Visitor information

Dear Sir/Madam,

We need to process information concerning you, your personal data, in order to enable you to access our premises in accordance with the measures taken to protect the personnel working there, the assets contained therein, and your own safety (e.g. in the event of fire).

To this end, as required by European legislation for the protection of personal data (European Regulation 679/2016), we hereby provide you with the following information:

Data Controller and Data Protection Officer.

The Data Controller, i.e. the person who makes the decisions regarding the purposes, methods and security of personal data, is the company F.lli Pisa S.r.l., with registered office in Milan, via Montenapoleone no. 9 -

Purpose and legal bases of processing.

The personal data that you provide us with and which will be gathered during the providing of the services requested by you will be processed for the purposes according to the following legal bases:


(Why we process your data)


(On the basis of which law we process your data)


(What happens if you refuse to provide your personal data and/or to authorise their processing)

To protect people working in the premises and the company assets within the premises.

- Art. 6, Par. 1, Lett. f) GDPR processing is required to pursue the legitimate interest of the Company as regards the protection of its personnel and assets.

Consent is not required. Any refusal to provide the requested data will result in access to the premises being denied.

To protect and ensure your person, in case of an accident, during your stay within our premises.

- Art. 6, Par. 1, Lett. c) GDPR processing is required to fulfil a legal obligation to which the Company is subject.

Consent is not required. Any refusal to provide the requested data will result in access to the premises being denied.


Recipients and categories of data processed

The personal data provided by you at the time of accessing the premises will be processed exclusively by personnel authorised for this purpose or by data processors appointed for this purpose, with respect to whom you may request information from the Data Controller at the contacts indicated above.

Your data will not be disclosed or communicated to third parties, with the exception of those to which the law requires mandatory disclosure.

Your personal data will not be transferred outside the European Union.

Personal data storage period and criteria used

The personal data to be processed are gathered in a register and will be processed for the time of your stay in our premises and afterwards for a further thirty days.

Rights of the data subject

In the cases provided for, you have the right to obtain from the Data Controller access to your personal data and their rectification or erasure or the restriction of the processing that concerns you or to object to processing (Articles 15 et seq. of the Regulation).

The appropriate application to the Data Controller, accompanied by a copy of an identification document, must be submitted to the contacts of the Data Controller as indicated above.

If you believe that the processing of your personal data by the Data Controller, is being carried out in breach of the provisions of the Regulation, you are hereby informed that you are entitled to lodge a complaint with the Supervisory Authority, as provided for by art. 77 of the Regulation itself, or to take appropriate legal action (art. 79 of the Regulation).


The protection of the data concerning you and compliance with the principles provided for by law, with particular reference to the principle of transparency, are values of primary importance for us. We should be grateful if you would help us by reporting any misunderstandings of this document or suggesting improvements to the Data Controller’s contacts, as indicated above.