Skip to main content


Why this notice

This page describes the methods and logics of managing the site with reference to the processing of personal data of users who consult it and interact with it by means of the contact form or training courses.
This is an information that is also provided pursuant to art. 13-14 of the EU Reg. 679/16 and of the Italian legislation in force for the protection of personal data D. lg.s. 196/2003 and succ. modif. and additions, in particular those introduced by Legislative Decree n. 101/2018 to those who interact with the web services of the site accessible electronically from the address (hereinafter referred to as the site) and not for other sites external and possibly connected websites that can be consulted by the user through links on the site.

This document incorporates the contents of the Privacy Policy applied by the Authority for the protection of personal data with reference to the processing of personal data of users who connect to the official website
It is the intention of the Torrefazione Moka Sir's Spa company to conform its privacy protection policies to the provisions of EU Reg. 679/16 also with the precautions and procedures that the Guarantor has specified in the Privacy Policy document published on the official website 'Authority.

The processing of personal data means any operation or set of operations carried out with or without the aid of automated processes and applied to personal data or a set of personal data, even if not registered in a database, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation, or modification, extraction, consultation, use, communication by transmission, dissemination any other form put available, comparison or interconnection, limitation, cancellation or destruction.

1. Data Controller

The data controller is Torrefazione Moka Sir's S.p.a., in the person of its pro tempore legal representative with registered office in Via Privata Cesare Battisti, 2 - 20122 Milan (MI), C.F. and VAT number 00181250184 - R.E.A. MI n °. 1703616 R.E.A. PV no. 129448 - Share Capital Euro 1,820,000.00 Int. Vers. E-mail: - e-mail pec:

2. Types of data collected
Among the Personal Data collected by this site, there are:

Data provided voluntarily

The optional, explicit and voluntary sending of e-mails to the addresses indicated on the Portal entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. These data will be disclosed to third parties only where necessary to comply with the requests of the users / visitors themselves.

Sending data from the contact form or for participation in training courses is mandatory and necessary to respond to requests sent as well as to contact the sender again to obtain the requested information or to participate in courses.
The data required by the contact form or by the registration form for the taste laboratories are those necessary for registration to courses or to be able to respond to the user. Failure to provide them prevents the company from evading the services offered.

The organization of the courses and the methods of conducting them will then be communicated directly to the interested parties who have registered.
Candidates wishing to work with Moka Sir's Spa are advised that they will send their curriculum vitae that their data will be processed in compliance with the current legislation, taking into account the sensitivity and importance of the same and that appropriate privacy information and any provision of the consent will be submitted to them during any informative and / or presentation interview.

Navigation data

The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category includes the technical data relating to connections (logs), which Moka Sir's Spa keeps to allow the security checks required by law and to improve the quality of the services offered and customize them in relation to the needs of users / visitors.
Any use of Cookies - or of other tracking tools - by this site or by the owners of third party services used by this site, unless otherwise specified, has the purpose of identifying the User and recording their preferences for purposes. strictly related to the provision of the service requested by the User.

The User assumes responsibility for the Personal Data of third parties published or shared through this site and guarantees that he has the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

3. Method and place of processing of the collected data

Processing methods

The Owner processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data, in order to meet the legal requirements and protect the rights of the interested parties
The data processing can be carried out both with the use of paper support and with the aid of electronic, IT and telematic tools, in a manner and with suitable tools to guarantee the security and confidentiality of the data and may consist, in addition that in their collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction, in accordance with the provisions of art. 4 n. 2) of the GDPR. In addition to the Data Controller, in some cases, categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers) may have access to the Data. hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.


The Data is processed at the Data Controller's operating offices and in any other places where the parties involved in the processing are located.
For more information, contact the owner.

4. Legal basis of the processing

The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

the User has given consent for one or more specific purposes; Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User's consent or another of the legal bases specified below, as long as the User does not object ("opt-out") to such treatment. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
the processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures;
the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;

the processing is necessary for the performance of a task of public interest or for the exercise of public authority vested in the Data Controller;

the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.

5. Retention period

The Data are processed and stored for the time required by the purposes for which they were collected and in any case in accordance with the law.
The User can obtain further information by contacting the Owner.

At the end of the retention period, the Personal Data will be deleted according to the procedures established by current legislation. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
By way of example, the following summary table is indicated.




Candidates Maximum 24 months

art 5 lett. e) del Reg UE 2016/679

Employees and staff

10 years from the termination of the employment relationship

art. 43 of Presidential Decree 600/73; art. 2946 of the civil code on ordinary prescription; Title I, Chapter III, D.lgs.81/08 e s.m.i.

Customers and suppliers 5-10 years

art. 2948 of the Italian Civil Code which provides for a five-year prescription for periodic payments; art. 2220 of the civil code which provides for the retention of accounting records for 10 years; art. 22 of the D.P.R. of 29 September 1973, n. 600.

Prospect customers

in compliance with the terms prescribed by law for the type of activity and in any case until the withdrawal of consent or until the exercise of the right of opposition

Provv. general of 05/15/13; art. 21 EU Reg. 2016/679.

Data processed
for marketing purposes

in compliance with the terms prescribed by law for the type of activity and in any case until the withdrawal of consent or until the exercise of the right to object

Provv. general of 15/05/13; art. 21 Reg. UE 2016/679.

Video surveillance images 24 hours

Provv. general of Guarantor art. 21 Reg. 2016/679

Cookies Maximum 6-12 months

Provv. general of Guarantor 19/03/2015; art. 21 Reg. UE 2016/679

LOG Administrators
of System
Maximum 6 months

Provv. general of Guarantor 27/11/2008 e; art. 21 Reg. UE n. 2016/679

Navigation data Last 10 sites visited

Provv. general of Guarantor/law; art. 21 Reg. UE 2016/679

6. Purpose of processing the collected data

The User Data is collected to allow the Owner to provide its Services, as well as for the following purposes: Statistics and Contacting the User and to participate in training courses.
Mainly, Moka Sir's S.p.a. uses the data provided by the interested parties to:
a) purposes related to the use of the services offered for browsing the site;
b) activities connected and instrumental to the management of relations with customers (contact requests);
c) marketing and profiling activities, only and exclusively with specific consent, aimed at market research; economic and statistical analysis; sending advertising / informative / promotional material, sending newsletters, also in relation to programs and promotions, including online, communications, development and maintenance of commercial relationships;
d) process data relating to curricula for the evaluation of job applications.
f) process the data relating to subjects who enroll in courses organized by the company and / or events.
The provision of data for the purposes referred to in letters c) - d) - f) is optional and must be provided in accordance with the procedures set out in art. 7 of the GDPR. Communications relating to marketing activities may take place through the use of traditional methods (eg: paper mail, telephone calls with operator) and telematic (eg: e-mail). If you are already our customer, we can send you commercial communications relating to services similar to those you are already using, unless you disagree.
Failure to consent for the purposes referred to in point 6 lett. c) d) f) will result in the inability to be updated on commercial initiatives and / or promotional campaigns, to receive offers or other promotional material and / or to send the user personalized offers.

For all the purposes mentioned above, Moka Sir's S.p.a. may appoint external suppliers to whom only and exclusively the data strictly necessary for the performance of the assignment are transmitted.
If this consent has been given by selecting the "Subscribe to the Newsletter" box, Moka Sir's S.p.a. may send the user advertising or promotional messages, using all the contact details provided by him, within the limits of the provisions of the Code and without prejudice to the user's right to deny such use at any time.

7. Provision of consent

The user is reminded that consent will be expressly given by affixing the flag in the spaces specifically dedicated to the individual specific purposes, such as during the registration procedure on the site, or in the contact form, in the course registration form, or in the space dedicated to subscribing to the newsletter.
The aforementioned flag constitutes an electronic signature, the aforementioned electronic trace will have full validity and effectiveness of the law, also in order to establish the methods and date of the provision of consent pursuant to art. 7 EU Reg. n. 679/2016.

8. Communication and dissemination of data

The data will not be disclosed and will be processed by the employees of the Company, who operate as persons authorized to process data according to the tasks performed and adequately trained. The data may be disclosed to external parties including the Managers appointed pursuant to art. 28 of the GDPR. In particular, the data may be disclosed to the following categories of subjects, listed below by way of non-exhaustive example: banking institutions and companies specialized in payment management and credit insurance, law and consulting firms, persons in charge of auditing of the company's financial statements, public authorities or administrations for legal obligations, Italian and foreign suppliers, financing and transport companies.

It should be noted that a detailed list of Data Processors is available at the Moka Sir's Spa headquarters.
For all the purposes indicated in this information, your data may also be communicated abroad, inside and outside the European Union, in compliance with the rights and guarantees provided for by current legislation, subject to verification that the country in question guarantees an adequate level of protection pursuant to the provisions of the GDPR.

9. User rights

In relation to the aforementioned data, all the rights referred to in Articles. 15, 16, 17, 18, 20 and 21 of the GDPR, and specifically:
a) the right to access personal data and to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed;
b) their correction in case of inaccuracy;
c) the cancellation of data;
d) the limitation to processing when certain conditions are met, in this case the Data Controller will not process the Data for any other purpose than their conservation;
e) opposition to processing, when it occurs on a legal basis other than consent;
f) the right to data portability, i.e. to receive the personal data provided in a structured format, commonly used and readable by an automatic device, and to have it transferred to another Data Controller without hindrance.
In case of violation of these provisions, the data subject has the right to lodge a complaint with the competent Personal Data Protection Supervisory Authority or take legal action.

10. Withdrawal of consent

The consent given may at any time be revoked, without this jeopardizing the lawfulness of the processing based on the consent given before the revocation and the further processing of the same data based on legal bases other than the consent itself, such as the fulfillment of contractual obligations. and the law.

11. How to exercise your rights

To exercise User rights, Users can send a request to the Data Controller without formalities, by sending a communication to the company Torrefazione Moka Sir's S.p.a., to or to
Requests are filed free of charge and processed by the Data Controller as soon as possible.

12. Defense in court

The User's Personal Data may be used for defense by the Owner in court or in the stages leading to its eventual establishment, from abuses in the use of the same or related services by the User.
The User declares to be aware that the Data Controller may be required to disclose the Data at the request of the public authorities.

13. Specific information

At the request of the User, in addition to the information contained in this privacy policy, this site may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.
This site does not support "Do Not Track" requests.

To find out if any third-party services used support them, the User is invited to consult the respective privacy policies.

14. Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page. Please therefore consult this page often, referring to the date of the last modification indicated at the bottom. In the event of non-acceptance of the changes made to this privacy policy, the User is required to cease using this site and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that time.

If the changes affect treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.

15. Definitions and legal references

Personal Data (or Data)

Any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number, constitutes personal data.

Usage Data

This is the information collected automatically by this site (or by third-party applications that this site uses), including: the IP addresses or domain names of the computers used by the User who connects with this Site, the addresses in URI (Uniform Resource Identifier) ​​notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc. ) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the site, with particular reference to the sequence of pages consulted, to the parameters relating to the operating system and the IT environment of the User.
The individual who uses this site, who must coincide with the interested party or be authorized by him and whose personal data are being processed.


The natural or legal person to whom the Personal Data refers.

Data Processor (or Manager)

The natural person, legal person, public administration and any other body, association or organization appointed by the Data Controller to process Personal Data, as established by this privacy policy.
Data Controller (or Owner)

The natural person, legal person, public administration and any other body, association or organization which is responsible, even jointly with another owner, for decisions regarding the purposes, methods of processing personal data and the tools used, including the profile of the security, in relation to the operation and use of this site. The Data Controller, unless otherwise specified, is the owner of this site.


The service provided by this site as defined in the relative terms (if any) on this site.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and the European Economic Area. Cookies
Small piece of data stored in the User's device.

Legal references

Notice to European Users: this privacy statement has been drawn up on the basis of current legislation including articles. 13-14 of the U.E. Reg. 679/2016.
Unless otherwise specified, this privacy policy applies exclusively to this site / site.

April 16, 2020