Information on personal data processings


    What does this document represent?

    This document describes users’ personal data processings who consult the website The following information does not cover other websites, pages or online services that can be reach through hypertext links that may be posted on the websites but refer to external resources.

Why this information 

National and international regulations regarding the processing of personal data, require the interested party (the user) who consults this website, to be clearly, transparently, and easily informed about the methods and purposes of the processing of his or her personal data as well as the use or non-use of cookies on the website.

What are the regulatory references?

  • European Data Protection Regulation EU 2016/679 (GDPR)
  • Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 and subsequent amendments and additions (Italian Privacy Code)
  • Directive 2002/58/EC (so-called e-Privacy)
  • Law 21 December 2018 n.171 of the Republic of San Marino.

    The data controller is the professional association SFERA Professionisti Associati in the persons of the individual members. The Data controller is based on Via Consiglio dei Sessanta, 99 – 47891, Dogana, Republic of San Marino and can be reached at the e-mail address or at the telephone number 0549-970595 for any questions concerning the processing of personal data carried out through this website.


    The Data Protection Officer can be reached at the following e-mail address  


Browsing data

The computer systems and software procedures used to operate this website, acquire some data whose transmission is involved in the use of Internet communication protocols during their normal operation. This information is not collected to be associated with identified interested parties, but by their very nature, they could allow users to be identified through processing and association with data held by third parties. 

This data category includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.

These data are used for the only purpose of obtaining anonymous statistical information about the use of the website and to check that it is working properly. These data are not disclosed to third parties and are not spread.

Data communicated by user

The optional, explicit and voluntary sending of messages to the contact addresses indicated on this website, private messages sent by users to SFERA’s profiles/pages on social media, as well as the filling out and submission of forms on this website, involve the subsequent processing of the sender’s contact data, required to respond, as well as all personal data included in the communications.

Please do not send names or other personal data of third parties that are not strictly necessary, using instead fictitious names whenever possible.

Access to the restricted area of this site is allowed only to SFERA’s customers after registration by means of login credentials and involves the subsequent processing of personal data required for registration. Separate documents and worksheets are preserved in the restricted area for each customer who has consented to use the restricted area as a document sharing tool.

Cookies and other tracking tools

A cookie is a small text file transferred from Web server to user’s pc, its purpose is to inform the server about the user’s access to that particular web page and any other news it obtains from the system’s readable parameters through functions contained in the Web page. Cookies may be “temporary” (or session cookies, they are deleted when the connection is terminated) or “permanent” (they remain stored on the user’s hard drive unless the user himself deletes them. For identification of the cookies used by this site, please refer to the policy (called Cookie policy).

Information and personal data processed through the Social Media platform used

Regarding the processings of personal data performed by the managers of the Social Media platforms used by SFERA, please refer to the information provided by them through their respective privacy policies. SFERA processes personal data conferred by users through the pages of SFERA’s Social Media platforms exclusively to manage interactions with users (comments, public posts, etc.) and in compliance with current regulations.


Personal data are processed for the following purposes:


Legal Basis  

Retention Period

Nature of Processings

Answering contact requests

The legal basis is the need to execute pre-contractual measures adopted on the request of the user concerned.

The retention period of personal data is the time required to process the request.

The provision of personal data is optional, however, refusal will result in the impossibility for the user to forward the request.

Newsletter subscription

The legal basis is the consent of the user involved.

The retention period of personal data is determined by the user’s request for withdrawal of consent, if any.

The provision of personal data is optional, however, refusal will result in the impossibility of subscribing to the newsletter

Registration and access to restricted area

The legal basis is the consent of the customer concerned to use the restricted area as a document sharing tool.

The retention period of personal data is determined by the customer’s request for withdrawal of consent, if any.

The provision of personal data is optional, however, refusal will result in the impossibility to register in the restricted area.

To prevent, ascertain, and prosecute illegal conduct.

The legal basis for this processing is the pursuit of the legitimate interest of the Data Controller in preventing, detecting and prosecuting unlawful acts or violations of intellectual/industrial property rights (including those of third parties) or computer crimes or those committed through telematic networks.

The retention period for processed data is equal to the time reasonably necessary to enforce the rights of the Data Controller from the time of awareness of the wrongdoing or its potential commission.

The processing of personal data by the Data Controller is mandatory to prevent, detect, and prosecute illegal conduct.

User profiling with the aim of sending targeted and customized communications about the services offered by the Data Controller.

The legal basis is the user’s consent given by placing a flag on the cookie banner allowing the use of profiling cookies on the website.

The retention period of personal data is determined by the user’s request for revocation of consent, if any. The user can change the tracking options at any time by changing the consents to the use of cookies on the website.

The processing of personal data using profiling cookies is optional, however, refusal will result in the impossibility of receiving customized communications about the services offered by the data controller.



    Recipients of the personal data processed as a result of the consultation of this website are the following individuals designated by the Data Controller as those responsible for the processing carried out: 

    • Passepartout S.p.A. as the provider of email and domain management services.
    • E Solution Group S.r.l. as provider of the site hosting services at its servers.
    • E Solution Group S.r.l. as provider of development, delivery, operational management services of this website as well as SFERA’s social media management service.

    The following categories of subjects may also be recipients of the personal data processed:

    • Subjects, entities or Authorities required to communicate your personal data under provisions of the law or orders of the Authorities;
    • Personnel expressly authorized by Data Controller, necessary to carry out activities strictly related to the provision of services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality and have received adequate operational instructions.
  1. DATA TRANSFER Some personal data may be shared with recipients that may be located outside the European Economic Area (EEA). The Data Controller ensures that the processing of your personal data by these recipients is performed in accordance with the relevant regulations.
  1. EXISTENCE OF AUTOMATED DECISION-MAKING INCLUDING DATA PROFILING The data controller does not adopt an automated decision-making process on the processing of personal data carried out through the consultation of this website.

    Minors under the age of 18 may not provide personal data. The owner will not be in any way responsible for any collection of personal data, as well as false statements, provided by the minor, and in any case, if it is found to be used, the Data Controller will facilitate the right of access and deletion forwarded by the guardian, custodian or those exercising parental responsibility.

  2. USERS’ RIGHTS Users who consult that website, in cases provided by the relevant regulation in force, can exercise the access to data at any time, receive them in a structured and commonly used, electronically readable format and request to transmit them to another data controller (data portability), as well as to get corrected, updated, modified, or deleted them (subject to any applicable exceptions). It is also recognized the right to object and restrict of data processings together with the right of data deletion and revocation of consent originally given at any time.

    It is possible to exercise the above rights by contacting the data controller to the contact points indicated in paragraph 2. Users that believe their personal data processing carried out through this website take place without complying with the provisions of the relevant regulations in force, have the right to complain or report to the competent Data Protection Authority.
  1. UPDATES This policy is current as of December 9, 2021. The data controller reserves the right to make changes, at any time, to this policy.