PRIVACY POLICY pursuant to Art. 13 of the EU Regulation 2016/679 General Data Protection Regulation

With this note, Coin S.p.A. intends to inform users visiting the website "" (hereinafter the "Site") of the Policy adopted in relation to the Protection of Personal Data, emphasising its commitment and attention with reference to the protection of the privacy of visitors to the Site ("Users").

Navigation within the Site is free and does not require any registration, with the exception of certain areas in which the User may freely and expressly provide a series of data concerning him or her in order to access specifically identified services (e.g. to register on the Site and create his or her personal COIN account). Therefore, if the User intends to provide their personal information in order to access such further services, they will be expressly informed in accordance with article 13 of the EU Regulation 679/2016 - General Data Protection Regulation, with an indication (by way of example) of the purposes and methods of use of the information by Coin S.p.A., as well as the right to request the cancellation of the information or its updating at any time.


Information on data protection

Pursuant to and for the purposes of EU Regulation 2016/679 - General Data Protection Regulation (hereinafter the "Regulation"), Coin S.p.A. provides the following information.


1. The Data Controller and contact details

The Data Controller of the personal data collected through the Website is Coin S.p.A., with registered office in Venezia Mestre (VE), via Bruno Maderna n.11, postcode 30174 (hereinafter "COIN"), c.f. and p.iva: 04391480276, tel.0415065100 and email


2. The Data Protection Officer

The Data Protection Officer appointed by COIN can be contacted by e-mail:


3.Types of personal data processed

Data voluntarily provided by the User:

No registration is required to access the Site. However, there are sections of the site that require registration or the use of username and password (e.g. the creation of a personal Coin account and access to services and facilities reserved to registered users) or services for the use of which it is necessary to provide your data (e.g. to proceed with an online purchase, to subscribe to the COIN newsletter, to contact us, etc.).


Navigation data:

The computer systems and software procedures used to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols (so-called navigation data). This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and computer environment.

These data are processed for the legitimate interest of COIN to obtain statistical information on the use of the Site, to check its correct use and operation and to guarantee its security, being deleted after processing.

With reference to data relating to navigation within the Site, see also point 8 below concerning the profiling tools used by the Site and the Cookie policy referred to.



4. Purpose and legal basis of processing

Data are collected and processed for purposes strictly related to the use of the Site and its services. The purposes for which the data is used and the relative legal bases for processing are indicated in detail in the specific notices provided by the Site in all cases of data collection. We therefore ask you to read the information notices that from time to time illustrate the characteristics of the processing that will be performed by COIN (e.g. to register with the Site, to subscribe to the Newsletter, to make online purchases, to submit a job application, to contact customer service, etc.). Data will be processed in full compliance with privacy regulations.


5. Optional provision of personal data

The provision of personal data is generally optional. Only in certain cases may failure to provide data make it impossible to access specific services and obtain what may be requested (e.g. to purchase products online); failure to provide such data may therefore prevent COIN from allowing access to the Site's services or from responding to users' requests.

The data required from time to time are indicated in the data collection forms on the Site - e.g. by marking them with an asterisk (*) or indicating that they are required if the data is not indicated - and the consequences of not providing them are set out in the specific information on the data collection pages.


6. Modalities of data processing

The data will be processed mainly in digital format and only residually in analogue format. COIN guarantees the lawful and correct treatment of the personal data provided through the Site, in full compliance with the regulations in force, as well as the maximum confidentiality of the data provided during registration. All the information collected is transmitted in a protected connection so as to prevent its interception by outsiders. The security of the Site is guaranteed and certified by a leading provider of Internet security services.


7. Data recipients

The data shall not be disclosed to third parties or disseminated except within the limits and under the conditions expressly set out in the information notice provided to the User from time to time and subject to the User's prior authorisation, where necessary.

The data will be processed by company personnel expressly authorised to process the data, in accordance with art. 29 of the Regulations and art. 2-quaterdecies of Legislative Decree 196/2003 as well as, as Data Processors appointed by COIN in accordance with art. 28 of the Regulations by: (i) the Information Technology Department of the company OVS S.p.A. responsible for the management of COIN's information systems; (ii) suppliers of services, software or information systems functional to: (a) the management and technological maintenance of the Site, (b) the services offered through the Site (e.g. (b) the services offered through the Site (e.g. COIN Customer Service manager, supplier of the platform for collecting and managing job applications in the "Work with us" area, etc.); (c) data storage; (d) marketing activities (e.g. suppliers of platforms for sending commercial communications); (e) activities for analysing COIN customer data and preferences (e.g. suppliers of dedicated CRM software). The list of Data Processors appointed pursuant to Article 28 of the Regulation may be requested by means of a communication to be sent to the e-mail address


8. Profiling and/or customisation tools

COIN does not carry out any promotional and/or advertising communication activities without the prior express consent of the User.

The Site uses 'cookies', both technical (i.e. to facilitate navigation and use of the Site) and profiling (i.e. to analyse users and their behaviour and preferences, and to provide them with personalised advertisements).

For a detailed explanation of the cookies used by the Site and how to deactivate them. We invite you to read our Cookie Policy.


9.Place of data processing and extra-EU transfer

Data collected through the Site will reside on servers located within the European Union.

Where necessary for the proper management of the Site and related services, the data may be transferred to countries outside the European Union/European Economic Area. The transfer of your data to third countries will take place in full compliance with the guarantees, measures and rights as provided for by the applicable legislation (Articles 45 et seq. of the Regulation). By sending a simple request to the references indicated in paragraph 1) above, you may receive further information on the transfer of your data and the guarantees provided for their protection.



10.Period of data retention

The Data will be processed for the time periods stipulated in the specific information provided at the time of collection (e.g. online purchases, use of the contact service, subscription to our newsletter, etc.).

Regarding the retention time of data collected through the use of profiling tools (e.g. cookies), see our Cookie Policy.


11. Rights of the persons concerned

By sending a communication to Coin to the e-mail or by using the form in the "contacts" area of the website, the User may at any time exercise the rights pursuant to articles 15 to 22 of the Regulation, a brief description of which is provided below:

  • Right of access: the data subject may request confirmation from the Data Controller as to whether or not data relating to him are being processed and, if so, obtain access to the data relating to him and to information relating to the processing, such as: the purposes, the categories of personal data, the recipients or categories of recipients to whom the data are disclosed, the storage period, the existence of an automated decision-making process and the logic used, as well as the existence of adequate safeguards in the event of data being transferred to a country outside the EU (Art. 15 of the Regulation)
  • Right of rectification: the data subject may request the correction or updating of inaccurate data or, taking into account the purpose of the processing, the integration of incomplete personal data (Art. 16 of the Regulation).
  • Right to erasure (oblivion): (where applicable) the data subject has the right to obtain the erasure of personal data concerning him/her, e.g. when the personal data are no longer necessary for the purpose for which they were collected. However, it will not be possible to request the deletion of data if it is necessary to comply with a legal obligation (e.g. bookkeeping, security, etc.) or for the establishment, exercise or defence of a legal claim (Art. 17 of the Regulation).
  • Right of restriction: the data subject may request that the processing of data be restricted, e.g. when the accuracy of personal data is contested, for the period necessary to verify the accuracy of such data (Art. 18 of the Regulation).
  • Right of notification: the data subject has the right to be informed of any rectification or erasure or restriction of processing carried out in relation to personal data concerning him or her, and of the recipients to whom they have been communicated (Art. 19 of the Regulation).
  • Right of portability: (where applicable) the data subject has the right to receive data concerning him/her in a structured, commonly used and machine-readable format (e.g. in .excel, .csv format). This right is, however, restricted to data processed by automated means and on the basis of a contract with the data subject, or his/her consent. If technically feasible, it will be possible to request transmission of the data directly to another data controller (Art. 20 of the Regulation).
  • Right to object: (where applicable) the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out, for example, in pursuit of a legitimate interest of the controller or a third party (including profiling). You may also always object to the processing of data carried out for direct marketing purposes, including profiling related to such direct marketing (Art. 21 of the Regulation).
  • Right not to be subjected to automated decisions, including profiling: (where applicable) the data subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her, except where the automated decision is necessary (i) for the conclusion or performance of a contract between the data subject and a data controller, (ii) is provided for by law, subject to measures and safeguards, (iii) is based on the data subject's explicit consent (Art. 22 of the Regulation).

12. Complaint

If you consider that the processing of your personal data violates the provisions of the Regulation, you may always lodge a complaint with the Data Protection Authority (, or with the Data Protection Authority of the country in which you habitually reside or work, or of the place where the alleged violation occurred.


13. Links to other sites

 This statement is provided only for the Coin website and not for any other websites that may be consulted by the User through links. COIN cannot be held responsible for personal information provided by users to external parties or to any websites linked to this site.


14. Applicable law

This Privacy Policy is governed by EU Regulation 679/2016, which ensures that personal data is processed with respect for the fundamental rights and freedoms and dignity of the data subject, with particular reference to confidentiality, personal identity and the right to protection of personal data.


15. Revision Clause

COIN reserves the right to revise, modify or simply update, in whole or in part, at its sole discretion, in any way and/or at any time, without prior notice, this Privacy Policy, as well as the other notices and communications contained in this Site, also in consideration of changes in laws or regulations on the protection of personal data. Changes and updates to the Privacy Policy will be notified to Users on the Home Page of the Site as soon as they are adopted and will be binding as soon as they are published on the Site in this same section.We therefore ask you to regularly access this section to check the publication of the most recent and updated Privacy Policy.

The full text of EU Regulation 2016/679 - General Data Protection Regulation can be found on the website of the Garante per la Protezione dei dati personali