Privacy Policy

Privacy and cookie policy

Short version (banner)

This website applies technical cookies to facilitate the browsing experience and cookies for data analysis but it does not use cookies to track user’s preferences and send marketing messages.

For more information on how we process your data and on how you can manage and block cookies you can read the full privacy and cookie policy here.

If you ignore this banner and continue to browse the Website, it means that you agree on the use of cookies.

Full version

This website implements available and reasonable measures to protect user’s privacy and minimise personal data processing, in compliance with Italian law (D.Lgs. 30 June 2003 no. 196 or Data Protection Code and its modifications) and European regulation (Regulation EU 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data or “GDPR”).

The scope of the privacy policy is to explain what user’s personal data is processed by this website (hereinafter the “Website”) and how the data is used.

Data controller

Data controller is Ivana Moscato, Via Stezzano no. 87, Bergamo, at the premises of Kilometro Rosso.

Users can contact the data controller by sending an e-mail to [email protected] or by sending a letter to the address: Via Stezzano n. 87, Bergamo, Kilometro Rosso.

Legal basis for the processing

Data processing of data collected by the Website is based on user’s consent. The user may give his consent by accepting the Website’s privacy and cookie policy or just by browsing the Website, which constitutes a positive conduct of acceptance. In particular, by using or browsing the Website, users accept this privacy and cookie policy and agree on the processing of their data in the way and for the purposes that are described below, including the communication of their data to third parties if this is required to provide a service.

The provision of personal data is not statutory nor a contractual requirement: users may deny their consent to the processing and revoke their consent at any time (this can be done through the banner at the bottom of the page, or by changing settings of your browser or by contacting the data controller). However, if users do not agree on data processing, the browsing experience may be hindered.

Data is also processed to maintain the Website secure and protect it from misuse and spam, as well as to analyse user’s traffic for statistical purposes. This data cannot be related to the user and is processed on the basis of data controller’s legitimate interest to the Website’s and user’s data security. In these cases, the user has the right to object to the processing at any time (see paragraph on user’s rights).

Purposes of processing

The purposes of data processing are the following:

- Browsing of the Website

Record the settings of the user, i.e. the language, and allow the user to browse the Website.

- Data analysis

Data is processed to verify that the Website works properly. This type of data cannot be attributed to the single user and does not identify the user.

- Security

Data is processed to maintain the Website secure (i.e. antispam filters, firewalls, virus detection) so that also users are protected from frauds and damages to the Website. This type of data is registered automatically and can include personal data (i.e. IP address) which may be used in compliance with laws and regulations to block activities that may damage the Website or other users, as well as criminal activities. This data, which is periodically deleted, will never be used to identify users or track user’s preferences.

- Other activities

Data may be sent to third parties who provide services that are material to the functioning of the Website (i.e. comment boxes) and who provide other activities to us, such as technical support and logistics. Our suppliers have access to data that they need to provide their services only and undertake to not use data for other purposes and commit to process data in compliance with applicable laws.

- Advisory and professional engagements

Data that is provided spontaneously when requesting an advisory service or another professional engagement will be processed for the sole purpose of examining and performing the service. In this case, a specific privacy policy will be provided.

Categories of data

The Website processes two categories of user’s data.

Data that is processed automatically

While browsing the Website, the following data may be processed and stored as log files in the Website’s server:

- Internet Protocol (IP) address;

- browser type;

- characteristics of the device that has been used to connect to the Website;

- name of the Internet Service Provider (ISP);

- date and time of the visit;

- user’s webpage of entry and exit;

- number of clicks.

This data is processed for the sole purpose of data analysis in a form that does not identify the user. The IP address is processed for security reasons only and it is not matched with any other data.

Data that is provided on a voluntary basis

The Website may also process data that is provided by users when they use the services on the Website, i.e. when they leave a comment or send a query. This data will only be used to provide the service that has been requested and includes:

- name and surname;

- email address;

- any other data that is provided on a voluntary basis.

Where data is processed

Data is processed at the data controller’s offices and at the data center of the web hosting service provider, which is __________. The web hosting service provider acts as data processor because he processes data on behalf of the data controller. ___________ is located in the EEA and operates in compliance with the European regulations (____________link to web hosting privacy policy).

Data storage

Data that is processed automatically by the Website during its operations will be stored as long as it is strictly necessary to carry out the activities that have been described above. After that time, data will be deleted or pseudonomised, unless there are other reasons to keep it. Data that is used for security (i.e. IP address and attempts to damage the Websites) will be stored for 30 days.

Data that is processed for data analysis will be stored in aggregated form for 24 months.

Transfer of data to third parties

Data is not transferred to third parties, unless: (i) there is a lwaful request from a court; (ii) the transfer is necessary to provide a specific service requested by the user; and (iii) we have to perform security checks on the Website or work on its optimisation.

Transfer of data outside the EU

The Website may share some data with service providers located outside the EEA, in particular with Google. This type of transfer has been authorised by specific decisions of the European Union Commission (decision no. 1250/2016, Privacy Shield) and the Italian Commissioner for data protection, therefore no additional user’s consent is required for the transfer. Google warrants its adherence to the Privacy Shield.

Security measures

Data is processed in a lawful and correct way and is protected with security measures that are aimed to prevent unauthorized accesses, publication, changes or unauthorized distruction of data. We commit to maintain security on data communication, by applying Secure Sockets Layer (SSL) software which encrypts information in transit. Data is processed by digital and/or online devices, with organisational and technical measures that are strictly related to the purposes of processing indicated above. Besides data processors, data may be processed by people that work on the Website or other service providers (i.e. technical suppliers, hosting providers).


Cookies are small text files that websites send to the user’s computer, where they are stored to be used by the said websites when the user visits them the next times. Third-party cookies are instead installed by a different website than the one that the user is visiting. This happens because every website may contain objects that may be located in different servers than the one that hosts the visited website (i.e. images, maps, sounds, links to external websited, etc.).

Cookies are used for different purposes: digital authentication, session monitoring, recording of website settings, recording of preferences, etc.

The website uses the following types of cookies:

- technical cookies: they have the sole purpose of allowing the user to browse the Website or providing a service requested by the user. Without these cookies, some operations would not be possible or would be more complicated and/or unsecure than it would be with them. The Website uses technical cookies for the sole purposes of transmitting electronic comminications, visualizing the Website and browsing it. Moreover, technical cookies allow the Website to distinguish different users when it is necessary to provide a specific service to an identified user (i.e. when the user logs in his personal page) and to implement security measures. Some technical cookies are deleted when the browser is closed (i.e. session cookies), while others remain active after that (i.e. the cookie that stores user’s consent to the use of cookies which last one year).

- cookies for data analysis: they are used by the website’s operator to collect aggregated information on the number of users and on the way they visit the website. The Website uses cookies for data analysis that are provided by Google Analytics (see section on third-party cookies for more details).

The Website does not use cookies to track user’s preferences and send marketing messages.

By clicking the OK button on the banner or by browsing the Website, the user agrees on the use of cookies and on the installation of said cookies in his computer for the purposes indicated above and on the fact that cookies can access information in his computer.

Disabiling cookies

The user may block the cookies and may revoke his consent to their use at any time. Since cookies are linked to the user’s browser, the user may refuse or revoke his consent to the use of cookies by changing the browser settings directly, according to the steps of his browser. The user can also change his preferences on cookies through the banner at the bottom of the page.

If cookies are turned off some functions of the Website may not be available.

Third-party cookies

This Website uses third-party cookies with the aim to offer additional services to the users and facilitate the use of the Website. The Webiste does not have any control over these cookies that are fully managed by third parties and does not have access to the information collected by them. Details on the use of these cookies, on their purposes and on how they may be turned off are provided by the third parties directly at the pages indicated below.

The Website uses the following third-party cookies:

- Google Ireland Limited

To understand how Google Ireland ltd processes personal data we advise you to look at Google’s privacy policy ( and to Google’s privacy policy when using partner’s websites and apps (

Google Analytics: it is used to analyse how users use the Website, to send reports on Website’s activities and reports on user’s behaviour, to verify how often users visit the Website, how the Website is located by users and what pages are visited the most. This information is also used to compare the Webiste with other similar websites.

Categories of data: browser identification, browsing date and time, originating page and IP address.

Where data is processed: European Union.

Data does not identify the users and is not matched with other data of the same users. Data is processed in aggregated form and it is anonimised (last eight digits are truncated). Google Inc. may not match this data with the one collected from other services, in compliance with a specific agreement (DPA).

More information on Google Analytics cookies is available on Google Analytics Cookie Usage on Websites page (Google Analytics Cookie Usage on Websites).

The user may disable (opt out of) Google Analytics by installing on his browser the specific app provided by Google.

- Mailchimp (The Rocket Science Group LLC): Mailchimp is a contact and email management service provided by The Rocket Science Group LLC. The data controller uses this service to manage a database of user’s contact details, such as emails, phone numbers and other contact details as well as communicate with the user. Mailchimp also provides the data related to date and time when the user reads the messages, as well as data on how the user interacts with messages, such as number of clicks on the links included in the messages. Categories of data: name and surname, cookies, data on Website usage, email, State, phone number and company name. Where data is processed: United States of America. Mailchimp adheres to the EU-USA Privacy Shield. For more information as to Mailchimp data processing, please refer to Mailchimp Privacy Policy. - Hotjar Heat Maps and Recordings (Hotjar Ltd.): Hotjar is a heat mapping and browsing data recording service provided by Hotjar Ltd. The data controller uses this service to identify the areas of the Website that are visited by tracking the pointer and the mouse clicks and find out the pages of the Websites that interest the users the most. This service also allows the data controller to record browsing sessions and make them available to the data controller for future analysis. Hotjar tracking option may be disabled by the user. This means that the browser will not collect any data from the user. All the main browsers offer this option. More information on Hotjat opt-out service is available here. Categories of data: cookies and usage data in compliance with Hotjar Privacy Policy. Where the data is processed: Malta (EU).  

User’s rights on his data

In compliance with the GDPR, the user may exercise the following rights according to and within the limits of the applicable law:

- to object to all of part of the processing for legitimate reasons;

- to demand confirmation as to whether or not personal data concerning him is being processed;

- to know the source of data;

- to obtain information on the logic, purposes of the processing and how processing is being done;

- to demand un update, rectification, integration, deletion and pseudonymization of data;

- to receive the personal data concerning him, which he has provided to the data controller, in a structured, commonly used and machine-readable format;

- to lodge a complaint with a supervisory authority (i.e. the Italian Data Protection Commissioner -;

- to exercise all other statutory rights.

Requests may be addressed to the data controller.


This privacy and cookie policy has been updated on Jan.22, 2020 .

Integrated Business Services

[email protected] support businesses in taking decisions on business strategy and operations, by offering complete, specific and effective solutions