We inform you that the professional relationships established with the writing Owner may involve the processing of personal data, in compliance with the following general principles:

  • all data are processed in a lawful, correct and transparent manner with regard to the interested party, in compliance with the general principles set forth in Article 5 of the GDPR;
  • specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access;
  • the Data Controller is the undersigned Company: FINSTAR S.p.A., Via G. Fantoli – 7; Telephone number: 02 5060859


The Data Controller processes personal identification data of the customer / supplier (for example, name, surname, company name, personal / tax data, address, telephone number, e-mail address) and his / her operational referents (name, surname and contact details) acquired and used in the provision of services provided by the Data Controller.


The data is processed for:

  • conclude contractual / professional relationships;
  • fulfill the pre-contractual, contractual and fiscal obligations deriving from the relations in progress, as well as manage the necessary communications connected to them;
  • fulfill the obligations provided for by the law, by a regulation, by EU legislation or by an order of the Authority;
  • exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions, the ordinary internal requirements of an operational, managerial and accounting type).

Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, in accordance with Article 6, paragraphs b, c, f, appropriate legal bases of lawfulness of processing. If you intend to carry out treatments for different purposes, you will be asked to give your consent.


The processing of personal data is carried out by means of the operations indicated in the Art. 4 n. 2) GDPR and more precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data is processed both on paper and electronic and / or automated. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.


The data is processed by internally authorized and instructed individuals pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects who act as Managers or autonomous Data Controllers (consultants, technicians, banks, transporters, etc.). The data are not subject to dissemination or transfer to non-EU countries. Should it be necessary, in the context of tenders / contracts or in the fulfillment of legal obligations (eg joint and several liability, anti-corruption, anti-mafia, anti-money laundering, etc.) to acquire personal data from their employees from customers / suppliers, the parties agree that the undersigned company will be entitled to be processed as an External Manager (Art.28 GDPR) or authorized subject (Art.29 GDPR). As part of this relationship, the undersigned company undertakes to process such data in compliance with the compliance requirements of the GDPR, guaranteeing any communication to additional subjects exclusively in the context of specific legal obligations.