top of page

Privacy Policy

The FINSEC Project website is managed by FINSEC WP8 leader, Zanasi & Partners (Zanasi Alessandro Srl), an Italian Advisory and Research SME specialised in Defence and Security, based in via Giovan Battista Amici 29, 41124 Modena (MO), Italy. The content of the website is generated by the whole FINSEC Consortium.

This privacy policy informs you of our policies regarding the collection, use and disclosure of personal information and data received from users of the site.

This privacy policy was last updated on 10 June 2019 and may be amended from time to time.


Who are the Data Controller and the Data Protection Officers?

GFT Italia Srl is the Data Controller for FINSEC Project and will manage personal data in compliance with the European Regulation 2016/679 (GDPR), in collaboration with the FINSEC Data Protection Officers (DPOs).

Data Controller Contact:

FINSEC Project has nominated a team of DPOs, committed to ensure the project compliance with the EU Directive on privacy. With regard to the data collected through the website, Zanasi Alessandro Srl is the data Protection Officer Contact.

Data Protection Officer Contact:

What is Personal Data?

Personal data, by the GDPR definition means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".


How do we collect personal data?

In this website is collected both directly and indirectly:

  1. directly when users complete the consent form and submit their personal information;

  2. indirectly, via cookies, used to collect information such as number of visitors, consulted page and more. If you want more information, please refer to the Cookies Policy.


What kind of personal data do we collect?

  1. Browsing data via Google Analytics:

    • number of visitors, sessions, page views, session duration, bounce rate;

    • users’ demographics data: age and gender;

    • users’ location data: language and location;

    • users’ behaviour data: new vs returning, frequency and recency, engagement;

    • technology data: browser, operating system, mobile device type and brand, screen resolution, screen colours, flash version, Java support;

    • network data: service provider and hostname;

    • users flow data.

  2. Point of contact data: name, surname and mail address, as submitted by the users via the subscribe option.


What are the legal grounds to collect and handle your personal data?

The consent that the data subject has given to the processing of his or her personal data for the purpose specified below.

FINSEC can process personal data when it is in its legitimate interests to do so and when these interests are not overridden by Data Protection Rights.


Which is the purpose of this collection, processing and utilisation of personal data?

All use of collected personal data are confined to the purposes stated below:

  • Promoting and disseminating FINSEC Project;

  • Promoting and advertising exploitable FINSEC results;

  • Sending tailored promotional communication to relevant stakeholders;

  • Improving users’ experience and efficacy of the website;

  • Producing statistical analyses to measure FINSEC communication and dissemination activities.


What about storage, access and transfer of personal data?

Personal data collected via the website will be generally stored in Zanasi Alessandro Srl.’s servers located in Modena, Italy. However due to the cloud-based services used in this website personal data may be transferred to external third parties located outside the EU.

Personal data is shared with the following entities:

  • Entities that provide, support, maintain the website:

    • the website is realised with and your data may be stored through’s data storage, databases and the general applications. They ensure data is stored on secure servers behind a firewall. 

    • Zanasi Alessandro Srl: the company maintain and updates the website, producing statistical analysis to verify its efficacy.

  • Third party analytics:

    • Google Analytics: Google stores data on servers located in the US and ensure compliance with GDPR regulation. See Cookies Policy for more information.

Personal will not be transferred for other purposes, nor will it be passed or sold to third parties by FINSEC Consortium members for their own marketing purposes.


Which period will the personal data be stored for?

Personal data will be kept for a limited period, as long as needed to fulfil the purposes for which it was initially collected and not longer than required. All data will not be retained after the end of the project: 1st May 2021.


What about the subscribing form requested in this web site?

Submitting personal data in the subscribing form is optional: it will allow us to contact you for dissemination, information and advertising purposes related to FINSEC project activities. Also, if you don’t provide the requested information, the Data Controller won’t be able to directly contact you for any privacy issues.

The permission can be withdrawn at any time by sending an email to  


What are your rights as a data subject under GDPR?

The data controller has to inform the data subject of its rights in a clear, concise and transparent form, thus facilitating the exercise of his/her rights. The controller shall provide information on action taken on a request under GDPR Articles 15-22, within one month of the request (an extension of at most two months is possible, but the data subject must be timely informed of this delay).


Right of access (Art. 15 GDPR): the data subject has the right to obtain from the controller confirmation of whether or not personal data is being processed, to know the purposes of processing, the categories of data processed, where and how long the data will be stored, and to request a copy of the data.


Right of rectification (Art. 16 GDPR): the data subject has the right to obtain from the controller correction of incorrect or incomplete data.


Right to erasure (Art. 17 GDPR): Also known as ‘right to be forgotten’, the right to obtain erasure of personal data without undue delay, under certain circumstances.


Right to restriction of processing (Art. 18 GDPR): the data subject has the right to obtain a restriction of processing, when certain conditions are verified.


Right of notification (Art. 19 GDPR): the data controller must inform the data subject of any rectification, erasure or restriction of processing carried out in accordance to Articles 16-18.


Right to data portability (Art. 20 GDPR): the data subject has the right to receive personal data we hold, and have it transferred directly it to another organisation.


Right to object (Art. 21 GDPR): the data subject has the right to object at any time to processing of his personal data. The controller shall no longer process the personal data unless able to demonstrate compelling legitimate grounds which override the interests, rights and freedom of the data subject.


Right to object to automated processing (Art. 22 GDPR): the data subject has the right not to be subject to a decision based solely on automated profiling, including profiling.


If you want more information on your rights as the data subject under the GDPR regulation, check


What are the conditions for acceptance, validity and modification of data protection policy?

This privacy policy is effective as of 10 June 2019, and will remain in effect unless changes are made, which will be in effect immediately after being posted on this page. We will notify of any changes made to this page either through the email address provided by the users or through notices posted on our website.

How is it possible to contact us?

If you have any questions regarding this Privacy Policy, please contact us at:

bottom of page