Skip to main content

Privacy Policy

Information contained in the Privacy Policy pursuant to and for the purposes of the existing legislation on the protection of personal data, including Regulation (EU) 2016/679 (“GDPR”) as well as Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018 (the “Privacy Code”), is applicable to all the Users accessing and using the Corporate Website.

This document will provide information on how Kosmas, owner of the Website, manages users’ personal data through the Website, protects the privacy and controls the use made of users’ data while navigating the Website, either they access on the home page or internal pages.

The terms of this Privacy Policy apply only and exclusively to the Website and not to other websites owned by third parties that the user may access via the links that are contained in the Website.

This Privacy Policy is to be considered integral and substantial part of the Terms and Conditions of the Website and the Cookie Policy. Any changes will immediately enter into force and will apply to users of the Website after the date of such amendment. Therefore, we invite users to refer to the Privacy Policy any time he/she navigate Kosmas Website in order to acknowledge the last version available.


The Controller of personal data is Kosmas, with registered office in Seregno, via San Vitale, 61.

Data Protection: Giulia Di Renzo

Email address:


Navigation data

The processing of Personal Data of users visiting and consulting the Website is limited to the so-called navigation data which transmission is necessary for the functioning of computer systems and of programs essentials for the operation of the Website but which, by their very nature and in conjunction with other data, may permit the identification of users.

This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters related to the operating system and the users. Such data may be used to ascertain liability in the event of computer offenses committed against the Site and/or third parties.

Personal Data or “Data“

Means any information referring to an identified or identifiable natural person that can be identified, directly or indirectly, through a reference identification, such as, for example, a name, an identification number, localization data, an online identification, and to one or more specific factors to his/her  physical, physiological, mental, economic, cultural or social identity. Therefore, data collected by Kosmas  could include strictly personal data of users that can identify them as specific persons. Differently, other data don’t allow to identify users directly, such as users’ profession or navigation data (source page; type of browser and operating system used by the navigator, etc) but are considered personal data as well as they relate and/or can be related to the firsts.

We inform you that the personal data you will provide us will be processed both with automated tools, and in any case not in compliance with the provisions, also in terms of data security, of the EU Regulation 679/2016 for the purpose of carrying out the tasks entrusted to them that can be summarized with the management of your explicit request to be included in our staff and for the purpose of providing you with the information requested by you and / or to fulfill specific legal obligations of the Data Controller. The provision of data is optional but your refusal will prevent us from continuing to execute the current contract or to fulfill your specific requests.

The retention of data (which in any case and in no case may be longer than 3 years) is linked to your request for insertion of personnel selection, to legal obligations or to the needs of specific treatments of which you are a part, it is your right to request cancellation of the data when the same right is not in conflict with legal obligations.

Your data will be communicated to the persons in charge of the writer necessary to carry out the tasks entrusted to them and to regulations / legal obligations, to control and public safety bodies if required, to any third parties only as a result of using them for the performance of the tasks entrusted to them

Data voluntarily provided by individual users

The optional, explicit and voluntary sending of data as requested by different sections of the Website are used for requesting services offered by the Site (such as, by way of example and not limited to: when users request information or clarification using the e-mail address given on the Home Page or internal Pages of the Website or when the users voluntarily send their CV to propose as potential candidates or when direct calls are made or faxes are sent to numbers indicated in the “contacts” section.). Especially data given by Companies and professionals in the registration or application sections.


Common personal data provided by users while browsing the Website or registering to the newsletter shall be processed strictly for the purposes indicated by Kosmas.


All users’ data collected will be processed exclusively by those authorized and specifically trained.

Personal data are both stored on computerized and telematic tools as well as on paper and any other tool considered to be appropriate and respectful of the security measures defined by the regulation in force. The system used for sending the Newsletter is called Sendinblue.

Data are stored in order to make it possible to identify the User in the shortest possible time and to perform the services for which they were collected and then processed and, in any case, always in respect of what provided by the regulation.

Any damage caused by causes not directly attributable to Kosmas., such as inaccessibility of the Website, virus, corrupted files, interruption of telephone or computer services, or other causes like the ones listed above cannot be attributed to Kosmas. In addition, users are responsible for stock and storage all personal information connected to the Website.

Any potential subtraction or improper use of these data, and the consequences deriving from these events are responsibility of the user


Lack of users’ consent to provide compulsory data will make it impossible for Kosmas to perform services they were collected for.

Users’ personal data may be used for prize and award contests, for sending advertising material and promotions related to the Website and Kosmas only with explicit informed and voluntary approval given by the User.


Users’ personal data disclosure to third parties is subject to limits given by law and the purposes described at point 3.

Third parties fall into the following categories:

  1. people in charge of the managerial, contractual, accounting and legal administration of the Website;
  2. people in charge of the management and maintenance of the Website;
  3. other subjects to whom Kosmas has given the possibility to access data, always in respect of law and regulation;
  4. associated and related companies and associated offices.


User’s personal data are stored for at least three years from the his/her last activity on the Website or an electronical system (particularly an e-mail message). After this period, user’s profile is considered “inactive” and will be automatically disactivated. It is user’s responsibility to create a new profile for new activities on the Website.

User’s personal data related to an order are stored for a period of three years from the order. They remain accessible from the user and the Company after the creation of the user’s account in order to give both the user and the Company his/her order history. The Company can cancel all the order history if requested by the user.

However, after the storage period and, if it is the case, after a cancelation request by the user, personal data may be stored to satisfy legal, accounting and fiscal obligations.


Where data processing requires explicit and voluntary consent by the user, said data shall be processed exclusively following the issuance of appropriate consent by the applicant user, giving the description of the specific purposes.

It is hereby disclosed that art. 6 of the GDPR provides some cases where data processing does not require the explicit authorization by the user, such as for legal and contractual obligations undertaken with the user.


User may exercise at any time the right to obtain confirmation of the existence of Personal Data relating to him/her, pursuant art. 15 and following of the GDPR:

  • Access right (art. 15 of the GDPR);
  • Change/modification right (art. 16 of the GDPR);
  • Deletion right (art. 17 of the GDPR);
  • Restriction of the processing of data right (art 18 of the GDPR);
  • Portability right (art. 20 of the GDPR);
  • Objection right (art. 21 and 22 of the GDPR);
  • Post-mortem directive (law No 78-17 of January 1978 on data processing, files and liberties);

For exercising the rights granted by the GDPR listed above, the User may contact the Controller of Personal Data of Kosmas at the email address indicated above

The User also has, if there are conditions, the right to submit a complaint to the Italian Personal Data Protection Supervisor (the “Privacy Protection Authority”) pursuant art. 77 of the GDPR if his/her rights were infringed. To lodge a complaint with the Italian Data Protection Supervisor please visit the Privacy Protection Authority Website at the following address:

Access Right:

user has the right to obtain confirmation by Kosmas of the processing of Personal Data relating to him/her and, if they are processed, the user has the right to access those data and the following information:

  • purposes of the processing;
  • data categories;
  • recipients or categories of recipients to whom data will be communicated;
  • when possible, duration of data storage or, when not possible, criterion used to determine such duration;
  • the right to ask Kosmas the modification or cancellation of data, the limitation of data processing and the right to object to those data processing;
  • when data are not collected directly from the User, the right to obtain information on the sources;

When personal data are transferred or made available to a third country or an international organization, the User has the right to be informed of the appropriate guarantees related to the transfer.

Change/modification right:

user has the possibility to obtain by Kosmas, as soon as possible, the change and/or modification of data relating to him/her that are incorrect and can also request that incomplete data may be completed, after giving a complementary declaration for this purpose.

Deletion Right:

user has the possibility to obtain by Kosmas the deletion, as soon as possible, of data relating to him/her for one of the following reasons:

  • data are not anymore necessary for the purposes they have been collected or processed by Kosmas;
  • the consent to data process has been withdrawn and no other legal basis for data processing exists;
  • the User has exercised the opposition right to the conditions explained below and no other legitimate ground to allow processing personal data exists;
  • data were subjected to unlawful forms of processing;
  • data need to be delated to comply with a legal requirement;
  • data were provided by a child.

Limitation Right:

user has the right to obtain by Kosmas the limitation to the processing of personal data for one of the following reasons:

  • verification of data accuracy after an objection to data accuracy;
  • processing is unlawful and the user requires limitation to the processing;
  • Kosmas does not need data for processing purposes anymore but those data are still necessary for determine, exercise and/or protect its rights;
  • user opposed to data processing and Kosmas verifies that legitimate grounds prevail on reasons given by the user.

Portability Right:

user has the possibility to receive from Kosmas data relating to him/her in a specific and structured format currently used and readable on a device when:

  • Consent to data processing is given;
  • Data are processed through automated procedures;

When the user exercises its portability right, he/she is entitled to obtain data transfer directly from Kosmas to an appointed responsible.

Objection Right:

user has the right to object, in any time and given motivations regarding his/her situation, to data processing by Kosmas In this case, Kosmas will then no longer process those data unless it demonstrates that there are legitimate and compelling reasons for data processing prevailing on User’s interests and its rights and liberties. Kosmas will then be allowed to store data for the determination, exercise and/or protection of its rights.

Lastly, the User has the right to object, totally or partially, for legitimate reasons to personal data processing relating to him/her, pertaining collection or processing of personal data for the purposes of sending marketing material or direct selling or for market researches or advertising communication.


Unless specifically expressed, the Website services are intended for a general public. We recognize a special obligation to protect personal information obtained by young people. For this reason, in order for children under 16 years to register in any of the services provided, we require the e-mail address, or other contact information of a parent or guardian that will be contacted by Kosmas to be informed and asked to confirm, change or refuse the registration of his/her child.

Kosmas has the right to request a written authorization from the parent or guardian in any moment. Until the parent or guardian has not responded to Kosmas the Website services offered to the child could be limited.

By using the so-called session cookies in this Website, other computer techniques that are potentially detrimental to Users’ privacy when browsing and do not allow the acquisition of personal identification data of users can be avoided.


The use of third-party cookies (temporary or permanent) by the Website is anonymous and aimed solely at allowing the owner to use Web analytics services provided by third parties. These cookies allow to collect and register, anonymously, information on Website pages visited but cannot allow the identification of the user and are not combined with other information. This information is used exclusively to track and examine the Website use by the User and create statistics based on the information collected anonymously through the use of aggregated data.

We inform the User that the Web analytics service used by the Data Owner is “Google Analytics”, described below.

Google Analytics is a web analysis service provided by Google Inc. (“Google”) that uses cookies stored on the user’s device to analyze user’s behavior on the Website. Information collected by cookies on the Website (including the IP address) will be transmitted to Google and stored on Google’s servers in US. Google will use this information to track and examine the Website browsed by the user, compile reports on the activities registered on the Website and give other information regarding services of the Website and Internet use.

Google may transmit this information to third parties where asked by law or where those third parties process the information on behalf of Google. Google will not associate the users’ IP addresses to any other information owned. Users can, anytime, refuse to accept the use of cookies by selecting the appropriate setting on the browser. By using this Website, the user consents to his/her data being processed by Google in the ways and for the purposes described above.

For more information on Google’s Privacy Policy on Google Analytics Service, please visit the following page: