Privacy Policy

Dear ISapiens User,

Surely you know the European Data Protection Regulation n. 679/2016 (also known as “GDPR”), the regulation about the protection of natural persons with regards to the processing of personal data and concerning the free movement of such data. .

In compliance with this regulation and the Italian Law, we share the necessary information for you to understand how we process your data that we collect on the website.

So, we invite you to read this page addressing any questions you may have. If you have any other questions, contact us. We are committed to protecting you and being transparent about our process.

Let’s go!

Who is the Data Controller?

ISapiens Consulting S.r.l.

VAT and Tax ID.: 12051950967

Legal Office: Via dei Pellegrini n. 22, 20122, Milano (MI)


Tel.: (+39) 02 3663 4853

The ISapiens Consulting S.r.l. (hereinafter “ISapiens” and/or “Data Controller”) is the data controller of personal data of Users (hereinafter also “Data subject”) using the web site including any subdomains (hereinafter the “Site”).

How can I contact the DPO?


Through the Site, ISapiens provides a set of “Services”, including digital training programs. On the Platform, there is also an online space available to the Users to share their experiences, tips and resources. Please read our Terms and Conditions for further details.

What Data do we process by the Site?

• IP address and information related to the browser and device used by the User, Cookie and pixel (pursuant to our Cookie Policy);

• User Name (optional);
• User Surname;

• User E-mail address and telephone number;

• Company, job role in the Company and n. of employees in the Company (optional);

• User request (through a free form online)

ISapiens does not need to process further data than that described above. The additional information that the Data Subject provides through the existing messaging form in the Site will be processed in accordance with this Privacy Policy, the Terms and Conditions and the provisions of the European and national legislation (hereinafter this data will be jointly called as “Data”).

What purpose is the data processed?

What legal basis is the Data processed?

What is the Data retention?

A. Allow acces to the Site Legitimate interest of the Data Controller in providing the Services of the Site, and of the User himself to correctly use the Site See our online Cookie Policy
B. Answer requests for information about the Services Legitimate interest of the Data Controller in responding to any requests from Users The Data will only be kept for the duration necessary for the execution of the request
C. Conclude contracts related to the Services and fulfill contractual obligations with the Users (contractual purposes) Fulfillment and contractual management for the provision of the Services offered. The provision of Data is necessary for the correct provision of the Services The Data will be kept for a period equal to the duration of the Contract (any renewals included) and for the next 10 years (unless otherwise provided in accordance with tax and civil legislation)


D. Fulfilling the administrative and accounting obligations provided for by the legislation (e.g. on anti-money laundering, accounting management and invoicing) Legitimate interest of the Data Controller in fulfilling the legal obligations
E. For the promotion of the Services through traditional and remote communication tools (marketing purposes, e.g. by Newsletter) Consent. This is optional and it could be withdrawal at any time (with a specific communication to the Data Controller or the designated DPO) For a maximum period of 24 months from the consent of the Data Subject and pursuant to our Cookie Policy

The Data is processed with manual or IT tools, also through automated tools, suitable to guarantee its security, confidentiality and to avoid unauthorized access.

The Data processed is stored using cloud computing tools on servers located within the EU territory: for more information on safety standards and compliance with the requirements set by the GDPR adopted by the selected external providers, consult the privacy policy on this web page.

After the data retention indicated above, the Data will be destroyed, deleted or anonymized, compatible with the technical procedures of deletion and backup.

To whom is the Data communicated?

• Service providers related to the activities of the Data Controller and public institutions

• Service providers related to assistance, tax and legal advice

• Service providers related to IT or storage and external service providers

The Data collected through the Site will be processed only to ensure the correct use of the Services and may be viewed and used by the ISapiens team (employees and collaborators) appropriately authorized to process them.

The Data may be disclosed for legitimate interest purposes, to suppliers of assistance services, technical, tax and legal consultancy, assignees of receivables in the context of credit securitization or credit assignment operations for strictly connected and instrumental purposes to the management of the relationship with the transferred Data Subject, as well as to the issue of securities, assignees of Company or business unit, potential buyers of ISapiens and companies resulting from possible mergers, divisions or other transformations of the ISapiens, also in the context of the activities functional to these operations, and to competent authorities.

The above-mentioned subjects may act, as appropriate, as external data controllers or independent data controllers in accordance with current legislation. You can request the updated list of companies to which the Data will be communicated at any time to the Data Controller, by means of a specific request to be sent using the contact information indicated in this Privacy Policy.

Is the Data transferred abroad?

The Data will mainly be processed within the national territory and the European Union, but could also be transferred to extra EU Countries.

Any transfer of the Data of the Data Subject to countries located outside the European Union will take place only in compliance with adequate guarantees for the purposes of the transfer itself (and in particular complying with the provisions of art. 45, 46 and 49 of GDPR), e.g. provided that the European Commission has confirmed that the third country has an adequate level of data protection or other data protection guarantees exist, such as binding business rules or signing up to standard EU contractual clauses.

The Data Subject will have the right to obtain from the data controller a copy of the Data held abroad and to obtain information about the place where such data is stored making an express request to be sent using the contacts indicated in this document

What are my rights?

By contacting the e-mail address of the Data Controller/DPO you can ask ISapiens at any time:

• access to the Data concerning you, the rectification of inaccurate data, the integration of incomplete Data, their deletion (right to be forgotten), the limitation of processing in the cases provided for by art. 18 GDPR
• to receive in a structured format, common use and readable by automatic device the Data concerning you in the cases provided for by art. 20 GDPR; and, if technically feasible, to transmit such data to another data controller without hindrance

• to withdraw the consent given at any time; as well as oppose at any time the processing of data pursuant to art. 21 GDPR, giving evidence of the reasons justifying the opposition

• any other request for clarification regarding the processing of data carried out by the Data Controller

Finally, we remind you that it is always possible to make a complaint to the competent Supervisory Authority (Guarantor for the Protection of Personal Data) pursuant to art. 77 of the GDPR, if it considers that the processing carried out by the Data Controller is contrary to the actual legislation.

The Data Controller may make changes and/or additions to this Privacy Policy, also as a result of changes in the applicable legislation. You can view the text of the Privacy Policy constantly updated at the our Site in the Privacy Policy section or make an explicit request by contacting the Data Controller or the DPO directly using the contact information indicated above.

Last update: may 2023