Annex 1: Assessment of joint controllership
  1. as established by the Article 29 Working Party (see Opinion no. 1/2010, WP169) - now called the European Data Protection Board (hereinafter "EDPB") - joint control functions arise "when, in relation to specific processing operations, several parties determine the purpose or the essential elements of the means characterising a controller";
  2. both Parties consider the applicability of the above in the Scope of the Processing and, therefore, each of the Parties shall be considered a Joint Data Controller pursuant to Article 26(1) of Regulation (EU) 2016/679 (hereinafter the "Regulation");
  3. the identification of the role of the Parties as Joint Data Controllers is made also on the basis of what is indicated by the EDPB in the Guidelines 07/2020 on the concept of controller and processor in the GDPR (Version 2.0 adopted on 7 July 2021). According to the Regulation, the assessment of the Parties joint controllership followed a substantial and functional approach, which verified the actual and not formal power concerning joint decisions on processing purposes and means. In particular, the Parties have agreed that, in order to determine a joint controllership, the following elements must be present at the same time:
    • collection and use of Personal Data for purposes and with methods determined jointly;
    • decisions on processing activities taken in a convergent manner and in such a way as to complement each other, generating a tangible impact on the determination of purposes and means;
    • impossibility to carry out the processing activities (for which there is a joint controllership) without the participation of both Parties, in the sense that the work of each Party must be effectively inseparable as well as inextricably and indissolubly linked;
    • since the joint controllership can only exist for parts of a processing in which all Parties decide together purposes and means, if in the chain of operations that precede or follow the processing activities one of the Parties decides autonomously purposes and means, the joint controllership will not extend to that different processing activity and the concerned Party will act, with reference to that activity, as independent Data Controller assuming all the responsibilities that derive from the Regulation;
    • pursuit, in the determination of the processing, of objectives which are closely linked or complementary, thus creating a mutual benefit resulting from the implementation of joint operations;
  4. all the above-mentioned elements represent the relevant factors as well as the concrete expression of the internal analysis carried out by the Parties (in compliance with what is indicated by the EDPB and in concrete application of the principle of accountability set forth in art. 5, paragraph 2 and art. 24 of the Regulation) in order to allocate in an effective way the different obligations between the Parties concerning the processing of Personal Data and the correct fulfilment of the obligations within a Joint Controllership;
  5. therefore, the Parties shall acknowledge the presence of the above elements as well as determine, on the basis of what has been previously indicated, the purposes and means of the processing of Personal Data. For this reason, they shall identify themselves as Data Controllers, pursuant to art.26 of the Regulation, with reference to the Scope of the processing indicated in the above Agreement.

Pursuant to Articles 12, 13 and 14 of Regulation (EU) 2016/679 (hereinafter "Regulation"), the company SACMI IMOLA S.C., with registered office in Via Selice Provinciale 17/A, 40026 Imola (BO), Italy - Tax code 00287010375, VAT no. IT00498321207 (hereinafter "Sacmi") and the company MOSS S.R.L. with registered office in Via Louis Pasteur 123/1, 42122 Reggio Emilia (RE), Italy, VAT no. IT02358530356 (hereinafter also "Moss"), as Joint Data Controllers pursuant to art. 26 of EU Regulation 2016/679 (hereinafter also "Joint Controllers") provide information on the purposes and methods for processing collected personal data, their scope of communication and dissemination as well as the nature of their provision.
The following privacy policy notice on the processing of personal data (hereinafter also referred to as the "Privacy Policy") is provided by the companies in their capacity as Joint Data Controllers for the processing of personal data which are provided directly by users or which are, in any case, generated by browsing the landing page (hereinafter the "Landing Page") on the site  (hereinafter the "Site") for the presentation and launch of the Digital Hybrid Decoration Machine Solution with installed SACMI KIT for CMYK printing of multiple decorations.
The Joint Controllers believe it is essential to protect users’ privacy and provide this Privacy Policy so that the user can make an informed choice when the requested data are collected. This Privacy Policy was written on the basis of the principle of transparency while trying to avoid an excessively legal language to provide greater ease of understanding of this information.
The Privacy Policy is divided into individual sections (hereinafter referred to collectively as “Sections” and/or individually as “Section”), each of which deals with a specific area, in order to allow a more immediate and easier reading and search of topics.
The Joint Data Controllers, as identified at the beginning of this Privacy Policy, can be contacted at the following addresses:
SACMI IMOLA S.C. at its registered office in Via Selice Provinciale 17/A, 40026 Imola (BO), Italy, Tel: +39-0542-607111, Fax: +39-0542-642354, E-mail:
The Data Protection Officer is Mr. Massimiliano Bovesi who can be contacted at the following e-mail address:
MOSS S.R.L., at its registered office in Via Louis Pasteur 123/1, 42122 Reggio Emilia (RE), Italy, Tel: +39-0522-331977 Fax: +39-0522-551004, E-mail:
The Data Protection Officer is Mr. Andrea Fantozzi who can be contacted at the following e-mail address:
The Joint Controllers have entered into a specific Joint Controllership Agreement - pursuant to art. 26 of the Regulation - with which they have set their respective roles and responsibilities with regard to compliance with the obligations provided for by the legislation on the protection of personal data. Particular reference is made to the rights of the Data Subjects, to the communication of information, pursuant to articles 13 and 14, and to the relations with the Data Subjects. The scope of the processing of Personal Data by the Joint Controllers refer to the Personal Data collected from the Data Subjects. These data are provided by users after filling in the contact form on the Landing Page and are subsequently processed for the purposes indicated in the following paragraph of the Privacy Policy. To receive further information and/or request a copy of the Joint Controllership Agreement pursuant to art. 26 of the Regulation with regard to its essential content, please write to the following e-mail address:
The Joint Controllers have identified Sacmi as the party appointed to cooperate, on request, with the Data Protection Authority in the performance of its duties, as well as its single point of contact pursuant to art. 31 of the Regulation.
In general, all personal data (hereinafter also referred to as “Personal data” and/or “Data”) that the User will provide to the Joint Data Controllers and/or that will be collected while browsing the Landing page, will be processed in accordance with the principles recognised by the applicable data protection regulation, such as the principles of transparency, correctness, lawfulness, data minimisation, purpose limitation and storage, accuracy, integrity and confidentiality.
The Data will be subject to processing by the Joint Controllers, according to the limits set out by the applicable legislation, for the following jointly agreed purposes:
  1. to allow the conduct of operations strictly connected and instrumental to the correct management of the relationships with you, including handling questions or requests received at the addresses provided by the Joint Controllers on the Landing page; to provide support and to allow the Users to access and use the Landing page; to carry out and fulfil the contractual obligations undertaken towards you and vice versa. In particular, through the contact form made available on the Landing page, Users may show their interest in the services and/or products presented, in order to be contacted by the Joint Controllers to obtain further information (Pre-contractual measures taken at the request of the data subject and fulfilment of contractual obligations);
  2. to allow the fulfilment of obligations that may be provided for by laws, regulations and community rules, or of provisions issued by authorities the Joint Controllers are subject to (Legal obligations);
Sacmi will act as independent data controller with reference to the following purposes:
  1. analyse the use made of the Landing page by users, examine the effectiveness of advertisements, promotions and, in aggregate form, statistics relating to navigation and activities on the Site, also in order to simplify the use of the same and better adapt it to the interests and choices of the user. With reference to the details of the cookie activities and other tracking tools that make the profiling activity effective, refer to what is specified in the Cookie Policy Section of this Privacy Policy and to the list of cookies, including third-party cookies, accessible from the cookie banner through the "Cookie Settings" button or from the appropriate link located in the footer of the Landing page (Profiling).
  2. obtain information necessary to identify anomalies, fraudulent activities and/or violations in the use of the Site (Security).
Personal Data processed by the Joint Controllers fall within the following categories. Data preceded by an asterisk (*) when User is prompted to provide them are considered by the Joint Controllers to be necessary and indispensable to fulfil the relevant purposes.
  1. Personal details and contact details
In order to be contacted, you will be asked to provide the following information through the contact form on the Landing page: first and last name, company email address, company name, telephone number, country and job title. Further data may be collected during the management of each relationship through the Landing page or can comprise data you will decide to provide to the Joint Controllers at any moment by using the contact data available in the Landing Page.
In all cases in which you decide to share such third-party Personal Data with the Joint Controllers, you will be considered as independent data controller and, as such, you will have to take all legal obligations and responsibilities. Therefore, in this regard, the user grants the Joint Controllers the widest indemnity with respect to any dispute, claim, request for compensation for damage caused by processing, etc. by persons whose Personal Data have been forwarded by you in violation of applicable data protection regulations. Since, in such a case, the Joint Controllers would not collect this information directly from the data subjects (but, indirectly, from you), you guarantee that such specific processing may be based on the consent of such data subjects or on another appropriate legal basis that legitimises the processing of the concerned information.
  1. Navigation data, cookies and other information
Information technology systems and software procedures used to operate the Landing Page acquire some personal data during their normal operation, whose transmission is implicit in using Internet communication protocols. This category of data includes IP addresses or domain names of computers or terminals used by Users, the URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to send the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters about the operating system and software environment of the user.
These data, necessary for the use of web services, are also processed in order to obtain statistical information on the use of services (most visited pages, number of visitors per hour or per day, geographical areas of origin, etc.) and to check the correct functioning of the services offered.
The Site also provides for the use of profiling cookies and other tracking technologies, subject to the user's consent. More detailed information about cookies is found in the Cookie Policy; please read it below on this web page (under the heading COOKIE POLICY).
The following are the legal bases used by the Joint Controllers to process your Personal Data, according to the purposes listed under the previous Section (“Purpose of processing and processed Personal Data”).
The provision of Personal Data, and their processing for purposes related to Pre-contractual measures taken at the request of the data subject and the fulfilment of contractual obligations is strictly functional, respectively, to the execution of your request to be contacted and the proper execution of pre-contractual measures and / or contractual relationship with you. Consequently, failure to provide the Personal Data requested for this purpose, or the ascertained incorrectness of the Data provided, may make it impossible for the Joint Controllers to correctly fulfil the pre-contractual and contractual relationship.
The provision of Personal Data and their processing for the purposes of the Legal Obligations is required by the Joint Controllers to meet the relevant legal obligations. When you provide Personal Data to the Joint Controllers, they need to process them in compliance with applicable laws that may include storing them or communicating them to pertinent authorities.
The provision of Personal Data, and the related data processing for Profiling purpose, is based on your explicit consent collected through a specific button on the cookie banner, i.e. by accessing the cookie preference centre, through a button on the cookie “Cookie settings” banner. You are never obligated to provide this authorisation and, if you do, you are always free to withdraw it at any moment without any consequences other than browsing without profiling cookies and related technologies. You may withdraw your consent to do so by following the instructions in the "Your Rights as a Data Subject" section of this Privacy Policy, i.e. by accessing the cookie preference centre via the "Cookie Settings" button on the cookie banner. From the cookie preference centre the User can withdraw the consent given for the activation of all cookies by pressing the "Reject all" button.
The provision of Personal Data and their processing for the purposes of Security, for which Sacmi is the independent controller, is based on the commitment of the company to identify and prevent illegal behaviours and to ascertain responsibility in the event of any cybercrime. Consequently, failure to provide Personal Data required for this purpose will make it impossible for the company to provide regular access to the Site.
Personal Data will be provided to personnel of the Joint Controllers, who are authorised to process them in order to fulfil the previously described purposes and who are committed to confidentiality or have received a suitable legal confidentiality obligation.
Personal Data will be supplied to third parties, called Data Processors, since they process Data on behalf of the Joint Controllers (e.g. companies with whom it is necessary to interact to provide services, such as hosting providers, providers of emailing services, or other companies appointed to carry out technical maintenance, including maintenance of network equipment and electronic communication networks). Personal Data may be shared with third parties with whom the Joint Controllers have agreements for services that are functional to its operations (such as auditing firms, people, firms or professional offices that provide support and consultancy services in the fields of administration, law, taxation, financial services).
Personal Data processed for the previously described purposes can be shared, used and transferred among the companies of the SACMI Group for internal accounting and administrative purposes, having registered headquarters both within and outside countries of the European Economic Area.
Some of your Personal Data may also be shared with recipients located in countries outside the European Economic Area. In this regard, the Joint Controllers point out that the processing of your Personal Data by these parties will be carried out in compliance with applicable legislation. Therefore, transfers will be carried out by means of adequate guarantees, such as adequacy decisions, standard contractual clauses approved by the European Commission, accompanied by the simultaneous implementation of additional measures of a legal, technical and organisational nature or other guarantees aimed at providing adequate protection of Personal Data in line with the relevant European provisions. More information is available by writing to the e-mail address
The Data shall not be circulated ("circulation" meaning making unspecified subjects aware of the Data).
Personal Data processed for the purposes of Pre-contractual measures taken at the request of the data subject and for the fulfilment of contractual obligations will be stored by the Joint Controllers for the time that is strictly required to perform the requested pre-contractual measures and to properly fulfil the pre-contractual and/or contractual relationship with you. The Joint Data Controllers may retain such Data for a longer period, in particular as may be necessary to protect the interests of the Joint Data Controllers from possible liability relating to the processing. Data will be deleted at the end of this period.
The Personal Data processed for the purposes of Legal Obligations will be kept for the period provided for by specific legal obligations or applicable regulations.
Personal Data processed for the purpose of Profiling will be retained until you withdraw your authorisation to do so. Once your consent has been withdrawn, Sacmi will no longer use your Personal Data for such purposes, but may still retain them in aggregate form for statistical use. In particular, with regard to the retention period of data processed through cookies and other similar technologies, read the Cookie Policy Section and the list of cookies, including third-party cookies, accessible from the cookie banner through the "Cookie Settings" button or from the "Cookie Settings" link located in the footer of the Site.
Personal data processed for the purpose of Security will not last more than 6 months, except when used to ascertain responsibility for any cybercrime against the Joint Controllers or third parties (e.g. to protect from legal actions by providing these data to the relevant Authorities).
The Joint Controllers have identified Sacmi as the sole point of contact for the purpose of allowing the exercise of the rights of the Data Subjects as set forth in Articles 15-21 of the Regulation, as indicated in greater detail below, as well as the following e-mail address managed by Sacmi itself and to which requests by Data Subjects may be sent. It is also specified that this e-mail address may also be used to exercise rights with reference to the processing of Personal Data with regard to which Sacmi alone acts as independent data controller (i.e. for Security and Profiling purposes).
Should you have any questions concerning the processing of your Personal Data, you may in any case contact the Data Protection Officer - DPO of Sacmi Imola S.c., designated pursuant to art. 37 of the Regulation and who can be contacted at the following e-mail address:
As Data subjects, you have the right, exercisable at any time, to:
  • request further information and/or request a copy of the Joint Controllership Agreement pursuant to art. 26 of the Regulation with regard to its essential content,
  • request access to your Personal Data (and/or a copy of this Personal Data) as well as to further information on the processing in progress;
  • request the rectification or updating of your Personal Data, if they are incomplete or not updated;
  • request the deletion of your Personal Data from the Joint Controllers’ databases, where you consider the processing to be unnecessary or unlawful;
  • request that processing of your Personal Data is limited when you believe that your Personal Data are not correct, necessary or illegally processed or when you opposed their processing;
  • exercise the right to the portability of the Data, i.e. to obtain in a structured, commonly used and machine-readable format a copy of your Personal Data provided, or to request its transmission to another Data Controller;
  • oppose processing of your Personal Data, using a legal basis for your particular situation which you believe would prevent the Joint Controllers from processing your Personal Data;
  • revoke your consent for Profiling purposes, also by accessing the cookie preference centre through the "Cookie settings" button on the cookie banner. From the cookie preference centre the User can withdraw the consent given for the activation of all cookies by pressing the "Reject all" button.
The Joint Controllers wish to inform you that you always have the right to complain to the relevant Control Authority (e.g. the Authority of the Country of your usual residence, which in Italy is The Italian Data Protection Authority), if you believe that treatment of your Data is contrary to actually applicable regulations pertaining to the protection of personal data.
The Joint Controllers reserve the right to change or update the content of this privacy policy, partially or fully, also as a consequence of changes in the applicable regulations. The Joint Controllers may inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Site. Therefore, they invite you to periodically check this section to familiarise with the latest and most up-to-date version of the Privacy Policy in order to always be up to date with Personal Data that is collected and used by the Joint Controllers.
  1. Definitions, types and regulation application
  2. Types of cookies used by the Site
  3. List of cookies used by the Site
  4. How to manage or delete cookies
  1. Definitions, types and regulation application
Cookies are small text files sent by the websites visited by the user and recorded on the user's computer or mobile device and retransmitted to the same websites on the subsequent visit. Cookies allow a website to remember the user's actions and preferences (such as login details, language chosen, font size, other display settings, etc.) avoiding the need to indicate them again when the user returns to the website or browses through its web pages.
Therefore, cookies are used for login, session tracking and retention of information regarding a user's activities when accessing a website. They may also contain a unique identification code that allows keeping track of the user’s navigation experience within the website for statistical or advertising purposes. Some operations could not be carried out without the use of cookies, which, in some cases, are technically necessary for the website to operate correctly.
For further information on cookies and their general functions, the User can visit the information Website   
Cookies may be those set directly by the website or web server that the user is visiting or those of the website whose address was typed by the user and displayed in the URL window (so-called "first-party” cookies).
While browsing a website, users may also receive on their devices cookies from websites or web servers other than the one they are visiting (so-called "third-party" cookies). Third-party cookies are relevant in cases when the user visits a website and a third party, with respect to the manager of the website visited, sets a third-party cookie using said website.
There are also various types of cookies, depending on their characteristics and functions, which remain on the user’s computer for different periods of time: session cookies, which are automatically deleted when the browser is closed; persistent cookies, which remain on your device until a predetermined expiration time.
According to the current regulation applicable in Italy, the user's consent is not always required for the use of cookies. In particular, technical cookies, i.e. those used for the sole purpose of transmitting a communication over an electronic communication network, or to the extent strictly necessary to provide a service explicitly requested by the user, do not require such consent. Technical cookies, which do not require express consent for their use, include:
  • first-party analytical cookies, used to collect information, in aggregate form, about the number of users and how they use the website;
  • third-party analytical cookies, when tools are used to reduce the identification power of cookies and the third party does not cross-reference the collected information with other information that it already has;
  • browsing or session cookies, used for authentication and access to a service;
  • functionality cookies, which allow the user to navigate based on a number of selected criteria (e.g. language, products selected for purchase) in order to improve the service provided.
On the other hand, for profiling cookies, i.e. those aimed at creating profiles referred to users and used to send advertising messages in line with the preferences expressed by the latter when browsing the web, the user's prior consent is required. User consent is also required for third-party analytical cookies when tools are not used to reduce the identification power of cookies and the third party cross-references the collected information with other information that it already has.
  1. Types of cookies used by the Site
The Site uses the following types of cookies:
  • browsing technical or session cookies, strictly necessary for the operation of the Site or to allow the User to take advantage of the contents and Services requested;
  • functionality cookies, used to activate specific functionalities of the Site and to configure the Site according to the User's choices (e.g. language) in order to improve the browsing experience. Please note that by disabling browsing, session and/or functionality cookies, the Site may be unavailable or certain Services or functions of the Site may be unavailable or not work properly and users may be forced to modify or manually enter certain information or preferences each time they visit the Site.
  • analytical cookies, which allow to understand how the site is used by users and to track the website incoming and outgoing traffic. It is hereby specified that Sacmi uses the Google Analytics service (provided by Google Inc. or “Google”) complying with the following conditions: measures taken to decrease the identification power of these cookies by masking parts of the IP (as described in the following link:; Sacmi has accepted the data protection amendment with Google Inc. by which the latter refers to its commitment to use such cookies exclusively for the provision of the service, to store them separately and not to “enhance” them or “cross-check” them with other information it has. Furthermore, it is reminded that an add-on can always be installed on the browser to disable Google Analytics ( For more information on the way the third party, Google, may use the User information, here is the link to their Privacy Policy:
  • profiling cookies used in order to comply with the preferences set by the User through the use of the Landing page and to send to the user advertising messages in line with these preferences.
With regards to third-party cookies, third parties typically act as autonomous data controllers with respect to the cookies they provide (and use the data they collect for their purposes and according to their own terms) or operate as Data Processors (i.e. they process Personal Data on behalf of Sacmi). For further information on how these third parties may use your information, please refer to their personal data processing policies (privacy policies and consent forms), which are provided, where possible, for each cookie in the list accessible from the cookie banner or from the "Cookie settings" link in the footer of the Site.
  1. List of cookies used by the Site
The cookies used by the Site can be viewed by the User by accessing, at any time, the list of cookies, including third-party cookies, accessible from the cookie banner through the "Cookie Settings" button or from the "Cookie Settings" link located in the footer of the Site.
  1. How to manage or delete cookies
Most Internet browsers are initially set to accept cookies automatically. The User may modify these settings in order to block cookies or be warned every time cookies are sent to the navigation device. Furthermore, at the end of each navigation session, the User may delete the cookies that were collected from his or her device. There are various methods to manage cookies. Please refer to the specific instructions for the browser in use. If the User uses various devices to visit and access Websites (for example, computer, smartphone, tablet, etc.), then the User is responsible for ensuring that each browser of each device is set to reflect his or her expressed preferences regarding cookies. For more information on managing cookies, please refer to the page

Select the following links to access specific instructions for managing cookies through some of the main navigation programs.

Microsoft Windows Explorer

Google Chrome 

Mozilla Firefox

Apple Safari

If the User does not use any of the aforementioned browsers then the User may, in any case, select "cookies" in the relevant section of the guide to see where the cookies folder is located.
You can also manage your choices about third-party cookies by means of online platforms such as AdChoice.