updated to 01/12/2023


Information on the processing of personal data
Pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016
on the protection of natural persons with regard to the processing of personal data (in short “GDPR”)

PhotoSì S.p.A Unipersonale, a single-member company (hereinafter “PhotoSì”), in the person of its pro tempore legal representative, in its capacity as Controller of personal data collected directly from the data subject, considers privacy and personal data protection to be fundamental and invites its users to carefully read this Privacy Policy which contains important information on Data Processing (“Privacy Policy” in short).

In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be ensured by taking all the necessary suitable technical and organisational measures to ensure the security thereof.

This Privacy Policy:
  • is understood to be provided for the websites and (hereinafter the “Website”);
  • is understood to be provided for the mobile Application called “PhotoSì” (hereinafter the “App”);
  • is understood to be provided for all PhotoSì software, including applications for over-the-counter orders (POS, PRS, EasyPrint) or in store with retail accounts (PhotoSì Retail Solution, EasyPrint and PhotoSì Order Station);
  • constitutes an integral part of the Website, App and services provided by PhotoSì;
  • is provided in compliance with provisions set forth in the General Conditions of Sale and Terms of Use;
  • is provided pursuant to art. 13 of the Regulation, to those who interact with the web services of the Website, App and Data Controller, both simply during browsing and during the use of specific services made available by means of the Website and App.

A.1) Data Controller’s identity and contact details
PhotoSì S.p.A
Registered office at via Carpegna 22,
Riccione (47838 - RN), Italy
Tax code and VAT number 03550860401
Tel 0541/609903 –

A.2) Contact details for the Data Protection Officer
The Data Protection Officer (DPO) can be reached at the following email address:

B) What data we collect and how
  • B.1) Data provided voluntarily by the data subject
    During the use of the Website and the App, we may ask you to provide us with certain personal data or personal information which can be used to identify you, for example by email or online form, the assistance function incorporated in the App and our Services, or by means of another form of request.
    Such information may include your name, surname, address, email and telephone number. In addition, we will process the data you provide for the execution of product orders (e.g. images, any text inserted into the product, references to photos, product options).
    Specific summary information may be made available on pages of the Website or App, prepared for particular services upon request.

  • B.2) Automatically collected data
    For the purpose of making the services offered work, the Application and the Software mentioned above, when used normally, will automatically collect some data regarding the user, that is to say data that is transmitted implicitly when using Internet communication protocols and mobile networks (log files), data relating to the operating system and IT environment (IP addresses or domain names, URI - Uniform Resource Identifier), technical data relating to requests (time, method, size, status, outcome etc.).
    Some information is necessary for the provision of services linked to the Website and App and failure to collect it may mean we will be unable to provide the aforementioned services, or may result in the Website and App working only partially. Optional information does not affect how services work and the user is free to manage it.
    In relation to data automatically collected by means of systems that memorise text and information files, for example Cookies or SDKs (Software Development Kits), we ask you to make reference to the specific information available online.

C. Purposes of personal data processing and legal basis
Your personal data will be processed:
(i) without your mandatory consent for the following purposes:
  • for the purposes of fulfilling a request you have made and contacting you via the contact details provided in the form, including through the retail agent network;
  • online account registration on the PhotoSì website, becoming part of the PhotoSì community, joining the PhotoSì/Album Epoca App, the management of orders, purchases, sales and deliveries of products and the associated monitoring, customer service management, customer service management via help desk and live chat, the management of payments, the management of returns and repairs, the management of contact with the customer, the management of vouchers and discounts;
  • administrative-accounting management and related obligations (issuance of receipts, invoices, preparation of payments), any protection of credit positions and legal defence;
  • internal statistics, economic analysis and management of the company, as well as, with reference to contact details provided for contractual purposes, the sending of advertisements for similar products, with the right to cancel immediately upon request.
The above processing modes comply with the following legal bases respectively:
  • meeting a request made by the data subject – condition of lawfulness of Article 6, letter b) GDPR - and the legitimate interest intended to advance Company knowledge - condition of lawfulness of Article 6, letter f) GDPR;
  • fulfilment of a contract or pre-contractual measures, meeting a request made by the data subject – condition of lawfulness of Article 6, letter b) GDPR;
  • legal obligation to which the Data Controller is subject – condition of lawfulness of Article 6, letter c) GDPR – or for the assessment, exercise or defence of a right in judicial proceedings;
  • the pursuit of the Data Controller's legitimate interest – condition of lawfulness of Article 6, letter f) of the GDPR – regarding the improvement of company operation and market surveys, the improvement of services provided to own customers, direct marketing and customer loyalty building.

The provision of data, marked with (*), for the purposes indicated in section (i) above, is mandatory and any withholding of data and/or any express refusal to consent to their processing will make it impossible for the Data Controller to carry out the request received, the contract or the precontractual measures, to fulfil its obligations with any non-compliance and liability on the part of the data subject including with respect to statutory penalties (e.g. for the application of tax regulations or fraud prevention checks)

(ii) with your prior consent (Article 7, GDPR) for the following purposes:

  • various types of marketing activities, including the promotion of products and services, the distribution of posters, information and promotional material, the sending of newsletters and commercial notifications by email, invitations;
  • profiling activities of various kinds, including behavioural analysis for promotional purposes, the creation of lists for promotional purposes, commercial communication, and the sending of newsletters, the creation of profiles for the provision of services targeted to and personalised for the customer’s requirements.

The provision of data for purposes stated in the previous section (ii) is optional, meaning that you may decide not to grant your consent, or withdraw it at any time.

D. Categories of recipients of personal data
For the purposes referred to in the previous paragraph, the personal data you have provided may be transferred or made accessible to:
  1. employees and collaborators of the Data Controller, in their capacity as authorised data processing staff (or known as “individuals in charge of processing”);
  2. third parties who carry out outsourcing activities on behalf of the Data Controller, in their capacity as Data Processors, including:
    • providers for the development and maintenance of the Websites, Application, Software and related instruments (e.g. SDK OneSignal, SDK Social Networks, Zendesk), third party cookie managers, contractual partners of PhotoSì who process data provided by users, service providers for the management of the computerised system and telecommunications networks and the company tasked with managing e-commerce, service providers for the management of hard copy and/or computerised documentation storage, service providers for the management of customer services, also through websites (e.g. call centres, help desks, live chats etc.), service providers for the management of commercial communication;
    • freelancers, offices or companies as part of assistance and consultancy relationships, also for the control of company organisational management;
    • banks and credit and insurance institutions to carry out economic activities (payments/collections), and insurance activities;
    • persons who carry out checks, audits and certifications on the activities carried out by PhotoSì S.p.A., including in the interest of customers;
  3. judicial or supervisory authorities, administrations, public bodies and authorities (both national and foreign).
The complete updated list of the Data Processors is available upon written request to the address

E. Storage and transfer of personal data abroad
Personal data are managed and stored on Cloud and on servers located inside and outside the European Union owned by and/or available for the Data Controller and/or designated third-party companies, duly appointed as Data Processors.
Data are only transferred abroad to non-EU countries in the context of the management of information systems for requirements strictly related to the performance of business activities and, in any case, in compliance with the provisions contained in Chapter V, GDPR.
Your personal data will not be disclosed.

F. Storage period for personal data
The personal data collected for the purposes indicated in paragraph C above will be kept and processed for the time strictly necessary to achieve the purposes for which they were collected and will be automatically deleted at the end of this period.
Specifically, the data retention period from the first session/visit to the Site or App, or from registration of the User Account, or the granting of specific consent, where requested, is as follows:
Data provided by the data subject (B.1):  
Data relating to the Account holder 12 months
Data relating to the Client 60 months
Data collected automatically by the Site or App (B.2):  
Data relating to the processing and printing of images and photographs for the period of time necessary for their processing
Data relating to the reprinting and editing service (references to photos (photos are always stored locally on the User’s device), any text inserted into the product (e.g. in the case of Vintage Prints and PhotoBooks); product options (size, colour, etc.); changes applied to the photo (filters, frames, rotations)) 12 months
Data relating to communication and marketing purposes 24 months
Data relating to profiling purposes 12 months
Accounting and invoicing data 10 years
Data relating to any disputes for the time strictly necessary or in relation to the limitation period stipulated by law


After this storage period, the data will be destroyed or anonymised.

G. Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights indicated therein, and more specifically:
  • Right of access - To obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following information: the purposes of the processing, the categories of personal data concerned and the storage period, the recipients to whom these data can be disclosed (Article 15, GDPR).
  • Right to rectification - To obtain, without undue delay, the rectification of inaccurate personal data concerning you and have incomplete personal data completed (Article 16, GDPR).
  • Right to erasure - To obtain, without undue delay, the erasure of the personal data concerning you, in the cases provided for by the GDPR (Article 17, GDPR).
  • Right to restriction of processing - To obtain restriction of processing in the cases provided for by the GDPR (Article 18, GDPR).
  • Right to data portability - To receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in the cases provided for by the GDPR (Article 20, GDPR).
  • Right to object - To object to processing of personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing (Article 21, GDPR).
  • Right to lodge a complaint with a supervisory authority - To lodge a complaint with the Authority for the protection of personal data, Piazza Venezia n. 11, Rome, Italy -

You may exercise these rights easily through the dedicated section on the Site or the App.

Specifically, to proceed with requesting the deletion of data, click here.

For any further request, please write to


language banner close

Scegli il tuo paese

e visita il sito nella tua lingua

Mostra tutte le lingue