Privacy Policy

Privacy Policy pursuant to article 13 EU Regulation 2016/679

Legal references:

  • Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter “EU Regulation”)
  • Legislative Decree no. 196 of 30 June 2003 (hereinafter “Privacy Code”), as amended by Legislative Decree no. 101 of 10 August 2018
  • Recommendation no. 2 of 17 May 2001 concerning the minimum requirements for the collection of data online in the European Union, adopted by the European authorities for the protection of personal data, meeting in the Working Party established by Article 29 of Directive no. 95/46/EC (hereinafter the “Recommendation of the Working Party pursuant to Article 29”)


Var Group S.p.A. (hereinafter also the “Company”), a duly established corporation with registered office in via Piovola 138, Empoli (FI), VAT no. 03301640482, wishes to inform users of the terms and conditions applied by the Company to the processing operations carried out on personal data during the navigation of its company website. In particular, the information is provided in relation to users’ personal data consulting and using the company website, under the following domain: The Company acts as “Data Controller”, meaning “the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data”. In concrete terms, the processing of personal data may be carried out by persons specifically authorised to carry out processing operations on users’ personal data and, for this purpose, duly instructed by the Company. In application of the regulations on the processing of personal data, users who consult and use the Company’s website are qualified as “Data Subjects”, meaning the natural persons to whom the personal data being processed refer. This policy does not extend to other websites that may be consulted by users through links, including social buttons, on the Company’s website. In particular, social buttons are digital buttons or direct link to social network platforms (such as LinkedIn, Facebook, etc.), configured in each single “button”. By clicking on these links, users can access the Company social accounts. The editors of  social networks, to which the social buttons refer, operate as autonomous Data Controllers; consequently, any information relating to the methods by which the aforementioned Data Controllers carry out the processing operations on the users’ personal data can be retrieved in the related Social Network platforms privacy policies.


1. Personal data subject to processing. 

In consideration of the interaction with this website, the Company may process the following personal data:

a. Dati di navigazione: i sistemi informatici e le procedure software preposte al funzionamento di questo sito web acquisiscono, nel corso del normale esercizio, alcuni dati personali la cui trasmissione è implicita nell’uso dei protocolli di comunicazione di Internet. Si tratta di informazioni che non sono raccolte per essere associate a soggetti interessati identificati ma che per loro stessa natura potrebbero, attraverso elaborazioni ed associazioni con dati personali detenuti da terzi, consentire l’identificazione degli utenti. In questa categoria di dati personali rientrano gli indirizzi IP o i nomi a dominio dei computer utilizzati dagli utenti che si connettono al sito, gli indirizzi in notazione URI (Uniform Resource Identifier) delle risorse richieste, l’orario della richiesta, il metodo utilizzato nel sottoporre la richiesta al server, la dimensione del file ottenuto in risposta, il codice numerico indicante lo stato della risposta data dal server (buon fine, errore, ecc.) ed altri parametri relativi al sistema operativo e all’ambiente informatico dell’utente. Tali dati personali vengono utilizzati solo per ricavare informazioni statistiche anonime sull’uso del sito web e per controllarne il corretto funzionamento.
I dati di navigazione non persistono per più di 12 mesi, fatte salve eventuali necessità di accertamento di reati da parte dell’Autorità giudiziaria.

b. Dati personali spontaneamente conferiti: la trasmissione facoltativa, esplicita e volontaria di dati personali alla Società, mediante compilazione dei form presenti sul sito web, comporta l’acquisizione dell’indirizzo email e di tutti gli ulteriori dati personali degli utenti richiesti dalla Società al fine di ottemperare a specifiche richieste.
Con riferimento al trattamento dei dati personali conferiti in virtù di compilazione del modulo contatti collocato nel presente sito web, si rinvia alla relativa “informativa modulo contatti”.


2. Purpose and legal basis for the processing of personal data 

In relation to the personal data referred to let. a) of this privacy policy, users’ personal data are processed automatically and “mandatory” by the Company in order to allow the navigation itself; in this case,  the processing is based on a legal obligation to which the Company is subject, as well as on the legitimate interest of the Company to ensure the proper functioning and security of the website; therefore, users express consent is not necessary..


3. Rights under Articles 15, 16, 17, 17, 18, 20 and 21 of EU Regulation 2016/679


Users, as Data Subjects, may exercise the rights of access to personal data provided for in Article 15 of the EU Regulation and the rights provided for in Articles 16, 17, 18, 20 and 21 of the same Regulation regarding the rectification, cancellation, limitation of the processing of personal data, data portability, where applicable, and opposition to the processing of personal data. The aforesaid rights can be exercised by a written communication to the following address: [email protected].  If the Company does not provide feedback within the time limits provided for by the legislation or the response to the exercise of rights is not suitable, users may lodge a complaint to the Italian Data Protection Authority using the following contact information: Italian Data Protection Authority, Fax: (+39) 06.69677.3785 Telephone: (+39) 06.69677.1 E-mail: [email protected]


4. Data protection Officer 

SeSa S.p.A., company acting as holding company in SeSa group of undertakings, has appointed, after assessing the expert knowledge of data protection laws, a Data Protection Officer. The Data Protection Officer supervises compliance with data protection regulations and provides the necessary advice. In addition, where necessary, the Data Protection Officer cooperates with the Italian Data Protection Authority. Here are the contact details: [email protected]

Navigation data: the computer systems and software procedures used to operate this website acquire, during normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with Data Subjects but may by its very nature allow the identification of users through processing and association with personal data held by third parties. Navigation data include IP addresses or domain names of devices used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and device environment of the user. The navigation data collected are used only to obtain anonymous statistical information on the use of the website and to check its correct functioning. Navigation data are stored for a maximum of12 months, without prejudice to any need to detect and prosecute criminal offences by the competent authorities.