Amerigo Vespucci, N. 58 – 50123 Florence (FI) (“the Data Controller“); the contact details to reach the Data Controller (“Contact Details“) are as follows: email, certified email


When the user visits the Website, they may be subject to processing:

  1. data related to website navigation, detected and collected by the Owner through the use of software applications necessary to ensure the normal functioning of the Website

The processing of such information (such as the address Internet Protocol, The domain names of the computers and devices used by the users, the browser used, the Uniform Resource Identifier, the Uniform Resource Locator And other data that, by providing information on the device and connection used to visit the Site, may indirectly allow the identification of the Data Subject), is essential to enable the correct functioning of the Site and is therefore necessary to allow users to enjoy the services offered.

The failure to provide such information by the Data Subject prevents browsing the Site and enjoying the services offered through it.

The technical parameters of the Site have been configured in such a way as to minimize the collection and use of users’ identifying data.

  1. The personal data voluntarily provided by the Data Subjects through the insertion of personal information in the forms present on the Site, sending emails or communications to the addresses of the Data Controller and/or its partners and collaborators present on the Site, and the use of the features offered by the Site.


Such personal data is processed for the purpose of:

  1. To provide the services offered to the Data Subject through the Website, namely to respond to requests sent through the form located in the “Request Info” section

Such processing operations concern information such as the name, surname, email address, and company of the requester, as well as any additional information communicated in the text of the message addressed to the Controller

The provision of such data is optional, but necessary for the Controller to provide a response to the requests submitted and to offer the requested service:

The Company may use the personal data you entered in the online form fields (such as your name, surname, email address, and company) for direct marketing purposes, i.e. to send promotional and commercial communications related to the Company’s products and/or services and/or events, for direct sales activities, for market research, and surveys to detect satisfaction with the Company’s initiatives Such activities may be carried out by means of email, telephone calls through an operator, SMS, and traditional mail

Such operations are carried out only with the consent of the Data Subject, expressed by entering their name, surname, and email address in the appropriate form and by ticking the appropriate box The Data Subject may revoke the consent given at any time by using the appropriate functionality at the bottom of each email received or by contacting the contact details indicated in this Company’s Information Notice (email Consent to the above-described processing is optional; if the Data Subject chooses not to give consent, they will not suffer any type of prejudice or repercussion regarding the use of other services offered through the Website (it being understood that the Data Subject will not be able to receive newsletters from the Controller)

With regard to the operations now indicated, the data controller is also Linkedin Ireland Unlimited Company, with registered office at Gardner House, Wilton Plaza, Dublin 2, Republic of Ireland (EU) This implies, among other things, that responsibility for any further processing operations carried out after the transmission of such data lies solely with Linkedin Ireland Unlimited Company, to which the Data Subject may address to exercise their rights with respect to them

This processing is carried out in pursuit of the legitimate interest of the Data Controller in promoting their services and commercial image on the aforementioned social network.

Furthermore, we inform you that the Company has adopted a single technological infrastructure for the storage and retention of data, called Customer Relationship Management (“CRM”), in which the data of natural persons, who are representatives of companies or entities (collected during the performance of activities), and their interactions with the entities are stored, and, on a residual basis, through non-automated means (e.g., paper archives) chosen to ensure the security of such data, by persons who operate under the direct authority of the Data Controller and who have been duly authorized and trained in this regard.

The provision of data is always voluntary, however, it is necessary for the inclusion in the CRM. In any case, you may exercise the right to object to the processing at any time by contacting the data controller at the following email address of Harpalis S.p.A.:


The personal data processed for the purposes referred to in point A 1) and 3)) The personal data processed for the purposes referred to in point A) will be stored for the time necessary to allow navigation of the Site, subject to any need for further retention for the purpose of investigating crimes by the public authorities or for the purpose of ascertaining, exercising or defending a right or legitimate interest of the Owner in court.

Personal data processed for the purposes described in point 2) will be stored for the time strictly necessary to achieve the purposes for which they were collected; as for the sending of newsletter For promotional purposes of the offered services, the contact data will be processed until the withdrawal of consent by the Data Subject or, in any case, for a maximum of 24 months from the relevant registration for such purposes.


Personal data of the data subjects may be disclosed:

Where the conditions established by the GDPR are met, the Data Controller will enter into an agreement with those recipients, among those mentioned above, who receive the communication of personal data in order for them to process them on its behalf (“Data processors”) Specific contracts will be signed with these data recipients, aimed at ensuring that the operations carried out are in strict compliance with the instructions given by the Data Controller and that adequate technical and organizational measures are implemented to safeguard the security of the personal data processed. Your personal data will not be transferred to countries outside the European Economic Area (“third countries“) or international organizations.

The rights of the data subjects

The data subject can exercise, at any time and free of charge, the rights indicated in Articles 15 and following of the GDPR by contacting the Data Controller at the contact details provided. In particular, the user, as the Data Subject and within the limits provided by the GDPR and the Legislative Decree n. 196/2003, can exercise:

Such rights can be exercised free of charge by sending a written communication to the Data Controller at the contact details provided. However, in case of manifestly unfounded or excessive requests, also due to their repetitive nature, the Data Controller may charge a reasonable fee proportionate to the administrative costs incurred to manage the request, or refuse to comply with it.


Over time, the Data Controller may make changes to this Privacy Policy, also to ensure that it is up-to-date or to improve its clarity; in this case, the Data Controller will promptly notify users of the Site, using the most effective and appropriate means for this purpose.