Privacy Policy – Information document pursuant to and for the purposes of Articles 13-14 of the GDPR (General Data Protection Regulation) 2016/679

In compliance with EU Regulation 679/16 (GDPR), we hereby provide you with the necessary information regarding the processing of personal data provided by you. This information does not apply to other websites that may be accessed through links on the owner’s domain websites, for which the owner cannot be held responsible in any way.

1) Data Controller, Data Processor, and Data Processing Location

The data controller is Alessandra Rosa – legal and administrative headquarters at Via Vincenzo Monti, 16, 20123 Milan, Italy, represented by the legal representative pro tempore.

Processing is carried out at the Data Controller’s premises and at the premises of identified external parties.

2) Types of Data Processed

Personal and Navigation Data
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Navigation Data
The computer systems and software procedures used to operate this website acquire some personal data as part of their standard operation, the transmission of which is inherent in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.

Data Provided Voluntarily by the User
The optional, explicit, and voluntary sending of electronic mail to the addresses indicated on this site and/or the completion of data collection forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.

Please refer to the cookies policy on the following page: Cookie Policy

3) Purposes of processing for which consent is granted where required (art. 6 GDPR)
A) Personal data, voluntarily provided, will be processed for the following purposes:

browsing on this website;
possible completion of data collection forms for requests for quotes and/or contacts and/or submission of applications;
possible completion of data collection forms for online booking;
administrative-accounting activities in general.
For the purposes of the application of the provisions on the protection of personal data, the processing operations carried out for administrative-accounting purposes are those connected to the performance of organizational, administrative, financial, and accounting activities, regardless of the nature of the data processed. In particular, internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations, and informative activities pursue these purposes.

B) Personal data provided in the completion of data collection forms on websites or data collection forms in general (such as name, surname, email address) will be processed, with consent, by the Data Controller and by the Data Processors for promotional-commercial activities and newsletters via email.

4) Processing Methods – Storage
The processing will be carried out both in automated and manual form, using methods and tools aimed at ensuring maximum security and confidentiality, by persons specifically appointed in compliance with Articles 13-14 of the GDPR. The data will be kept for a period not exceeding the purposes for which the data were collected and subsequently processed.

5) Scope of Communication and Disclosure
Your data, subject to processing, will not be disseminated and may be communicated to companies contractually linked to Alessandra Rosa, in order to fulfill contracts or related purposes. The data may be communicated to third parties belonging to the following categories:

entities providing services for the management of the information system used by Alessandra Rosa and the telecommunications networks;
studies or companies in the context of assistance and consultancy relationships;
competent authorities for compliance with legal obligations and/or provisions of public authorities, upon request.
The entities belonging to the aforementioned categories act as Data Processors, or operate in complete autonomy as separate Data Controllers. The list of processors is constantly updated and available at the headquarters of Alessandra Rosa legal and administrative headquarters: Via Vincenzo Monti, 16, 20123 Milan, Italy. Any further communication or disclosure will only take place with your explicit consent.

6) Nature of Provision and Refusal
Apart from what is specified for navigation data, the user is free to provide personal data. The provision of data for the purposes referred to in point A) is necessary. Any refusal to provide the data for the purposes in point A) will result in the impossibility of obtaining what is requested or of using the services of the Data Controller. The provision of consent to the processing of data for the purposes referred to in point B) is optional. Any refusal to consent to the purposes outlined in point B) will not have any negative consequences for the purposes referred to in point A).


7) Rights of the Data Subject
You may exercise your rights as expressed in Articles 12-23 by contacting the data controller, or the data processor, by contacting our office at the telephone number +39 024802049, or by sending an email to the address

As the data subject, you have the rights specified in Article 15 of the GDPR, specifically:

to obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
to obtain indication of:
a) the origin of personal data;
b) the purposes and methods of processing;
c) the logic applied in case of processing carried out with the aid of electronic tools;
d) the identification details of the data controller, data processors, and designated representative under Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representatives in the territory of the State, data processors, or persons in charge;
to obtain:
the updating, rectification, or integration of data;
the erasure, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed;
certification that the operations referred to in points a) and b) have been notified, also as regards their content, to those to whom the data has been communicated or disclosed, except where this proves impossible or involves a disproportionate effort compared to the right being protected;
to object, in whole or in part:

a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection;
b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, using automated calling systems without the intervention of an operator through email and/or using traditional marketing methods via telephone and/or postal mail.

Where applicable, you also have the rights under Articles 16-21 of the GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority. At any time, you may obtain confirmation of the existence or non-existence of personal data concerning you and communication of such data and the purposes on which the processing is based. Furthermore, you may obtain erasure, transformation into anonymous form, or blocking of data processed unlawfully, as well as updating, rectification, or, where there is an interest, integration of data. You may object, for legitimate reasons, to the processing itself.

8) Changes to the Privacy Policy
The data controller reserves the right to modify, update, add, or remove parts of this privacy policy at its discretion and at any time. The data subject is required to periodically check for any changes. To facilitate this verification, the policy will indicate the date of the last update. The use of the site, after the publication of changes, will constitute acceptance of them.

9) Social Plug-ins
Our web pages may contain plug-ins from Social Networks (e.g.,, managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States (“Facebook”). If you access one of our web pages with such a plug-in, the internet browser connects directly to the social network and the plug-in is displayed on the screen through the connection with the browser. Before using such plug-ins, we invite you to consult their privacy policy on their official pages.

Last update: 22/11/2018