Privacy Policy

Privacy policy pursuant to
Art.13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”)

Dear User,
the following explains how personal data collected automatically or provided by you through the navigation or use of the website (hereinafter, the “Website”) is processed.

1. Data Controller
The Data Controller is Ambienta Sgr S.p.A., in the person of its legal representative, with its registered office in Piazza Fontana, 6, 20122 – Milan (hereinafter “Ambienta”, “Company” o “Data Controller”).

2.Types of personal data processed
In order to allow you to use our Website and its services, including the possibility of submitting your application (hereinafter, the “Services”), the Data Controller needs to collect and process some of your personal data.

Data voluntarily shared by the user
The submission of your spontaneous application requires the processing of your biographical data (name and surname), your email address, as well as personal data included in your curriculum vitae, where attached.
The optional, explicit, and voluntary sending of mail involves the collection of your name, your surname, your email address, as well as other personal data included in the requests you submit.

Browsing data
The computer systems and software procedures used for the Website operations acquire, during their normal functioning, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.
This data, necessary for the use of the Website, is processed for the sole purpose of obtaining statistical information on the use of the Services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.) and to check the correct functioning of the Services offered.
The navigation data does not persist for more than 30 days and is deleted immediately after their aggregation, except for the possible need to ascertain crimes by the judicial authorities.

Cookie Policy

The Website uses the following types of cookies.

Technical cookies
Technical and session cookies are used. They are small text files containing a certain amount of information exchanged between your terminal or browser and the Website, which allow it to function correctly and to be used.

Analytics cookies
This Website uses first- and third-party analytical cookies. Analytical cookies are used to collect information on the use of the Website, in aggregate form, in particular on the number of users and how they visit the site, providing, also, anonymous statistical analysis in order to improve the use of the Website and to make the content more interesting and relevant to the desires of users.

To view links to the third parties’ privacy policies, disable all or some of the mentioned cookies, please refer to the following link.

Options regarding the use of cookies by the Website via browser settings
The provision of all cookies can however be disabled by changing the settings of your browser. It should be noted, however, that intervening on these settings could make the site unable if you block the cookies that are essential for the provision of our Services. In any case, each browser has different settings for disabling cookies. Below you will find links to instructions for the most common browsers: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.

3. Purposes, legal basis and nature of provision

Purposes Legal basis Nature
A Use of the Website Content and Services(i,ii,iii) and ensuring network and information security(iv).
This purpose includes the possibility of submitting your application through the Website.
In addition, this purpose includes the processing of traffic personal data to the extent strictly necessary and proportionate to ensure network and information security.
(i) Performance of a contract to which you are party
(ii) Compliance with legal obligations(iii) Performance of a pre-contractual measures requested by the data subject(iv) Legittimate interest
The provision of your personal data is mandatory.
Failure to authorize its processing would make it impossible to use the contents and services of the Website.
Furthermore, failure to authorize its processing would make it impossible to guarantee network and information security.
B Subscription to the newsletter and receive information of commercial nature(i).
This purpose includes the possibility to subscribe to our newsletter and receive communications and information of commercial and direct marketing nature on our Services, both through traditional and fully automated contact systems, such as, through the use of your email address.
(i) Consent The provision of your data is optional.
Failure to authorize the processing of your data, while not preventing you in any way from using the Website, may not allow you to take full advantage of the information of advertising, commercial and direct marketing.

4. Data retention period

The navigation data and that is acquired through the use of the Website will not be kept for more than 30 days.
Regarding the processing of your personal data for direct marketing purposes, the Company has established that it will automatically delete your personal data or transform them into anonymous data in a permanent and non-reversible manner, within 5 years from the registration of the data collected.
Regarding the other personal data processed, not being able to predetermine accurately their retention period, the Data Controller commits as of now to inspire its processing to the principles of adequacy, accuracy, and minimization of data, as required by the GDPR, checking annually the need for its retention. This, except in the case where it is necessary to maintain such data to fulfill regulatory obligations, or to ascertain, exercise or defend a right in court.

5. Categories of recipients of personal data

The personal data processed will not be disclosed to third parties, but may, however, be shared in relation to the purposes of processing set out above to the following subjects:

  • those who can access the personal data according to legal provisions provided by the law of the European Union or the law of the Member State to which the Data Controller is subject;
  • subjects that perform ancillary purposes to the activities and services referred to in paragraph 3, i.e. companies that offer advertising, marketing and communication services, companies that offer IT infrastructures and IT assistance and consultancy services as well as design and implementation of software and websites, companies that offer services useful to customize and optimize our services, companies that offer data analysis and development services (including those related to user interactions with our services), service centers, companies or consultants responsible for providing further services to the Data Controller, within the limits of the purposes for which they were collected.

In addition, your personal data may also be disclosed to our employees, provided that they are previously appointed as acting under the authority of the Data Controller pursuant to Article 29 of the GDPR, as well as System Admistrator.

6. Transfer of personal data extra-EU

The Data Controller may transfer your personal data to third countries outside the European Union, for managing cookie analytics and receiving the newsletter. Such transfer is always subject to an adequacy decision, under article 45 of the GDPR, or to the Standard Contractual Clauses, under article 46 of the GDPR. For more information about the rules for transferring data to countries outside the European Union, including the mechanisms on which we rely, you can visit the European Commission’s website here. To request a copy of the Standard Contractual Clauses signed by the Data Controller you can send an email to

7. Automated decision-making processing

The Data Controller does not use automated decision-making processes without your consent, including profiling as referred to in Article 22 paras. 1 and 4 of the GDPR.

8. Data subjects’ rights

Regarding the processing of your personal data, you, as a data subject, have the right to withdraw your consent at any time and to obtain from the Company access to your personal data. You may also request the Company to rectify or erasure your personal data. Furthermore, you have the right to obtain the restriction of the processing of personal data concerning you, as well as the right to data portability.
In addition to the above, you have the right to object at any time, on grounds relating to your situation, to the processing of your personal data carried out pursuant to Article 6 para. 1, letter e) or f), including profiling on the basis of these provisions, as stated in Article 21 of the GDPR. In addition, where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you carried out for such purposes, including profiling insofar as it is related to such direct marketing.
Finally, you have the right to lodge a complaint with a supervisory authority or take legal action if you believe that the processing of your data is in breach of the GDPR.
To exercise any of your rights, you may contact the Data Controller, in the person of the legal representative, by addressing a communication to the registered office in Piazza Fontana, 6, 20122 – Milan, or by sending an email to