Gi Group

Information on the use of personal data
Article 13 of the 2016/679 (UE) regulation (“GDPR”)


Gi Group S.p.A. (“Gi Group”)
based at Piazza IV Novembre 5, 20124 Milano
e-mail address


Data Protection Officer

The data protection officer [DPO] can be contacted at Piazza IV Novembre n. 5, 20124 Milan
e-mail address:


Why are your personal data processed and what is the condition that makes the processing lawful?

For how long do we keep your personal data?

The processing of personal data is carried out to process requests for information on the services offered by Gi Group or by the companies of the Group.
In particular, if the request for information concerns services offered by other Group companies, Gi Group may find it by indicating the contact details or may forward it directly to the company concerned for the purpose of a suitable and timely reply by the same.
The legal basis applicable to the processing of personal data is the execution of the contract with the data subject or the execution of pre-contractual measures adopted at the request of the same, according to art. 6 paragraph (1) let. b) of GDPR.
For the time necessary to process requests for information.
Once the conservation periods indicated above have elapsed, the personal data will be destroyed, deleted or made anonymous, compatible with the technical deletion and back-up procedures.


Mandatory provision of personal data

The provision of personal data highlighted with an asterisk in the data collection form is mandatory. Refusal to provide such personal data does not allow Gi Group to process requests for information.


Recipients of the data

Personal data may only be processed by employees of the companies departments authorised to process such data, as they are responsible for pursuing the above-mentioned purposes. These employees have received adequate operating instructions in this respect.

The personal data may be communicated to the following subjects or categories of subject acting as sole Controller:

  • Companies of the Group in Italy or abroad, even outside the EEA, if the request for information refers to services offered by other companies of the Group.

Personal data may also be processed, on behalf of Gi Group, by third-parties appointed as Processors, who are given adequate operating instructions. These third-parties are included in the following categories:

  • companies that provide IT services;
  • Site management and maintenance companies.

The list of data recipients is constantly updated and can be found easily and free of charge by sending a written communication to the Controller or an e-mail to


Transfer of data outside the EEA

The data may be transferred abroad to countries that do not belong to the European Economic Area, and in particular to

  • a. Argentina, Switzerland and UK, where the level of protection of the data has been considered adequate by the European Commission according to article 45 of the GDPR
  • b. Brazil, China, Columbia, Hong Kong, India, Montenegro, Russia, Serbia and Turkey following the signing by Gi Group with the importer of the data of the standard contractual clauses adopted/approved by the European Commission according to article 46, 2, letters c) and d) of the GDPR
The adequacy decisions can be consulted at the following links:

The standard contractual clauses may be consulted at the following link:

Data subjects rights

You may ask the Controller for access to the personal data that refers to you, for it to be corrected or deleted, for the addition of incomplete personal data or for the use to be limited in the cases referred to in the GPDR, as well as to object to its processing in instances of legitimate interest of the Controller.
Furthermore, in cases where the processing is based on consent or on the contract and is carried out using automated tools, you have the right to data portability, in other words to receive the data in a structured, commonly-used and machine-readable format and, where technically feasible, to transmit those data to another controller without any hindrance.
These rights may be exercised by sending a communication in writing to the Controller at the address indicated above or by e-mail to
At any time, you may submit a complaint to the Data Protection Authority, as well as pursue recourse to other means of protection provided for by the applicable laws.