Privacy Policy

Last update: 26.06.2024

What is this document? Through this privacy policy drafted pursuant to Art. 13 European Reg. no. 679/2016 (“General Data Protection Regulation” or “GDPR“) and in compliance with the principles contained therein, Smart Robots S.r.l. intends to inform each user (“the User“) of the processing of personal data collected through the website (the “Site“)

Data Controller and Contact Details

Smart Robots S.r.l. (hereinafter referred to as “Data Controller“)

with registered office in Via San Martino 12, 20122 Milan, Italy


+39 02 4590 2000

Purpose of processing, Legal basis, Personal data processed and Retention period

The Data Controller acquires personal data for the following purposes, as specified below, where the legal basis and duration of data processing is also highlighted.

Finalità Dati Personali Base giuridica Periodo di conservazione
A.    Contact ✓ Biographical information (First name, last name)

✓ Contact details (Email address, telephone)

Execution of pre-contractual measures [Art. 6, 1(b) GDPR] For the period necessary for response.
B.    Meeting booking and management ✓ First and last name

✓ Contact details (Email address, telephone)

Execution of contractual measures [Art. 6, 1(b) GDPR] Until the meeting is held and no later than 6 months after the meeting.
C.    Downloading information materials, reports, brochures, etc. ✓ Biographical Information (First and Last Name)

✓ Contact details (Email address, telephone)

Execution of pre-contractual measures [Art. 6, 1(b) GDPR] 1 year
D.    Sending newsletters containing information including commercial information ✓ Biographical Information (First and Last Name)

✓ Contact details (Email address, telephone)

Consent [Art. 6, 1(a) GDPR] Until the withdrawal of the

consent and no later than 24 months from the date of last contact.

E.    To enable the Owner to fulfill formalities required by law, including those of a fiscal nature. ✓ Biographical Information (First and Last Name)

✓ Contact details (Email address, telephone)

Legal obligation [Art. 6, 1(c)


According to applicable regulations.
F.     Improve the website by analyzing how Visitors or Users browse and/or use the website. ✓ Site usage data Legitimate Interest.

[Art. 6, 1(f) GDPR]

Not applicable (aggregate or anonymous data).
G.    Detect or prevent fraudulent activities and exercise Holder’s rights in court ✓ Biographical Information (First and Last Name)

✓ Contact details (Email address, telephone)

Legitimate Interest.

[Art. 6, 1(f) GDPR]

10 years

The provision of your Data for the purposes under A), B) and C) is necessary and obligatory so that, in case of refusal, we will not be able to follow up the contractual relationship with you and the related provision of the requested services.

The provision of data for the purpose D) is optional.

The provision of data for the purpose E) is mandatory in order to enable the Data Controller to comply with the regulatory obligations to which it is subject.

The processing activities under F) and G) do not require your specific consent as they are based on the legitimate interest of the Data Controller provided for in Article 6, c. 1, lett. f) of the GDPR. In any case, in accordance with the GDPR, we have carried out a thorough balancing of interests aimed at protecting and guaranteeing the privacy and fundamental rights of data subjects.

The User may seek clarification of the legal basis of each processing at any time.


Our website uses cookies and other tracking tools to ensure that procedures work properly and improve your browsing experience. Please see the cookie policy for more information.

Method of Processing

The processing is carried out using automated and/or manual computer and telematic tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of the data.

Access to Data

Personal Data may be shared with the following entities, in accordance with Applicable Privacy Laws: (i) Internet service providers and platforms used by the Data Controller as organizational tools, communication and/or promotional channels; (ii) consultants and other third-party service providers who perform services for us or on our behalf and require access to such information to perform such work; (iii) public entities to whom such data must be compulsorily disclosed due to legal provisions or orders of the Authority.

Your data may be made accessible for the purposes mentioned in the previous article to a selected list of suppliers. Such a list may be requested from the contacts in this policy.

These subjects act as autonomous data controllers or data processors. In the latter case, the Data Controller has entered into a specific agreement pursuant to Article 28 GDPR (Appointment as Data Processor). The list of Data Processors can be obtained by contacting the Data Controller and/or the DPO at the contact details provided.

Personal data will be processed by in-house personnel specifically authorized under Article 29 GDPR. The names of all authorized personnel are available under request to the Data Controller at

Place of Data Processing.

Personal data is processed at the Data Controller’s premises, as well as in the servers that host the website. Personal data is stored in servers located in the EU territory and will under no circumstances be transferred outside the EU. The Data Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers are made by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards required by the GDPR.

Rights of the data subject

Pursuant to Article 15 GDPR, the User has the following rights:

  1. to obtain confirmation as to whether or not personal data concerning you are being processed, even if not yet registered, and their communication in an intelligible form;
  2. obtain an indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identification and contact details of the data controller, the data processors and, where applicable, the data controller’s representative; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State or as managers;
  3. obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  4. to object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of your personal data for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by electronic mail and / or by traditional marketing mode via telephone and / or paper mail. It should be noted that the data subject’s right to object, set out in point b) above, for direct marketing purposes through automated modalities extends to traditional modalities, and that the data subject’s right to exercise the subject’s right to object, even partially, remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.


Where applicable, Users may exercise their rights under Articles 16-21 of the GDPR at any time and without unjustified restriction.

In particular, the User may:

  • Obtaining confirmation that treatment is in progress (Art.15);
  • Obtain rectification of inaccurate or incomplete data (Art. 16);
  • Obtain deletion of data without undue delay (Art. 17);
  • Restrict processing to only part of the personal data (Art. 18);
  • Receive copies of personal data held by the data controller in a commonly used, machine-readable format; obtain unimpeded transfer to another data controller (Art. 20);
  • Object at any time to the processing of personal data. (Art. 21);


You may always lodge a complaint with the competent Authority (Data Protection Authority), pursuant to Art. 77 of the GDPR, if you believe that the Data Controller processes your Personal Data in violation of applicable law.

How to exercise your rights

To exercise their rights, Users may address a request by contacting the Controller at  The request is free of charge and the Controller will respond as soon as possible, in any case within one month, providing the User with all the information required by law. Any rectification, deletion or restriction of processing will be communicated by the Controller to each of the recipients, if any, to whom the Personal Data has been transmitted, unless this proves impossible or involves disproportionate effort. The Data Controller shall notify the User of such recipients if the User so requests.


The Data Controller reserves the right to amend and update the following Privacy Policy following any new provision of national or European data protection law by republishing the document on this site.