Corso di Porta Vigentina, 46 20122 Milano - + 39 02 582.891



We wish to inform you that General Data Protection Regulation 679/16 (GDPR) regarding the protection and the processing of personal data. According to the law, this treatment will be based on principles of correctness, lawfulness and transparency and the protection of your privacy and your rights. Pursuant to Article 13 of the GDPR, we provide the following information:

We inform you that “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (Art. 4 GDPR).

Object of processing;

Examples of the kind of data that can be processed by CRIVI S.p.A.:

name and surname of people involved in the business;
email address and phone number;
any other personal data collected for administrative and accounting purposes.

Purposes of the processing

2.1 Personal data referring to prospects, customers and partners can be processed in order to fullfil the contract obligations:

to prepare bids or purchase orders or to fulfill other requests of the our prospects or customers;.
to fulfil all obligations deriving from commercial contracts, in order to manage our business relation;
to comply with the administrative, accounting and fiscal obligations in force;
correspondence activities;
quality control and customer satisfaction activities.

2.2 Advertising purposes

Personal data may also be processed for advertising purposes. When data is collected only for advertising purposes, CRIVI S.p.A. will require the consent from the data subject..

If you are our customer, we may send you commercial communications related to our services and products already supplied (art. 7 del GDPR).

Modalities of the processing

The processing of personal data can be carried out through paper and electronic procedures.
The treatment is conducted with the use of appropriate security measures to prevent access to data by unauthorized parties and to ensure your privacy. The processing is concerning all the treatment activities pursuant to art. 4 of GDPR.

Please note that the data will not be disseminated in any way and will be communicated only to public security, in outside that assumption, your data not will be communicated or disclosed to third parties and will be kept for the time period under the existing legislation.

The provision of data is required, as provided for by an obligation of law and necessary for the establishment of the contractual relationship.

Data Retention

We will retain information we collect whenever we have a justifiable business need to do so and/or for as long as it is needed to fulfill the purposes outlined in this privacy notice, in any case we wil retain your data for no longer than 2 years from the termination of the contract.

Access to your information

Inside the company, the personal data will be processed by the employees in charge of the function and because as “authorised persons in charge of the processing” of personal data.

Also we may share information with third parties and service providers who work on our behalf as “data processor”. We also may disclose information whenever we believe disclosure is necessary or required by law or regulation, in order to comply with legal process or government requests. No personal data of any user will be publicly disclosed.

International transfer

Your data are located and stored inside the European Economic Area “EEA. The data will not be stransfered outside EEA.

Your rights according to GDPR

In accordance with GDPR, we inform you about your rights:

obtain from the confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data (Right to access art. 15);
obtain without undue delay the rectification of inaccurate personal data (Right to rectification art. 16);
obtain from the controller the erasure of personal data concerning you (Right to be forgotten art. 17);
obtain from the controller restriction of processing (Right to restriction of processing art. 18);
receive the personal data concerning you, provided to a controller, in a structured, commonly used and machine-readable format in order to transmit those data to another controller without hindrance from the controller (Right to data portability art. 20);
object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning you (Right to object art 21);

When the personal data breach is likely to result in a high risk to your rights and freedoms, we will communicate you without undue delay. (Art. 34);

You also have the right to withdraw your consent at any time (Art. 7).
You may exercise such rights by contacting us, or alternatively you may file a complaint with the competent supervisory authority, in addition to your rights outlined above.

Data Controller

The Data Controller is CRIVI S.p.A. – Corso di Porta Vigentina, 46 – 20122 Milano – Tel. 02582891 – email:

Changes to privacy notice

We may change this Privacy Notice from time to time. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent.