You are here

What is the purpose of this disclosure?
In compliance with the provisions of current legislation on the protection of personal data, namely Regulation (EU) 2016/679 (also known as "GDPR") and, to the extent applicable, the complementary national legislation, we would like to inform you about the processing of your personal data by the Controller's organisation, which will be based on the principles of correctness, lawfulness and transparency, as well as the protection of your privacy and the protection of your rights. This notice is given in relation to the personal data provided by you, i.e. the data subject reading this notice.


a)    When do we collect your personal data?
La presente informativa è resa per i dati personali che lei fornisce utilizzando il sito web.


b)    Who is the Data Controller? How do I contact them?
The Data Controller is Bondioli & Pavesi S.p.A., with registered offices in Via 23 Aprile, 35/a I - 46029 SUZZARA (MN), VAT no 01940930207, hereinafter referred to as the “Controller”. The Controller can be contacted at the above postal address or at the following e-mail address: [email protected] 


c)    What categories of personal data do we process?
In order to provide you with the services provided by the website, we have to process some of your personal data, mainly relating to the following categories:
•    common identifying data that you may provide us with, such as: name, surname, address, e-mail, telephone, etc., when filling in forms, for example;
•    technical web identification data, such as: IP address, MAC address, identification code of the device used to access the site, etc. This personal data is necessary for the use of the site and the services offered (also see the cookie policy); 


d)    For what purposes are data processed? On what legal basis? And how long are they stored for? 
Below we indicate the purpose of the processing, the legal basis legitimising the processing and the storage period of your personal data: 

Purpose Legal basis Storage  
1.    Management of the contract, or a request for information, services, and related contractual and/or pre-contractual relations. Performance of pre-contractual or contractual obligations The data will be kept for the period necessary to answer your request and at most for the subsequent period of limitation of rights.
2.    Sharing with other group companies: the data may be shared with other companies within the corporate group to which the Controller belongs if necessary to handle your request.  Legitimate interest  


e)    What is the legitimate interest that allows processing?
The legitimate interest mentioned above relates to the need to share data for administrative, accounting and contractual purposes, and is without prejudice to the fundamental freedoms and rights of the data subject.


f)    Am I required to provide data? What happens if I do not provide it?
The provision of your personal data for the purposes of (1) contract management is a requirement for the conclusion of the contract and the provision of the requested services. For the purpose (2), it is necessary to fulfil your request. Failure to provide information for these purposes will result in the contract not being concluded or the services you request not being provided. 


g)    Who may come into contact with your data? Who do we communicate it to?
Personal data relating to the processing in question for the above-mentioned purposes may be communicated or disclosed:

  • to those within the Controller's organisation who need it because of their duties or position. Such individuals are those authorised to process data under the direct authority of the Controller;
  • to those individuals to whom access is granted by law, or to whom the transfer of data is necessary for the fulfilment of obligations under laws, regulations, or by contract;
  • to third parties carrying out processing on behalf of the Controller in relation to the processing and purposes described above. These individuals are authorised to process it in their capacity as Data Processors in accordance with Article 28 of the GDPR;
  • to companies belonging to the Controller’s corporate group in order to process its requests.


h)    Are personal data transferred outside the European Union (EU)?
The data collected is not transferred to locations outside the European Union.


i)    Other information
Depending on certain processing operations, we may provide you with specific relative information (candidates, customers, suppliers, etc.).


j)    What are your rights as a data subject?
The GDPR entitles you to the following rights in relation to your personal data, which you may exercise within the limits and in compliance with the provisions of the regulation:
-    Right to access your personal data (Art. 15); 
-    Right of rectification (Art. 16); 
-    Right to erasure (right to be forgotten) (Art. 17); 
-    Right to restriction of processing (Art. 18); 
-    Right to data portability(Art. 20); 
-    Right to object  (art. 21); at any time and on grounds relating to their particular situation, the data subject has the right to object to the processing of personal data based on legitimate interest, including profiling on that basis. The Data Controller shall refrain from processing unless it can demonstrate the existence of compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims; 
-    Right to object to a decision based solely on automated processing (Art. 22); 
-    The right to withdraw your consent at any time, without prejudice to the lawfulness of processing based on the consent given prior to withdrawal.
You may exercise your rights by sending a written request addressed to the Data Controller at the postal address, or by e-mail as indicated above. In addition, you have the right to lodge a complaint with the Italian Data Protection Authority (, if you believe that the processing of your data violates the legislation in force (Art. 77) or to take legal action (Art. 79).


k)    How are personal data protected? 
Personal data will be processed both with and without the aid of electronic tools, using technical and organisational security measures appropriate to the nature of the data to ensure their integrity and confidentiality and to protect it against the risks of unlawful intrusion, loss, alteration, or disclosure to third parties not authorised to process it.


l)   Updates
The Controller reserves the right to amend and update this policy at any time. Changes will apply as soon as they appear. It is therefore necessary for you to regularly check the current Information Notice.


Edition dated 02.08.2022