Privacy Policy


Pursuant to and for the purposes of articles 13 and 14 of Regulation (EU) no. 2016/679 (hereinafter “Regulations”) concerning the protection of individuals with regard to the processing of personal data, which repeals Directive 95/46/EC, we inform you that the personal data voluntarily provided by you, will be processed in compliance with the current legislation regarding the protection of personal data and, in any case, the principles of confidentiality which inspire the activities of all the companies of the Mittel Group.

1. Holder of the processing of personal data

This information is provided by Mittel S.p.A. (as the parent company), a company listed on the Mercato Telematico Azionario organized and managed by Borsa Italiana S.p.A., and by the subsidiaries, hereinafter referred to as the “Mittel Group”.
The companies that make up the Mittel Group are the Data Controllers of personal data collected by private parties (the “Interested”) and are jointly responsible (“Joint Data Controllers”) for the processing of personal data, as required by the GDPR to Art. 26.
Among the companies of the Mittel Group, the roles and responsibilities of each of them have been established in their capacity as subjects co-owners of the processing of personal data. This implies that the data subjects can count on the protection of their data coherent among all the companies of the Group and can exercise their rights towards and against each Data Controller.
For any clarification, question or requirement related to your privacy and the processing of your personal data you can send a request to the email address:
The Mittel Group is aware of the importance of protecting the personal data of the data subjects involved in their business relationships, whether they are customers, employees or collaborators.
For this reason, the user is advised not to forward or provide the Mittel Group with any personal data before having read, in full, understood and accepted this information on the processing of personal data.

2. Which personal data do we collect?

The categories of personal data that the Mittel Group processes are as follows:
a. we collect the personal data necessary for the pursuit of the corporate purpose of Mittel and its subsidiaries, such as name and surname, e-mail address, telephone number and postal address;
b. we collect the data necessary to comply with the regulatory provisions and the updating of the shareholders’ register
c. We collect anonymous information on navigation on our website, such as pages that are visited, for statistical purposes and to improve the use of the site by users;
d. At your request, we collect your CV to be considered for a self-candidature to an open position, using the information contained in your CV for this purpose only

3 How do we use personal data collected?

Data processing is carried oud:

  1. by means of operations, including but not limited to: collection, registration and organization, processing, including modification, comparison / reconciliation, use, including consultation and storage, cancellation / destruction, security / protection;
  2. with the aid of manual, computerized and telematic tools with logic and methods strictly connected with the purposes referred to in paragraph 2 above and always in order to guarantee the security and confidentiality of personal data in compliance with the applicable provisions;
  3. directly from the organization of the Mittel Group and from external parties specifically selected and monitored by the Group itself, which operate as Data Processors.

4 Treatments and limitations?

All data are collected and processed in compliance with the provisions of the Regulations and within the limits of what is strictly necessary with regard to the specific purposes for which they are processed, and subject to appropriate technical and organizational security measures.
In relation to all the activities indicated above, we will process your personal data mainly through IT and electronic tools; the tools we use guarantee high safety standards, in full compliance with current legislation.

5 Processing’s legal basis

We process your personal data only in the presence of one of the conditions required by current legislation, and specifically:

  • a. for the conclusion and execution of a contract of which you are a part;
  • b. when we process your data we take care to use only the minimum information useful for the execution of the same;
  • c. to follow up with a legal obligation;
  • d. for your legitimate interest:
    The processing of CVs spontaneously sent, carried out to evaluate candidates with respect to a possible job position at the Mittel Group, is legitimate and in this case it is not necessary the consent of the person to whom the personal data refer.
  • e. For our legitimate interest:
    In some specific cases, the personal information of the Interested parties directly involved in the business activity of the companies forming the Mittel Group could be processed to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and prosecute any fraudulent activities.

6 Recipients or categories of recipients of personal data

Your personal data will be processed by Mittel Group’s internal staff specially trained and autorizated to process the data.
Your personal data may be transmitted to third parties that we use to provide our services; these people have been adequately selected and offer a guarantee of compliance with the rules on the processing of personal data. These people have been appointed as data controllers and carry out their activities according to the instructions given by the Mittel Group and under its control.
These third parties belong mainly to the following categories: banking operators, companies specialized in IT and telematic services; express couriers.

7 Data disclosure

Personal data are not subject to disclosure

8 Transfer data extra UE

Personal data collected by the Mittel Group will not be transferred to third parties residing outside the EU territory.

9 Criteria used for data retention

We keep your personal data for a limited period of time, different depending on the type of activity that involves the processing of your personal data.
Once this period has expired, your data will be permanently erased or otherwise rendered irreversibly anonymous.
Your personal data are stored in compliance with the terms and criteria specified below:

  • a. data collected to facilitate the conclusion or execution of contracts between the respective companies to which they belong: until the administrative and accounting formalities have been completed or until the circumstances require the alternation of the personal contact held in;
  • b. data collected for the conclusion or execution of contracts in which you are a party: until ten years have elapsed from the date of closure of the relationship (or from the last accounting entry);
  • c. personal data written in the CV: for 6 months since the receive.
    In any case, for technical reason, the termination of the processing and the consequent definitive erasing or irreversible anonymazation of the relative personal data will be final within 120 days from the terms indicated above.

10 Rights of Interested

The Interested enjoys the rights established in articles 7, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 and 22 of Regulation (EU) no. 2016/679.
In the cases in which the treatment is based on the consent of the Interested, the Interested has the right to withdraw his consent at any time.
In addition, the Interested has the right to obtain from the Data Controller confirmation that it is or is not undergoing treatment of personal data concerning him and access to such personal data and the following information:

  • (a) the purposes of the processing ;
  • (b) the categories of personal data in question;
  • (c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
  • (d) whenever possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period;
  • (e) the existence of the right of the data subject to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing;
  • (f) the right to lodge a complaint with the supervisory authority (Garante per la protezione dei dati personali – Piazza di Monte Citorio n. 121 00186 ROMA Fax: (+39) 06.69677.3785 Telephone exchange: (+39) 06.696771 E-mail:;
  • (g) if the data are not collected from the data subject, all information available on their origin;
  • (h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
    Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the existence of adequate guarantees relating to the transfer.
    The interested party has the right to request access to personal data (article 15) and rectification (article 16) or cancellation of the same (article 17) or limitation of the processing of personal data (art. 18) or to oppose their treatment (Article 21), in addition to the right to data portability (Article 20) and the right to oppose the automated decision-making process (Article 22).

The information provided pursuant to articles 13 or 14 of the Rules and any communications and actions taken pursuant to articles 15 to 22 of the Rules are free, unless such requests are manifestly unfounded or excessive, in particular due to their character repetitive, in which the data controller can:

  • (a) charge a reasonable fee contribution taking into account the administrative costs incurred to provide the information or communication or take the required action; or
  • (b) refuse to satisfy the request.

11 Security measures

We protect your personal data with specific technical and organizational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently. In particular, we use security measures that guarantee: pseudonymisation or encryption of your data; the confidentiality, integrity, availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach. In addition, the Mittel Group undertakes to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to guarantee continuous improvement in the safety of treatments.

12 Changes to this legislation

The constant evolution of our services may involve changes in the characteristics of the processing of your personal data described up to now. Consequently, this privacy policy may be subject to changes and additions over time, which may also be necessary with regard to new regulatory measures regarding the protection of personal data.
We invite you, therefore, to periodically check the contents: where possible, we will try to promptly inform you of the changes made and their consequences.
The updated version of the privacy information, in any case, will be published on this page, with indication of the date of its last update.

Cookie Policy

1 What are cookies?

Cookies are small text files that the sites visited by users send to their terminals, where they are stored before being re-transmitted to the same sites on the next visit. Cookies of the c.d. “third parties” are, however, set by a website other than the one the user is visiting. This is because on each site there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than the site visited.

2. What are cookies for?

Cookies are used for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations regarding users accessing the server, storing preferences, etc.

3. What are “technical cookies”? Definition of Technical cookies according to Privacy Garantor

Technical cookies are those used for the sole purpose of “transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service “.
They are divided into two families:
persistent cookies: once the web browser is closed, they are not automatically destroyed, but remain up to a preset expiration date.
session cookies: which are instead automatically destroyed every time the web browser is closed

4. What are “profiling cookies”? Definition of profiling cookies according to Privacy Garantor

Profiling cookies are designed to create profiles related to the user and are used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net.

5. Are “profiling” cookies “technical” cookies?

No. The Privacy Guarantor has specified that they can be assimilated to technical cookies only if used for the purposes of site optimization directly by the owner of the site, which will collect information in aggregate form on the number of users and how they visit the site. Under these conditions, the same rules apply to analytics cookies, in terms of information and consent, provided for technical cookies.

6. Is the user’s consent required for the installation of cookies on his terminal?

It depends on the purposes for which cookies are used and, therefore, if they are “technical” or “profiling” cookies.
For the installation of technical cookies, users’ consent is not required, while it is necessary to provide the information (this one is reading). Profiling cookies, on the other hand, can only be installed on the user’s terminal if they have given their consent after being informed in a simplified manner.

7. What are “Google Analytics’s” cookies? (Specific case)

Google Analytics is a special case of technical cookies but it should also be considered as third-party cookies. Unlike traditional internal traffic analysis software, Google Analytics cookies are installed by Google and are therefore considered third-party; by way of example, the main ones are cited:
Name Finality Expire date

  • _utma This cookie allows you to know whether you have visited the website, 2 years since the last change
  • _utmb If used with a _utmc, it calculates the adverage duration of a visit on the web site 30 minuts since the last change
  • _utmc If used with a _utmb, it calculates when you closed the browser at browser’s closed
  • _utmv Used to memorize customized variable data at the user level 2 years since the last change
  • _utmz Memorizes the route taken to reach the web site six months since the last change
  •  _ga Used to distinguish the users 2 years since the last change

Others information:
To disable Google Analytics cookies on all websites, visit

8. How should the website owner provide the semplification information and request consent to the use of prolifing cookies?

As established by the Guarantor in the provision indicated in question no. 4, the information must be set on two levels.
When the user accesses a website (on the home page or on any other page), he must immediately display a banner containing a first “short” notice, the request for consent to the use of cookies and a link to access to a more “extended” information. On this page, the user can find more information.

9. Use of cookies on this site

This Website uses only “technical” cookies and / or “analytics” cookies.
“Technical” cookies are used for the correct functioning of the connection (ie scrolling between pages and the possibility to save the address of a specific page in the “favorite” links of the browser used)
For “analytics” cookies, this Website uses the features offered by the Google Analytics service.
Google Analytics uses its own “cookies” to collect and analyze information on the use behavior of websites in an anonymous way. This information (including the user’s IP address) is collected by Google Analytics, which processes it in order to prepare reports for internal use regarding the activities carried out on our website. Google does not associate the IP address with any other data in its possession nor does it attempt to link an IP address with the identity of a user.

10. How can the acquisition of consent through the use of the banner be documented?

To keep track of the acquired consent, the site owner can make use of a specific technical cookie, a system that is not particularly invasive and that does not require further consent.
In the presence of such “documentation”, it is not necessary that the brief information is re-proposed at the second visit of the user on the site, without prejudice to the possibility for the latter to deny consent and / or modify, at any time and in a manner easy, their options, for example through access to the extended information, which must then be linkable from each page of the site.

11. The online consent to the use of cookies use can only be requested through the use of the banner?

No. The owners of the sites always have the possibility to resort to different methods from the one identified by the Guarantor in the above-mentioned provision, provided that the chosen methods present all the validity requirements of the consent required by law.

12. The obligation to use the banner also weighs on the owners of sites that use only technical cookies?

No. In this case, the site owner can provide information to users in the manner he considers most appropriate, for example, also by inserting the relevant information in the privacy policy indicated on the site.

13. What should the “extended” information indicate?

It must contain all the elements required by law, analytically describe the characteristics and purposes of cookies installed by the site and allow the user to select / deselect individual cookies.
It must include the updated link to the information and consent forms of the third parties with which the owner has entered into agreements for the installation of cookies through their site.
Finally, it must recall the possibility for the user to express his options on cookies also through the settings of the browser used.

14. Who is required to provide the information and request consent for the use of cookies?

The owner of the website that installs profiling cookies.
For third-party cookies installed through the site, the obligations of disclosure and consent are burdens on third parties, but the site owner, as a technical intermediary between these and users, is required to include updated links in the “extended” information to the information and consent forms of the third parties themselves.

15. The use of cookies has to be notified to Garantor?

Profiling cookies, which usually persist over time, are subject to the notification obligation, while cookies that have different purposes and fall within the category of technical cookies, should not be notified to the Guarantor

16. Disabling technical cookies

By default, almost all web browsers are set to automatically accept cookie tracking. Visitors can still change the default configuration of their browser. Disabling or deleting cookies may however preclude optimal use of some areas of the site. In any case, if visitors want to decide from time to time whether or not to accept cookies, you can also configure your browser to generate a warning every time a cookie is saved.
It is reiterated that the total or partial disabling of technical cookies can compromise the use of the navigation features of the websites visited. In any case, the visitor can decide whether or not to accept cookies by modifying the security settings of his browser, as indicated in the technical specifications accessible from the following links:

  • Chrome
  • Firefox
  • Internet Explorer
  • Opera
  • Safari

17. References and information

For any clarification, question or requirement related to your privacy and the processing of your personal data you can contact us at any time by sending a request to our Privacy Office at the email address:

Date of update May, 28 2018