Pursuant to and in accordance with European Regulation 2016/679 concerning the protection of personal data ("GDPR") and the national privacy law, we inform you that the personal data of the interested parties are processed through electronic instruments, manual tools and Social Networks, in Italy and abroad. This disclosure, based on transparency considerations and all the elements required by the GDPR, is divided into individual sections, each of which deals with a specific topic in order to make reading faster and easier to understand (below the “Policy”).


The data controller (hereafter "Holder") is Sealup s.r.l. with registered office at 20123 Milano (Italy), Piazza Sant’Ambrogio 1.


The legal basis for processing personal data is:

  • Obligations and contractual obligations;
  • Legal obligation;
  • Commercial consent and fruition of the activity carried out by Sealup s.r.l. (hereinafter "Service").


Personal data collected by the Data Controller are Data collected in the context of the business and the job contracts of Sealup s.r.l. as well as those provided spontaneously, for example during e-mail communications or other channels or when subscribing to newsletters or other informative material on the occasion of participation in an event organized by Sealup srl..The collected Data include name, surname, place and date of birth, country, address and cap, telephone or mobile number, email address and, in some cases, fiscal code and qualification.


Personal data will be processed for the purpose of managing the service and fulfilling legal obligations, such as to:

      a) conclude contracts;

      b) fulfil the pre-contractual obligations, contractual and tax obligations deriving from relationships with the interested party;

      c) fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority (for example, for anti-money laundering);

      d) exercise the rights of the Holder (Data Controller), for example the right of defence in court.

Moreover, only through specific and optional consent, the Data will be processed for the following marketing purposes:

      e) communication and / or sending (by e-mail, sms, mail, notifications, telephone contact, etc.), also with automated methods, information and commercial offers, advertising and promotional material on own products and / or even third parties, as well as carrying out anonymous market research;

     f) communication of Data to third party companies for marketing purposes, including not EU companies.

The provision of Data is necessary for the achievement of the purposes referred to in points a), b), c) and d).

Failure, partial or incorrect conferment could result in the inability to activate and provide the requested service.

Furthermore, the provision of Data for the specific purposes referred to in points e) and f) is optional, but any refusal will make it impossible for Sealup s.r.l. to process any requests from the interested party and contact him. In any case and as detailed below, the interested party may revoke the consent, even partially, for example by consenting to traditional methods of contact only.


The processing of personal Data is carried out through the collection, registration, organization, storage, consultation, selection, comparison, use, communication, cancellation and destruction. The Data are subjected to paper and electronic processing.


Personal Data will be processed exclusively by persons authorized to the processing and by persons designated as Data Processors in compliance with the GDPR in order to correctly perform all the Processing activities necessary to pursue the purposes set out in this Information. Personal Data may be disclosed to Public Entities or Judicial Authorities, where required by law or to prevent or suppress the commission of a crime and in any case to:

  • who is the legitimate recipient of communications required by law or regulations (such as, for example, Offices and Public Authorities);
  • whoever is the recipient of communications necessary to fulfil the obligations deriving from the Service;
  • companies and / or collaborators for the management of administrative services that are used to fulfil their legal and contractual obligations;
  • other subjects (companies, society, natural persons) who collaborate in the realization of the Service.


The Data controller has the legitimate interest in keeping active the relationship with the interested party for commercial purposes and promotion of the Service offered.


Personal Data will be stored in archives in paper format and / or in electronic format on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU.

If for technical and / or operational reasons it is necessary to make use of subjects located outside the European Union, such persons will be appointed as Data Processors pursuant to and for the purposes of the GDPR and the transfer of Personal Data to such subjects, limited to the performance of specific treatment activities, will be governed by a specific appointment contract in accordance with the guarantees and protections provided by the GDPR. Only through specific and optional consent, Data may be transferred to companies located in the USA even if they are not subject to the "Privacy Shield” established to protect the rights of EU users.

The Data Controller adopts adequate technical and organizational security measures aimed at maintaining the integrity of the data processed and protecting them from access by unauthorized personnel.


Personal Data will be kept for the period necessary to pursue the purposes related to points a), b), c) and d) above. In particular, Personal Data will be processed for a period of time equal to the minimum necessary, that is until the termination of the contractual relationships between the data subject and the Data Controller without prejudice to a further retention period that may be imposed by law.

Furthermore, if the optional consent relating to the marketing purposes referred to in points e) and f) above, has been issued, the Personal Data will be retained, subject to revocation of the consent, for a period of time no longer than necessary to achieve the purposes or will be kept until user unsubscribe to the service.

Personal Data will be kept for a further period in relation to the purposes of disputes and any disputes.


The interested party has the right to revoke the consent granted to the Data Controller at any time totally and / or partially without prejudice to the lawfulness of the Processing based on the consent given prior to the revocation.

To revoke the consent, the interested party may send a communication to the Data Controller to the addresses published in this statement or, in the case of newsletters, by clicking the delete button on each email.


The interested party can exercise the rights provided by the GDPR and in particular obtain:

  • the confirmation that it is or is not undergoing the processing of personal data concerning it and obtain access to the data and the following information (purpose of processing, categories of personal data, recipients and / or categories of recipients to whom the data are states and / or will be communicated, period of conservation);
  • the correction of inaccurate personal Data concerning him / her and / or the integration of incomplete personal data, also by providing an additional declaration;
  • the cancellation of personal Data, in the cases provided for by the GDPR;
  • the limitation on processing in the cases envisaged by the current Privacy Law;
  • the portability of Data concerning him, and in particular to request the Data Controller for personal data concerning him / her and / or request the Data Controller to transmit the Data directly to another Data Controller;
  • the opposition to the treatment at any time, for reasons connected to the particular situation of each interested party, to the processing of personal data concerning him / her in full compliance with the current Privacy Law.

The interested party may exercise the rights by contacting the e-mail address enclosing a copy of the identity document, or by sending registered letter ar to the registered office of the owner indicated in this statement.

In any case, the interested party will always have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) if he / she considers that the Data Processing is contrary to the current Privacy Law.