INFORMATION PURSUANT TO ART. 13-14 OF THE GDPR (GENERAL DATA PROTECTION REGULATION) 2016/679

Villa Maria, VAT: 02645420734, Data Controller, informs you that your data will be processed in the manner and for the purposes indicated below.

The Controller is committed to protecting the privacy and confidentiality of Personal Data in compliance with the principles of fairness, lawfulness, transparency, and the protection of your rights.

1) TYPE OF DATA PROCESSED

We process personal data provided by you (name, email, company name, telephone number, etc.) in the event of requests sent spontaneously, and data that is collected independently by the website.

  • Data provided by you: personal, identifying, and non-sensitive data communicated by you to make requests via email, through the contact form, or by telephone regarding our products/services.
  • Data we collect automatically: anonymous data collected using cookies or similar technologies: for further information, please view the Cookie Policy below.

N.B.: Users under the age of 16 cannot provide any personal data without the consent of parents or those exercising parental authority.

 

2) PURPOSES AND LEGAL BASES OF PROCESSING

We will process your personal data:

A) to fulfill our contractual obligations; provide a response to your requests for information; calculate a quote you have requested; execute sales contracts for products or assignments for the provision of services; guarantee the necessary assistance regarding the products and services purchased.

B) to carry out aggregate statistical analysis on an anonymous basis to improve our services;

C) for administrative purposes and for the fulfillment of legal obligations such as, for example, those of an accounting or tax nature, or to comply with requests from the judicial authority.

D) in the case of sending a curriculum vitae, exclusively for selection purposes.

 

3) IS THE PROVISION OF DATA MANDATORY?

The provision of your data is always optional, but any failure to provide it could make it impossible to proceed with certain processing operations, such as those strictly connected to the fulfillment of a contract or the provision of services you have requested.

4) PLACE, METHOD OF PROCESSING, AND RETENTION TIMES

The processing of your personal data is carried out by means of the operations indicated in Art. 4 of the Privacy Code and Art. 4 n. 2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.

Your personal data is stored at the Controller’s premises and is subject to both paper and electronic and/or automated processing with logic strictly related to the indicated purposes and in any case in such a way as to guarantee the security and confidentiality of the data itself. The data you send is not saved within our website.

The Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer than 10 years from the termination of the relationship for the Purposes in point C and for no longer than 38 months from the collection of data for the Purposes in point B.

5) ACCESS TO DATA

Your data may be made accessible for the purposes indicated in point 2:

  • to employees and collaborators of the Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
  • to third-party companies or other entities (website provider, cloud provider, e-payment service provider, suppliers, hardware and software support technicians, shippers and carriers, credit institutions, professional firms, etc.) that carry out outsourcing activities on behalf of the Controller, in their capacity as data processors.

 

6) DATA TRANSFER

The data will not be disseminated, sold, or exchanged with parties other than the controller, the processors, and the appointed persons in charge without your express and explicit consent.

7) YOUR RIGHTS

You have the right to know which of your personal data is being processed. In particular, you are recognized the right of access, rectification, erasure as well as the right to data portability, the right to restriction of processing, and the right to object to processing, if the conditions are met.

Below we provide a brief illustration of the rights recognized to you with reference to the processing of your personal data.

  • The right of access allows you to obtain confirmation as to whether or not personal data concerning you is being processed by the Controller and, if so, to access such data and related information;
  • The right to rectification allows you to obtain the modification of inaccurate personal data concerning you without undue delay and, taking into account the purposes of the processing, to obtain the integration of incomplete personal data;
  • The right to erasure (right to be forgotten) allows you to obtain the deletion of data concerning you without undue delay (e.g., when your personal data is no longer necessary in relation to the purposes for which it was collected), subject to the exceptions provided for by applicable legislation (e.g., when the conservation of your data is necessary for compliance with legal obligations applicable to the data controller). Deletion will be carried out within the required technical timeframe;
  • The right to data portability allows you, in certain circumstances provided for by applicable legislation, to receive the personal data concerning you that you have provided in a structured, commonly used, and machine-readable format. You may transmit this data to another data controller, provided that this right can be recognized in light of applicable legislation, and except in cases where it may cause harm to the rights and freedoms of others;
  • The right to restriction of processing allows you, in certain circumstances provided for by applicable legislation, to obtain the limitation of the processing of your personal data. In such cases, the Controller may continue to process your data only in certain cases, for example, for the exercise of the right of defense or to protect the rights of another natural or legal person;
  • The right to object to processing allows you, in certain circumstances provided for by applicable legislation, to object to the processing of your personal data unless there are overriding legitimate grounds, rights, or freedoms that allow the Controller to continue the processing;

To obtain more information on the processing of your personal data or to exercise your rights, please contact us.

 

8) CHANGES TO THE PRIVACY POLICY

This Policy may undergo changes. It is therefore advisable to check this Policy regularly and refer to the most updated version.

Last update: March 2026

Back To Top