Privacy Policy



This page describes the methods of processing personal data that can be collected following user’s access to this site. It also constitutes information provided pursuant to art. 13 and 14 of EU Regulation 2016/679 (GDPR). Further information can be made on specific pages, where required and / or necessary.
This information does not contain other sites, pages or online services that can be reached via links / buttons / banners that may be inserted on the site.
This site and the services of the Data Controller are not intended for the children under 18 years of age and the Data Controller is not intentionally collecting personal information relating to the children. In the event that information on children were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the user’s.


1 – Data controller


Comi spa


Via Liegi, 2 – 24040 Ciserano BG

Tel. +39 035 882567



2 – Why we collect your data


a) For purposes related to navigation and management of this site or:

  • protect the security of the site and user’s and to prevent or unmask fraud or abuse to the detriment of the website;
  • verify and guarantee the correct functioning of the site and its functions also through third parties;
  • collect access and navigation statistics, to improve the services and usability of the site (through logs and technical / analytical cookies also from third parties);

Legal basis: the provision of the site navigation service, the legitimate interest of the owner as well as the obligations under the law (Article 6.1.b / c / f of the GDPR).

Storage: the data (IP address) used for site security purposes (blocking attempts to damage the site) are kept for 30 days and are deleted immediately after their aggregation (except for any need for the detection of crimes by the judicial Authority ).

b) To respond to a request for contact, information, support or a self-application to work with us, sent via the appropriate form.

Legal basis: pre-contractual measures (Art.6.1.b GDPR)

Storage: maximum 12 months for internal management and organizational purposes.

c) For sending informative and commercial communications / newsletters via e-mail.

Legal basis: specific consent (Art.6.1.a of the GDPR)

Duration: 2 years for the above mentioned purposes or immediate cancellation in case of unsubscription request.


3 – What data we collect


Navigation data


The computer systems used to operate the site automatically acquire some data, including personal data, whose transmission is implicit, as well as necessary in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used by user’s who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.


Data provided by the user


  • Data provided by the user


Requests for information or assistance require the acquisition of personal identification data (including surname, name, e-mail, telephone), or other personal data that may be included in the communications.


  • Application form


The self-candidacy requests, requires the acquisition of personal identification data (including surname, name, e-mail, telephone), or other personal data possibly included in the Curriculum Vitae, including also special categories of personal data, capable of revealing to example the state of health. For this type of personal data, the sending of the curriculum by self-candidacy or in response to an offer will constitute an implicit expression of consent to the processing.


  • Newsletter registration form


Sending the registration request involves the collection of: email address, IP address, device characteristics, time of subscription, as well as, subsequently, the collection of information relating to the interaction of the subscriber with the message (views, clicks, etc.). This activity is performed on our behalf by Mailchimp (The Rocket Science Group LLC) with treatment headquarters in the United States and adhering to the Privacy Shield (US-EU privacy shield). Further details on the activity carried out by the supplier can be found on its information on the processing of personal data notice available here.
For communications via newsletter, only the e-mail address will be used. The sending of the same will be executed in any case only with your consent, always revocable directly from the message received or according to the procedure in point 7


4 – Provision of data


The provision of data for the purposes referred to in point 2.A is to be considered mandatory, since without them it is not possible to provide access and navigation to the site.

The provision of data for the purposes referred to in point 2.B or 2.C is to be considered optional, however, without such data it will not be possible to respond to any requests for information or keep you updated regarding our activity.

The interested party always has the right to withdraw the consents provided. This revocation will not affect the lawfulness of the treatment based on consent before the revocation.


5 – Processing methods and security measures


Personal data are processed electronically for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.


6 – Who are the recipients of your data


In pursuing the aforementioned purposes, personal data as well as processed by our staff, which acts on the basis of specific instructions, may also be disclosed to various subjects, including but not limited to:

  • subjects and entities to whom access to such data is recognized by virtue of regulatory provisions;
  • physical, legal, public or private subjects, to whom communication is necessary or functional to our business;
  • developers, maintainers, hosting, platforms and other online services, necessary for the operation and functionality of this site.

The list of any data processors can be requested from the Data Controller. If necessary and only for our organizational and operational purposes, the personal data provided could be transferred to foreign recipients, even outside the European Economic Area (EEA). In this case, the transfer will take place in compliance with the international standards in force, as well as against the adoption of suitable measures (such as, for example, EU adequacy decisions or the presence of adequate guarantees). In no case will the personal data provided be disseminated without authorization.


7 – Your rights


The Data Controller guarantees the rights provided for in Articles 15 to 22 of the GDPR, including: that of requesting and obtaining access to data, rectification, cancellation or limitation of processing of the same, as well as the right to object, in whole or in part, for legitimate reasons, to the processing of your personal data, to request portability, to withdraw the consent (s) provided and to lodge a complaint with a supervisory authority.

These rights can be exercised by sending a communication to the Data Controller at the address:

The information provided may be subject to revision. User’s are kindly invited to periodically visit this page, in order to be constantly updated on the characteristics of the treatment.

Last updated: 29/05/2020