Privacy Policy

(Articles 13 and 14 of European Regulation No. 679/2016)

Dear User,

PIEFFE S.r.l. with registered office in Via Antonio Cavinato, 12/b – 35010 Curtarolo (PD), Tax Code and VAT 04313140289, as the “Data Controller” wishes to inform you, pursuant to Articles 13 and 14 of European Regulation No. 679/2016 (hereinafter referred to as the “EU Regulation”), that your data will be processed as specified below:

  1. Processing purpose

The Data Controller wishes to inform you that personal identification data (e.g. name, surname, company name, address, telephone number, e-mail address, bank and/or payment details, etc.), hereinafter referred to as “personal data” or simply “data”, related to you, acquired verbally directly or through third parties in the past, such as those that will be collected in the future, may be processed in full compliance with the EU Regulation. The Data Controller processes the data in a lawful manner specifically for the execution of an agreement to which you are a party or for the implementation of pre-contractual measures (e.g. drafting of a proposal an offer, etc.) requested by you (art. No. 6 of the EU Regulations).

Data processing means any operation or set of operations concerning the collection, recording, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, and destruction of data.

  1. Legal basis and purpose of the processing

Legal basis: European Regulation (EU) No. 679/2016

  1. A) without your express consent (art. 6 letters b), c), e) of the EU Regulation), for the following Purposes:

meet pre-contractual, contractual and fiscal obligations originating from the relationship we have established with you;

meet the obligations established by laws, regulations, and European directives or an order of the Authority (for example on money laundering);

exercise the rights of the Data Controller for example the right to defence in legal proceedings;

– for general bookkeeping;

– for management purposes (invoicing, document management where appropriate, etc.);

– for managing receivables;

– for statistical analysis and quality control;

– for insurance management;

– for technical support.

In particular, your data will be processed for purposes related to the need to meet the following requirements, as well as legislative or contractual obligations:

Technical and functional access to the website: no data are stored after the browser is closed;

– advanced browsing or customised content management;

– Statistics and Analysis of browsing and users.

  1. B) Only after your specific and separate authorisation (art. 7 of the EU Regulation), for the following commercial and/or marketing and/or profiling purposes:

Sending you via e-mail, postal service and/or sms and/or telephone contacts, newsletter, marketing and/or advertising communications regarding products or services offered by the Data Controller and feedback on the customer satisfaction level on the quality of what was carried out on your request.

– sending you via e-mail, snail mail and/or text messages and/or by phone, commercial and/or promotional communications from third parties (e.g. business partners).

  1. Processing methods

The processing of your personal data is carried out through the operations specified in art. 4 No. 2) of the EU Regulation and specifically:  the collection, recording, organisation, structuring, storage, adaptation or amendment, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, erasure or destruction, and blocking.

Your personal data are subjected to both paper and electronic and/or automated processing (however suitable to guarantee the security and confidentiality of the data).

  1. Data Storage Term and Other Information

The Data Controller will process your personal data for the time strictly necessary to fulfil the purposes referred to above and in any case for no longer than the terms established by the law from the termination of the relationship for the Purposes referred to in the existing relationship.

With reference to the personal data being processed for Marketing Purposes or for profiling purposes, the same data will be stored in accordance with the principle of proportionality and in any case until the purposes of processing have been pursued or until the specific consent of the concerned party is revoked.

Specifically, the Data Controller will process the data for no more than 2 years from the collection of the data for Marketing Purposes and one year for the data collected for Profiling Purposes.

The personal data you provide will be processed “lawfully, fairly and transparently” protecting your privacy and your rights.

It is established that a periodic annual check will be carried out on the data processed and on the possibility of being able to delete them if they are no longer necessary for the planned purposes.

  1. Access to the data

Your data may be accessible for the purposes referred to in previous points 2A) and 2B):

– to partners, employees and contractors of the Data Controller in Italy and abroad, in their capacity as persons in charge and/or in-house data protection officers and/or system administrators;

– to third party companies or other parties that perform outsourced activities on behalf of the Data Controller, in their capacity as external data protection officers (by way of example: associated firms, lawyers, data processing companies, certification bodies, accounting/tax consultant and in general to all bodies responsible for the inspections and verifications on the proper fulfilment of the above purposes, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, financial offices, municipal agencies and/or municipal offices, consultants and service companies and for the safety in the workplace, which may in turn communicate the data, or grant access to them to their members, users and their assignees for specific market research purposes. The data collected and processed may also be communicated, in Italy and abroad, to subcontractors and suppliers for the management of IT systems, as well as to carriers, shippers and customs agents).

For brevity, the detailed list of these parties is available at our headquarters and is at your disposal.

  1. Data Communication

Without the need for express consent (art.6 letters b) and c), of the EU Regulation) the Data Controller may disclose your data for the purposes referred to in the previous point 2. A) to oversight bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those parties to which communication is required by law for the fulfilment of the purposes indicated above.

These parties will process the data in their capacity as independent data controllers.

During and after the browsing, your data may be communicated to third parties, in particular to:

– Google: Advertising service, target advertising, Analytics/Measurement, Content customisation and Optimisation;

– Google Analytics: Target advertising target, Analytics/Measurement, and Optimisation.

Your data will not be disseminated.

  1. Data transfer

Your personal data are stored on devices located at the headquarters of the Data Controller or at providers within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to transfer data also outside the EU.  In this case, the Data Controller hereby guarantees that the transfer of the data outside the EU will take place in accordance with the applicable legal provisions, and after signing the standard contractual clauses required by the European Commission.

Concerning both the data present on its devices and any data present at the provider, the Data Controller put in place adequate technical and organisational measures to ensure an appropriate level of security, in full compliance with the provisions of art. 32 of the EU Regulations.

Browsing: your browsing data may also be transferred, for the purposes indicated above, to the following countries: – EU countries.

Cookie management: in the event that you have any doubts or concerns about the use of cookies, you may always intervene to prevent them from being set and read, for example by changing your privacy settings on your browser to block certain types of cookies.

Since each browser – and often different versions of the same browser – are different from each other, if you prefer to act autonomously via your browser preferences, you can find detailed information on the required procedure in your browser guide.

  1. Nature of data provision and consequences of refusal to provide the data

The provision of data for the purposes referred to in paragraph 2.A) is mandatory. In their absence, we cannot guarantee the Services as specified in paragraph 2.A)

The provision of data for the purposes referred to in paragraph 2.B) is optional. Therefore, the interested party may decide not to provide any data or to subsequently deny the possibility of processing the data already provided: in this case, it will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller.

You will still be entitled to the Services referred to in point 2.A).

  1. Rights of the interested party

In your capacity of interested party, you have the rights referred to in art. 15 of the EU Regulation listed below and precisely:

the right to obtain from the data controller confirmation of whether or not the processing of your personal data is or is not in progress and in this case, to obtain access to your personal data and the following information:

  1. a) the purposes of the processing;
  2. b) the categories of personal data in question;
  3. c) the recipients or categories of recipients to which the personal data were or will be communicated, in particular if recipients of third countries or international organisations;
  4. d) where possible, the expected storage period of the personal data or, if not possible, the criteria used to determine this period;
  5. e) the existence of the right of the interested party to request the data controller to correct or delete personal data or to limit the processing of the personal data or to oppose to their processing;
  6. f) the right to lodge a complaint to an oversight authority (the Privacy Protection Authority);
  7. g) whenever the data are not collected at the concerned party’s location, all information available on their origin;
  8. h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs1 and 4 of the EU Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
  9. Whenever your personal data are transferred to a third country or to an international organisation, you have the right to be informed of the existence of adequate guarantees pursuant to Article 46 of the EU Regulation concerning the transfer of the data.
  10. The Data Controller will provide you with a copy of your personal data being processed in case you request it.

If you request further copies, the Data Controller may charge you a reasonable fee based on administrative costs. If you submit your request through electronic means, and unless you indicate otherwise, the information will be provided to you in a commonly used electronic format.

  1. The right to obtain a copy as referred to in paragraph 3 must not adversely affect the rights and freedoms of others.

In addition, where applicable, you may enjoy the rights referred to in Articles from 16 to 22 of the EU Regulation and specifically you have:

– the right to the correction of your personal data;

– the right to be forgotten (right of erasure);

– the right to limit the processing;

– the right to data portability;

– the right to oppose the processing;

– the right to lodge a complaint to the Overisght Authority.

You also have the right to revoke at any time any consent already provided without prejudice to the lawfulness of the processing based on the consent provided before the revocation.

  1. Methods for exercising the rights

You may at any time exercise your rights by sending:

– a registered letter with notification of receipt  to the undersigned (see the address on the letterhead);

– an e-mail to

  1. Minors

The services offered by the Data Controller and subject-matter of the relationship with you do not include the intentional acquisition of personal information related to minors. In the event that data related to minors are unintentionally recorded, the Data Controller shall erase such data promptly on request of the interested party.

  1. Personal data not obtained from the interested party

It may happen that the undersigned is not the Data Controller to which you provided your personal data, but is the co-Data Controller or the Data Protection Officer for external processing and, thus, your data may have reached the undersigned in a second instance because of a contract that regulates the parties. In this case, it should be noted that the undersigned will do everything possible to ensure that you have been informed and have given consent to the processing. You may inquire at the undersigned at any time regarding the origin of the acquisition of your data.

  1. Data Controller, Data Protection Officer and Persons in Charge

Below we provide you with information that you need to be aware of, not only to comply with legal requirements, but also because transparency and fairness towards our clients is a fundamental part of our business.

Data Controller The Data Controller of your personal data is PIEFFE S.r.l. and Mr. Alberto Simonato has a power of attorney to sign on behalf of the Company and is responsible for the legitimate and proper use of your personal data and you may contact him for any information or request at the following addresses: telephone +39 (0)49 9620937, e-mail:

Data Protection Officer and Persons in Charge. The updated list of Data Protection Officers and Persons in Charge of your data processing is stored at the headquarters of the Data Controller.