Privacy Policy

The privacy policy of Europass SRL has been written due to the full application of EU Regulation 2016/679.

Your privacy is important to  Europass SRL. We have therefore developed a Privacy Policy which regulates the way we collect, use, transfer and store your personal data.

Collection and use of personal information

Personal information is data that can be used to identify or contact a specific person.

You may be asked to provide your personal information whenever you meet Europass SRL. Europass SRL may share this data and use it in accordance with this Privacy Policy. They may also combine this information with other data to provide and improve products, services, content and advertising materials. You are not required to provide the personal data requested by us; if you decide not to provide it, however, in many cases we will not be able to offer you our products or services or answer your questions.

Here are some types of personal data that Europass SRL may collect and use.

What personal data we collect

  • When you browse the site we may collect a series of data, including name, address, telephone number, email address, contact preferences, device identification codes, IP address, location information, and credit card information.
  • Europass SRL will use this information to satisfy your requests, provide you with the product or service relevant to your needs.
  • In certain circumstances, you may be asked for a valid identification document, to handle reservations or based on statutory obligations.

How we use your personal data

We may process your personal data for the purposes described in this Privacy Policy with your consent, for compliance with legal obligations to which Europass SRL is subject or in case we deem it necessary for legitimate interests pursued by Europass SRL or by third parties to whom it is necessary to provide data.

  • The personal data collected by us allows us to keep you updated on the announcements of the latest products of Europass SRL, and on upcoming events. If you do not want to be included in our mailing list, you can unsubscribe at any time in the specific section.  
  • We also use personal data to develop, provide and improve our products, services, content, and advertising materials, as well as to prevent losses and fraud. In addition, we can use them to ensure network and account security, and to protect our services for the benefit of all our users. Your data will be used for anti-fraud purposes in case it is required by conducting an online transaction with us. We limit our use of data for anti-fraud purposes to what is strictly necessary and within the recognized limits of our legitimate interests to protect our customers and services. For some online transactions, we may also verify the information you provide to us by consulting publicly accessible sources.
  • Personal data, including the date of birth, can be used to verify identity, facilitate user identification and determine which services are appropriate.
  • We may periodically use your personal information to send important notices, such as communications relating to the services offered, as well as our conditions and policies. Since this data is important for your interaction with Europass SRL, you cannot request not to receive such communications.
  • We may also use personal data for internal purposes, for verification, data analysis and research to improve products, services and communications with customers of Europass SRL.

Origin of your personal data collected from other sources

Europass SRL may have received your personal data from other people who have shared their content with you using products Europass SRL. For research and development purposes, we can use data sets containing images or other data that could be associated with a person in order to identify it. When we acquire these data sets, we do so in accordance with the applicable laws in the jurisdiction in which the data set is hosted. During the use of such data sets for research and development, no attempt is made to identify the person to whom the data belongs.

Collection and use of non-personal data

We also collect data that is in a form that does not permit direct association with a specific individual. We may collect, use, transfer and disclose non-personal information for any purpose. The following are some examples of non-personal data collected by us and their use:

  • We can, for example, collect data on profession, language, postal code, telephone prefix, unique device identification code, reference URL, in order to better understand customer behaviour and improve our products, services and advertising materials.
  • We may collect data about customer activities on our website and from our other products and services. This data is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website and our products and services are of greatest interest. Under this Privacy Policy, aggregated data is considered non-personal information.
  • We may collect and store details about the use that users make of our services, including searches. This information can be used to improve the relevance of the results provided by our services.

Disclosure to third parties

Europass SRL may periodically make certain personal data available to strategic partners who collaborate with Europass SRL for the supply of products and services or which help Europass SRL in selling to customers. Personal data will be shared by Europass SRL only to provide or improve its products, services and advertising materials; they will not be shared with third parties for the commercial purposes of the latter.


It may be necessary for Europass SRL (by law, court proceedings, litigation and / or requests by public and governmental authorities within or outside your country of residence) to disclose your personal data. We may also disclose your information if we believe that, for purposes of national security, compliance with the law or other matters of public importance, it is necessary or appropriate to do so.

We may disclose your information if we believe that disclosure is reasonably necessary to apply our terms and conditions or to protect our activities or users. Furthermore, in the event of reorganization, merger or sale, we may transfer all personal data collected by us to third parties affected by such transactions.

Data protection personal

Europass SRL takes care of the security of your personal information. For the storage of personal data by Europass SRL, information systems with limited access are used, located in facilities that take physical security measures. The data is stored in encrypted form, even in cases where we use third-party storage solutions.

Existence of automated decision-making procedures, including profiling

Europass SRL does not make any decisions regarding the use of algorithms or profiling that significantly affects you.

Integrity and retention of personal data

Europass SRL facilitates the retention of your personal data in an accurate, complete and updated manner. We will retain your personal information for the period necessary for the purposes outlined in this Privacy Policy. In deciding these periods, we carefully evaluate our actual need to collect personal data and if we believe that there is a decisive necessity, we keep them only for the shortest possible period necessary to achieve the purpose of collection, unless a conservation period greater is required by law.

Access to personal data

You can help ensure that your preferences and contact information is accurate, complete and up to date by accessing the site We will grant you access to the other personal data stored by us and we will provide you with a copy so that you can perform any operation you require, for example requesting to correct the data if it is inaccurate or delete it if Europass SRL is not held to keep them as required by law or for legitimate business purposes. We may refuse to respond to requests that are futile / harassing, damaging the privacy of others, extremely difficult to meet or where access to data is not otherwise covered by local law. Europass SRL may also refuse to comply with requests for deletion or access to data if it considers that fulfilling this request is contrary to the legitimate use of data for anti-fraud purposes and to ensure security, as described previously.

Third party websites and services

The websites, products, applications and services of Europass SRL may contain links to websites, products and services of third parties.

Data collected by third parties, which may include geographic or contact information, are governed by their respective privacy policies. We encourage you to review the privacy policies of those third parties.

Our company-wide commitment to your privacy

To make sure that your personal data is secure, we communicate our privacy and security guidelines to employees of Europass SRL and strictly apply privacy protection measures within the company.

Privacy questions

If you have any questions or concerns regarding the Privacy Policy of Europass SRL or to the processing of data, or if you wish to contact Data Protection Officer Europass SRL or forward a complaint about a possible violation of local laws for the protection of privacy, you may.

Europass SRL may periodically update the Privacy Policy. In case of substantial changes, a notice will be posted on our website, together with the updated Privacy Policy.

Europass SRL, P.IVA 04393630480, with registered office in Via Sant’Egidio, 12, 50122 Florence \\(hereinafter “Holder”), as the data controller, informs you pursuant to art. 13 EU Regulation n. 2016/679 (hereinafter, “GDPR”) that information will be treated in a certain manner and for the following purposes:

1. Object of the treatment

The holder treats personal identification data (in particular, your name, social security number, name, P.IVA, e-mail, PEC, telephone number, IBAN, and any information capable of identifying the person concerned, following “Personal data” or “data”) communicated through the first processing.

2. Purpose of the processing

The personal data will be processed:

For the following Purposes:

  1. Fulfil the pre-contractual, contractual and tax obligations deriving from existing relationships with the Owner;
  2. Fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
  3. To send data to external managers nominated by the Owner, corresponding to the categories of persons (physical or legal) listed in the treatment register;
  4. Allow any registration to the website and to the newsletter, if any;
  5. Preventing or discovering fraudulent activities or harmful abuses committed by third parties;
  6. Exercise the rights of the owner, for example the right to defend in court;
  7. Send commercial communications relating to services and products of the Owner like those already used, unless expressly disagree.

3. Methods of processing

The processing of personal data is carried out by means of the operations indicated in art. 4 n. 2 GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The personal data of the person of interest shall be processed in both paper and electronic and / or automated.

4. Duration of treatment

The Holder will process your personal data for as long as necessary to fulfil the purposes of Article 2. 1 with this information and no later than 10 years from the termination of the relationship and not over 2 years from the collection of personal data for any marketing purposes as per article 2, point 7 of this statement.

5. Access to data

Your data may be made accessible for the purposes referred to in Article 2:

  • to employees and collaborators of the Data Controller as Data Processors and / or Data Processors, as well as to the DPO (Data Protection Officer), if appointed;
  • to third parties (for example: servers, providers for the management and maintenance of the website, suppliers, lenders, professional offices, service co-operatives, etc.) who carry out outsourcing activities on behalf of the Owner, in their capacity as external controllers, appointed by the owner.

6. Storage and Data Transfer

The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred to outside the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for European Commission.

7. Communication of data

Without express consent (Art. 7 GDPR), the owner can communicate your data for the purposes of art. 2. to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said purposes. Your data will not be distributed.

8. Rights of the interested party

In your capacity as an interested party, you have the rights set forth in art. 15 GDPR and precisely the rights of:
the. Obtaining confirmation of whether personal data concerning you, even if not yet recorded, and their communication in intelligible form; ii. obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the owner, of the responsible persons and, in the case described by the combined disposition of the articles. 3, parag. 2 e. 27, par. 1, GDPR, of the representative established in the Union; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents; iii. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been communicated, except in the case in which this fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right; iv. object, in whole or in part: a) for legitimate reasons the processing of personal data, pertinent for collection purposes; b) the processing of personal data for purposes of sending advertising materials or direct selling or for carrying out market research or commercial communications using automated calling systems without human intervention by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication. Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Supervisory Authority.

9. How to exercise rights

You can at any time exercise the rights referred to in Articles 16-21 of the GDPR by sending:

  • a registered letter to the Europass SRL, P.IVA 04393630480, with headquarters in Via Sant’Egidio, 12, 50122 Florence, the attention of Ambra Falabella
  • a PEC at

10. Owner, manager and person in charge, Data Protection Manager

The data controller is Europass SRL, P.IVA 04393630480, with a registered office in Via Sant’Egidio, 12, 50122 Florence, in person of the legal representative, Ambra Falabella.

The updated list of data processors and persons in charge of processing them is kept in the possession of the Data Controller and can be consulted upon written request.

11 . Changes to this Information

This Information Notice, which consists of four pages, may vary.

The data controller informs you that, pursuant to art. 7, paragraph 3, GDPR, you have the right to withdraw your consent at any time.