GENCANTIERI S.p.A., with registered office in 20013 MAGENTA (MI) – ITALY – VIA MURRI, 12 – TAX ID and VAT number 05310070965 (hereinafter referred to as the “Data Controller”), acting as the holder of personal data processing, would like to inform you, according to the art. 13 of EU Regulation n. 2016/679 (hereinafter referred to as the “GDPR”), that it may process, as the case may be, the following data referring to you and/or to the reference personnel (employees or collaborators) and/or to the shareholders or directors of the company you represent, to whom you are required to communicate this information.

1. LEGAL BASIS AND PERSONAL DATA PROCESSING PRINCIPLESThe processing of personal data is necessary for the management of contracts in progress with you; for this purpose the Data Controller is in possession of your data that are qualified as personal data under the GDPR (for example: name, surname, company name, address, telephone, e-mail, bank and payment details – hereinafter referred to as the “personal data” or even “data”) communicated by you when entering into contracts for the services of the Data Controller, also at the pre-contractual stage.

In compliance with the conditions set out in Art. 6, par. 1, lett. b), c), d), e) of the GDPR, we inform you that the provision of your Data is aimed to achieve the purposes referred to in point 2) that follows.

2. PURPOSE OF PERSONAL DATA PROCESSINGYour personal data will be treated, even without your express consent, (art. 6 lett. b), e), f) of the GDPR), for the following Purposes:

  • entering into contracts for services rendered by the Data Controller in the exercise of the business activity;
  • fulfilling pre-contractual, contractual and tax obligations arising from relationships with you;
  • fulfilling obligations provided by law, by a regulation, by community regulation or by an order of the Authority (such as for anti-money laundering);
  • exercising rights of the Data Controller, for example, the right of defense in court.

The processing of your personal data is carried out by means of the operations indicated in Article 4 n. 2 of the GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Your personal data are subjected to both paper and electronic and/or automated processing.

The Data Controller will process personal data for the time necessary to fulfill the above-mentioned purposes and in any case for no more than 10 years from the termination of the relationship established in relation to the purposes of the Service.

Your data may be made accessible for the purposes referred to in paragraph 2 of this information notice:

  • to employees and collaborators of the Data Controller or of GENCANTIERI S.p.A. and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators;
  • to third-party companies or other parties (as an indication, credit institutions, factoring companies, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing or service activities of various kinds on behalf of the Data Controller, as external responsible for personal data processing.


Without the need of express consent (art. 6 lett. b), c) ed f) of the GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2 to Supervisory Bodies, Judicial Authorities, Insurance Companies for the provision of insurance services, as well as to those persons to whom the communication is mandatory by law for the accomplishment of said purposes. These persons will process data as independent data controllers.

Your data will not be disclosed.


Personal data are stored on servers located in MAGENTA (MI) – ITALY, within the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the servers even outside the European Union. In this case, the Data Controller hereby ensures that the data transfer to non-EU countries will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.


The provision of data for the purposes referred to in point 2 is mandatory. In their absence, we will not be able to guarantee you the contractual services of point 2.


As the data subject, you have the rights set forth in art. 15 GDPR and precisely the rights:

  1. to obtain confirmation of the existence or not of personal data, even if they are not yet registered, and disclosure of such data in a comprehensible form;
  2. to obtain the following information about: a) the source of personal data; b) the purposes and method of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the Data Controller and Data Processors mentioned in art. 3, comma 1, GDPR; e) subjects or categories of subjects to whom personal data may be disclosed or who may become aware about them as appointed representative in the territory of the State or as persons in charge;
  3. to obtain: a) updating, rectification or, when you are interested, data integration; b) cancellation, transformation in an anonymous form or blocking of data processed unlawfully, including data whose storage is unnecessary for the purposes for which they have been collected or subsequently processed; c) the evidence that operations referred to letters a) and b) have been notified, including their content, to those to whom the data have been disclosed or disseminated, unless the fulfillment of this requirement proves impossible or involves manifestly disproportionate use of means with respect to the protected right;
  4. to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if they are pertinent to the purpose of the collection.

Where applicable, as data subject, you also have the rights referred to in articles 16-21 GDPR (right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right of opposition), as well as the right of compliant to the Guarantor Authority.

It is specified that the data subject has the right to object, at any time, for reasons connected to his particular situation, to the processing of his personal data pursuant to Article 6, paragraph 1, letters e) or f), of the GDPR, including profiling on the basis of these provisions.

Personal data are not processed for direct marketing purposes. If personal data are processed for direct marketing purposes, as data subject you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling to the extent that it is related to such direct marketing.


You may exercise at any time the rights indicated in paragraph 8 by sending:

  • a registered letter with return receipt to GENCANTIERI S.p.A. – Registered Office and Operational Headquarters: Via MURRI, 12 – 20013 MAGENTA (MI) – ITALY;
  • a PEC (certified email) email to:;
  • it is possible to revoke the consent and exercise your rights also by sending directly the appropriate form downloadable from the site:


Data Controller of personal data processing is GENCANTIERI S.p.A. (TAX ID/VAT number 05310070965), with registered office and operational headquarters in Via MURRI, 12 – 20013 MAGENTA ( M I ) – ITALY – phone number: +3902972131; email:; pec (certified email):

Data Processor is Mr. MARCO VINCENZO NOVATI, phone number: +39 02972131; e-mail:; pec (certified email)

An updated list of Data Processors and persons in charge of personal data processing is available at the registered office of the Data Controller.

Magenta, 25th May 2018