PROVASI s.r.l., with VAT number IT 00305860132, and with registered office in Seregno (Province of Monza e Brianza) at the address of Via alla Porada 196 (e-mail: firstname.lastname@example.org), as the Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679 (the “GDPR”), hereby informs you that we shall process your personal data in accordance with the principles of fairness, lawfulness, transparency and minimisation, within the provisions of the legislation cited above and with the confidentiality obligations provided for therein.
1. Categories of Personal data processed
The Controller shall process the personal identification and contact details (such as name, surname, address, telephone number and e-mail address) (the “Data” or “Personal Data”) communicated by you upon your having entered into agreements or participated in promotional events or activities organised by the Controller.
2. Purposes and Legal Basis for Processing
Your data shall be processed for the purposes of informing you of the staging of promotional events and/or activities concerning the products and/or services provided by the Controller (furniture and design items, furniture fittings and related accessories under the PROVASI brand – hereinafter the “Products”).
The legal basis for such processing is the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), which has received your data from you (and has received your interest in the Products) and therefore has reason to believe that you are interested in receiving invitations and news regarding the Products or regarding Controller-promoted events and/or activities regarding the world of design/furniture.
Your data are provided voluntarily. Nevertheless, failure to submit Data or the submission of erroneous Data shall prevent the Controller from conducting its invitational and/or promotional activities.
3. Data Processing Procedure
Personal Data shall be treated automatically and/or manually, in accordance with the Art. 32 of the GDPR, by adopting the appropriate security measures and, above all, by observing the principles of lawfulness, fairness, transparency, purpose limitation, minimisation, completeness and privacy.
Specific security measures shall be observed in order to prevent unauthorized access, loss, misappropriation and misuse of the Data.
Recipients or categories of recipients of Personal Data
We inform you that your Personal Data shall not be disseminated, transferred to third parties or otherwise communicated without your explicit consent, other than for any communication necessary for the fulfilment of the purpose stated above.
In particular, we inform you that your Personal Data may be communicated to:
Trained and authorised workers and/or employees of the Controller, where this falls under their duties;
IT service providers and the company that organises the event invitation service.
An updated list of the Data Processors engaged by the Controller pursuant to Art. 28 of Regulation (EU) 679/2016 shall be available at the registered office of the Controller.
The Controller may communicate your identification details to Supervisory Bodies and Judicial Authorities, and all other entities to which communication of same is required by law, without having received your explicit consent to do so.
5. Transfer of Personal Data outside the EU and Personal Data Retention Period
Your Personal Data shall not be transferred to countries outside the EU and your Data will be retained for a period of 5 years.
6. Rights of the Data Subject
Your rights under the GDPR shall include:
The right to request access to your Personal Data and information relating to your Personal Data; The right to update Data, rectify inaccurate Data or have incomplete Data completed; The right to erase the Personal Data regarding you (upon the occurrence of any of the conditions indicated in Art. 17(1) of the GDPR and in compliance with the exceptions provided for in Art. 17(3) thereof); The right to restrict the processing of your Personal Data (upon the occurrence of any of the assumptions indicated in Art. 18(1) of the GDPR);
The right to request and obtain from the Controller – where the legal basis for processing is an agreement or consent, and where the Data is processed automatically – your Personal Data in a structured, machine-readable format, including for the purpose of forwarding the Data to another Controller (the right to data portability);
The right to object to the processing of your Personal Data at any time in the event of special circumstances in your regard;
The right to withdraw your consent at any time, only where the basis for the processing is your own consent for one or more specific purposes and only where the processing concerns common Personal Data (such as date and place of birth, or place of residence) or particular Data categories (such as Data revealing your racial origin, your racial origin, your political opinions, your religious beliefs, your health or your sex life). However, any processing carried out on the basis of your consent, prior to the withdrawal of your consent, shall remain lawful;
The right to lodge a complaint with a supervisory authority (the Authority for the Protection of Personal Data – www.garanteprivacy.it or to lodge an appeal before the Judicial Authority in accordance with Art. 140-bis of the Italian Privacy Code and subsequently Italian Legislative Decree 101/201.8
You may exercise your rights by sending an email to email@example.com or a letter to the following address:
Provasi, via alla Porada 196, 20831 Seregno MB Italia.
Cookies are short text files which are sent by the website visited on the User’s terminal (usually the browser), where they are stored so that the terminal in question can be recognized when the User next visits. In fact, every time the User then visits the site, the cookies are re-sent by the User’s terminal to the website.
Every cookie generally contains: the name of the server from which the cookie was sent; the expiry date and a value, usually a single number generated at random by the computer. The website server that transfers the cookie uses this number to recognize the User whenever he or she next visits a site or navigates from one page to another.
Cookies can be installed, not only by the same operator of the site visited by the user (first-party cookies), but also by a different site that installs cookies via the first site (third party cookies) and is capable of recognizing them. This occurs because there may be elements on the site visited (images, maps, sounds, links to web pages of other domains, etc.) that are located on servers other than that of the site visited.
Cookies are generally classified in various types on the basis of:
- session cookies (temporary) automatically deleted when the browser is closed.
- persistent cookies active until their expiry date or until they are deleted by the User.
- first-party cookies sent to the browser directly by the site being visited.
- third party cookies sent to the browser by other sites and not the site being visited.
- technical cookies
navigation/essential/performance/process or security cookies contribute to the functioning of the site, for example, permitting the User to navigate from one page to another or to access protected areas. If this type of cookie is blocked, the site cannot function correctly;
functionality/preferences/localization/ session status cookies allow information that modifies the behavior or aspect of the site (preferred language, text dimensions and font, geographic area in which it is situated) to be memorized. If they are blocked, the user experience is less functional but is not compromised;
a) first-party or b) third party statistics/analytics cookies with IP window, with no cross-referencing of data (that can be assimilated to technical cookies in terms of objective) are used to collect information and generate statistics to be used on the website in order to understand how visitors interact;
- third party statistics/analytics cookies without IP window, with cross-referencing of data, are used to collect information and generate statistics to be used, with scope for User and website identification and tracking in order to understand how visitors interact.
- profiling / advertising/tracking cookies or conversions for selection of the advertisement based on what is relevant to a particular User (personalized announcements). Profiling cookies are directed at creating user profiles and are utilized for the purpose of sending advertising messages reflecting the preferences shown by the User while navigating the network.
All the information regarding the cookies used on this site are set out below, together with the necessary indications on how to manage Users’ preferences.
In particular, in addition to the information already given, we point out that this website uses:
These cookies are necessary for our website to function correctly: they are used to navigate or to provide a service requested by the User (for example, to ensure that website sessions function correctly, to memorise specific navigation preferences or to optimise the user’s navigation experience); they are not used for other purposes. Without the benefit of this type of cookie, a number of operations could not be carried out or would become more complex and/or less secure.
Third party analytics cookies, assimilated to technical cookies
Our website uses third party cookies to manage statistics. In particular, our website uses Google Analytics: this is a web analysis service provided by Google Inc. (“Google”) that utilises cookies deposited on the User’s computer so that statistical analyses can be carried out in aggregate form of the use of the website being visited. We inform you that tools have not been introduced to reduce the identification potentiality of the cookies (by masking significant parts of the IP address) and the third party is not able to cross-reference the collected data with other information it already has at its disposal.
For further information, we refer you to this link
The user can disable Google Analytics selectively, by installing the opt-out component provided by Google on his or her browser. To disable Google Analytics, we refer you to the this link
Social Buttons are buttons found on the website that illustrate the social network icons and allow Users navigating to interact directly with the social network platforms with a click. The Social Buttons used by the website are links that direct the User to the data controller’s account on the social network illustrated. Third party cookies are not therefore installed on the site by using these buttons. The references to Social Buttons used by the website, and the links with which the User can view the privacy notice relating to the handling of data by the Social Network accessed by the buttons, are set out below.
This button provides a means of interacting with the Data Controller’s social profile (Facebook).
This button provides a means of interacting with the Data Controller’s social profile (Youtube).
This button provides a means of interacting with the Data Controller’s social profile (Pinterest).
In general, apart from the type of cookies used by this website, we wish to inform Users that, in addition to the protection provided by legislation currently in force, options are open to users that permit navigation without cookies, such as, for example, the following:
- blocking third party cookies: third party cookies are not generally essential for navigation, so you can therefore refuse them by default, by means of the functions designed for this purpose on your browser;
- activating the option Do Not Track: the option Do Not Track is found in most of the latest generation of browsers. Websites designed to respect this option, whenever activated, should automatically cease to collect certain navigation data. As already pointed out, however, not all websites are set to respect this option (discretional);
- activating the “anonymous navigation” method: with this function, you can navigate without leaving any trace of navigation data on the browser. The sites will not remember the User, the pages visited will not be memorized in the history and new cookies will be deleted. The anonymous navigation function does not however guarantee anonymity on the Internet, as its purpose is merely to avoid keeping navigation data in the browser, whilst your navigation data will continue, on the other hand, to remain available to website operators and connection providers;
- eliminating cookies directly: specific functions are provided to achieve this in all browsers. Remember however that every time you connect to the web, new cookies are downloaded and the deletion operation should therefore be carried out on a periodic basis. When required, some browsers offer automated systems that delete cookies periodically.
For further clarification on the subject of so-called “cookies”, we advise you to consult the following link:
In addition, to find out how to restrict, block and/or delete cookies set on your terminal, we recommend that you visit the following link
As already mentioned, the User can also manage his or her own cookie preferences through the browser. To find out the type and version of browser being used, we suggest that you click on “Help” in the top browser window, from which all the necessary information can be accessed. If, on the other hand, you already know the browser type and version, simply click on the link corresponding to the browser being used to access the cookie management page.
Finally, for further information on how to manage cookies, we advise you to visit the following web pages:
Data supplied voluntarily by the User.
By consulting this site, personal data relating to identified or identifiable individuals may in fact be processed. More precisely, it is pointed out that this processing may involve personal data supplied freely by Users who send the Data Controller their information via the addresses found on the website, such as, for example company e-mail addresses, and/or when filling in information collection forms provided on the website. In fact, the discretionary, express and voluntary transmission of electronic mail to the addresses indicated on this site result in the acquisition of the sender’s address, necessary in order to reply to requests and queries, as well as any other personal data inserted in the message.
It is pointed out that nowhere on the website are “particular categories of personal data” and/or “personal data relating to criminal convictions or offences”, as defined in art. 9 and 10 of Reg. EU 679/2016, requested, nor are they requested in order to gain access to any website function: whenever a User sends the Data Controller data of this type of his or her own free will, the Data Controller will ensure that the data are processed in keeping with current data protection legislation (Reg. EU 679/2016) and only to the extent strictly necessary to satisfy the requests made by the User concerned.
Generally, with regard to data supplied voluntarily by the User, we wish to inform Users that EU Reg. 679/2016 and Italian Legislative Decree no. 196/2003 (as subsequently amended and supplemented) safeguard the rights of natural persons in connection with the processing of their personal data. According to this legislation, data must be processed lawfully, fairly and in a transparent manner, safeguarding your privacy and your rights.
In accordance with the aforementioned article 13 EU Reg. 679/2016, we provide you with the following information:
- The Data Controller may process data by means of automated processes and may also handle the data in the future in paper form.
- The User is at liberty to provide his or her information, by sending it to the Data Controller via the email addresses found on the website and/or by filling in the information collection form provided on the website.
- Pursuant to art. 28 del Reg. EU 679/2016, the Data Controller may benefit from the services of external subjects who process data on its behalf and are formally instructed by it to act as data processors. You will be given a full, up-to-date list of data processors, if appointed, by the Data Controller in response to a straight forward request, sent to one of the addresses/numbers given below. Pursuant to art. 29 of Reg. EU 679/2016, the Data Controller may benefit from the services of anyone acting under its supervision; such subjects will receive adequate training. These subjects will process your data only when necessary for the purposes for which they were conferred and solely in the performance of the tasks assigned to them by the Data Controller, undertaking to process exclusively those data necessary for the performance of such tasks and solely for the purpose of carrying out operations necessary for the performance thereof.
Furthermore, personal data may only be disclosed to third parties if strictly necessary in order to provide specific services or information requested by the User.
Finally, it is pointed out that the Data Controller may benefit from the services of internal or external IT technicians for occasional maintenance operations, revision or assistance in the event of malfunctioning of the website or connected services.
The transfer of data in the manner described above is strictly connected to the company’s normal working operations and is strictly necessary for the purposes for which the data were conferred by the data subject;
c1) the Data Controller does not intend to transfer personal data to a third country or to an international organisation.
As a general rule, your data will not be disseminated.
- Data will be kept for the period necessary to achieve the purposes for which they were conferred; data will be kept in a form that allows the data subject to be identified for a period not exceeding that strictly necessary for the purposes for which they were collected or later processed, following which, they will be destroyed, or may always be rendered anonymous.
- Subject to the foregoing provisions relating to so-called “cookies”, personal data provided will not be processed in order to set up an automated decision-making process (referred to as profiling).
- Should it prove necessary for personal data conferred to be processed for purposes differing from or additional to those described above, the Data Controller will provide you with information regarding the purposes in question and any other relevant details.
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing, the Data Controller has, both at the time of establishing the means for processing and at the time of the processing itself (referred to as risk analysis – accountability), implemented appropriate technical and organizational measures, which are designed to put data-protection principles into practice in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of Reg. EU 679/2016 and to safeguard the rights of the data subject.
Data will be processed with the implementation of methods and tools that are capable of guaranteeing security (art. 24, 25 and 32 Reg. EU 679/2016) and by means of automated processes and non-automated means (paper-based filing), applying all the technical and organizational measures to ensure a level of security appropriate to the risk, and thereby guaranteeing the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
We inform you that data processing is based on the provisions contained in art. 6, paragraph 1, lett. a), of EU Reg. no. 679/2016, and the User is at liberty to provide his or her information, by sending it to the Data Controller via the addresses found on the website and/or by filling in the information collection forms provided on the website, having first given his or her consent to processing.
The data controller is:
Registered office: SEREGNO VIA ALLA PORADA no. 196, ZIP code 20831
VAT number: 00305860132
Tel. +39 0362 23301
The Data Controller has not currently designated a D.P.O. – Data Protection Officer (art. 37 of Reg. EU 679/2016) as the Data Controller does not carry out processing operations that fall within the scope of the obligation to designate a “Data Protection Officer”, as described in articles 37-38-39 and taking into account article 97 of Regulation UE 2016/679; if the Data Controller should decide to appoint a Data Controller, it will promptly publish the contact details of the D.P.O. – Data Protection Officer in its informative documents. The Data Controller also informs you that:
- you may, at any time, exercise the following rights envisaged in Reg. EU 679/2016 against the data controller, contacting the company at the address/number indicated under point a) of this statement:
– Data subject’s right of access (article 15 of Reg. EU 679/2016).
– Right to rectification (article 16 of Reg. EU 679/2016).
– Right to erasure – «right to be forgotten» (article 17 of Reg. EU 679/2016).
– Right to restriction of processing (article 18 of Reg. EU 679/2016).
– Right to object (article 21 of Reg. EU 679/2016).
– Right to object (article 21 of Reg. EU 679/2016).
- you may exercise the right, at any time, to withdraw your consent given to the Data Controller without affecting the lawfulness of processing based on consent given before its withdrawal.
- whenever you consider that the processing of personal data relating to you infringes this Regulation, you are entitled to lodge a complaint with a supervisory authority (Article 77 of Reg. EU 679/2016).
- The full text of the articles from EU Reg. no. 679/2016 relating to your rights (articles 15 to 23 inclusive) can be consulted at the following link found on the website of the Italian Data Protection Supervisor:
or, alternatively, you can ask for a copy from the data controller.
MODIFICATIONS TO THE “PRIVACY & COOKIES POLICY” DOCUMENT
The Data Controller reserves the right and, at any time, to make modifications to this Privacy & Cookies Policy, giving adequate notification to the Users on this page. We therefore advise Users to consult this page frequently, taking the date of the last revision indicated below as a reference.
If the modifications made to this privacy statement are not accepted, the User is invited to refrain from using this website and to request that the Data Controller delete his or her personal data, giving the data controller specific notification, at the addresses indicated above.
Unless otherwise specified, this Privacy & Cookies Policy will continue to apply to personal data collected up to that time.
If you have any queries, comments or requests relating to this privacy statement, Users are asked to contact us at the following address:
In any event, we invite Users to report any difficulties encountered in viewing this Privacy & Cookies Policy, so that alternative methods can be used to obtain the information provided.
Last Update 11 June 2020