Skip to content

Privacy policy

In carrying out its activities, URQUIOLA GROUP processes personal data, in compliance with all applicable laws and contractual provisions, using methods based on principles of correctness, lawfulness and transparency, protecting the privacy of the data subject and his / her rights.




With this document, URQUIOLA GROUP – as Joint Data Controller processing personal data – pursuant to art. 13 and EU Regulation 679/2016 (hereinafter “GDPR”), intends to provide all information related to its use of personal data of the users of the website (hereinafter, “User/Users”) (hereafter, “Website”).

Joint Data Controllers


PATRICIA URQUIOLA S.p.A., with registered office in Via Bartolomeo Eustachi 45 – 20129 Milan, VAT number 04378340964
PATRICIA URQUIOLA S.A.S. DI MARIA PATRICIA URQUIOLA HIDALGO, with registered office in Milan, Via Bartolomeo Eustachi 45 – 20129 Milano, VAT number 06506690962 
S.U. SERVICES S.r.l. with registered office in Via Bartolomeo Eustachi 46 – 20129 Milan, VAT number 10171890964
All belonging to the Urquiola Group (hereinafter jointly the “Joint Data Controllers”) and singularly “Joint Data Controller”).
An extract of the joint data controlling agreement is available to data subjects upon request to
This email address may be used for any question and/or request concerning data protection.



a) Navigation data: the personal data that the computer systems and software procedures, used to operate this Website, acquire during their ordinary operations and whose transmission is implied in the use of Internet communication protocols. This information is not collected to be associated with identified data users but rather to be used through processing and association with data held by third parties to identify the related users. This category of data includes: IP addresses or domain names of the computers used by users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and they is deleted immediately after processing. The data could be used to ascertain responsibility in case of a hypothetical IT crime which may result in a damage of the Website; apart from this eventuality, this data is not stored for more than seven days.

b) Data provided voluntarily by the User by sending an email to  or to any other email addresses listed in the section “CONTACT” of the Website: when sending an email the User data will be processed for the sole purpose of replying to the request and fulfilling the related administrative obligations. The data that will be processed is: name, e-mail and any other personal data voluntarily shared by the User.

c) Data provided voluntarily by the User by sending an email to or for receiving promotional communications related to the services, products and events of URQUIOLA GROUP; in the event the data Subject expresses his consent for the receipt of communications by the Joint Data Controller, the data that will be processed is: name, e-mail, domicile address.

d) Data provided voluntarily by the user by sending an email to when submitting an application including personal data requested in the related section of the Website, it will be used for the evaluation of your candidature in view of a possible professional collaboration. The data processed is: name, e-mail, mobile phone number, home address and data contained in the attached curriculum and portfolio.

e) Cookies: for the process of data through cookies, please take a look to the relevant policy.



User’s data collected are processed by the Joint Data Controller to:

ENSURE THE CORRECT FUNCTIONING OF THE WEBSITE, which is the legitimate interest of the Joint Data Controller to ensure the safety of the Website and the information exchanged therein, which means also the capacity of such Website to resist – at a given level of security – to unforeseen events or illicit or malicious acts that may compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible. The related legal basis is art. 6, par. 1 lett. f) of GDPR.
MANAGE THE CONTACT REQUEST, which means to reply to the requests submitted by the data subject. The related legal basis is art. 6, par. 1, lett. b) of GDPR, being the processing of her/his personal data necessary for the execution of the contract of which the data subject is a party;
SEND COMMUNICATIONS, INVITATIONS TO EVENTS/WORKSHOP OF THE JOINT DATA CONTROLLER, only if the data subject has expressed explicit consent to receive invitations to events organized by the Joint Data Controller or to send communications related to the activities of the Joint Data Controller. The related legal basis is art. 6, lett. A) of GDPR (consent of the data subject);
EVALUATE PROFESSIONAL PROFILES received through spontaneous candidature of a data subject with the intent to offer possible professional collaboration. The related legal basis is art. 6, par. 1, lett. b) of GDPR.



The provision of the data described in point 2, lett. b) is optional. In case of no provision, however, the User will not be able to use the contact service.

The provision of the data described in point 2, lett. c) is optional. The User can withdraw his consent at any time and without indicating the reasons. The easiest way to do this is to click on the “Unsubscribe” link, which is available in every communication received. The User can alternatively send a communication to the Joint Data Controller at
The provision of the data described in point 1, lett. d) is optional. Refusal to processing, however, would make any follow up for the evaluation of the User’s possible collaboration impossible.



Data processing will be carried out both on paper and electronically with the help of modern computer systems by persons expressly appointed for this purpose. The processing will take place with logic and through forms of organization of data strictly related to the obligations, tasks or purposes mentioned above. The Joint Data Controller uses technical and organizational measures to protect the data in his possession from manipulation, loss, destruction and against access by unauthorized persons. Security measures are constantly improved on the basis of technological development.



The User’s personal data will be processed by parties authorized to perform these tasks, duly appointed as data processors or in charge of processing, equipped with security measures to guarantee the confidentiality of the data shared by data subjects and to avoid undue access by third parties or unauthorized personnel. If necessary, the data collected may be transmitted to the Joint Data Controller, within the limits strictly relevant to the obligations, tasks or purposes described in point 2, to public or private subjects (insurers, auditing and certification companies, etc.) or to competent Authorities for the purpose of prevention, detection or repression of crimes, in compliance with the relevant regulations. No data will be disseminated.
The updated list of all Data Processors is available at URQUIOLA GROUP’s office and may be requested at the following e-mail address: Such list may be updated from time to time.
All User’s data, stored in electronic form, is stored on a server owned by URQUIOLA GROUP located in the European Union.



Personal Data shall be processed and stored as long as required for the purpose they have been collected for.
For the purposes referred to in art. 2) a) herein, personal data will be processed for the period strictly necessary to the pursuit of the aforementioned objectives and, subsequently, to the fulfillment of legal obligations and/or for defensive purposes.
The data provided for commercial communications activities, opinion polls and market researches will be stored until the request by the data subject to interrupt such activity or up to a maximum of 2 years.
Once the retention period expires, Personal Data will be deleted. Therefore, the right to access, the right to delete, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.



Users are entitled to know their rights, essentially consisting in the right to receive from other contractual parties’ information about the existence of the processing of their personal data, as well as access to their data, to obtain rectification, integration, update, erasure or block of their data. Furthermore, the User will also have the right to obtain a copy of his data, to limit or deny the process of the personal data, as well as the right to data portability and to submit complaints to the competent control Authorities at the conditions and within the limits indicated in art. 13 of the GDPR.
Pursuant to articles 15 and following of the GDPR, each data subject has the right to the following rights:


  • Right to be informed
  • Right of access to the data
  • Right to rectification
  • Right to erasure (‘right to be forgotten’)
  • Right to restriction of processing
  • Right to data portability
  • Right to object

The data subject can therefore know what personal data is held by the Joint Data Controller, its origin and how it is are used, can request its updating, correction or integration and, in the cases provided by the provisions in force, can also request the cancellation, the limitation of treatment or oppose to their treatment. Each data subject may, if he wishes, request to receive a copy of the personal data held by the Joint Data Controller in a format readable by electronic devices and, where technically possible, the Joint Data Controller may transfer the data directly to a third party indicated by the data subject.

If the user believes that the processing of his/her personal data has been carried out illegitimately, he/she can file a complaint with one of the competent control Authorities in charge of compliance of the rules on the protection of personal data. In Italy, any related complaint can be filed to the Garante per la Protezione dei Dati Personali (



To exercise the aforementioned rights, Users can send a communication to the following email address –, indicating the subject “Privacy – exercise of rights”.

This Privacy Policy was published on April 2020. Any updates will always be published on this page.