Privacy Policy

The following information is provided pursuant to 13 of the EU General Data Protection Regulation (GPDR) 2016/679 (hereinafter “Regulation”) to all the users of services accessible from the website (hereinafter “Website“). When consulting the Website, users’ personal data may be collected pursuant to the Personal Data Protection Code.  This Information Note is provided only and exclusively for the Website, and not for other sites that may be reached by users through links that are visible on the Website.

Data controllers is UPMC Italy S.r.l., with registered offices in Discesa dei Giudici 4, 90133 Palermo, Italy (hereinafter “UPMCI” or “Data controller”).

The data protection officer is available at  UPMC Italy S.r.l. UPMC Italy Data Protection Officer, Discesa dei Giudici 4, 90133, Palermo, Italy; e-mail:

Personal data mentioned in this page shall be processed by the Controller solely in connection with the execution of its institutional activity to provide information or services requested by users and comply with laws (artt. 6.1.b) and the Regulation 6.1c).

Data processing associated with the web services of the Website is conducted at ARUBA S.p.A in Italy, Via Piero Gobetti, 96 52100 Arezzo (AR) e in Via Sergio Ramelli, 8 52100 Arezzo (AR).


Browsing data
During regular operations, the computer systems and software procedures used to operate the Website, acquire personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects. However, due to its nature, this information may allow to identify users, through the processing and association with third-party data. Such data includes IP addresses or domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) of requested resources, time of request, method used to submit requests to the server, size of file received in reply, numerical code indicating status of response from the server (e.g., successful, error, etc.), and other metrics concerning the operating system and the user IT environment.
Data is also used in an aggregated forms to obtain anonymous statistical information on the Website (most visited pages, number of visitors according to the hour/day; etc.), and to check its correct functioning.
With the exception of this specific case, data on web contacts is currently stored for a maximum 7 days.

Data supplied voluntarily by users
The optional, explicit, and voluntary submission of electronic mail to the addresses stated on the Website, or when filling out the on line forms, implies the acquisition of the e-mail address and other personal data included in the message, and the sender/user data required to fulfill a reservation inquiry or provide requested services. Specific summary information shall be provided for particular services.
Data supplied by users will only be used to provide such services and stored for the time period necessary for the purpose.

See specific Cookie policy.

Following the consultation of our Website, the following recipients are data processors (appointed by the Controller) pursuant to art. 28, Regulation:

  • Made in Tomorrow S.r.l., with registered offices in Via dei Reti 23, 00185 Rome, Italy, as Website development and maintenance service provider;
  • CYBERSPAZIO.ORG by Mattiuzzi Marco, with registered offices in Via Tripoli, 13100 Vercelli (Italy) hosting service and SSL certificates provider.

Personal data are also processed by the Controller staff, acting according to specific instructions on purposes and methods of personal data processing.

The persons concerned are entitled to access their personal data verify its accuracy, or request its cancellation, limit or object to data processing (artt. 15 e ss. del Regolamento). Requests must be emailed to UPMC Data Protection Officer  (UPMC Italy Data Protection Officer, Discesa dei Giudici 4, 90133, Palermo, Italy; e-mail:
A template of the request may be found on the Italian Data Protection Authority website here.

If a data subject deems personal data are processed in breach of the Regulation, he/she has the right to file a complaint to the Authority for the Protection of Personal Data, pursuant to Art. 77, Regulation, or to start judicial proceedings (Art. 79, Regulation).

Last update: January 2019