Privacy Policy


Pursuant to art. 13 of Regulation (EU) 2016/679, relating to the protection of natural persons with regard to the processing of personal data (“GDPR”), we provide you with information on the processing of personal data concerning you (“Data”), collected through the WEBsite navigation.



Cima spa
Registered office Piazzale Libia, 2 20135 Milan MI.
Administrative headquarters via Marcheselli, 6/9 29122 Piacenza, Tel. 0523 593056
Fax +39 0523 590333 E-mail



  1. Browsing data

Browsing data is collected automatically in exclusively aggregate form in order to verify the correct functioning of the site, obtain anonymous statistical information and for security reasons. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. For security purposes (anti-spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the laws in force on the subject, in order to block attempts to damage the site itself or to cause damage to other users, or in any case activities that are harmful or constitute a crime and to ascertain the related responsibilities; they can therefore be made available to the competent authorities. Such data is never used for profiling.

They are stored for a maximum period of six months.

  1. Data provided voluntarily by filling in forms on the site

The provision and processing of data is not mandatory, however failure to provide it could have consequences on components of the service that require their availability.

In case of processing of the data provided for marketing purposes, the sending of the request is subject to the specific, free and informed consent documented via a specific check-box. The data will be kept for two years.

Below we list the types of personal data provided by the user and the related processing:


Contact form

The identification and contact data and any details of the request are processed, necessary to be able to manage the requests expressed by interested parties by completing the form; the legal basis is found in article 6 paragraph 1 letter b) of Regulation EU/679/2016. The data is stored for the time necessary to manage user requests.

In the event that the same data are also provided for marketing purposes, the legal basis is the specific, free and informed consent documented via a specific check-box. The data will be kept for two years.


Form Work with us

The identification, contact and detail data of the request are processed, necessary to be able to manage the requests expressed by interested parties by completing the form; the legal basis is found in article 6 paragraph 1 letter b) of Regulation EU/679/2016. The data is stored for the time necessary to manage user requests.

Any personal data provided relating to particular categories of data pursuant to art. 9 EU Reg. 2016/679 (e.g. state of health, belonging to protected categories pursuant to law 68/1999) will be processed only where necessary and relevant for the evaluation of the application in relation to the specific job positions; the legal basis is found in the art. 9 paragraph 2, letter. b) EU Reg. 2016/679.

Any data relating to criminal convictions and crimes pursuant to art. 10 EU Reg. 2016/679 may be processed only if required by law; the legal basis is found in the art. 10 EU Reg. 2016/679 and in the art. 2-octies Legislative Decree. 101/2018.

The provision of some personal data (e.g. your CV) may sometimes be mandatory to apply for a specific job position; in this case, failure to provide such data will make it impossible to proceed with the application process for the specific job position.


For specific information, consult the  Cookies Policy


  1. Sharing contents with social networks

The site may also incorporate plugins and/or links for social networks, in order to allow easy sharing of content on your favorite social networks. These plugins are programmed so as not to set any cookies when accessing the page, to safeguard user privacy. Cookies are possibly set, if so provided by social networks, only when the user makes effective and voluntary use of the plugin. Please note that if the user browses while logged into the social network then he has already consented to the use of cookies conveyed through this site when registering on the social network. The collection and use of information obtained through the plugin are governed by the respective privacy policies of the social networks, to which please refer.



The data are processed by personnel regularly authorized and trained in processing and by third parties for legal or contractual obligations or appointed as Data Processors, guaranteeing maximum protection of their confidentiality, operating in full compliance with Regulation 2016/679/EU, and only for the purposes declared in this information. Personal data will not be disclosed.

The data is processed within the EU. If for technical and/or operational reasons it is necessary to make use of subjects located outside the European Union in countries that have not received an adequacy assessment by the EU Commission, the processing will be regulated by the Data Controllers in accordance with what provided for by Chapter V of the GDPR Regulation. All necessary precautions will therefore be taken in order to guarantee adequate protection of personal data possible by basing this transfer: a) on adequate guarantees expressed by the third party recipient pursuant to art. 46 of the Regulation; b) on the adoption of standard contractual clauses or ad hoc contractual clauses, c) on the adoption of binding corporate rules, so-called. “Corporate binding rules”. In addition to this, the Data Controllers adopt whenever deemed necessary further and specific technical and organizational measures aimed at minimizing the risks for their customers and users, including an impact assessment of the data transfer. Where the Data Controllers identify serious risks that cannot be mitigated, they will refrain from transferring the data.



The processing of data is based on the principles of correctness, lawfulness, transparency and data minimisation; it may be carried out either manually or through automated methods designed to store, process and transmit them and will take place through adequate technical and organizational measures, taking into account the state of the art and implementation costs, to guarantee, among other things, security, confidentiality , the integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable measures to promptly erase or rectify data that is inaccurate with respect to purposes for which they are processed.



The interested party has the right to ask the data controller to access personal data and to rectify or delete them and limit the processing. In some cases, you also have the right to object to the processing of your personal data. Finally, you can revoke the consent given at any time. You can exercise these rights by email to the Data Controller’s email address. Finally, the interested party has the right to lodge a complaint with the Guarantor for the protection of personal data.



Please note that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the home page of the site for a suitable period of time. However, the interested party is invited to periodically consult this policy.