Privacy policy for personal data processing

Information document pursuant to and for the purposes of Articles 13-14 of the GDPR (General Data Protection Regulation) 2016/679.

1) Data controller, data processor, and location of processing


The data controller is Waga Srl – registered office and administrative office at Via Roberto Bracco, 6 – Milan (MI), represented by its legal representative pro-tempore.


I trattamenti sono effettuati presso le sedi del Titolare del trattamento e presso le sedi di soggetti esterni individuati.

2) Types of processed data

Personal data and browsing data

«Personal data»: any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Navigation data

The computer systems and software procedures used on this website acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
These pieces of information are not collected to be associated with identified individuals, but due to their very nature, through processing and association with data held by third parties, they could allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.

Data voluntarily provided by the user

The optional, explicit, and voluntary sending of electronic mail to the addresses indicated on this website and/or the completion of data collection forms entails the subsequent acquisition of the sender’s address, necessary to respond to the requests, as well as any other personal data entered.


It refers to the cookies policy on the following page: Cookie Policy.

3) Purposes of processing for which consent is granted where required (Art. 6 GDPR)”

A) The personal data voluntarily provided will be processed for the following purposes:

  • browsing on this website;
  • possible completion of data collection forms for inquiries for quotes and/or contacts and/or sending applications;
  • possible completion of data collection forms for online booking;
  • general administrative-accounting activities.

For the purpose of applying the provisions on the protection of personal data, the processing carried out for administrative-accounting purposes refers to activities related to the performance of organizational, administrative, financial, and accounting tasks, regardless of the nature of the data processed. In particular, internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations, and informative activities pursue these purposes.

B) The personal data provided in the completion of data collection forms on websites or general data collection forms (such as name, surname, email address) will be processed, subject to consent, by the Data Controller and Data Processors for commercial promotional activities and email newsletters.

4) Processing Methods – Storage

The processing will be carried out in both automated and manual forms, using methods and tools aimed at ensuring the utmost security and confidentiality, performed by specifically appointed individuals in compliance with the provisions of Articles 13-14 of the GDPR. The data will be kept for a period not exceeding the purposes for which the data were collected and subsequently processed.

5) Scope of communication and disclosure

Your data, subject to processing, will not be disseminated and may be disclosed to companies contractually linked to Waga Srl, in order to comply with contracts or related purposes. The data may be disclosed to third parties belonging to the following categories:

  • entities providing services for managing the information system used by Waga Srl and the telecommunications networks;
  • studios or companies in the context of assistance and consultancy relationships;
  • competent authorities for fulfilling legal obligations and/or provisions of public bodies, upon request.

The entities belonging to the aforementioned categories act as Data Processors, or operate entirely independently as distinct Data Controllers. The list of processors is constantly updated and available at the registered office of Waga Srl: Via Roberto Bracco, 6.

6) Nature of provision and refusal

Except for what is specified for navigation data, the user is free to provide personal data. Providing data for the purposes mentioned in point A) is necessary. Any refusal to provide data for the purposes in point A) will result in the impossibility of obtaining the requested service or using the Data Controller’s services. Giving consent to the processing of data for the purposes mentioned in point B) is optional. Refusal to consent for the purposes outlined in point B) will not have any negative consequences for the purposes mentioned in point A).

7) Rights of the data subjects

You may exercise your rights as expressed in Articles 12-23 by contacting the data controller or the data processor by sending an email to

As a data subject, you have the rights specified in Article 15 of the GDPR, specifically the rights to

  • obtain confirmation of the existence of your personal data, even if not yet recorded, and their communication in an intelligible form;
  • obtain information about:
    • a) the origin of the personal data;
    • the purposes and methods of processing;
    • c) the logic involved in cases of processing through electronic means;
    • d) the identifying details of the data controller, processors, and the designated representative under Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
    • e) the entities or categories of entities to whom the personal data may be communicated or who may become aware of it as appointed representatives in the country, processors, or authorized individuals;
  • obtain:
    • updating, rectification, or integration of data;
    • erasure, anonymization, or blocking of data processed unlawfully, including data that need not be retained in relation to the purposes for which the data were collected or subsequently processed;
    • confirmation that the operations as per points a) and b) have been notified, including their contents, to those to whom the data have been communicated or disclosed, except when this proves impossible or involves a disproportionate effort compared to the right being safeguarded;
  • object, in whole or in part:
    • a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection;
    • b) to the processing of personal data concerning you for the purposes of sending advertising materials or direct selling or for carrying out market research or commercial communication using automated calling systems without the intervention of an operator, by email and/or through traditional marketing methods by telephone and/or paper mail.

Where applicable, you also have the rights specified in Articles 16-21 of the GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority. At any time, you may obtain confirmation of the existence of your personal data, request communication of such data and the purposes on which the processing is based. Additionally, you may obtain the erasure, anonymization, or blocking of data processed unlawfully, as well as the updating, rectification, or, if there is an interest, integration of data.

8) Changes to the privacy policy

The data controller reserves the right to change, update, add, or remove portions of this privacy policy at their discretion and at any time. The data subject is required to periodically check for any changes. To facilitate this verification, the policy will contain the indication of the date of the policy update. The use of the website after the publication of changes will constitute acceptance of said changes.

9) Social plug-in

Our web pages may contain Social Networks plugins (e.g.,, managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States (“Facebook”)). If you access one of our web pages equipped with such a plugin, the web browser connects directly to the social network, and the plugin is displayed on the screen through the browser connection. Before using such plugins, we invite you to consult their privacy policy on their official pages.