Privacy Policy



This Policy explains which personal data are collected by Costim Srl and why and how they are processed. Information is also provided below on how to exercise your rights under the GDPR.
Generally speaking, we collect your data when you create an account on our website, use our services, send us emails or messages, call us or use our websites and our social media. The personal data collected during these processes will be processed to respond to your requests and to allow you to use the services offered by COSTIM as stated below.

  1. Who processes your data – Data Controller

Costim Srl, Viale Vittorio Emanuele II, 102, Bergamo (BG),, is the controller of the data processing carried out on this website and required to provide you with the services that can be accessed through the website in accordance with the purposes and procedures stated below.

  1. What data we use – type of data processed

In order to provide the services available on the website, and also to provide you with assistance and respond to your requests, we process your personal data such as your name, surname (or nickname), email address and telephone number.

  1. Where we collect your data – Data collection procedures

Directly from you. For example, if you create an account, post a comment on our social media accounts, send us query by email or through other communication channels. If you do not provide us with your data we will be unable to respond to your requests or give you the information you require or create an account for you.
Through use of the website. We use cookies to improve the functions of the website and allow it to be used more efficiently. To find out more, please view our Cookie Policy.
From third parties. For example, if you decide to use other social media features to interact with us, the third party social media site will transmit some of your data to us, subject to your consent. Your activities on our websites could be posted on the social media platforms where you have an account (and of which you have accepted the terms and conditions, including those concerning use of your data).

  1. Why and for how long we process your data – Purpose and legal basis of processing – Data storage period

To provide the services on our website, to give you information and assistance on the Costim Srl services. The processing of your data is required to allow you to access Costim Srl’s website, to respond to your requests and to assist you when you use our website. The legal basis of this processing is Costim Srl’s legitimate interest in interacting with its audience of current and potential customers, suppliers and candidates. Your data will be stored for the time required to deal with your request (however if you belong to a specific category of data subjects, such as candidates or suppliers, the purpose, legal basis and duration of the processing may differ and be subject to the specific privacy policies you receive in the aforesaid capacity).

To prevent or control unlawful conduct or to protect and enforce rights. For example, we may use your data to prevent offences or to prosecute infringements of our or third party intellectual/industrial property rights or computer crimes or crimes committed through telematic networks. The legal basis of this processing is Costim Srl’s legitimate interest in protecting its rights and preventing crimes. Your data will be stored for the time reasonably required to enforce our rights from the time we become aware of the crime or of its potential commission.

To gather information on use of the website. When you browse our website, the software procedures and computer system used to operate the web applications collect certain personal data during their normal operation. The transmission of these data is implicit in the use of internet communication protocols.

This information is not collected in order to be associated with identified data subjects, however due to its very nature, it could make it possible to identify users through processing activity and association with data held by the Controller or by third parties.

This category of data includes IP addresses and domain names of the devices used by the users to connect to the app, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time the request was made, the method used to submit the request to the server, the size of the file obtained in response, the code number indicating the status of the reply given by the server (successful, error, etc.), the sections of the website visited, the type of device used, the country from which the connection was made and other parameters concerning the user’s operating system and computer environment. Costim Srl uses this information for the exclusive purpose of allowing users to browse its website and carrying out the customary operations involved in use of the website. The legal basis of this processing is Costim Srl’s legitimate interest in communicating with the public through the telematic network. Information that could potentially allow identification is stored for a period of 26 months after access to the website.

  1. Where are your data processed

Data processed through our website are processed and stored at our structures and at those of our suppliers located in Italy.

  1. Who we share your data with – recipients of personal data

With service providers. Costim Srl uses the services of third parties (cloud, hosting, website browsing functionalities, customer service) who operate as data processors under agreements that comply with Article 28 of the GDPR. These persons only acquire the personal data required to carry out their functions and can only use them to provide the services on our behalf or to comply with legal obligations. An updated list of the third party suppliers operating as processors pursuant to Article 28 of the GDPR can be obtained by sending a request to

With judicial or administrative authorities. We may disclose your data to the judicial authorities or to an administrative authority of the State or of the European Union if we consider this necessary to comply with an order of the court or of an authority, or to fulfil legal obligations or to ensure the legal protection of ourselves or of third parties.

  1. Children

Costim Srl’s website and its services in general are not addressed to children under the age of 16, who should not therefore provide personal data to Costim Srl. If Costim Srl should acknowledge that it has collected the personal data of users under the age of 16, it will take the necessary steps to eliminate this information as soon as possible.

  1. Your rights

In addition to managing your preferences on how your personal data are processed, as described in the previous paragraphs, you can contact Costim Srl to request access, rectification or erasure of your personal data or to restrict or object to their processing and to request data portability; you can also withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).

When you exercise your right to access, you can request a copy, rectification or erasure of your data, restriction of processing and data portability, you can object to processing and request not to be subject to automated processing such as profiling (if ever carried out).

You are entitled to lodge a complaint with the Data Protection Authority and to ask controllers to provide information, at any time, on processors and on persons authorised by the controllers to process your data.

You can exercise your rights by contacting Costim Srl by email at the address

  1. What we do if we change this privacy policy – update of the privacy policy

We may make changes to our privacy policy. We will inform you of these changes by publishing an updated version on our website and notifying you by email. The new version will have a different date to the one stated below. Please consult our website regularly for updates.


Version updated to September 2019