This privacy policy (“Privacy Policy”) describes the purposes and modalities of processing of personal data (“Personal Data” or “Data”) that Prelios SGR S.p.A. (“Prelios SGR”, “We” or “Company”) carries out for users accessing and visiting the website (“Site”) dedicated to the Senato 28 project (“Project”).

The information is provided only for the web page of Senato 28 and not also for other sites visited by the user through external links, in compliance with the provisions of of Regulation (EU) 2016/679 (“Regulation” or “GDPR”), Directive 2002/58/EC (“ePrivacy Directive”) and Legislative Decree 196/03 (“Privacy Code”).

Data relating to identified or identifiable persons may be processed following access to and navigation on the Prelios SGR Site. We may receive personal information from you as a result of sending e-mails with Project-related requests.

  1. Who is the Data Controller?

The Data Controller is Prelios SGR S.p.A. with registered office in Via Valtellina, 15/17, 20159 Milan (MI).

  1. What Personal Data do we collect?

Through our website, we collect and process Personal Data in various ways:

  • Personal data provided voluntarily by the user: we collect personal information about you when you actively provide it to us, e.g. when you contact us to receive information about the Project.
  • Personal data collected through use of the Site: we automatically collect certain personal information when you browse and use the Site. In the case of cookies, where tracking is not necessary and essential for the operation of the Site, Prelios SGR will request prior consent to the tracking of the user.
    • What kind of Personal Data do we process?
  • User information: if you request information about the Project, we may use your Personal Data to contact you and answer questions. In these circumstances, we may process personal and contact Data (e.g. first name, last name, company e-mail address and telephone number voluntarily provided by the user).
  • Location data: we can approximate the user’s location based on his IP address.
  • Site management data: we may receive information relating to user tracking via the cookies installed on our Website. In the event that the information is not instrumental to the operation of the web page, we will request prior consent from the user in order to allow the collection of the Data.
    • Automatically collected information

When you use our website, interact with us through your smartphone, computer, mobile device, we may automatically collect information about how you access and use the Site, as well as information about the device you use. We use this information to improve the user experience and to monitor and update our website. We generally collect this information through a variety of tracking technologies, including cookies, pixels, web beacons, embedded scripts, location identification technologies and similar technologies (collectively, ‘tracking technologies’).

Users can accept and reject these technologies by changing the privacy preference settings in the profile settings of their web browser. The information we collect automatically may be combined with other personal information we collect directly from users.

The information we can automatically collect is:

  • Personal data relating to interactions with the Site (e.g. whether or not a user clicks on an image or link);
  • information about the devices you use to access and interact with Us (e.g., this lets Us know whether you use a computer, tablet or smartphone, your screen resolution, operating system, Wi-Fi connection, Internet browser and IP address, information about server log files).
  • Behavioural data: information derived from the combination of device ID and system events that can be used to identify trends and behavioural patterns to improve Our service;
  • analytical information: we may collect analytical data, or use third-party analytical tools, to help us better understand the needs of our users.

[note to the company: please confirm these types of data].

  1. What Personal Data do we not collect?

We do not collect or process the following Personal Data relating to you:

  • racial or ethnic origin;
  • political opinions;
  • religion or philosophical beliefs;
  • health or medical conditions;
  • criminal background;
  • union membership;
  • Genetic or genetic data;
  • life or sexual orientation.


We ask Our users not to send and/or upload or disclose any of the above Personal Data through the Site or directly to Our contacts.


  1. Why do we process your Personal Data?

Users’ Personal Data are processed through Our Website for:


  1. Answer questions and deal with user requests

To respond to requests and questions related to the Project that you send using the Contact Details indicated on the Site.  We may respond to enquiries by e-mail or by using the telephone contact details, should you wish to be contacted by one of our employees by telephone.

Legal basis of the processing: handling, in an appropriate and timely manner, user requests and informing users about the Project.

  1. Providing news and updates on the Project

If you have shown an interest in the Project, we may send you update communications and keep you informed of all the news about Senato 28 and similar activities carried out by Prelios SGR.

Legal basis of the processing: our legitimate interest in keeping our users up-to-date on the services rendered, the Project and similar activities.

You are free to unsubscribe from our newsletters at any time by sending an email to the address indicated in this Privacy Policy or by clicking on the unsubscribe button at the bottom of the emails you receive. [Note to the Company: please confirm the procedure and processing].

  1. Ensuring the technical functioning of the Site

We collect and use your Personal Data to technically administer Our Website and ensure that it functions properly. We may use the personal information provided by the user to respond to reports or complaints relating to the proper functioning of the page.

Legal basis of the processing: our legitimate interests in ensuring the proper functioning of the Site from a technical/IT point of view.

  1. Informing you of changes to the terms and conditions of use of the Site and providing this Privacy Policy

To send information on changes to the terms and conditions of use of the Site and provide this Personal Data Protection Policy.

Legal basis for processing: our legitimate interest in informing you well in advance of the entry into force of such changes.

  1. Compliance with legal obligations

To comply with our legal obligations, orders from governmental authorities which may include orders from authorities outside your country of residence, when we reasonably believe that we are required to make such disclosures and when disclosure of your Personal Data is strictly necessary to comply with such legal obligations or governmental orders.

Legal basis for processing: compliance with our legal obligations.

  1. Preventing fraud and abuse

We will use information on fraudulent or criminal activities related to the use of our services for the purpose of detecting and preventing fraud or abuse.

Legal basis for processing: our legitimate interests in protecting our organisation from fraudulent activities.

  1. Legal Protection of Our Interests

In order to protect our business operations, safeguard our rights, ensure the protection of Personal Data through the Site and enable us to pursue the legal remedies provided by law or limit the damages that may be incurred by Us.

Legal basis for processing: Our legitimate interests in protecting our business organisation in accordance with the provisions of the law.

  1. To whom is the user’s Personal Data disclosed?

In addition to the staff duly authorised by Prelios SGR, the information provided by interested parties may be communicated to the business partners dealing with the Project.

The Personal Data of users using the Site may also be processed by some of our service providers who perform technical maintenance of the systems.

If necessary, Personal Data may be transmitted to the competent public and judicial authorities in order to prevent fraud or unlawful acts.

  1. What are the user’s rights in relation to the processing of Personal Data and how can they be exercised?

The subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or non-existence of such Data and to know their content and origin, verify their accuracy or request their integration, updating, rectification (Articles 15 and 16 GDPR), namely:

  • Right of access. The right to obtain access to personal information about you along with certain related information;
  • Right to Data Portability. The right to receive personal information in a common format and to have it transferred to another data controller;
  • Right of rectification. The right to obtain rectification of Personal Data without undue delay if the Personal Data are inaccurate or incomplete;

Pursuant to Articles 17, 18 and 21 of the Regulation, you have the right to request the erasure, limitation of processing, transformation into anonymous form or blocking of Data processed in breach of the law, as well as to oppose in any case, for legitimate reasons, their processing, namely

  • Right to erasure. The right to obtain the erasure of one’s Personal Data without undue delay in certain circumstances, such as where Personal Data are no longer necessary in relation to the purposes for which they were collected or processed;
  • Right of restriction of processing. The right to obtain, in specific circumstances identified by applicable law, a restriction of the processing of your Data for a certain period of time, for instance when you contest the accuracy of your Personal Data, for the time to verify the accuracy and correctness of such Data.
  • Right to object. The right to object, on grounds relating to your particular situation, to the processing of Personal Data, and to object to the processing of Personal Data for direct marketing purposes, insofar as this is related to the said direct marketing.

As a data subject, you also have the right to revoke your consent at any time, without prejudice to the validity of the processing carried out prior to revocation.

The rights may be exercised by users by contacting the Data Controller and/or the Data Protection Officer at the following addresses:

  • e-mail: or [note to company: confirm address or enter e-mail address for user privacy requests. The cookie policy on the site states Use of Prelios’s address to be evaluated]
  • by post, to Via Valtellina, 15/17, 20159 Milan (MI).


  1. How long do we store Personal Data?

Personal Data will only be kept for as long as necessary to achieve the purposes set out in point 4, to ensure the operation of the Site and for the Project. In the event of litigation, where there is a need to retain the Data for a longer period, Prelios SGR may only retain the information necessary to protect its rights or interests.

What transfers can we make?

We may disclose certain Personal Data and information about you to Our suppliers for Project related activities and for the operation of the Site. We do not currently transfer Personal Data outside the European Economic Area. In the future, we may use providers located outside the territory of the European Union for some of the processing mentioned above. In these circumstances, we ensure that we will comply with the applicable legal provisions on the transfer of Data by entering into agreements, if necessary, that guarantee an adequate level of protection and/or by adopting the standard contractual clauses required by the European Commission.

  1. How do we protect your Personal Data?

Information security is very important to us and we have put in place safeguards to preserve the integrity and security of the information we collect and process through the Site. However, no security system is impenetrable and we cannot guarantee the security of our systems 100 per cent. In the event that any information under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify the persons whose information may have been compromised and take other measures, in accordance with applicable laws and regulations.

  1. Applicable law

This Privacy Policy is governed by and shall be interpreted in accordance with the provisions and any other applicable mandatory regulations of the European Union.

  1. Complaint to the Data Protection Authority

The Data Subject has the possibility of lodging a complaint with the Data Protection Authority, which can be contacted at the Website