Privacy – Contacts



Registered office: 1 via Lavoratori Autobianchi – 20832 Desio, Tel. +39 0362 300830 / Fax +39 0362 300253 – – Share capital € 10,400.00 = f.p. – Tax code and VAT No. 03026390967 – MB Economic and Administrative Index – no. 1625214, pursuant to articles 4, par. 1, point c) and art. 24 of EU Regulation 2016/679 (hereinafter GDPR) is the Data Controller (hereinafter the Controller) and, in fulfilment of the obligations under art. 13 of the GDPR provides this Notice which details the purposes and how your personal data is processed.

Please note that:

  • personal data (pursuant to art. 4, par. 1, no. 1) of the GDPR) means ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’
  • personal data processing (pursuant to art. 4, par. 1, no. 2) of the GDPR) means ‘any operation or set of operations which is performed with or without the use of automated processes on personal data or on sets of personal data, even if not recorded in a database, such as collection, recording, organisation, structuring, storage, processing, selection, restriction, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise any other form of making available, comparison or interconnection, limitation, cancellation or destruction.’

1. Data Controller and contact data

The Data Controller under art. 24 of the GDPR, namely the party who decides the processing purposes and methods, is

registered office: 1 via Lavoratori Autobianchi – 20832 Desio
Tel. +39 0362 300830 / Fax +39 0362 300253

2. Data processed

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

It concerns information that is not collected to be associated with specific individuals, but by its very nature could, through the processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the operating system and the users.

These data are used only to obtain anonymous statistical information on the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website, as well as completion of the contact form or transmission of data through other sections of the site, involves the subsequent acquisition of the sender’s address, necessary to reply to the requests, as well as any other personal data entered by the user.

3. Purposes and legal basis of processing

3.1 Your personal data, subject of processing, are used for the following purposes:

  1. to meet your specific requests;
  2. to fulfil legal and/or regulatory obligations of a fiscal, administrative and accounting nature;
  3. to fulfil pre-contractual, contractual and tax obligations related to the conclusion and/or execution of contracts you are a party to;
  4. to protect credit.

3.2 The processing of your data is based on art. 6, par. 1 points b) and c) of the GDPR.

4. Nature of the provision of personal data

For the purposes referred to in art. 3.1, points a), b), c) and d) hereof, the provision of personal data is necessary to carry out the services rendered by the Controller, and a refusal shall make it impossible to do so. To carry out processing as it is referred to in art. 3.1, points a), b), c) and d) hereof, obtaining the Data Subject’s consent is not necessary.

5. Data Processing Methods

Data are processed by means of hard copy records, computer and electronic media as well as electronic devices by specifically authorised internal subjects and/or through third parties, according to logics strictly connected to the purposes referred to herein. Data are stored in electronic files and, as a second-line option, in hard copy, in order to ensure data security and confidentiality. The personal data is processed in compliance with the principles underlying the GDPR.

6. Data recipients

Data Recipient, pursuant to art. 4, par. 1, no. 9) of the GDPR, means ‘the natural or legal person, the service or another body that receives personal data communications, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing’.

It should be noted that, in relation to the aforementioned purposes, personal data may be disclosed to recipients collaborating with the Data Controller or responsible for fulfilling legal obligations. These recipients are strictly bound by a duty of confidentiality regarding any information that may be disclosed. Their categories are reported by way of example below.

  • Authorities, public administrations as well as supervisory and control bodies for their institutional purposes.
  • Associated companies, subjects, consultants, consultant agencies, professional offices collaborating with the Controller to achieve the aforesaid purposes and fulfil legal obligations.
  • Subjects providing services to manage the Data Controller’s information system.
  • Professionals qualified to examine and resolve any legal and contractual issues.
  • Banks or similar organisations.
  • Health care bodies.

7. Data processing location and possible data transfer outside the EU

Data is processed in a Member State of the European Union (EU) or a Member State of the European Economic Area (EEA).

However, data processing may involve the transfer of data to a non-EU or non-EEA country. In this case, the Data Controller shall henceforth ensure that transfer, if necessary, will be carried out only under the specific conditions set out in articles 44 et seq. the GDPR.

8. Data dissemination and disclosure

Your personal data will not be disseminated or transferred.

Disclosing personal data to third parties other than the Data Controller and Data Processors – inside or outside the organisational structure of the Data Controller – identified and appointed pursuant to articles 24 and 28 of the GDPR is foreseen where necessary.

In any case, processing by third parties will be carried out in compliance with the principles of lawfulness, fairness, proportionality and need as well as the current laws.

9. Storage time

Data will be stored in compliance with the principle of proportionality and, in any case, for no longer than 10 fiscal years necessary to achieve the purposes referred to in art. 3.1 hereof.

10. Data security

The Data Controller shall adopt the appropriate technical and organisational data protection measures in order to prevent data from being lost or used unlawfully and improperly, and any unauthorised access.

11. Data Subject’s rights

Notice is hereby given that, pursuant to art. 13, par. 2, point b) of the GDPR, in relation to processing of the personal data referred to herein and in order to ensure fair, transparent processing, the following rights may be exercised:

11.1. Right to information and access (pursuant to art. 15 of the GDPR): in order to obtain information from the Data Controller on whether your personal data is being processed or not; on access to your personal data and to details on the purposes of processing; on the recipients or categories of recipients data are transmitted to.

11.2. Right to rectification (pursuant to art. 16 of the GDPR), Right to erasure (pursuant to art. 17 of the GDPR) and Right to restriction of processing (pursuant to art. 18 of the GDPR): in order to ask the Data Controller to rectify, erase your personal data and restrict processing.

11.3. Right to data portability (pursuant to art. 20 of the GDPR): in order to gain access to your personal data, which was provided to the Controller, in a structured, commonly used and machine-readable format and you are entitled to transmit said data to another Data Controller, provided that this operation is technically feasible.

11.4. Right to object (pursuant to art. 21 of the GDPR): in order to object to the processing of your data.

To exercise the rights referred to in the aforementioned art. 13, par. 2, points b) and e) of the GDPR, please write to:

registered office: 1 via Lavoratori Autobianchi – 20832 Desio
Tel. +39 0362 300830 / Fax +39 0362 300253

12. Right to lodge a complaint or appeal

Pursuant to art. 13, par. 2, point d) of GDPR and art. 140 bis of (It.) Legislative Decree no. 196/2003 bis, as amended by (It.) Legislative Decree no. 101/2018, furthermore, it should be noted that if data processing is performed in breach of the provisions of the European Regulation or the Code concerning the protection of personal data, a complaint may be lodged to the Privacy Authority pursuant to art. 77 of GDPR or, alternatively, an appeal may be lodged to the Judicial Authorities.