Privacy policy
Mod.: IS – Date Agg. 02/2026
Privacy Notice for the Processing of Personal Data
Articles 13 and 14 of EUROPEAN REGULATION No. 679/2016
Legislative Decree 196/2003 as amended by Legislative Decree 101/2018
Dear Data Subject,
This notice describes how the website is managed with regard to the processing of personal data of users who consult it, as well as the data processing practices carried out through this website. In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of Regulation (EU) 2016/679 (hereinafter “GDPR”), the following information is provided to the Users of this Website. This information relates exclusively to the processing carried out through this Website and not through any other websites that may be visited via links contained herein; users are therefore advised to consult the privacy notices provided by the respective data controllers of those websites.
This Website and any services offered through it are intended for individuals who are at least eighteen years of age. The Data Controller does not process personal data relating to individuals under the age of 18. Upon request from such users, the Data Controller will promptly delete any personal data that may have been inadvertently collected.
1. Data Controller
The Data Controller is Calicantus, with a registered office at Via L. Mazzon 30, Quarto D'Altino, VAT n.037590272 (hereinafter the “Data Controller”).
The Data Controller reserves the right to appoint, as Data Processor, a web agency or consultant responsible for technical assistance, maintenance, technical management, and similar services related to this Website; their details may be provided upon request to the addresses indicated above.
The Data Controller and the Data Processor process Users’ data also through their own internal staff members, who are specifically designated and authorized to carry out such processing in accordance with given instructions.
2. Categories of Data Processed and Sources of Origin
- Browsing data (the IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols). This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit has occurred, information on the pages visited by users within the site, the time of access, the time spent on each page, internal navigation paths, and other parameters relating to the user’s operating system and IT environment.
Such technical/IT data are collected and used exclusively in an aggregated and anonymous manner. These data are processed for the purpose of enabling and monitoring the proper use of this website, as well as to obtain anonymous statistical information on its use, and are deleted immediately after processing.
- Cookies, for which we invite you to read our Cookie Policy
- Data voluntarily provided by the user, including:
- Ordinary data (identification, personal, billing data, and similar)
- Only exceptionally, special categories of data (Art. 9 GDPR)
- Only exceptionally, criminal data (Art. 10 GDPR)
Sources: browsing, other websites, cookies and similar technologies; the user; public sources.
We may primarily process browsing data, as well as cookies.
We may also process data voluntarily provided by the user, for example through the contact form or by sending a communication via email, including ordinary personal data (identification, personal, billing data, and similar) and, only exceptionally, special categories of data pursuant to Art. 9 GDPR or criminal data pursuant to Art. 10 GDPR, strictly within the limits necessary to respond to the request received and subject to the data subject’s consent.
Data may originate from automatic sources or voluntary sources, as well as from public sources. For example, they may derive from the user’s browsing activity, which may include information relating to previous visits to other websites, in particular cookies and other similar technologies. Data may also be provided voluntarily by the user or by parties related to them. Other data may come from public sources, such as those processed in the context of searches and obtained from public registers, databases, and similar sources.
3. Purposes of the Processing
The personal data of the Website Users, as described above, will be processed in accordance with the methods and forms prescribed by the GDPR, for the performance of the Website’s functions, with particular, but not exclusive, reference to browsing its pages and to the data collection procedures described therein, contact forms, any registration / access to restricted areas, subscription to newsletters, and similar activities.
In particular, the personal data provided to the Data Controller will be processed for the following purposes:
- to respond to specific requests addressed by the User to the Data Controller through the Website and its communication tools (contact forms, information request forms, and similar);
- to send informational communications relating to the Data Controller’s services, following requests for information submitted via email messages, contact forms, or other communication tools;
- for possible registration for events organized by the Data Controller and related activities (for example, verification of participation, notifications regarding any updates or changes to the event, etc.);
- for other ancillary or related purposes connected to those indicated above and, in any case, within the scope of the Website’s activities.
The processing of data provided in a general manner will be carried out, including following automatic collection during browsing, solely for the purpose of verifying and monitoring access to the Website. This also applies to technical cookies, understood as session cookies, functionality cookies, or analytics cookies that meet the requirements specified by the Supervisory Authority.
In particular, with regard to the latter, it is clarified that they may be treated as technical cookies where they are created and used directly by the Website. In any case, for such analytics cookies, the Website, also in compliance with the clarifications of the Supervisory Authority, provides for the anonymization of IP addresses and the restriction of data processing. The collection and use of the aforementioned browsing data (without prejudice to the anonymization of IP addresses) allow monitoring of the Website’s performance and enable improvement of the service offered, providing the User with a better browsing experience.
For further information, please refer to the specific Cookie Policy.
4. Legal Basis for the Processing
The processing of personal data is based on the performance of contractual or pre-contractual obligations related to the request made by the User (for example, requests for information about the services provided by the Data Controller, requests for quotations, etc.), as well as, where necessary, on consent given through the free and informed completion of the relevant fields in the data collection form and, where required, by selecting the appropriate checkbox.
It should be noted that completing the specific fields in forms intended for requesting information is inherent to the request itself and therefore entails the fulfillment of a pre-contractual or contractual obligation, depending on the context. Consent may be requested subsequently for the processing of additional data.
A specific privacy notice will be provided wherever necessary (separate from this notice).
In any case, the processing is also based on legitimate interest, including the right to information, as further detailed in the following paragraph.
5. Legitimate Interest of the Data Controller
The processing of personal data is also based on the legitimate interest of the Data Controller, such as the exercise of its rights within the information society, the performance of contractual obligations, and the carrying out of direct marketing activities (in the manner, by the means, and within the limits provided for by applicable law).
6. Mandatory Nature of Data Provision
The provision of browsing data by Users, for the purposes indicated above, depends on the level of privacy that the User has enabled or disabled through their browser. In some cases, disabling such settings may affect navigation on this Website. For certain sections of this Website, the provision of browsing data and/or the use of technical cookies is mandatory for the proper functioning of the Website.
The provision of certain personal data is in any case necessary due to the structure of the Website and its procedures. Any request for additional optional data will be preceded by a specific consent checkbox. The provision of all other data is optional, depending on the type of information the User wishes to provide to the Website.
Without prejudice to the above, for example, providing an email address is necessary in order to respond to a request submitted via the contact form, as are any other mandatory data fields marked with an asterisk. All other data are optional.
Failure to provide the data necessary to carry out the requested action (for example, an email address in a contact form request) will make it impossible for the Data Controller to process the request.
PROVISIONS APPLICABLE TO ALL PROCESSING ACTIVITIES
In any case, even where the data subject has given consent to authorize the Data Controller to pursue all the purposes mentioned above, they remain free to withdraw such consent at any time.
As specifically and separately required by Article 21 of the Regulation, the data subject is hereby informed that they have the right to object at any time to the processing of personal data concerning them carried out for the purposes indicated above; should the data subject object to such processing, the personal data may no longer be processed for those purposes.
7. Possible Recipients of Personal Data
The data may be disclosed to companies affiliated with, associated with, or controlled by the Data Controller, as well as to consultants, or to third parties who operate, including on behalf of the Data Controller, in order to perform services related to the purposes indicated in this notice, both within and outside the EU (in the latter case, only to entities that comply with applicable regulations).
Browsing data and similar data (as referenced above), as well as profiling cookies, including those of third parties (for which reference is made to this Website’s Cookie Policy), may be disclosed to the respective third parties concerned, where they do not process such data directly as independent Data Controllers.
In any case, the data may be disclosed to Data Processors, as well as to persons authorized to process the data and duly instructed, always within the scope of the processing purposes.
For brevity, a detailed list of such parties is available at our registered office.
8. Data Retention Period
Data voluntarily provided by the Data Subject will be retained until expressly withdrawn by the Data Subject, including through actions on their browser, cookie deletion, explicit request, or otherwise manifested. Browsing data will be retained, in accordance with the principle of proportionality, in a form that allows identification of the Data Subject for no longer than is necessary for the purposes for which the data were collected or subsequently processed.
Personal data collected through customer service (for example, assistance requests, complaints, communications via contact forms or email) will be retained for a maximum period of 3 years from the final response to the request, in order to manage any disputes, protect the Data Controller in the event of litigation, and demonstrate proper fulfillment of contractual and pre-contractual obligations. Such retention is based on the legitimate interest of the Data Controller pursuant to Art. 6(1)(f) GDPR.
The above retention periods do not apply where it is necessary to retain the data for a longer period in order to defend or assert a legal claim or to comply with legal obligations or orders from Authorities.
9. Rights of the Data Subject
Each Data Subject has the right of access, rectification, erasure (right to be forgotten), restriction of processing, to receive notification in case of rectification, erasure or restriction, data portability, objection, and the right not to be subject to automated individual decision-making, including profiling, pursuant to Articles 15 to 22 of the GDPR.
These rights may be exercised in accordance with the procedures and within the time limits set out in Article 12 GDPR, by sending a written communication to the Data Controller (see point 10).
The Data Controller will provide an appropriate response as soon as possible and, in any case, within 1 month from receipt of the request.
10. Right to Withdraw Consent (Methods for Exercising Rights)
Where applicable, consent may be withdrawn at any time and/or rights may be exercised by sending:
- a registered letter with acknowledgment of receipt to the Data Controller, with an explicit request (see the address indicated in the letterhead);
- a message through the following form.
11. Complaints
Each Data Subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which in Italy is the Italian Data Protection Authority (Garante per la protezione dei dati personali). The procedures, methods, and time limits for lodging complaints are governed by the applicable national legislation.
The complaint is without prejudice to any administrative or judicial remedies, which, in Italy, may be brought alternatively before the same Authority or the competent Court.
12. Profiling
Personal data provided through browsing this website and through the completion of any forms published on it may be subject to profiling by third-party providers through third-party cookies.
Profiling enables such third-party providers—acting as independent Data Controllers for their respective personal data processing activities for profiling purposes, separate from the Data Controller of this website—to evaluate certain personal aspects of the Data Subject, in particular their preferences, interests, and habits with regard to the pages visited and activities carried out, in order to allow these independent controllers to offer the Data Subject services that are more specific and tailored to their needs.
For further information, users are invited to read the Cookie Policy.
13. Data Controller, Appointed Persons/Authorized Personnel, Data Processors
Below we provide you with certain information that must be brought to your attention, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are fundamental principles of our activities.
Data Controller. The Data Controller of your personal data is Calicantus srl, which is responsible towards you for the lawful and proper use of your personal data. You may contact the Data Controller for any information or request at the following contact form.
Data Processors.
The Data Controller has appointed Calicantus srl as the Data Processor. The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Officer (DPO). He is also responsible to you for the lawful and correct use of your personal data and can be contacted for any information or requests at the telephone number +39 348 3165267 or via email at [email protected].
Appointed Persons / Authorized Personnel.
The updated list of appointed/authorized persons involved in data processing is kept at the registered office of the Data Controller.
14. Social Media Plug-ins
This website may contain plug-ins from certain social media platforms (e.g. Facebook). Social plug-ins are special tools that allow social network functionalities to be embedded directly within the website (e.g. Facebook’s “Like” button) and are identified by the logo of the respective social platform.
When visiting a page of this website and interacting with the plug-in (e.g. by clicking the “Like” button) or choosing to leave a comment, the corresponding information is transmitted directly from the browser to the social network platform (in this case, Facebook) and stored by it.
For information on the purposes, type, and methods of collection, processing, use, and storage of personal data by the social network platform, as well as how to exercise your rights, please refer to the privacy policy of the relevant social network.
15. Links to Third-Party Websites
This website may contain links to third-party websites. The Data Controller disclaims any responsibility for the management of personal data by such third-party websites and for the management of authentication credentials provided by third parties.
16. Cookie
Cookies are packets of information sent by a web server (e.g. the website) to the user’s internet browser, which are automatically stored on the user’s device and automatically sent back to the server upon each subsequent visit to the website.
For any information regarding the characteristics, types, methods of use, and options for removing, deleting, or disabling cookies used on this website, please refer to the specific Cookie Policy.
The Data Controller
Calicantus Srl
For contact
Calicantus welcomes any comments regarding this privacy notice.
Please feel free to contact us at the following form.