INFORMATION Pursuant to article 13 EU Reg. 679/2016 and Legislative Decree 196/2003 as amended.  (Privacy Code)

Dear User/visitor,

we wish to inform you that EU Reg. 679/2016 (and Legislative Decree 196/2003 as amended) provide for the protection of individuals with regard to the processing of personal data. According to this legislation, this processing will be based on principles of correctness, lawfulness and transparency, protecting your privacy and your rights.

Pursuant to the afore-mentioned articles 13 EU Reg. 679/2016 and Legislative Decree 196/2003 as amended, we therefore provide you with the following information:

a) The processing you provide by completing this data collection form will be carried out through an automated process and/or through the collection of paper-based documents and pursues the following purposes:

  • To process your request to subscribe to our periodic newsletter. This newsletter will be sent to you on a monthly basis, via e-mail, to your address. The decision to grant consent for the receipt of our periodic newsletter may be changed at any time, in whole or in part, by sending a specific communication to the data controller at the addresses indicated below.

It should be noted that, in no section of the website, for access to any functionality of the website, is the assignment of “special categories of personal data” and/or “personal data relating to criminal convictions and crimes requested, as defined by art. 9 and 10 of the EU Reg. 679/2016: if spontaneously the User sends to the data controller the information of the afore-mentioned type, the data controller will process such data in compliance with the current legislation regarding the protection of personal data (EU Reg. 679/2016 and Measure of the authority Privacy Guarantor no.146/2019) and within the limits of what is strictly necessary in relation to the requests made by the interested User.

We remind you that the following information is provided only for this website and not for other websites that may be consulted by the user through links. We also remind you that the optional, explicit and voluntary sending of e-mails to the addresses indicated on this website involves subsequent acquisition of the sender’s address, necessary to respond to requests for information, as well as any other personal data entered in the message.

b) The provision of data is optional for the execution of the purposes referred to in letter a) and the possible failure to provide it (see mandatory data, for example marked with << * >>) could make it impossible for our Company to follow up on your request to subscribe to our newsletter; the processing is not based on the conditions set forth in art. 6, paragraph 1, lett. f) EU REG. 679/2016;

c) Your personal data will be processed by persons specifically appointed by the data controller as data controllers and/or by anyone acting under its authority and having access to personal data; these subjects will process your data only when necessary in relation to the purpose of the provision and only in the performance of the tasks assigned to them by the data controller, undertaking to process only the data necessary for carrying out these tasks and to perform only those operations necessary to carry out the same.

Furthermore, your personal data may be communicated for the purposes referred to in paragraph a), to:

  • external companies or professionals who perform specific tasks on behalf of the data controller (as a non-exhaustive example, website operator, mailing service providers, suppliers of services of management/maintenance/implementation of company information systems, etc.) only if the communication of your personal data is necessary or in any case functional to the pursuit of the purposes referred to in paragraph a);
  • Parent company, controlled by or connected to the data controller;

The data communications described above may be, depending on the case, strictly connected to the normal business operation within the registration service requested and may be strictly necessary for the purposes referred to in paragraph a); therefore, failure to communicate may make it impossible to fulfil the purpose referred to in paragraph a).

c1) the Data Controller may transfer personal data to a third country or to an international organisation; in these cases they undertake to carry out the processing only in the presence of appropriate guarantees;

c2) in compliance with the Provision “Measures and arrangements prescribed to the data controllers with electronic instruments relating to the assignment of the functions of system administrator – 27 November 2008” (Official Journal no. 300 of 24 December 2008) and the related additions and amendments, the data controller has appointed specific “System Administrators” who, as part of the performance of their functions, will have access, including indirectly, to services or systems that process or allow the processing of personal information.

c3) the data will not be disclosed to other third parties, unless you have approved this, in advance, with your express consent.

Your personal data will not be disseminated.

d) The data will be kept for the time necessary to achieve the aforementioned purposes, in a form that allows the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed., after which, if not expressly reconfirmed by the interested party, they will be destroyed, subject to their transformation into anonymous form. The data will be kept until you unsubscribe from the service, which can be easily obtained by clicking on the link specifically provided in each Newsletter.

e) The personal data provided will not be processed in order to implement an automated decision-making process (so-called profiling).

f) In the hypothesis in which the personal data provided must be processed for purposes other than those indicated above, the Data Controller will provide you with information regarding this different purpose and any other relevant information.

The Data Controller, taking into account the state of the art and the implementation costs as well as the nature, scope, context and purpose of the processing both when determining the means of processing and at the time of the processing itself (so-called risk analysis – accountability), has put in place adequate technical and organisational measures aimed at effectively implementing the data protection principles and integrating the necessary guarantees in order to meet the requirements of EU Reg. 679/2016 and to protect the rights of the interested party.

Data will be processed using methods and instruments suitable to guarantee security (art. 24, 25 and 32 EU Reg. 679/2016) and will be carried out through an automated process and through non-automated means (paper-based archives) to which all technical and organisational measures will be applied to ensure a level of security appropriate to the risk to ensure on a permanent basis its confidentiality, integrity, availability and resilience of the processing systems and services (by way of example but not limited to: controls both on the assignment of tasks to the persons responsible for data processing and on the classification of the data itself, procedures, if sustainable, of pseudonymisation and encryption, disaster recoverymechanisms, etc.).

We inform you that the processing of data is based on the provisions of art. 6, paragraph 1, lett. a) EU Reg. 679/2016, and the User is free to provide their own information by sending it to the data controller through the addresses on the company website and/or by filling out specific information collection forms on the website; in the latter case, failure to provide certain data could, depending on the case, make it impossible to proceed with the activities requested by the User (for example, see “mandatory fields” marked with <<*>> within the information collection forms).

The data controller is: AMBRA’S SRL with registered office in Via Dante no. 16 in Milan (MI-ITALY), Tax Code – VAT no. 06788760962, Tel +39 02 90.67.099, Fax +39 02 90.600.888, Website, e-mail:, Certificate email (defined above and below “Data Controller”).

The data controller has not currently designated the D.P.O. (Article 37 EU REG. 679/2016 and WP Guidelines Article 29 of 13.12.2016), as an unnecessary figure within the structure, given that the characteristics of the treatments do not fall within the cases referred to in the aforementioned Article 37.

Pursuant to art. 28 of the EU REG. 679/2016, the Data Controller may use third parties that process data on its behalf and formally appointed by it as data processors. The complete and updated list of data processors appointed will be provided to you by the Data Controller upon your simple request, by sending a communication to the addresses indicated above.

Pursuant to art. 29 of the EU REG. 679/2016, the Data Controller may use anyone acting under his authority and / or the appointed manager; these subjects will be duly instructed.

The Data Controller also informs you that:

g) the interested party has the right to ask the Data Controller to access their personal data, to correct or cancel it, to limit its processing or to oppose its processing in addition to the right to data portability (art. 15, art. 16, art. 17, art. 18, art. 20 EU REG. 679/2016); with the exercise of the right of access, the interested party has the right to obtain from the Data Controller confirmation that it is or is not processing any personal data concerning them while the exercise of the right to portability allows the interested party to obtain from the data controller personal data in a structured format, in common and readable use, or the transfer of such data from the original data controller to another (see WP 242 of 13.12.2016);

h) the interested party has the right, where the processing is based on article 6, paragraph 1, letter a) or on article 9, paragraph 2, letter a), to withdraw their consent at any time without compromising the lawfulness of the processing based on the consent given before the withdrawal;

i) the interested party has the right to lodge a complaint with a supervisory authority;

j) the interested party has the right to learn of, from the Data Controller, which must respond appropriately without justified delay, any violation of personal data likely to present a high risk for the rights and freedoms of individuals (art. 34 EU REG. 679/2016).

The full text of the articles of the EU REG. 679/2016 related to your rights (articles 15 to 23 inclusive) is available at any time at the following link on the website of the Authority for the Protection of Personal Data:

or, alternatively, the Data Controller will provide you with it in response to your request, by sending a communication to the addresses previously indicated.

The user may at any time exercise their rights by sending a registered letter to Ambra’s S.r.l. Via Dante no.16 – 20121 Milano (MI) or by sending an email to

Milano (MI-ITALY), Date of last modification 01.05.2021