within the meaning and for the purposes of Art 13 of the EU Regulation of April 27th 2016 n° 679 “General Data Protection Regulation”


This Privacy Policy is intended to describe the management of this website, with reference to the processing of personal data of users/visitors consulting it.

This notice is provided - in accordance with Art. 13 of EU Regulation 679/16 regarding the protection of personal data - to those who connect to the corporate website of Brambati SpA at the addresses and

The notice is only provided for the websites mentioned above and not for other websites that may be consulted by the user through special links available on the websites.

The websites and are owned and managed by Brambati SpA, who assure compliance with the provisions of EU Regulation 679/16.

Users/visitors shall carefully read the specific notice - shown at the link below and on the contact form page - before providing their consent and sending any personal information and/or filling in any electronic form posted on the website itself.

Browsing data (TBV)

The computer systems and the software procedures used to operate this website acquire, during the normal course of operation, some personal data that are then implicitly transmitted in the use of Internet communication protocols. Such information are not collected to be associated with identified data subjects but, by their own nature, might - through processing and association with data held by third parties - enable to identify users. This category of data includes IP addresses or domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply from the server (successful, error etc.) and other parameters related to the operating system and to the IT environment of the user. These data are only used to obtain anonymous statistical information on the use of the website and to make sure that it operates correctly, and are deleted immediately after processing. The data might be used to ascertain responsibility in case of hypothetical computer crimes against the website: except for this event, the data on web contacts are not stored for more than seven days.

Cookies (TBV)

For the transmission of personal information neither cookies are used nor the so-called persistent cookies of any kind or systems to track users. The use of the so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to transmitting session identifiers (consisting in random numbers generated by the server) required for secure, efficient website browsing. The so-called session cookies used on this website avoid the need to use other information technologies - that are potentially detrimental to the confidentiality of users' browsing - and do not allow the acquisition of personal data identifying the user.

Purposes and Lawfulness of Personal Data Processing

Personal data collection and processing are carried out to:

- perform economical as well as pre-contractual activities;

- provide specific information on Brambati SpA products/services;

Personal data will be processed according to the principles of correctness, lawfulness, transparency and protection of your privacy as well as of your rights.

The personal data that the Data Processing Controller may collect are as follows:

a) general data (name, surname, address, telephone number, e-mail address, relating company);

The lawfulness of the processing is based on:

- explicit consent (pursuant to Art. 6.1, Letter a) of the GDPR).

Processing Modes

Data processing for the purposes concerning the access to the website of the Company takes place both by means of automated modes, on electronic or magnetic support, and by means of non-automated modes, on paper support, in compliance with the privacy and security rules envisaged by the law, by consequent regulations as well as by internal provisions.

Data are always processed in full compliance with the principle of the proportionality of the processing, according to which all personal data and the different modes of their processing shall be relevant and not in excess compared to the purposes to be achieved.

Stored data are protected by adequate security measures, so as to reduce the hazard of fortuitous loss or unauthorized access as well as of processing not consented or not complying with the mentioned purposes. No automated decision-making is available.

Location of Processing

Data are processed and stored at the seat of Codevilla (PV), via Strada Nuova 37. Furthermore, they are processed, on behalf of the Company, by Processors whose list may be asked for to the Controller of the Processing.

Mandatory nature of providing the requested data and consequences of an objection to provide them

Providing the requested data is mandatory to access to the Company website and, therefore, an objection to provide them, completely or partially, may bring about the impossibility for BRAMBATI SpA to allow visitors’ access.

Data Communication

Data may be transferred to professionals and/or companies charged with carrying out technical and development activities as well as to employees/collaborators of BRAMBATI SpA.

Data Transfer Abroad

Your personal data will not be communicated to other companies with head offices in third extra-European Countries.

Data Storage Duration

Your personal data concerning the access to the website of the Company will be processed for 12 months. If contractual relationships with Brambati SpA, are formalized, the Data Subject will receive an adequate notice specifying the lawfulness as to further processing.

Data Subject’s Rights

As to personal data, the Employee may exercise the rights pursuant to Chapter III of EU Reg. 2016/679 (a copy of which is attached herewith) in the limits and under the conditions pursuant to articles 15 – 23 of said Regulation. In particular, BRAMBATI SpA assure and acknowledge Data Subjects the exercise of the following rights:

- the right to access to the personal data available in their own paper and/or electronic records;

- the right to require their correction, updating and erasure, if they are incomplete or wrong as well as the right to object to their processing for legitimate and specific reasons;

- the right to obtain the correction of inexact personal data without undue delay. Taking into account the purposes of processing, the Data Subject has the right to obtain the integration of incomplete personal data, also by providing an integrative notice;

- the right to obtain the erasure of personal data concerning him or her without undue delay, where one of the following grounds pursuant to Art. 17, sub-section 1 of the Regulation applies;

- The right to obtain the restriction of processing, whenever one of the cases pursuant to Art. 18, Sub-section 1 of the Regulation occurs;

- the right to lodge a complaint with a Supervisory Authority; as well as to exercise the other rights acknowledged by the applicable framework.

The Data Subject may exercise his/her own rights by contacting the Controller of Processing via the contact details mentioned hereinafter.

Controller of Processing

The above mentioned rights can be exercised, even through an officer, by means of request to Titolare del Trattamento dei dati at the Company Head Office in via Strada Nuova 37 – Codevilla (PV) - Tel. 0383 373100 or at the following e-mail address: .

The Controller of Processing is BRAMBATI SpA, via Strada Nuova 37 – Codevilla (PV) - Tel. 0383 373100 represented by their Legal Representative, dott. Fabrizio Brambati. E-mail

The complete text of the EU Reg. 2016/679 (GDPR) is available on the website of the Supervisory Authority

Codevilla, 24/05/2018




Article 15 - Data Subject’s Access Right

1. The Data Subject shall have the right to obtain from the Controller of Processing confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

a) the purposes of processing;

b) the categories of personal data concerned;

c) the recipients or the categories of recipients your personal data are disclosed to or will be disclosed to, in particular if they are recipients of third countries or international organizations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the Data Subject’s right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing;

f) the right to lodge a complaint with a Supervisory Authority;

g) where the data are not collected from the Data Subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4 and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the Data Subject.

2. Where personal data are transferred to a third country or to an international organisation, the Data Subject shall have the right to be informed on the appropriate safeguards pursuant to Article 46 relating to the transfer.

3. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form. 4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.