Select Page


Our policy

Your privacy is very important to 4.20 Srls and to best protect it we are providing you with these notes with indications of the type of information gathered online and on the various ways you can intervene in gathering and using this information on the website.

This privacy policy statement is provided in conformity with and as a result of the article Article 13 of Legislative Decree No. 196/2003 of the Code regarding the protection of personal data to those who interact with the web services of 4.20 Srls accessible at: as the homepage of the official website of

This information notice refers only to the website owned by 4.20 Srls and not to other websites which may be visited by the user through external links.

The notice herein is drawn up also in accordance with the indications provided by Recommendation n. 2/2001 which the European Authorities for the Protection of Personal Data, brought together in the Working Party set up by Article 29 of Directive 95/46/EC, adopted on 17 May 2001 in order to identify certain minimum requirements for collecting personal data online in the European Union.

In particular, the methods, timing and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

The following information is provided pursuant to Article 13 of the EU Regulation 679/2016 art. concerning the processing of personal data (hereinafter referred to as GDPR) which has standardized the regulation of Privacy throughout Europe which came into force on May the 25th, 2018.

The GDPR defines the concept of “personal data” as any information concerning an identified or identifiable natural person (“interested party”); Considered to be identifiable is a natural person who can be directly or indirectly identified, in particular through the attribution of an identifier such as a name, code number, location data, online name or one or more special characteristics specific to his or her physical, physiological, mental, economic, cultural or social identity.

Who manages your personal data

Browsing this website the visitors’ data can be gathered and personal data may be treated relative to identified or identifiable people.

4.20 Srls headquartered at via Fausto Melotti 9, 20138 Milano, P.IVA 10123180969 is responsible for the holding of all personal data.

Place of data processing

The data processing activities in relation to the services provided on this website are carried out at the 4.20 Srls offices indicated above.

Data processing are treated only by appointed staff, or by temporary technicians for maintenance.

No personal information is communicated or disclosed.

Personal data provided by users who send requests for information materials (mailing list, business contacts, answers to queries, etc.) are to be used for the sole purpose of conducting the required service or performance.

Types of data processed

Browsing data. Computer systems and software procedures on which this website is based are made so that they get, during their ordinary activity, information and personal data that are later sent implicitly through the web by systems based on the Internet protocol.

This kind of information is not acquired for purposes directly linked to identifiable data subjects but could, by virtue of its very nature, be processed and aggregated with the data held by third parties, in such a way as to make user identification possible.

IP addresses fall under this category, as well as domain names related to computer used by users who access to the website, including further parameters related to the operating system and the technical environment of the user.

This information is only used to prepare anonymous statistics on site use and to ensure the proper operation of the site itself.

Data might be used to investigate responsibilities in case of any processing offence against the site and they could be submitted to legal Authority, if requested.

Data Processors and Recipients of Personal Data

The data are processed by the Data Processor’s appropriately-trained employees or collaborators.

Both navigation data and the data provided by the user on a voluntary basis are processed and stored by the data controller and/or by third parties for accounting, administrative, legal or statistical purposes. These third parties will be appointed by the data controller as external or autonomous controllers linked by specific contract belonging to the following categories:

  • companies or professionals providing website maintenance services.
  • companies or professionals providing telematic communications services and, in particular, electronic mail
  • companies or professionals performing management and maintenance services of the Data Controller’s databases.

The collected data may also be communicated to external subjects acting as independent data controllers.

Nature of data provision and data retention period

Provision of the data is compulsory for the purposes set out above (Section n.3), failure to provide it makes it impossible to submit your request.

Your personal data will be treated for the time’s period strictly necessary to pursue the objects mentioned at Section n.3 

then subsequently deleted within the maximum period relating to the duration and origin of cookies in the table.

Data transfer to Non-EU countries

With reference to the processing carried out for the purposes as per sect.3, no.2, the holder may use, also through its data processors, companies providing telematic communication services and, in particular, e-mail that could allow the passing of messages and personal information of users also in non-EU Countries or that in those countries they may save backup copies of the data, in order to limit the risk of data loss.

These service companies were selected because of the trustworthiness, security and compliance with national and European data processing legislation.

This kind of transfer abroad is in line with this legislation, since implemented only to countries (or sectors thereof) that have been the subject of an adequacy decision and therefore insure an adequate level of protection or on the basis of standard contractual clauses validated by a European Supervisory Authority and in accordance with the models proposed by the Commission by Decision 2010/87/EU.

Voluntarily provided data

Voluntary data Optional, express and willful sending of e-mail or mail to the indicated addresses on this website implies the acquisition of sender address, necessary for replies, as well as all other given data.

Your rights

The EU Regulation 2016/679 lists the rights of the user, that you may exercise by directly contacting the Controller or the DPO through contact details referred to in sect.1 and 2 of this notice. 

Among the rights exercisable, provided that the conditions laid down in the legislation are met (in particular, art. 15 and following of the Regulation):

  • The right of access gives individuals the possibility to learn whether and what type of information relating to them is being processed and have access to the data subject to processing and to all the information related to it;
  • right to request the rectification of your personal data that are inaccurate or to request the completion of incomplete personal data;
  • the right to cancellation of the personal data
  • right to restrict processing;
  • the right to object to processing
  • the right to data portability,
  • right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on consent previously granted.

In any case, the user is granted has the right to lodge a complaint with the Guarantor for the protection of personal data, according to the methods indicated by the same Authority at the following Internet address:

For further information on users rights you can contact directly the Data Controller or the DPO, or consult the official pages: and

© Copyright 2023 | 4.20 HEMP FEST SRLS - P.IVA 10123180969 -Via Fausto Melotti 9, 20138 -Milano