Privacy Policy

Who we are
Le Salse, with registered office at Via di Pratella 6, 50053 Empoli (FI) Italy, VAT number 01543860496 (hereinafter referred to as the “Controller”), as the data controller, informs you, pursuant to Art. 13 Legislative Decree no. 196 of 30 June 2003 (hereinafter referred to as the “Privacy Code”) and Art. 13 EU Regulation no. 2016/679 (hereinafter referred to as the “GDPR”), that your data will be processed according to the following methods and purposes:

  1. Purpose of the processing
    The Controller processes personal data, identifying data (e.g., name, surname, company name, address, telephone number, email, banking and payment references, hereinafter referred to as “personal data” or simply “data”) communicated by you upon the conclusion of contracts for the services of the Controller.

2. Purpose of the processing
Your personal data are processed without your express consent (Art. 24, letters a), b), c) of the Privacy Code, and Art. 6, letters b), e) of the GDPR) for the following Service Purposes:

  • concluding contracts for the services of the Controller;
  • fulfilling pre-contractual, contractual, and tax obligations arising from existing relationships with you;
  • fulfilling obligations provided by law, regulations, EU legislation, or an order from the Authority (such as anti-money laundering regulations);
  • exercising the rights of the Controller, such as the right to defend in court.

3. Processing methods
The processing of your personal data is carried out using the operations indicated in Art. 4 of the Privacy Code and Art. 4, no. 2) of the GDPR, including the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data are subject to both paper-based and electronic and/or automated processing.
The Controller will process personal data for the time necessary to fulfill the above purposes and in any case not exceeding 10 years from the termination of the relationship for Service Purposes.

4. Data access
Your data may be made accessible for the purposes indicated in Art. 2:

to employees and collaborators of the Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
to third-party companies or other entities (e.g., banks, professional firms, consultants, insurance companies providing insurance services, etc.) that carry out outsourcing activities on behalf of the Controller, as external data processors.

5. Data communication
Without the need for express consent (pursuant to Art. 24, letters a), b), d) of the Privacy Code and Art. 6, letters b) and c) of the GDPR), the Controller may communicate your data for the purposes indicated in Art. 2 to supervisory bodies (such as IVASS), judicial authorities, insurance companies providing insurance services, as well as to those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data as independent data controllers.
Your data will not be disclosed.

6. Security
Data is kept and controlled through the adoption of suitable preventive security measures to minimize the risks of loss and destruction, unauthorized access, and processing that is not permitted or does not comply with the purposes for which the processing is carried out.

7. Data transfer
The management and storage of personal data will take place within the territory of the European Union.

8. Rights of the data subject
As the data subject, you have the rights provided for in Art. 15 of the GDPR, namely the rights to:
i. obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
ii. obtain information about: a) the origin of personal data; b) the purposes and methods of the processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors, and the designated representative under Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph 1 of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representatives within the territory of the State, data processors, or persons in charge;
iii. obtain: a) the updating, rectification, or, where interested therein, integration of the data; b) the erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, including with regard to their content, of those to whom the data has been communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
iv. object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection.
Where applicable, you also have the rights provided for in Articles 16-21 of the GDPR (Right to rectification, Right to be forgotten, Right to restriction of processing, Right to data portability, Right to object), as well as the right to lodge a complaint with the Supervisory Authority.

9. Exercise of rights
You can exercise your rights at any time by sending a communication:

via email, to the address:

or by registered mail, to: Le Salse, Via di Pratella 6, 50053 Empoli (FI) Italy

10. Controller, data processors, and data processors
The Controller of the processing is Le Salse.
The updated list of data processors and data processors is kept and can be consulted at the Controller’s registered office.