Privacy policy in compliance with EU Regulation 2016/679

Processing of data belonging to users accessing the Website and subscribing to the Black & White Comunicazione newsletter


This policy is issued in accordance with Article 13 of Regulation 2016/679 (GDPR)

Data Controller.
All of the following companies, part of the AXIOM1 group with registered offices at 18, Via Giulio Ceradini, are data controllers:
Black & White Comunicazione s.r.l., Axiom1 s.r.l.

Email address of Controller:

Type of Data collected

Personal data are collected when provided directly by the interested party or provided automatically.
Data provided directly by the interested party are all personal data provided directly to the Controller of Data by the interested party, using any method. The following personal data is collected and processed: name, surname, company, email address.

Automatically collected data are browsing data. While they are not collected for the purpose of being associated with the user’s identity, they may identify him or her directly through the processing and association with data collected by the Controller.

When a newsletter is sent out, the platform in use indicates whether a message has been opened as well as areas of the newsletter that have been clicked.

The User takes responsibility for third party Personal Data obtained, published or shared through this website and declares that she or he is entitled to communicate or disseminate them, releasing the Controller from all responsibility towards third parties.

Data processing method

The Controller has adopted every possible security procedure to prevent Personal Data from being unlawfully accessed, disclosed, altered or destroyed. Data is processed with computerised and/or electronic instruments, using organisational methods and procedures strictly related to the purposes indicated. As well as the Controller, in some cases Data may be accessed by other individuals involved in the running of this website (administrative, sales, marketing and legal personnel, systems administrators) or external individuals (including providers of third party technical services, mail carriers, hosting providers, computer companies, communication agencies) appointed Processors as required by the Controller. The Controller may always be asked for an updated list of Processors.

Legal basis for processing

The Controller processes the User’s Personal Data in the following circumstances: • the User has given consent for one or more of the specified purposes;

  • processing is necessary for the performance of a contract with the User and/or the performance of precontractual measures;
  • processing is necessary for compliance with a legal obligation required of the Controller;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the Controller;
  • processing is necessary for the performance of the legitimate interest of the Controller or third parties.

It is nonetheless possible to ask the Controller to clarify the legal basis for each case of processing, particularly to specify whether the processing is based in law, established by contract or necessary to enter into a contract.


Data are processed at the Controller’s places of business and in all other places where the parties involved in processing are located. For further information, contact the Controller.

Storage period

Data are processed and stored for the time required for the purposes for which they were collected. Consequently:

  • Personal Data collected for purposes relating to the performance of a contract between the Controller and User will be stored until performance of the contract is completed.
  • Personal Data collected for purposes relating to the legitimate interest of the Controller will be stored until the said interest is satisfied. The User may obtain information pertaining to the Controller’s legitimate interest from the relevant sections of this document or by contacting the Controller.

Where the User gives consent for processing, the Controller may store Personal Data for longer until consent is withdrawn. The Controller may also be required to store Personal Data for longer to comply with a legal obligation or at the request of an authority.

Personal Data will be erased at the end of the storage period. On expiry of the storage period, the right to access, erase and alter Data and the right to Data portability may no longer be exercised.

Purposes of Data Processing

User Data are collected to enable the Controller to provide its Services and for the following purposes: Statistics, Contact with the User, Interaction with social networks and external platforms, Commenting on content, Commercial affiliation, Managing payments, Managing email addresses and messages, Hosting and backend infrastructure, Protection from Spamming.

Contact form

By entering his or her Data on the contact form via the Website, the User consents to it being used to answer requests for information, quotes or any other details indicated in the form heading.
Personal Data collected: name, surname, company, email address, service required, any other data communicated freely by the User in a Message.

Rights of the User

Users may exercise the following rights with reference to Data processed by the Controller:

  • Withdraw consent at any time. The user may withdraw consent for his or her Personal Data to be processed as expressed previously.
  • Object to the processing of Data. The User may object to his or her Data being processed subject to a different legal basis from that of consent. Further details on the right to object are given in the section below.
  • Access their Data. The User is entitled to obtain information on Data processed by the Controller, on certain aspects of the processing and to receive a copy of Data processed.
  • Verify and ask for rectification. The User may verify the fairness of his or her Data and ask for them to be updated or corrected.
  • Restrict data processing. In certain cases, the User may ask for the processing of his or her data to be restricted. In this case the Controller will not process the Data for purposes other than storage.
  • Erase or remove Personal Data. In certain cases, the User may ask for his or her data to be erased by the Controller.
  • Receive personal Data or ask for them to be transferred to another controller. The User is entitled to receive his or her Data in a structured, commonly used, machine-readable format and, where technically possible, to have the Data transferred to another controller without restriction. This provision is applicable when Data are processed with automated instruments and the User has given consent for the processing based on a contract to which the User is a party or contractual provisions connected to the same.
  • Lodge a complaint. The User may lodge a complaint with the competent personal data supervisory authority or act in a court of law.

Details of the right to object

When Personal Data are processed in the public interest, in the exercise of official authority invested in the Controller or to pursue the Controller’s legitimate interest, Users are entitled to object to the processing for reasons connected to their individual situation.
Note that Users whose Data is processed for the purposes of direct marketing are entitled to object to processing without providing any motivation.

Milan, 20th April 2020