Website information - Zephorum

Website information



For Zephorum S.r.l. The privacy and security of your personal data are fundamental, and, for this reason, the data are collected and processed with the utmost caution and by adopting all the necessary measures to process and store them adequately. On this page we want to describe the ways in which Zephorum S.r.l. (hereinafter also “Zephorum”, “Company” or “Data Controller”) processes the personal data of users (hereinafter “Users”, “You” or “Data subject”) in relation to the services provided through the website (hereinafter also the “Site”). This information does not concern other websites, apps or online services that may be reached through the hypertext links published on the Site but is referable to external resources.

Data Controller

The Data Controller of your personal data is Zephorum S.r.l., (address: Piazza Deffenu, 9 – 09125 Cagliari, VAT 04020450922 (hereinafter “Data Controller”). The Data Controllers informs you that your personal data are processed in the manner and for the purposes indicated below and in compliance with the provisions of the Regulation (EU) 2016/679 (hereinafter “GDPR”).

Il Titolare ha nominato un Responsabile della Protezione dei Dati Personali (DPO), che può essere contattato al seguente indirizzo e-mail: [email protected]. Il Responsabile per la protezione dei dati personali, che ha, tra l’altro, la funzione di controllare l’osservanza di norme e policy in tema di trattamento di dati personali, può essere da Lei contattato per tutte le questioni relative al trattamento dei suoi dati personali e all’esercizio dei suoi diritti.

Data Protection Officer

The Data Controller appointed a Data Protection Officer (hereinafter “DPO”), that you can contact at the email address: [email protected]. The Data Protection Officer, who has, among other things, the function of monitoring compliance with rules and policies regarding the processing of personal data, can be contacted for all matters relating to the processing of your personal data. personal data and the exercise of your rights.

Type, nature of the data processed and Purpose of processing

Navigation data

Access to the website involves the recording of data used for the sole purpose of ensuring its proper functioning.

This data type includes the IP addresses or domain names of the computers and devices used, the URI/URL (uniform resource identifier/locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numeric status code indicating the status of the response from the server (success, error, etc.), and other parameters related to the user’s operating system and information technology environment.

Such data, which is necessary for the use of web services, can also be processed to:

  • obtain statistical information on the use of services (the most visited pages, the number of visitors by time or day, the user’s geographical area, etc.);
  • check that the services offered are functioning properly.

Data provided voluntarily by users

Zephorum processes the personal data communicated for the conclusion of contracts for the Services offered.

The personal data communicated by Users may also be used for the management of all phases of purchase of the Services offered on the Site, such as the management of requests for information or assistance; for confirmation of receipt of the order of the Services purchased; for billing.

Other information may be processed to process any request for technical or commercial assistance from Users.

In the case of sending applications or curriculum vitae in Zephorum’s communication channels, the information on the curriculum vitae will be processed exclusively to evaluate the application for an open job position and will subsequently be kept for a maximum period of six months and subsequently deleted.

Sending optional, explicit, or voluntary messages to the contact addresses on the website or private messages to the institutional profiles/pages on social media (indicated on the website) as well as completing and submitting forms on the website involve acquiring the sender’s contact data, which are necessary to respond, and all personal data included in the message.

Specific policy information may be published on the pages related to specific services that are offered.

Legal basis for processing

Your Personal Data are processed according to the following legal base:

A) for the execution of the contract or of the pre-contractual measures requested by the data subject in relation to the Zephorum services (art. 6.b. GDPR);

B) to fulfill the obligations deriving from the law, regulations or authority orders (contractual, pre-contractual, tax) and related to the provision of Zephorum services (art. 6.c. GDPR);

C) only if the Data Subject has given his consent, for the use of cookies (non-technical) or other tracking tools, for marketing purposes relating to products and/or services of Zephorum and/of third parties, and for user satisfaction purposes. All this is necessary to offer the user personalized services and to improve the user experience on the site (art. 6.a. GDPR);

D) according to the legitimate interest of the Data Controller for correct functioning and security purpose, in order to verify the use of the site and its correct functioning. This data, collected automatically, may also include personal data, such as the IP address (art. 6.f. GDPR).

Methods of processing

The processing of your personal data is carried out with the operations indicated in art. 4 no. 2), GDPR: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subjected to both paper and electronic and/or automated processing.

Data Recipients

The recipients of the data collected are Zephorum’s collaborators who have been explicitly appointed and authorized and who have received specific instructions. Authorized personnel have different access levels depending on their specific tasks. Recipients include also Data Processors, which are duly appointed under art. 28 of GDPR.

The recipients of the data will be supervisory boards, judicial authorities, as well as other subjects to whom communication is mandatory by law or for the purposes of preventing and safeguarding from threats and to allow Zephorum to ascertain or defend a right in court or before administrative authorities.

Data transfer

Personal data is stored on servers located in __________.

Your Personal Data will be processed within the European Union and stored on servers within the European Union. Personal data may be processed in countries outside the European Union if an adequate level of protection is guaranteed, recognized by an adequacy decision of the European Commission.

Any transfers of Personal Data to extra EU countries, without an adequacy decision of the European Commission. The transer will be possible only if adequate technical or contractual guarantees are provided by the Data Controllers and Data Processors, including Binding Corporate Rules and standard contractual clauses for data protection.

Data processing and retention period

Navigation data will be retained for no longer than three days (except when judicial authorities need the data to investigate crimes).

The data in the curricula that may be sent will be kept for a maximum period of six months.

Data provided voluntarily by users via email or by completing forms on the website will be retained for the time needed to comply with the aforementioned legal obligations and, in any case, no longer than the terms the data controller is subject to by law or regulation.

Nature of the providing of personal data

Providing data other than navigation data on the Site is optional. You can decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material on the Zephorum Services. However, you will continue to be entitled to Services that do not have the user’s consent as a legal basis.

The consequences of failing to provide personal data

If the user does not communicate personal data for processing based on a legal obligation, or for contractual or pre-contractual purposes, he prevents the provision of the requested Services to Zephorum.

About the processing of personal data based on consent, failure to provide consent does not affect the provision of the requested service by the Data Controller.

The rights of the Data Subject
According to the current rules and regulations, data subjects exercise the following rights:

  • to request access to their own personal data and information, the modification of incorrect data or the integration of incomplete data, the erasure of personal data (when one of the conditions under Article 17 (1) of GDPR applies and is in compliance with the exceptions under paragraph 3 of the same article, for example, if the user’s data has been unlawfully processed), and the limitation of personal data processing (under one of the circumstances pursuant to Article 18 (1) of GDPR, for example, if the processing of personal data is unlawful);
  • to withdraw consent to personal data processing at any time when specific circumstances that concern the user occur;
  • to exercise the right to data portability, or in other words, the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller, only when the processing is based on consent and only when the data is processed electronically.

These requests can be sent to the Data Controller. The form for exercising these rights is available at:

The right to lodge a complaint

When a data subject believes that the processing of his/her personal data on this website is in violation of the Regulation, he/she has the right to lodge a complaint with the data protection authority (, as required by Article 77 of this Regulation, or to take legal recourse (Article 79 of the Regulation).


To effectively provide our services and to enable certain features, we install small text files called “cookies” on your device. Cookies are stored on your device to then be re-transmitted to the site on your next visit. A cookie cannot retrieve any other data from the user’s hard drive or transmit computer viruses or acquire email addresses. Each cookie is unique to the user’s web browser.

This site does not use any profiling cookies for advertising purposes. The site instead allows the installation of cookies from third-party systems.

If you want to know more about the use of cookies on the site and read how to disable them, read this extended information on the use of cookies in its entirety.


Essential and functional cookies

These cookies, called “technical cookies”, are essential to allow you to browse the site and make full use of its features. Without these cookies, some necessary services cannot be used. These cookies will always be used and displayed unless the user changes the settings in his browser (read all the instructions on how to do this below). By browsing this site, you accept that these cookies can be installed on your device. Pursuant to article 122, paragraph 1, of the Privacy Code (Legislative Decree n. 196/2003) “technical” cookies can be used even in the absence of the data subject’s consent.

1) cookies with compiled user data (session identifier) for the duration of a session or in some cases persistent cookies limited to a few hours;

2) cookies for authentication for the duration of a session;

3) user-centric security cookies, used to detect authentication abuses, for a limited persistent duration;

4) session cookies for media players for the duration of one session;

5) session cookies for load balancing for the duration of a session;

6) persistent cookies for customizing the user interface approximately for the duration of a session.

7) cookies for sharing content through third-party social plug-ins for users of social networks who have logged in.

Third party cookies

While browsing the site you may also receive cookies on your device that integrate functions developed by third parties such as icons and content sharing on social networks or the use of third-party software services (such as software that generate maps and other software that offer additional services). These cookies are contained by third-party domains and partner sites that offer their functionality on the pages of the site. In other words, these cookies are set directly by website managers or servers other than the site.

This type of cookie falls under the direct and exclusive responsibility of the third party itself.

The user is therefore invited to consult the information on privacy and the use of third-party cookies directly on the website of the respective managers.

The detailed cookie policy is available in the Cookie Policy section on the site.