Privacy Policy

Privacy e Cookies Policy

Pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003 (the “Privacy Code”), art. 13 of European Regulation no. 679 of 2016 (the “General Data Protection Regulation”), and Recommendation no. 2 of 2001, adopted pursuant to art. 29 of Directive no. 95/46/CE, BRUSAFERRI & C. S.R.L. intends to provide you and all users of and/or visitors to the website (respectively, “Users” and the “Website”) with information regarding the use of personal data, log files and cookies collected through the Website.

  1. Data Controller, Data Processors and Data Protection Officer

The Data Controller is BRUSAFERRI & C. S.R.L. (Tax ID and VAT no. 00925090193), with registered office in VIA CARLO FREGUGLIA 2 – 20122 MILAN (MI), e-mail , (hereinafter the “Data Controller”).

L’elenco aggiornato dei Responsabili del trattamento designati può essere fornito su richiesta da parte degli interessati e/o Utenti.

  1. Information collected automatically by the Website – Cookies
    a) Information collected automatically

Like all other websites, our Website uses log files, which store information collected automatically during your visits. During their use, the IT systems and software procedures used for the operation of this Website automatically acquire certain information, the transmission of which is implicit in the use of Internet communication protocols.

The following information is collected:

  • the Internet Protocol (IP) or domain name of the device you are using;
  • the type of browser and parameters of the device used to connect to the Website;
  • the URI (Uniform Resource Identifier) addresses of the resources requested or the method used to submit the request to the server;
  • the name of the internet service provider (ISP);
  • the date and time of the visit;
  • the User’s referral and exit pages;
  • possibly the number of clicks;
  • the size of the file obtained in response;
  • the numerical code indicating the status of the response of the server (successful, error, etc.);
  • other parameters regarding the operating system or IT environment of your device.

This information is processed automatically and collected exclusively in aggregate form for the purpose of verifying the proper functioning of the Website.

b) Cookies

The Website uses cookies. Cookies are text files recorded on an IT support and allow to record a number of parameters and data transmitted to the IT system through the browser you are using. These tools make it possible to analyse your habits regarding the use of the Website, for a variety of purposes: to perform IT authentications, monitor browsing sessions, store information on specific configurations regarding the Users that access the server, memorizing preferences, etc.

Cookies are divided into:

  1. Technical cookies: used for browsing the Website or providing a service you have requested. Without using these cookies, it would be impossible, or would be more complex and/or less safe, to carry out a number of operations.
  2. Profiling cookies: used for keeping track of your browsing and creating profiles of your tastes, habits, choices, etc. This makes it possible to send to your device advertising messages in line with the preferences you have previously shown while browsing online.

Your consent is not required for the installation of technical cookies. For the installation of profiling cookies, your consent is required: if you do not want your device to receive and store profiling cookies, you can change the security settings of the browser. You can use the settings of the browser you use to decide whether to delete cookies and/or avoid cookies being installed on the device.

Please note, however, that if you deactivate the use of profiling cookies, it may not be possible for you to fully use some of the Website’s functions.

While browsing the Website, your terminal may also receive cookies sent from other websites or web servers (hereinafter “Third Parties”). The Third Parties that use cookies on our Website are:

Facebook Comments (Facebook, Inc.)

Facebook Comments is a service managed by Facebook, Inc. that allows Users to leave comments and share them on the Facebook platform.

Personal data collected: cookies and usage data.

Place of processing: USA – Privacy Policy.

Use of the Website implies acceptance of the use of Cookies and consent for the processing of data collected by Third Parties.

YouTube LLC.

YouTube is a web platform managed by Google, Inc., which allows Users to view videos, leave comments and share them on the YouTube platform.

Personal data collected: cookies and usage data.

Place of processing: USA – Privacy policy.

Use of the Website implies acceptance of the use of Cookies and consent for the processing of data collected by Third Parties.

Instagram, Inc.

Instagram is a service managed by Instagram, Inc., which allows Users to leave comments and share them on the Instagram platform.

Personal data collected: cookies and usage data.

Place of processing: USA – Privacy Policy.

Use of the Website implies acceptance of the use of Cookies and consent for the processing of data collected by Third Parties.


LinkedIn Corporation

LinkedIn is a service managed by LinkedIn, Inc., which allows Users to leave comments and share them on the LinkedIn platform.

Personal data collected: cookies and usage data.

Place of processing: USA – Privacy Policy.

Use of the Website implies acceptance of the use of Cookies and consent for the processing of data collected by Third Parties.

  1. The personal data you provide us with by using the Website: the purposes we process them for.

We require your data in order to allow you to access the Website (hereinafter the “Website”) and use the following services (the “Website Services”):

  • consult the catalogue/products/services;
  • access the reserved area;
  • be contacted.

Your data will be processed for the following purposes:

  • to comply with legal obligations;
  • to carry out the technical management of the Website.


Processing of data for the above purposes will be performed in observance of the Privacy Code, the General Data Protection Regulation and all the specific regulations governing the sector, including the provisions of “Data Protection Authority Rules governing fidelity programmes” of 24 February 2005, and the “Guidelines for the processing of personal data for online profiling” of 19 March 2015.

In observance of the “Guidelines regarding promotional activity and combating spam” of 4 July 2013, please note that if you give your consent for the sending of commercial, promotional and marketing purposes via automated tools, this will also be extended to traditional means of contact.

The data you provide will be processed mainly with IT tools, under the authority of the Data Controller, by subjects specifically entrusted, authorised and trained for the purpose, pursuant to article 30 of the Privacy Code and articles 28 and 29 of the GDPR. Please note that appropriate security measures are also observed pursuant to arts. 5 and 32 of the GDPR to prevent loss, unlawful or incorrect use of data and unauthorised access.

  1. Mandatory or optional nature of consent for providing data, consequences of refusal and legal basis for processing

For the purposes set forth at points (i) and (ii) of art. 3 above, it is mandatory to provide your personal data, because failure to do so will make it impossible for you to use the Website Services through the Website.

Remember that in any case and at any time, you may ask the Data Controller to delete your data, simply by writing, with no particular formalities, to the contact addresses provided in art. 1 above.

With reference to the purposes mentioned at points (i) and (ii) of art. 3 above, the legal basis of the processing is the provision of the services you have requested and that are delivered through the Website (pursuant to article 6, para. 1, lett. b of the GDPR and article 24, para. 1, lett. b of the Privacy Code);

  1. Who we may transmit your data to and within which limits

Your data may be transmitted, within the EU, in full compliance with the provisions of the Privacy Code and the General Data Protection Regulation, to the following subjects:

(i) the financial administration and/or other public authorities, where established by the law, or at their request;

(ii) external structures, subjects and companies used by the Data Controller to carry out activities connected, instrumental or consequential to the provision of the Website Services – including the cloud computing storage service -, the sending of the Newsletter and the performance of Profiling Activities;

(iii) external consultants (for example, for managing compliance with tax regulations), if not designated in writing as Data Processors.

The information automatically collected from the Website, referred to in paragraph 2, as well as some anonymous data relating to the number and type of interactions strictly regarding customer retention purposes, may also be transferred to the cloud servers of Third Parties, including those located outside of the EU, if this processing is necessary for delivering the Website Services you have requested. Therefore, the legal basis of this processing is art. 49, para. 1, lett. b of the GDPR and art. 43, para. 1, lett. b of the Privacy Code.

  1. Your rights

Remember that you may, at any time, exercise your rights as set forth in art. 7 of the Privacy Code and in arts. 15, 16, 17, 18, 20 and 21 of the General Data Protection Regulation, by writing to the addresses of the Data Controller as indicated above in art. 1, and thereby obtain:

  • confirmation of the existence or absence of your personal data, with an indication of their origin and verification of their accuracy; you may also request that they be updated, rectified or supplemented;
  • access to, rectification or deletion of your data, or restrictions on their processing;
  • the deletion, anonymisation or blocking of data processed in breach of the law.

Your may also oppose the processing of data that involve you.

With reference to the newsletter, please note that your right to request that your data no longer be processed using automated contact methods also extends to traditional methods. In addition, you may exercise this right only in part, i.e. by requesting, for example, that promotional communications no longer be sent using one or more of the contact methods for which you have given your consent.

  1. Duration of the processing

Without prejudice to legal obligations, personal data will be stored for a specific period, according to criteria based on the nature of the services provided.

Data stored for Profiling or Marketing purposes will be stored for a period of time not exceeding 12 and 24 months respectively from the moment they are recorded.

  1. Security measures

Your data are processed through the Website in compliance with the applicable law, adopting adequate safety measures in compliance with arts. 5 and 32 of the General Data Protection Regulation.

In this regard, we confirm that the appropriate security measures are adopted with a view to preventing unauthorised access to, theft or disclosure of, changes to or unauthorised destruction of your data.

  1. Changes to the Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy. In this case, you will be promptly informed the next time you use the Website.

Via Mara Maretti Soldi, 13 - Casalbuttano (CR) 26011 - ITALY