Privacy Policy


This document (“Information Notice”) intends to provide you with information regarding the processing of information, as specified below, that will be provided by you or otherwise available at our facility and that will be processed by it and/or by other entities identified for the purposes indicated below. The Information Notice, in particular, is provided pursuant to EU Regulation no. 679/2016 (“GDPR”) and subsequent national adaptation rules (together with the GDPR hereinafter referred to as “Applicable Regulations”). Specific information notices may be presented on the Website pages in relation to particular services or processing of data provided by the data subject and specific consents collected (where necessary).

1) Identity and contact details of the Data Controller

The data controller, pursuant to Articles 4 and 24 of EU Reg. 2016/679, is: Sandhills Italy Srl – Via Ceresio, 7 – 20154 – Milan (MI) – Italy, VAT number: IT09998020961, Tel.: (0861)-818117, email: [email protected], in the person of the pro-tempore legal representative (hereinafter “Data Controller”).

2) Purpose and legal basis of the processing

The Personal Data collected will be processed for the purposes and on the legal bases as set forth below:

PurposeLegal basis of the processing
Point 3, letter a): for the management of Your contractual relationship or to carry out pre-contractual measures (such as, for example, requesting information or a quote); to allow browsing on this website and the technical management of connections to it; to manage any contact request from the data subject and respond to them, and to follow up on requests for assistance and the needs of customers and users. In this case, You are free to provide Your Personal Data, however, failure to provide it will prevent You from establishing the aforementioned relationship and satisfying Your request, and may result in the inability to enjoy all the services provided by the website.The processing is necessary in relation to the performance of a contract to which You are a party, to provide a service, or to respond to requests from the data subject, and is necessary to comply with a legal obligation to which the Controller is subject.
Point 3, letter b): With Your specific consent, which may be revoked at any time, to send you promotional communications related to the Controller and communications regarding events organized by the Controller (hereinafter “marketing purposes”). The provision of data for purpose b) is optional and, in the absence thereof, Your data will not be processed for the pursuit of this purpose; refusal to provide it will not affect the usability of the purposes referred to in point a).Your consent

Nei limiti delle finalità e delle modalità descritte nella presente Informativa, potranno essere trattate informazioni che possono essere considerate come “Dati personali”, nei quali rientrano le Sue generalità, i Suoi recapiti (quali, per esempio, numero di cellulare, indirizzo e-mail, indirizzo IP, cookie, etc.).
Dettagli completi su ciascuna tipologia di dati raccolti sono forniti nelle sezioni dedicate di questa privacy policy o mediante specifici testi informativi visualizzati prima della raccolta dei dati stessi. L’eventuale utilizzo di Cookie (o di altri strumenti di tracciamento) da parte di questo sito web o dei titolari dei servizi terzi utilizzati da questo sito web, ove non diversamente precisato, ha la finalità di fornire il servizio richiesto dall’Utente, oltre alle ulteriori finalità descritte nel presente documento e nella Cookie Policy.

3) Categories of personal data processed

3.1) Browsing data

The computer systems and software procedures responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. These are information that are not collected to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the date and time of the request, the method used in submitting the request, the size of the response file, the numerical code indicating the status of the response given by the server, and other parameters relating to the user’s operating system and computer environment. This data is used solely for the purpose of deriving anonymous statistical information about the use of the site and to check its correct functioning, and is deleted immediately after processing. The data may be used, exclusively by the Judicial Authority, for the investigation of responsibilities in the event of hypothetical computer crimes against the site.

3.2) Data Voluntarily Provided by the User

The optional, explicit, and voluntary sending of emails to the addresses indicated on this website, or the completion of forms, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data voluntarily entered by the User. The User takes responsibility for the Personal Data of third parties obtained, published, or shared through this website and guarantees to have the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

3.3) Redirect via Social Plug-ins

It is possible that so-called social plug-ins are used during navigation on the site. Social plug-ins are special tools that allow the incorporation of social network features directly within the Site (e.g., the “like” function of Facebook). All social plug-ins on the Site are marked with the respective logo of the social network platform.

When visiting a page on the Site and interacting with the plug-in (e.g., clicking the “like” button) or deciding to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform (in this case Facebook) and stored by it. For information about the purposes, type, and methods of collection, processing, use, and retention of personal data by the social network platform, as well as the methods to exercise your rights, please refer to the privacy policy of the respective social network.

4) Recipients and categories of recipients

Personal data will not be disclosed, meaning it will not be made known to undetermined subjects. However, it may be communicated to well-defined subjects, in full compliance with legal requirements, for purposes strictly related to those previously indicated. Any access to your personal data is limited to subjects authorized by the Data Controller. Communication to the identified recipients, only if involved and functional, is linked to the achievement of the purposes outlined in the previous point 3, therefore the personal data collected and processed may be:

  1. Used anonymously for statistical purposes;
  2. Made available to the collaborators of the Data Controller, as Data Processors or persons authorized to process personal data;
  3. Communicated to third parties, individuals or legal entities, Public administrations, professionals, law enforcement agencies, governmental entities, regulatory bodies, courts, or other public authorities authorized by law;
  4. Entities providing services for the management of the information system and communication networks including email, newsletters, and website management;
  5. Studies or Companies within the scope of assistance and consultancy relationships;
  6. If necessary, transferred to another Data Controller as provided for by the GDPR, also regarding the right to data portability.

Information may also be communicated whenever such communication may be necessary to comply with requests from the Judicial Authority or Public Security. The data collected will not be disclosed under any circumstances.

The list of Data Processors is available at the Data Controller’s headquarters.

5) Data transfer abroad

Data will not be transferred outside the European Union.

6) Data retention period (criteria for determination)

Below is a table containing indications of data retention periods (or criteria for determination) of Personal Data:

PurposeRetention Periods
Point 3, letter a): Contract managementFor the entire duration of the relationship and subsequently for 10 years (ordinary prescription).
Point 3, letter b): Marketing purposesUntil your opposition (revocation of consent).

In addition, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

7) Data processing methods

The processing of Personal Data will be carried out using manual, computerized, or telematic tools, suitable to ensure its security and confidentiality, and will be performed by personnel duly trained to comply with the Applicable Law. There is no automated decision-making process.

In addition to the Data Controller, in some cases, other subjects involved in the organization of this website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also if necessary, appointed as Data Processors by the Data Controller.

In addition to cases where it is necessary to contact you for purposes related to managing your position, if you consent to the processing of your data for the purposes described in point 3, letter b), you may be contacted via email, newsletter, SMS, instant messaging systems, or through any equivalent electronic means, or by postal mail or call via operator to all the contact details provided. If you prefer to be contacted only at one or some of these addresses, you can make a written request to the Data Controller without formality.

7.1 The defense in court

The User’s Personal Data may be used by the Owner in court or in the preparatory stages leading to possible legal action arising from improper use of this website or related services by the User. The User declares to be aware that the Owner may be required to disclose the Data upon request of public authorities.

7.2 Specific information

Upon the user’s request, in addition to the information provided in this privacy policy, this website may provide the user with additional and contextual information regarding specific services, or the collection and processing of Personal Data.

7.3 System logs and maintenance

For operational and maintenance purposes, this website and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the user’s IP address.

7.4 Information not contained in this policy

Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

7.5 Response to “Do Not Track” requests

This website does not support “Do Not Track” requests. To determine if any third-party services used support them, the User is invited to consult their respective privacy policies.

7.6 Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, by sending a notification to Users through one of the contact details held by the Data Controller. Therefore, please regularly consult this page, referring to the date of the last modification indicated at the bottom. If the changes concern processing for which the legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.

8) Rights Recognized to You

  1. We inform you that you may exercise the rights recognized by the Applicable Regulations, including, for example, the right:
  2. to access your Personal Data and know their origin, purposes and purposes of processing, data of the subjects to whom they are communicated, the period of data retention or the criteria useful for determining it (art.15);
  3. to request their rectification (art.16);
  4. deletion (“forgetting”), if they are no longer necessary, incomplete, incorrect or collected in violation of the law (art.17);
  5. to request that the processing be limited to part of the information concerning you (art.18);
  6. to the extent that it is technically possible, to receive in a structured format or to transmit to you or to third parties indicated by you the information concerning you (so-called “portability”) or those that have been voluntarily provided by you (art.20);
  7. to object to their processing based on legitimate interest (art. 21);
  8. as well as to revoke your consent at any time, if this constitutes the basis of the processing (the revocation of consent does not affect the lawfulness of the processing based on the consent given before the revocation itself).

The aforementioned rights can be exercised by written request addressed informally to the Data Controller at the contacts indicated at point 1.

The Data Controller shall proceed in this regard without delay and, in any case, no later than one month from receipt of the request. The deadline may be extended by two months, if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller shall inform you within one month from receipt of your request and shall inform you of the reasons for the extension.

We remind you that, if the response to your requests is not satisfactory, you may contact and lodge a complaint with the Garante per la Protezione dei Dati Personali ( in the manner provided for by the Applicable Regulations.

[Revised: June 2023]

The Data Controller