Privacy Policy

Data Controller:

Ponzi S.p.A., with registered office in Corso Monforte, 9, 20122, Milan (MI), Italy.
Contact details of Data Protection Officer of the Ponzi Group: (Art. 38 GDPR)

Privacy Policy for users of the Ponzi S.p.A. website

Ponzi S.p.A. based in Milano, Corso Monforte, 9, 20122, in the capacity of data controller (hereafter also “Ponzi” or the “Controller”) is committed to respecting your privacy and protecting your personal data and it aims to make you feel secure both when simply browsing on the website (the “Website”), and if you decide to register, providing us with your personal data to use the services provided to Users and/or Customers. On this page, Ponzi therefore intends to provide some information on the processing of personal data of users who visit or consult the Website. This privacy policy is provided by Ponzi, in the capacity of Data Controller, only with regard to the Website and not also for other websites that may be consulted by you via links contained on the same (in relation to which, see the respective privacy information/policies).
Ponzi informs you that the personal data provided by you or in any case acquired at the same time as the request for information and/or contact, registration on the Website and use of the services via smartphone or any other device used to access the Internet, therein including  browsing data and data used for the purchase of services offered by Ponzi, also via websites of the Ponzi Group companies, will be processed in respect of applicable data protection regulations, with particular reference to Regulation (EU) 679/2016 on Data Protection (“GDPR”) and the national adjustment legislation in force.

Browsing data

The IT systems and software procedures used for the Website functioning acquire, during their normal exercise, some personal data whose transmission, based upon the TCP/IP protocol, is implicit in the use of the Internet.
This is information that is not collected to be associated with identified data subjects but that, by its very nature, may - through processing and association with data held by third parties - allow for users to be identified.
This category of data includes "IP addresses" or domain names of computers used by users who connect to the website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user.

Data provided by you

You may be asked to provide your personal data (e.g. personal details, bank details) to allow Ponzi to provide the requested services. In addition, the use of some functions of the Website, the sending of email communications, the spontaneous compilation of contact forms, as well as contacts via the free-phone number, may involve the processing of your additional personal data in order to follow up on the request for information and/or to send documentation, pamphlets or informative leaflets which provide a comprehensive picture of the products and services offered by Ponzi and by other Group companies. Specific detailed information may be reported or displayed on the website pages focusing on particular services. 


A cookie is a small string of text that is sent to your browser and possibly saved on your computer (alternatively on your smartphone/tablet or any other device used for accessing the Internet); that transmission generally occurs every time you visit a website. Ponzi uses cookies for various purposes, with the aim of offering you a rapid and secure digital experience, for example, allowing you to keep your connection to the protected area active during browsing on the website pages.
Cookies stored on your computer cannot be used to obtain any data from your hard disk, to send computer viruses or to identify and use your e-mail. Each cookie is unique in relation to the browser and device used by you to access the Ponzi Website. In general, the purpose of cookies is to improve the website functioning and user experience in using the same, although cookies can be used to send advertising messages (as specified below). For further information on what cookies are and on how they function, consult the website “All about cookies”

Purpose and presuppositions of lawfulness of processing

Your personal data will be processed to provide you with the requested service, meaning access, browsing and provision of the Website contents. Additional processing other than that just indicated may also be based upon the execution of contractual relationships of which you are part, or to fulfil pre-contractual measures involved in the same. In addition, if necessary in accordance with the GDPR, your data will be processed based upon your free and express consent, for one or more given purposes.
Subject to the legal bases just identified, your data will be processed within the limits of what is strictly necessary to pursue the following purposes:

  1. registration to the Website, to the services and/or Apps developed or made available by the Controller in connection to the Website, use of the respective informative services, management of contact or information requests. The provision of data for those purposes, connected to a pre-contractual and/or contractual phase or functional to a request by you, is optional. However, any failure to provide the data may prevent Ponzi from providing to you the requested services;
  2. processing of anonymous statistics on use of the Website and check of correct functioning of the same;
  3. only subject to the acquisition of your specific consent, sending of advertising, informative, promotional material and updates on initiatives and offers intended for you, market research, economic and statistical analyses. For those purposes the provision of data is optional and any failure to provide them will not involve any consequence for you, other than the impossibility for Ponzi to provide you with any updates on new products and services;
  4. ascertainment of liability in the case of computer crimes in detriment to the website of Ponzi or other websites connected or related to it;
  5. fulfilment of obligations provided by community and national legislation, protection of public order, ascertainment and repression of crimes.

Processing methods and logics, storage times and security measures

To carry out the activities highlighted above, the personal data may become known by personnel instructed by Ponzi, within its structures, in charge of the services and web services, and will be processed also by way of computerised procedures and electronic communication systems, protected by suitable security and confidentiality measures, as well as methods and logics coherent with the pursued purposes and for the storage times strictly necessary to fulfil the contractual and legal obligations.
In particular, in the website sections focusing on particular services, if your personal data is requested, the data will be encrypted by way of security technology known as Secure Sockets Layer, abbreviated to SSL. SSL technology codifies the information before it is exchanged via the Internet between your computer and Ponzi's central systems, making it incomprehensible to unauthorised parties and thereby guaranteeing the confidentiality of the information sent.

Scope of communication and transfer of data

To pursue the purposes indicated above, your data may be transferred in Italy and abroad, even outside the European Economic Space if this is necessary to pursue the cited purposes. In that case, the data recipients will be subjected to obligations of protection and security equivalent to those guaranteed by the Controller. In any case, only data necessary to pursue the set purposes will be communicated and the guarantees applicable to the transfer of data to third countries will be applied, where necessary. In addition to the Ponzi Group companies, associates, subsidiaries and/or parent companies, we may also communicate your personal data to our providers of commercial services, for marketing reasons, appointed for that purpose as external processors. In addition, the personal data may be communicated to the competent public bodies and authorities for requirements of fulfilling regulatory obligations or for ascertaining liability in the case of computer crimes in detriment to the website, as well as being communicated to third parties which provide IT and electronic services (e.g. hosting services, website management and development) and used by Ponzi for carrying out duties and activities even of technical and organisational nature, instrumental to the Website functioning. The entities belonging to the categories cited above may act as autonomous data controllers or, when necessary, as processors duly appointed by Ponzi.
The personal data may also become known by Ponzi employees/consultants specifically appointed as processors or officers.
The updated list of Processors can be consulted by sending a request to Ponzi at the contact details indicated above.

Rights of the data subjects

You may exercise at any time the rights recognised by the personal data protection regulations, including that of:

  1. requesting confirmation of whether or not processing of your personal data is taking place;
  2. accessing personal data relating to you, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom the same may be communicated, the applicable storage period, the existence of automated decision-making processes;
  3. obtaining without delay the rectification of inaccurate personal data relating to you and the respective notification to those to whom the data may have been sent by Ponzi;
  4. obtaining, in the set cases, the erasure of your data and the respective notification to those to whom the data may have been sent by Ponzi;
  5. obtaining the restriction of processing, where provided;
  6. objecting to the processing of your personal data, when possible;
  7. requesting and obtaining the portability of personal data - provided by you to Ponzi - in the established cases and in a structured, commonly-used and machine-readable format, also to send those data to another controller, with no impediment by Ponzi itself;
  8. lodging a complaint with the Privacy Supervisory Authority.

For processing based upon your consent, you may withdraw consent at any time. In any case, the withdrawal of consent will not prejudice the lawfulness of the processing carried out until that time.
To exercise your rights, contact the Data Protection Officer at the contact details indicated in the paragraph below. 

Data Controller and Data Protection Officer

Data Controller, in accordance with existing regulations, is Ponzi S.p.A., based in Milano, Corso Monforte, 9, 20122.

To contact the Data Protection Officer, write to:
Ponzi S.p.A.
FAO Data Protection Officer
Corso Monforte, 9
20122 Milano 
E-mail address: 
This document will be subject to updates (the various versions of the same will in any case be available). You are therefore invited to visit this section of our website periodically to view any changes or additions.