Information on the Processing of Personal Data - Art. 13 Regulation (EU) 2016/679 of the European Parliament and the European Council (Privacy Policy)
This Website collects some Personal Data of its Users.
This document can be printed using the print command in any browser’s settings.
Data Controller
Gnutti Carlo S.p.A., with registered office in Maclodio, via Artigiani no. 2, tax code and registration no. at the Brescia Register of Companies 01272680172 VAT number 03402160174 (hereinafter "Company" or " Data Controller"), owner of personal data processing, provides below the privacy policy pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter "GDPR"), to the data subjects (hereinafter "Data Subject" or, in plural, "Data Subjects").
The Company, as Data Controller, undertakes to protect the confidentiality and rights of the Data Subject and, according to the principles set forth by the aforementioned regulations, the processing of the data provided will be based on the principles of fairness, lawfulness and transparency.
Purpose of processing
The policy is only provided for the website of the Company www.gnutticarlo.com (the "Website") and not for other websites that may be consulted by the Data Subject via links. The Data Subject may voluntarily provide their personal data that will be processed and used by the Company for purposes related to the requested service indicated by specific information shown or displayed on the pages of the Website for particular services or requests.
The personal data of the Data Subjects will be processed by the Company for purposes related to navigation on the Company’s Website and its interaction with services accessible via telematics from the same Website.
The provision of data for the purposes mentioned above is optional, however, failure to provide data and/or express refusal to processing will make it impossible for the Data Controller to follow up the requested services. The processing is lawful as it is carried out in compliance with the provisions of laws and regulations and for the exercise of the rights of the Data Controller.
The Data Subject may also withdraw their consent at any time, with the same ease as when they gave it.
Methods of processing
The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the data.
The processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.
In carrying out the processing activities, the Company undertakes to:
- ensure the accuracy and updating of the data processed, and promptly implement any corrections and/or additions requested by the Interested Party;
- take appropriate security measures to ensure adequate data protection, taking into account the potential impacts that processing has on the fundamental rights and freedoms of the Data Subject;
- notify the Data Subject, within the time and in the cases provided for by the mandatory legislation, of any breach of personal data;
- ensure that processing operations comply with applicable legal provisions.
Communication and dissemination of data
Without prejudice to communications carried out in compliance with legal obligations, the personal data of the Data Subject may be known, in addition to the Data Controller, by:
- employees and collaborators of the Data Controller as authorised data processors;
- national and foreign companies that are part of the same group to which the Data Controller belongs;
- general authorities, administrations, public bodies and agencies, both domestic and foreign;
- external entities (such as third-party technical service providers, hosting providers, IT companies, communication agencies) also appointed, if necessary, data processors by the Data Controller. The updated list of liabilities may always be requested from the Data Controller.
exclusively for the purposes listed above according to any consent given by the Data Subject. Personal data is not subject to disclosure.
Transfers abroad
The data will be stored and processed within the European Union.
In the event of any processing of data outside the European Union, it will only be done after adoption of adequate guarantees, as provided for by the binding legislation.
Data retention policy
Unless otherwise stated in this document, the Company stores personal data on its systems in a form that allows the identification of the Data Subjects according to the following criteria:
- for a period not exceeding the achievement of the purposes for which they are processed, unless otherwise provided by legal requirements;
- to comply with specific legal requirements or to establish, exercise or defend a right in court;
- where applicable and lawful, until the Data Subject’s request for deletion.
Rights of the Data Subject
The Data Subject may assert their rights, recognized by the binding legislation and in particular by art. 15 to 22 of the GDPR, such as:
- Right of access: the right to obtain confirmation from the Data Controller as to whether or not personal data is being processed and, in this case, to obtain access to personal data and further information on origin, purpose, categories of data processed, recipients of communication and/or transfer of data, etc.
- Right to rectification: the right to obtain from the Data Controller the correction of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary statement.
- Right to cancellation: the right to obtain from the Data Controller the deletion of personal data without undue delay in case:
- the personal data are no longer necessary for the purposes of processing;
- the consent on which the processing is based has been withdrawn and there is no other legal basis for the processing;
- personal data have been processed unlawfully;
- personal data must be deleted to comply with a legal obligation.
- Right to withdraw consent: the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.
- Right to object to processing: the right to oppose at any time to the processing of personal data that have as a legal basis a legitimate interest of the Data Controller.
- Right to restrict processing: the right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is disputed (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the Data Subject has objected to the processing, if the personal data are necessary for the Data Subject to establish, exercise or defend a right in court, if, following the opposition to processing, the Data Subject is awaiting verification as to whether or not the legitimate interest of the Data Controller prevails.
- Right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another controller, only for cases where the processing is based on consent or a contract and for data processed using electronic means.
- Right not to be subject to automated decisions: right to obtain from the Data Controller not to be subjected to decisions based solely on automated processing, including profiling, that produce legal effects which affect the Data Subject or significantly affect their person, unless such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the Data Subject.
- Right to complain to a supervisory authority: without prejudice to any other administrative or judicial remedy, the Data Subject who believes that the processing of their data violates the GDPR has the right to lodge a complaint with a supervisory authority.
In order to exercise the rights provided for by the GDPR, the Data Subject may:
- forward your requests to the Data Controller, at the e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.; or
- alternatively contact the Data Controller at the following address:
Gnutti Carlo S.p.A.
Via Artigiani n. 2
25030 Maclodio (BS) - Italy
by indicating in the subject "Privacy"
The Data Controller has appointed a Data Protection Officer ("DPO") who can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it., and who is responsible for advising and supervising the management of personal data and for contacting the Authority and the data subjects.