Privacy Notice regarding the processing of personal data pursuant to Article 13 of EU Regulation 2016/679

Identity and contact details of the Controller

Identity: Maps S.p.A.,
VAT number: 01977490356
Address: Via Paradigna 38/A, 43122 Parma

Identity and contact details of the Joint Controllers

(the joint control relates to the processing specified below)

Identity: Artexe S.p.A.
VAT number: 02908570043
Address: Via Giuseppe Piazzi, 2-4, 20159 Milano (MI)

Identity: SCS Computers S.r.l
VAT number: 00989600440
Address: Via S. Alessandro, 3, 63900 Fermo (FM)

Identity: Iasi S.r.l.
VAT number: 01114770660
Address: Viale Dell’Industria, 6, 67039 Sulmona (AQ)

Identity: I-Tel S.r.l.
VAT number: 03344550409
Address: Viale Veneto 30/a, 47838 Riccione (RN)

Identity: Energenius S.r.l.
VAT number: 02459280224
Address: Piazza Manifattura, 1, 38068 Rovereto (TN)

Contact details of the Data Protection Officer


1. Purposes of the processing

General purposes

User Data is collected to allow the Controller to:

  • provide the Service
  • fulfill legal obligations
  • respond to requests or enforcement actions
  • protect their rights and interests (or those of Users or third parties)
  • detect any fraudulent or malicious activities

As well as for the following activities:

  • managing contacts and sending messages
  • managing spontaneous applications
  • interaction with data collection platforms and other third parties
  • contacting the User
  • interaction with social networks and external platforms
  • statistics
  • protection from SPAM and Management of landing pages and invitation pages
  • management of financial newsletters

Purposes of the processing with joint control

The processing purposes are also linked to the activities that the various companies carry out within the framework of joint control.

When referring to joint control, it is understood as a situation in which there is a plurality of subjects, called “joint controllers,” who jointly determine the purposes and methods of processing a set of data. This joint control situation is governed by an agreement that the group companies have entered into, transparently setting out their respective responsibilities regarding compliance with the obligations arising from current regulations. This agreement particularly regulates the joint controllers’ obligations regarding the exercise of the data subject’s rights, as well as their respective roles in communicating information to data subjects.

The joint processing of data is carried out with reference to the Business Units (B.U.) of the group (Healthcare, Energy, ESG, Mapslab). Considering that the products of companies belonging to the same business unit share the objective of providing the same solutions to the same stakeholders, and that individual solutions often work and interact with each other, joint control only occurs among companies belonging to the same business unit.

The activities related to joint control, as mentioned earlier, consist of marketing activities.
Indeed, concerning the former, within the same BU, companies may collect, exchange, and use data to send communications related to:

  • Events (trade shows, workshops, webinars, etc…)
  • Product or in-depth informational content (whitepapers, infographics, etc…)
  • DEM (direct email marketing)
  • Newsletters

Indirect Marketing

In the event that the user agrees, through checkboxes, to receive communications for indirect marketing, they may receive communications from companies belonging to different Business Units than the one contacted. The user will have the opportunity to manage their consents using the links found within the email communications sent by Mapsgroup or by writing directly to, all without prejudice to the lawfulness of the processing based on the consent given before its withdrawal.

2. Legal basis for the processing

According to EU Regulation 2016/679, the processing carried out by us must always have a legal basis that legitimizes it.

a) Consent to the processing of personal data for one or more specific purposes by the data subject (Article 6(1)(a) – EU Regulation 2016/679)
You may revoke your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

b) Processing of data for the performance of pre-contractual measures or contractual obligations (Article 6(1)(b) – EU Regulation 2016/679)
The processing of your data is necessary for the performance of pre-contractual measures or contractual obligations. This legal basis legitimizes the processing for the purposes indicated in the “Purposes of the processing” section. Failure to provide your personal data will result in our inability to provide the requested services.

3. Categories of personal data processed

The personal data obtained from various forms on the website that may be subject to processing are as follows:

  • Personal details: first name and last name
  • Contact details: phone number and email address
  • City
  • Information contained within the Curriculum Vitae (CV)

Unless otherwise specified, all data requested by is mandatory. If the User refuses to provide them, it may be impossible for to provide the Service. In cases where indicates some data as optional, Users are free to refrain from communicating such data, without any consequence on the availability or operation of the Service.

The User assumes responsibility for the personal data of third parties obtained, published, or shared through and guarantees that they have the right to communicate or disclose them, releasing the Controller from any liability towards third parties.

4. Communication of data to third parties

No data will be subject to dissemination. Where communication to third-party suppliers, consultants, or partners is necessary for purposes related to the

provision of services, it will be the responsibility of the Controller to appoint them as data processors pursuant to Article 28 of the Regulation, based on their demonstrated capacity, experience, and reliability.
Data subjects may request at any time the complete list of data processors appointed by the Controller by sending a request to the email address

It is understood that the personal data of Users may be communicated to third parties, such as police forces or other public authorities, whenever permitted by law or required by an order or measure of a competent authority. These entities will process the data as independent data controllers.

5. Transfer of data to third countries

We will not transfer any data outside the European Union. For further information, please contact
If there are suppliers outside the EU, the guarantees provided for in Article 46 of the Regulation will be implemented.

6. Criteria for data retention

The retention period for personal data is determined for a period not exceeding the achievement of the purposes for which they are collected and processed, in compliance with the times prescribed by law.
It is understood that data subjects may request the withdrawal of consent for treatments that provide for it or the deletion of data at any time.

7. Rights of the data subject

As the data subject of the processing, the user has the right to:

  1. Be informed about the existence of any processing of personal data concerning them;
  2. Access the personal data that are being processed;
  3. Request rectification if the data we have collected are inaccurate or request integration of the data if they are incomplete;
  4. Request the erasure of data in cases provided for in Article 17 of Regulation 2016/679, including in the event of withdrawal of consent or if the processed personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  5. Obtain restriction of processing under Article 18 of Regulation 2016/679;f.
  6. Request the Controller the portability of personal data and to receive them in a structured, commonly used, and machine-readable format or to have the personal data transmitted directly to another controller;
  7. Object at any time to the processing of their data;
  8. Lodge a complaint with the Italian Data Protection Authority.

The user can exercise their rights at any time by sending an email to the following address: We have the duty to respond to your requests within one month of their receipt. This period may be extended by two months, if necessary, taking into account the complexity and number of requests received. In case of extension, you will be informed of the delay and the reasons.

In the event that we believe we cannot comply with your requests, we will communicate the reasons for the refusal. In this case, you will still have the opportunity to lodge a complaint with the Italian Data Protection Authority.

8. Updates

This privacy policy will be constantly updated following any changes involving personal dat