Unioncamere - https:\\excelsior.unioncamere.net


Policy regarding the processing of personal data


This Policy describes the methods by which the website https://excelsior.unioncamere.net is managed with regard to the processing of the user’s personal data.

The information is provided, pursuant to art. 13 of Regulation (EU) 679/2016 concerning the protection of individuals with regard to the processing of their personal data (hereinafter the 'GDPR'), to the data subjects who interact with the web services accessible electronically via the URL https://excelsior.unioncamere.net

Additional detailed information indicating the specific legal basis of the data processing may be provided on other pages of the Website, within the various access channels, and in relation to specific services offered.

This policy is only valid for the website https://excelsior.unioncamere.net, and does not apply to any other websites that may be accessed by the user via hyperlinks.


  1. Data Controller and Data Protection Officer (DPO)


The Data Controller is the Italian Union of Chambers of Commerce (hereinafter Unioncamere), with headquarters at no. 21 Piazza Sallustio, Rome, Italy 00187, which can be contacted via post, or using the following contact details: Tel.: +39 0647041 Certified e-mail: Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.

Unioncamere is a non-economic public Entity that conducts its activities under Italian law no. 580 of 29 December 1993, and other regulatory provisions concerning its tasks, functions, and institutional purposes of public interest (Art. 7 of the cited law).

The Entity has designated a Data Protection Officer pursuant to art. 37 of the GDPR, who can be contacted at the following addresses: Email: Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo. Certified e-mail: Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.


  1. Purposes, Legal basis of the processing, and type and origin of the personal data

2.1 Purposes of the data processing

The purposes for which the data subject’s personal data are processed are to allow the user him/herself (the data subject) to electronically interact with this website, to consult or download the documents present, to send communications, to request services, etc.

2.2 Legal basis of the data processing

For the aforementioned purposes, the personal data collected electronically through the services offered by the website https://excelsior.unioncamere.net are processed by Unioncamere during the performance of its duties of public interest or otherwise related to the exercise of public authority, pursuant art. 6(1)(e) of the GDPR.

With regard to cookies and the analysis of the same, as indicated below, the legal basis is legitimate interest pursuant to art. 6(1)(f) the GDPR.

2.3 Type and origin of the personal data

Browsing data

During the course of their normal operation, the computer systems and software procedures that govern this website’s functionality collect certain personal data items, the transmission of which is implicit in the use of Internet communication protocols.

Although the data items indicated above cannot be generally traced back to the identified users, they could allow for the identification of the users to whom they refer by means of reprocessing in conjunction with additional data held by third parties. These types of data include IP addresses, the domain names of the computers utilized by the users who connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code that indicates the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system or IT environment.

To the extent strictly necessary, this data is also used to guarantee the security of the electronic networks and the data, or rather the network or information system’s ability, at a given security level, to withstand unforeseen events or unlawful or malicious actions that could compromise the availability, authenticity, integrity, and confidentiality of the personal data stored or transmitted, and the security of the relative services offered or made accessible through such networks and systems.


The types of data processed automatically by the IT systems include:

  1. user data functional and necessary for interaction with the website;
  2. the data entered voluntarily by the User by registering for online services (Excelsior for placement, Europass CV), by filling out the appropriate electronic forms on the external Europass websites (https://europa.eu/europass/it) and on the Ifoa website, (https://job.ifoa.it/Account/Login?ReturnUrl=%2FCurriculumUnioncamere) to which the website https://excelsior.unioncamere.net/ redirects them; the information regarding the processing of personal data for the specific individual services can be found on the aforementioned websites.
  3. the data entered into the electronic forms by the user in order to access the contents of the various sections for consultation (Dashboard, Database, Statistical Tables, Publications, and Bulletins).

The data entered are used exclusively for the purpose of collecting socio/demographic information about the website’s visitors. The data requested from the user in the form (which are required to access the content) regard their geographical area of origin (province, municipality, etc.), age group, gender, the organisation to which they belong, and their reason for visiting the website.


These data are processed using automated procedures, and for the purposes referred to under point 2.1, even to obtain anonymous statistical information on the use of the services (most visited pages, downloads of materials, number of visitors per hour or day, etc.) and to continuously monitor and improve the website itself and the services offered by Unioncamere.


Cookies and other tracking systems

 Cookies are small text strings that are sent to the User’s terminal (usually their browser) by the websites they have visited. These strings are stored and are later transmitted back to the same websites during the user’s next visit.

This Website uses a cookie and a third-party software component to allow information on the use of this Website by Users to be collected and analysed anonymously. This information is collected by the cookie and software component provider, and is processed in order to provide reports on the activities carried out by Users on the Website. This Website does not use (and does not allow third parties to use) analysis tools to monitor or collect the Users’ personal identification information. The user’s IP address is not associated with any other data held by Unioncamere or the provider. In accordance with its own policies, the provider indicated below may also disclose this information to third parties where required by law, or if such third parties process said information on behalf of the provider itself.

By using the services offered on this Website, the User consents to the processing of his/her data by the cookie and software component providers, in the manner and for the purposes indicated above. The User always has the possibility of disabling the aforementioned cookies in their internet browser options, or by following the instructions made available by the provider.

The third-party component used on this website is indicated below, along with the relative references:


Instructions for disabling cookies: https://support.google.com/accounts/answer/61416?hl=it

Instructions to disable Analytics by installing a browser add-on:



Technical and session cookies

The Website uses technical cookies to allow for the secure, quick and efficient browsing of the Website itself, and to provide users with the requested services that do not allow for the acquisition of the user’s personal identification data.

Session cookies are used to ensure the normal browsing and use of the Website; these are temporary cookies, which are only operational on the user's machine for the duration of their session. When the browser is closed, the session cookies expire; in fact, their use is strictly limited to the transmission of the session identifiers needed to ensure the secure and efficient browsing of the Website (consisting of random numbers generated by the server).

Functional cookies are used in order to allow the User to browse the Website based on a series of selected criteria (such as the selected language), in order to improve the service provided.

Persistent cookies, on the other hand, help Websites remember the user's data and settings for subsequent visits. This allows for faster and more convenient access, as there is no need to log in again. Persistent cookies remain active even after the browser is closed.

How to disable cookies

As previously mentioned, the processing carried out with cookies is based on the legitimate interest of the Data Controller pursuant to art. 6(1)(f) of the GDPR. However, cookies can always be disabled on the user's device by adjusting the Internet browser settings. Disabling cookies will not prevent the user from browsing the Website, but may affect the functionality of certain third-party services used by the same.

Most browsers automatically accept cookies, but the user can still choose not to accept them. However, it is recommended not to disable them, as this could prevent switching from one web page to another, and could impede the use of all the website's specific functions.

If the user does not want their computer to receive and retain cookies, they can change their browser's security settings (Internet Explorer, Google Chrome, Safari etc.). Whatever the case, it should be noted that certain parts of the Website can only be used in their entirety if the browser accepts cookies; consequently, the decision to eliminate and not to accept cookies could have a negative impact on the user's browsing and use of the Website itself.

Whatever the case, if you should decide to change your cookie settings, brief instructions on how to do this in the four most popular browsers are provided below:




Microsoft Internet Explorer

Click the 'Tools' icon in the upper right hand corner, and select 'Internet Options'. In the pop-up window, select 'Privacy'. Here you can adjust your cookie settings.

Google Chrome

Click the button in the upper right hand corner, and select 'Settings'. Next, select 'Show advanced settings' and change the 'Privacy' settings.


From the drop-down menu in the upper left hand corner, select 'Options'. In the pop-up window, select 'Privacy'. Here you can adjust your cookie settings.


From the drop-down settings menu in the upper right hand corner, select 'Preferences'. Select 'Privacy'. Here you can adjust your cookie settings.

Native Android browser

Select "Settings" > "Privacy", and select or deselect the "Accept cookies" check box


To disable analytical cookies and prevent Google Analytics from collecting your navigation data, you can download the browser add-on to disable Google Analytics.



Use of AWstats as a web analytics tool

In order to statistically evaluate our website and improve our service, we also use the open source AWStats program.

AWStats evaluates the log files that our web server creates based on visitor requests. The program does not use any cookie files to perform this evaluation.

AWStats is installed on the Data Controller's server, which is located in Italy

For more information on the AWStats program, please visit https://www.awstats.org


2.4 Authorised data processors, Processing methods, Recipients, and Scope of communication of the personal data

The personal data are processed by properly instructed and duly authorised personnel, using automated tools, and for the time strictly necessary to achieve the purposes for which they were collected, in accordance with the current legal provisions. The personal data are processed in accordance with the principles applicable to the processing of personal data pursuant to art. 5 of the GDPR.

With the exception of that which is indicated below, no data derived from web services are communicated or disseminated. The personal data provided voluntarily by users who submit requests for services or information are only used to carry out the service or to provide the information requested, as indicated in the relative policies.

The data collected through the form (province of origin, age group, gender, organisation/subject and purpose of visit) in order to access the various sections of the site Excelsior web (Dashboard, Database, Statistical Tables, Publications, Bulletins) are used to populate an anonymous database aimed at compiling statistics on the socio-demographic characteristics of the website’s users.

The data processing activities associated with this website’s web services are handled by Unioncamere in collaboration with third party companies, which have been designated as external data processors pursuant to art. 28 of the GDPR (even with system administration functions), as they are in charge of the hosting services and the maintenance of the website's technological aspects. The web hosting service is located in Italy, and the data processing activities generally take place at the offices of the latter, which are recipients of the collected data.

An updated copy of the list of Data Processors can be requested from the Data Controller at any time.

In addition to the Data Processors and any other subjects authorised to process personal data, the user's data may also be communicated to the Judicial or Administrative authorities, or to any other public entity legally authorised to request them.

2.5 Duration of the data processing

The personal data are generally retained for the time strictly necessary to achieve the specific purposes for which they are processed, based on the limits established by law and indicated in the individual policies. If no specific indications are provided in the policies associated with individual or multiple services offered via the website, the data retention times will not exceed seven days from the time of their collection, as is the case for the other browsing data, without prejudice to the need on the part of the judicial authorities to investigate any potential crimes.

It should be noted that browsing data could be used to ascertain liability in the event of any cybercrimes carried out against the website, in accordance with the procedures in force with the competent Authorities. In this case, the data retention period could be extended in order to allow the competent judicial authorities to investigate any crimes.

 2.6 Intellectual Property and limitation of liability

Intellectual property

All rights to the contents (e.g. texts, images, and website architecture) are reserved pursuant to the current legislation.

The reproduction and use and/or dissemination of the website's content, either in whole or in part, is permitted with the complete citation of the source being provided: Unioncamere-ANPAL, Excelsior Information System.

Any link to this website created by third parties, in any form, must not be detrimental to the image and/or activities of Unioncamere. It is always prohibited to make use of so-called deep linking, or rather the non-transparent use of portions of this website on third party websites.

It is therefore forbidden to modify, copy, reproduce, distribute, transmit, or disseminate any data without citing their source.

It is also forbidden to copy the programs that allow this website to operate, to create programs similar to them, and to trace and/or use the source code of the aforementioned programs.

Unless otherwise indicated, all content published on this website is subject to the Creative Commons Attribution license - version 4.0.

Data and analyses can therefore be freely reproduced, distributed, transmitted, and adapted, even for commercial purposes, provided that their source is acknowledged.

No authorisation is needed to create hyperlinks to the pages of this website.

Images, logos, trademarks, and other content owned by third parties are the property of their respective owners, and may not be reproduced without their consent

Any failure to comply with these provisions will be prosecuted in the competent civil and criminal courts.

This website is subject to the legislation in force in the Republic of Italy.

Limitation of liability


  1. a) may not be held in any way liable for damages of any nature arising directly or indirectly from access to the website, the inability or impossibility to access it, and/or the reliance upon or use of the information contained therein;
  2. b) assumes no liability for any third party services accessible via links contained on the website or for any other content, information, or elements present on the third party websites accessible via said links that may be contrary to the legislation in force;
  3. c) reserves the right to change the contents of the website and the pages contained therein at any time and without advance notice.

Any links to external websites are merely provided as a service to the users, and any possible liability with regard to the correctness and completeness of the various links indicated is to be expressly excluded.

Furthermore, the indication of such links does not imply any sort of approval or shared liability on the part of Unioncamere with regard to the completeness and correctness of the information contained on the relative websites.

2.7 Rights of the data subject and methods of exercising them

 Rights of the data subject

The data subject can exercise the rights referred to under articles 15 et seq. of the GDPR in relation to the Data Controller. In particular, if the conditions envisaged by the regulation are met, the data subject can exercise the following rights:

  • to request the confirmation of the existence any data regarding him/her;
  • to be advised of the source of their data;
  • to receive information regarding the logic, methods, and purposes of the data processing activities;
  • to receive clear, comprehensive, understandable communications regarding the processing of their personal data;
  • to request the updating, rectification, integration, cancellation, and/or limitation of any data processed in violation of the law, including any data no longer necessary for the purposes for which they were collected;
  • to object to the processing of their personal data for reasons linked to their particular situation;
  • to revoke their consent, where provided as the legal basis of the processing, at any time. The lawfulness of the data processing carried out prior to the revocation remains unaffected;
  • in cases of consent-based data processing, to receive their data provided to the Data Controller (at the sole cost of the medium utilised), in a structured form readable by a data processor, and in a format commonly used by electronic devices, if is technically and economically possible.

 Methods of exercising these rights

In order to exercise his/her rights, the data subject can contact the Data Controller directly, or else the Data Protection Officer, using the contact information provided under point 1.

 The Data Controller (or his/her delegate) will respond to the data subject's request without undue delay, and, regardless, within at most one month of receiving their request. This deadline can be extended by two months, if necessary, depending on the complexity and number of requests received. The Data Controller (or his/her delegate) will notify the data subject of any such extension, and the reasons for the delay, within one month of receiving the request.

 The response to the data subject's request is generally provided in writing with other means, even using electronic means, if necessary. The information can even be provided verbally, if requested by the data subject.

 The data subject is also entitled to lodge a complaint with the Personal Data Protection Authority, pursuant to art. 77 of the GDPR, according to the methods envisaged by the Authority itself (at http://www.garanteprivacy.it), as well as to petition the appropriate judicial offices, pursuant to art. 79 of the GDPR, in accordance with the current legal provisions.


This policy was updated on: 28 June 2021