Privacy Policy



  1. Foreword

The protection of your personal data and the security of your personal data are of great importance to Cromology Italia S.p.A.. For this reason, we collect and process your personal data with the utmost care and attention, adopting at the same time specific and adequate technical and organizational measures to guarantee the full security of the processing.

With this notice, Cromology Italia S.p.A., in its capacity as Data Controller, in compliance with the provisions of Regulation (EU) 2016/679 (hereinafter, “GDPR” or “Regulation”) and Legislative Decree n. 196/2003, as last amended by Legislative Decree n. 101/2018 (hereinafter, “Privacy Code”), wishes to inform you about the purposes and methods of the processing of personal data that will be acquired during your interaction with the websites listed below (hereinafter, also “Websites”) through the simple consultation of them and/or through the use of specific services made available to the user/visitor through the websites themselves.

This policy is provided for the following websites:


Please also read, if you have not already done so, the websites’ Cookie Policy.


  1. Definitions

«personal Data»: any information relating to an identified or identifiable natural person («data subject»); an identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity;

«processing»: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

«profiling»: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

«controller»: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

«processor»: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

«consent of the data subject»: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;


  1. Controller

The processing of your personal data is carried out, using manual and automated systems, by Cromology Italia S.p.A. (hereinafter also referred to as “Cromology” or “Controller“), with registered office in Porcari (LU), Via 4 Novembre, 4, 55016, as Controller pursuant to and for the purposes of the GDPR.

For any question or request related to the processing of your personal data you may contact the Company at any time by sending a request to the following references:


Business Name: Cromology Italia S.p.a.

Registered office adress: Porcari (LU), Via IV Novembre n. 4, 55016

Telephone: 800825161


Data protection officer:


  1. Type of Data Processed, Purposes and Legal Basis of Processing

The personal data subject to processing will be:

  • Identification data
  • Navigation data
  • (with reference to the site where the possibility of transmitting applications for job positions is provided for) personal data included in the CV transmitted.

The data highlighted above (hereinafter also only “Data“) are collected:

  • during your navigation on the Websites listed above;
  • if you voluntarily decide to provide it in order to contact Cromology Italia S.p.A. through the information request form or for the further purposes specified below, or if you submit your application.


As a general rule, special categories of data under article 9 GDPR or data relating to criminal convictions and offences under article 10 GDPR will not be processed; should it be necessary to process your special data under article 9 GDPR they will only be processed on the basis of your specific consent.

In the table below you will find indications of (i) the purposes and (ii) the legal basis of the processing activities carried out by the Controller, associated with (iii) the specific website by mean of which the personal data is collected.


  Purpose Legal Basis Website
A Measure your experience in using our web services, the services we offer, and to ensure the correct functioning of our web pages and their contents. The processing activity performed for these purposes is based on a legitimate interest of the Controller, and does not require specific consent from the data subject.

B Carrying out direct marketing activities, such as the promotion of products or events carried out through letters, telephone, automated communication systems, e-mail, etc. market and user satisfaction surveys. The processing activity performed for these purposes are carried out with the specific and free consent provided by the user. Except for commercial communications relating to products and/or services similar to those already purchased and/or subscribed to by the user for which the processing is based on a legitimate interest of the Controller (so-called “Soft Spam”).


C Profiling activities, also by means of automated activities aimed at the analysis of user preferences and choices. The processing activity performed for these purposes are carried out with the specific and free consent provided by the user.

D Management of the pre-contractual and contractual relationship, including therefore the registration on the Site through the “contact us” form for requests or questions presented by the data subject. Profile creation for access to dedicated contents. The processing performed for these purposes are based on the contractual and pre-contractual relationships established with the user and does not require specific consent from the person concerned.

E Selection of candidates who send their CVs by filling in the appropriate form on the “work with us” page of the Site. Legitimate Interest


Without prejudice to the freedom of the data subject to provide his/her personal data, please note that:

  • The provision of data for the purposes A), D) and E) referred to in paragraph 4 is necessary, and failure to provide the data will make it impossible to use the services offered by Cromology.
  • The provision of data for the purposes of points B) and C) referred to in paragraph 4 is optional. Failure to provide data does not make it impossible to use the services offered by Cromology.



  1. Processors and recipients of data

Your personal data are processed exclusively by personnel of the Company specifically authorized and designated pursuant to art. 4, paragraph 10 of the Regulation and art. 2-quaterdecies of the Privacy Code, who have been adequately trained in relation to the regulatory requirements regarding privacy and process data following precise indications from the Controller.


Your personal data will also be transmitted to third parties that we use for the proper provision of our services and products. These subjects have been adequately selected by us and offer adequate guarantee of compliance with the rules on the processing of personal data.


In the event that these subjects process personal data with reference to which Cromology is to be qualified as the Controller pursuant to the Regulation, they have been appointed as Processors pursuant to art. 28 of the Regulation, and are required to carry out their activities according to the specific instructions given by the Company and under its control.


Such third parties may belong to the following categories:

– Cromology Group companies including subsidiaries and affiliates;

– collaborators, suppliers of the Data Controller: the Controller’s suppliers include, by way of example, banking and credit institutions, insurance companies, consultants, shipping managers, software suppliers and related assistance;

– financial administration and other national and/or international bodies for which mandatory communications are envisaged.

A specific and updated list of these subjects is available at the headquarters of the Controller, and can be consulted at the request of the interested party.


It is understood that your personal data will not be disclosed to third parties so that they can use them for their own promotional purposes and will not be disseminated in any way, except for all those subjects whose right to access such data is recognized by virtue of regulatory measures.


  1. Extra-EU Data transfer

Personal data will be processed mainly within the European Union, but it may happen that they are transferred, for the pursuit of the purposes referred to in paragraph 4 above, to subjects located in third countries (non-EU) also for intra-group activities.


The transfer of your personal data to third parties resident or located in countries that do not belong to the European Union and that do not ensure adequate levels of protection will be performed only with your consent or after the conclusion of specific agreements between the Company and these subjects, containing appropriate safeguards and guarantees for the protection of your personal data so-called “standard contractual clauses”, also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of a contract between you and the Company or for the management of your requests.


  1. Data Retention

We inform you that your data will be stored for a limited period of time, which varies according to the type of processing activity and the specific purposes thereof, as indicated below:

  • Navigation data are deleted – except in the case of detection of illegal activity – no later than 24 hours after their collection;
  • Data collected for marketing purposes will be processed for a period not exceeding 48 months from the date of consent or its renewal, or from the last expression of interest in Cromology’s products and/or initiatives.
  • The data related to the contractual relationship will be kept for the entire duration of the same and at the end – limited to the data necessary at that point – for the fulfillment of any legal obligations and for the needs of protection, including contractual, connected with or arising from it; ordinarily, therefore, the data will not be kept beyond 10 years from the termination of the contractual relationship;
  • Data related to the receipt of CVs from candidates will be kept in the Company’s files for a maximum period of 24 months.

At the end of these periods, your data will be permanently deleted or, in any case, irreversibly anonymized by the Company.


  1. Your rights

We inform you that you are entitled to exercise the following rights in relation to the personal data covered by this policy, as provided for and guaranteed by the Regulation:

  • Right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that it is corrected, amended or supplemented. If you wish, we will provide you with a copy of the data concerning you.
  • Right to erasure (Art. 17 of the Regulation): In the cases provided for by the Regulation in force you can ask for the cancellation of your personal data. Received and analyzed your request, it will be our care to cease the treatment and delete your personal data, if found legitimate.
  • Right to restriction of processing (Art. 18 of the Regulation): you have the right to request the restriction of the processing of your personal data in the event of unlawful processing or challenge of the accuracy of your personal data by the data subject.
  • Right to data portability (Art. 20 of the Regulation): You have the right to request and obtain, from the Controller, your personal data in order to transmit it to another Controller, in the cases provided for by the above-mentioned article.
  • Right to object (Art. 21 of the Regulation): You have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interest, explaining the reasons justifying your request; before accepting it, the Company will evaluate the reasons for it.
  • Right to lodge a complaint (Art. 77 of the Regulation): you have the right to lodge a complaint with the competent Authority for the protection of personal data if you believe that a violation of your rights has occurred or is underway with regard to the processing of your personal data.


With reference to any processing carried out on the basis of your consent, you may revoke this consent at any time, without affecting the lawfulness of the processing carried out before the revocation. Similarly, at any time (and therefore both at the time of providing data and subsequently) you may express your wish not to receive communications of a commercial nature sent to you pursuant to art. 130 of the Privacy Code (“Soft Spam”).


You may exercise your rights at any time with reference to the specific processing of your personal data by the Company.


Without prejudice to what has been expressed so far, we remind you that the above rights may also be exercised by anyone who has an interest of their own, or acts on your behalf, as your representative, or for family reasons deserving of protection, pursuant to art. 2-terdecies of Legislative Decree 101/2018.


These rights may be exercised by e-mail to the mailbox or by regular mail to the address of the Controller, as highlighted in paragraph 3.

Further information on the rights of the interested party may be obtained by asking the Controller for a full extract of the above-mentioned articles.


  1. Security measures

The Company adopts adequate and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of the personal data of the data subject. Technical, logistical and organizational measures are put in place to prevent damage, loss, even accidental, alteration, misuse and unauthorized use of data processed.

Moreover, the controllers cannot be held responsible for untrue information sent directly by the user (for example: correctness of the e-mail address or postal address), as well as information concerning the user that has been provided by a third party, even fraudulently.


  1. Amendments to this policy

Our ever-evolving services may lead to changes in the characteristics of the processing of your personal data processing described so far. This privacy policy may be subject to changes and additions over time, as necessary, due to new legislation on the protection of personal data, or the evolution / modification of our services.

We therefore invite you to periodically check the contents of our privacy policy: where possible, we will try to promptly inform you of any changes made and their consequences.

The updated version of the privacy policy, in any case, will be published on the Company’s web page, indicating the date of its last update.


  1. Date of last update


Cookie Policy


Dear User,

Cromology Italia S.p.A. (hereinafter also referred to as “Cromology” or “Company“), with registered office in 55016, Porcari (LU), Italy, Via 4 Novembre 4, in its capacity as Controller, provides the following information on the use of cookies on the website (hereinafter also referred to as the “Site“) and the other sites linked to it (hereinafter also referred to as the “Sites“)


1. Controller

For any question or request relating to the processing of your personal data, or to the exercise of your Rights, you may contact the Company at any time by sending a request to the following references:


Company name: Cromology Italia S.p.a.

Registered Office Address: 55016 Porcari (LU), Italy, Via IV Novembre n. 4

Telephone: 800825161


Contact details of the Data Protection Officer (DPO):


2. What is a “cookie”?

Cookies are small pieces of data (text files) that a website – when visited by a user- asks your browser to store on your device (PC, tablet, smartphone etc.), and then transmitted to the same website the next time the user visits it.

Those Cookies can be set by the Company – (first party cookies) – or can be sent from a domain other that that of the website you are visiting (third-party cookies).


Cookies are useful because they make it possible to recognise the device accessing the site, as well as to navigate through the pages without interruption, remembering the preferences expressed and improving the Users’ browsing experience or ensuring that the advertisements displayed online are more suitable for the User and/or relevant to the User’s interests.


3. Browser Settings

By changing the settings on your internet browser, you may change your cookie settings and may choose not to install any cookie. However, your choice may affect your experience on the Site and the services we can offer.


The browser settings relating to cookies are accessible and modifiable by the User (manually or by means of specific tools) under “options”, “tools” or “preferences” in the menu of the Internet browser specifically used. It is also possible to consult the “help” section of the browser menu.


In any event, the configuration of each browser is different and is described under the “help” section in the menu of that browser. For more details on how to manage your cookie settings, please follow the links below:

Google Chrome
Mozilla Firefox
Internet Explorer

At any time, you can choose to accept or reject the use of cookies by using the on/off settings in the preference centre by clicking on the following button: Cookie Settings


4. Cookies used on our website

In accordance with the provisions of the Data Protection Authority’s Guidelines on Cookies and Other Tracking Tools of June 2021, the judgment of the Court of Justice of the European Union C-673/17 on the use of cookies and the “Guidelines 05/2020 on Consent under Regulation 2016/679”, adopted by the European Data Protection Board, consent to the use of cookies must be given freely, expressly and unambiguously.


For this reason, the Site only activates the use of cookies if the User clicks on the “Accept All” button included in the banner that appears when accessing the Site for the first time.


If the User decides to click on the “Reject All” button or on the “X” in the banner that appears when accessing the Site for the first time, the default settings will remain and the User will be able to continue browsing in the absence of cookies or other tracking tools other than technical ones.


The user can view the categories of cookies and configure or modify its preferences by clicking on:  Privacy Settings


The Site uses different types of cookies for different purposes: necessary technical cookies, technical analytics cookies, performance cookies and targeting cookies. Some cookies may be provided by third parties to integrate additional functionalities to our Site as indicated below.


Necessary Technical Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems.


Necessary technical cookies are, for example:

  • cookies that allow the user to access their profile without having to log in each time;
  • cookies that allow the user to “find” or “keep” products that he has added to his shopping cart even after several days;
  • cookies that allow you to choose the language in which you wish to view and navigate the Site without having to set it each time you visit the Site.


If you refuse these cookies, for example by changing the settings of your browser, it will not be possible to guarantee the timely and correct functioning and performance of the Site during your visit.


Technical Analytics Cookies

Categories of Cookie Cookie Types of cookies Retention
Strictly necessary cookielawinfo-checkbox-necessary First Party 11 months
Strictly necessary cookielawinfo-checkbox-functional First Party 11 months
Strictly necessary cookielawinfo-checkbox-analytics First Party 11 months
Strictly necessary cookielawinfo-checkbox-advertisement First Party 11 months
Strictly necessary cookielawinfo-checkbox-others First Party 11 months
Strictly necessary cookielawinfo-checkbox-others First Party 11 months
Strictly necessary cookielawinfoconsent First Party 11 months
Strictly necessary Viewd_cookie_policy First Party 11 months
Strictly necessary _GRECAPTCHA Third Party 5 months 27 days

These cookies allow us to collect and analyse information about the traffic of visitors to the Site, where these visitors come from and how they access and navigate the Site. These cookies also allow us to monitor the operation of the system and improve its performance and usability.

All this information is collected through cookies in an aggregate and anonymous form.

If you do not consent to these cookies, we will not be able to improve the performance of the system and its usability.



Performance Cookies

Categories of Cookies Cookie Types of Cookies Retention
Google Analytics _ga Third Party 2 years
Google Analytics _gat Third Party 1 minute
Google Analytics _gid Third Party 1 day
Google Analytics _dc_gtm Third Party 1 minute


These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and to see how visitors navigate the site.


All information collected by cookies is aggregated and therefore anonymous.

If you do not allow these cookies, we will not know when you visited our site.

For more information on Google Analytics:



Targeting cookies

Categories of Cookies Cookie Types of cookies Retention
Facebook _fbp Third Party 3 months
Google Ads _gcl_au Third Party [Persistent]
 Google Ads _gat_gtag Third Party 1 hour

These cookies may be set through our site by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other sites. They do not store any personal information directly, but are based solely on identifying your browser and internet device. If you do not accept these cookies, you will receive less targeted advertising.

For more information about Facebook’s privacy policy:

For more information about Google Ads privacy policy:


5. Amendments and updates

This cookie policy is valid from the date below.

The Company may also make changes and/or additions to this cookie policy, including as a result of any regulatory change and/or addition.

For further information on the protection of your privacy, please write to the following e-mail address:


Last update: 02/02/2022