TITLE I – DATA CONTROLLER
Company Name: Pilani&Voglino srl, in the person of its pro tempore legal representative (hereinafter the “Controller”)
Registered office: Corso alla Vittoria, 24 - ASTI - 14100
Operational headquarters: Strada Dota, 30/A - CANELLI - 14053
VAT No.: 01762100053
Contact details: Email:
TITLE II – PREAMBLE
SECTION A – PURPOSE OF THIS NOTICE
This document refers exclusively to the Website https://pilanivoglinoservices.it (hereinafter referred to as the “Website”).
Please note that all notices provided on our Website refer to and are valid only for this Website and not for any other websites that may be consulted by the User through links available on the platform. The Controller has no control over such websites or over the procedures they apply to protect data confidentiality and, therefore, we suggest consulting the privacy policies of all parties with whom you come into contact before communicating personal information.
This document is intended to inform the User about which data we collect, how we process them, to whom we disclose them, for what purposes they are collected, and on which legal basis.
The above is provided in implementation of the applicable Italian and EU provisions on the matter. By way of example, reference is made to: Regulation (EU) 2016/679, also hereinafter referred to for brevity as the “GDPR”; the Privacy Code (Legislative Decree no. 196 of 30 June 1993, as amended by Legislative Decree no. 101 of 10 August 2018, hereinafter also referred to for brevity as the Privacy Code); and the measures and guidelines of the Italian Data Protection Authority (hereinafter also referred to for brevity as the “GPDP”).
This document deliberately reproduces, in quotation marks, the contents of the Regulation, the Privacy Code, and the measures mentioned above, which the User may in any case find on the website of the Italian Data Protection Authority (GPDP).
SECTION B - TO WHOM THIS NOTICE IS ADDRESSED
To the User, namely you, also referred to as the Data Subject, being the person who consults the website, whether a natural person or a person acting in the name and on behalf of legal entities by providing personal data.
SECTION C - CHANGES
The Controller reserves the right to make changes to the Website and to the notices published anywhere on the Website, at any time. When consulting the Website, the User must always refer, as the current version, to the text published therein.
The changes will become effective when they are published on the Website. Continued use of the Website by the User following a change will be deemed acceptance of such changes.
All Users may check at any time, by connecting to the Website, the latest version of the Notice as updated from time to time by the Controller.
This Privacy Notice was updated on 22.01.2026
TITLE III - WHAT DATA DO WE PROCESS AND WHY?
The User assumes responsibility for any third-party personal data published or shared through this website and guarantees that they have the right to communicate or disclose them, releasing the Controller from any liability towards third parties.
SECTION A - BROWSING DATA
The IT systems and applications dedicated to the operation of the Website may collect, while Users are browsing, certain Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but which, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. The data collected include: the Internet Protocol (IP) address used to connect your computer to the Internet, browser type, location, model and time zone of your device, device parameters used to connect to the website, name of the Internet service provider (ISP), date and time of visit, referring and exit web pages, possibly the number of clicks, and other parameters relating to the operating system and the IT environment used by the User.
Our website collects some of these data and, in some cases, also through cookies (for more information please refer to the Cookie Policy) for the following purposes:
-
Security or compliance with legal obligations
in relation to access to systems. The data may be disclosed to the competent authorities, upon their order, for security reasons and for public interest purposes.
To comply with any type of obligation provided for by current laws, regulations, related rules and business practices, in particular in tax/fiscal matters.
LEGAL BASIS: legal obligation, art. 6(1)(c) GDPR.
NATURE OF THE PROVISION: necessary.
RETENTION PERIOD: the data collected are processed for the time necessary to fulfill the above purposes and as required by law, in any case for a period not exceeding that established by civil law, therefore for 10 years.
-
Technical/Functional
to make the website usable, enabling its basic functionalities, because the website cannot function properly without these cookies. For more information on which cookies we use, please refer to the cookie policy in the section relating to Technical/Functional Cookies.
DATA COLLECTED: Usage data collected through cookies
LEGAL BASIS: Performance of a service, a contract or pre-contractual measures, art. 6(1)(b)
NATURE OF THE PROVISION: The provision is necessary to make the website and the requested service usable by users.
RETENTION PERIOD: according to the retention periods of the tracking systems indicated in the Cookie Policy.
-
Statistics
to collect information in aggregated form on the number of Users and on how they visit the Website, therefore for statistical purposes. For more information on which cookies we use, please refer to the cookie policy in the section relating to Statistical Cookies.
DATA COLLECTED: Usage data collected through cookies
LEGAL BASIS: consent pursuant to art. 6(1)(a) GDPR.
NATURE OF THE PROVISION: optional; consent is expressed by the User through the cookie information banner.
RETENTION PERIOD: according to the retention periods of the tracking systems indicated in the Cookie Policy.
-
Advertising and Profiling
to encourage the User to return to our website by showing them our advertisements while browsing other websites on the internet, submitting personalized ads to them and measuring their performance through remarketing cookies. For more information on which cookies we use, please refer to the cookie policy in the section relating to Marketing/Profiling Cookies.
DATA COLLECTED: Usage data collected through cookies
LEGAL BASIS: consent pursuant to art. 6(1)(a) GDPR.
NATURE OF THE PROVISION: optional; consent is expressed by the User through the cookie information banner.
RETENTION PERIOD: until consent is withdrawn, according to the retention periods of the tracking systems indicated in the Cookie Policy.
SECTION B - DATA VOLUNTARILY PROVIDED BY THE USER
The Website may collect personal data other than browsing data if the User voluntarily uses the services offered by the portal, such as: comment services, communication services (contact forms, quotation request forms), newsletter subscriptions.
Where provision of the data is necessary, this is indicated with an asterisk; all other data are optional but, if provided, will allow the Data Subject to be contacted through other means.
Such data will be used for the provision of the requested service and also for other purposes, including marketing and profiling where provided for, on the basis of specific legal grounds.
You may provide data through the following areas of the Website:
-
Through the contract areas of the website
This allows the User to send requests to the Controller through the contact form or WhatsApp channel, as well as to receive commercial offers upon specific consent where the checkbox is present.
DATA COLLECTED: common data such as, for example, first name, last name, email address and telephone number.
Provided for the following purposes.
a - Request management
for the purpose of processing Users’ requests.
LEGAL BASIS: Performance of a service, a contract or pre-contractual measures, including quotations, art. 6(1)(b)
NATURE OF THE PROVISION: The provision of the data marked with an asterisk is necessary in order to process the requests; all other data are optional.
RETENTION PERIOD: for the time necessary to process the request or for the period of validity of the quotation agreed between the parties. Conversely, where the data are collected for purposes connected with the performance of a contract between the Controller and the User, they will be retained until the performance of that contract has been completed and, consequently, for 10 years from the last registration pursuant to art. 2220 of the Italian Civil Code.
b- Direct marketing
For the sending of commercial and informational communications concerning the sector in which the company operates, or personalized ads, and to measure their performance, through newsletters, including DEM campaigns, SMS and WhatsApp.
LEGAL BASIS: consent, art. 6(1)(a) GDPR, expressed through the double opt-in procedure.
NATURE OF THE PROVISION: optional, expressed by the User by selecting the relevant box. Failure to provide it will only result in the non-sending of commercial offers, without preventing the processing of requests
RETENTION PERIOD: Until consent is withdrawn (opt-out).
-
Through direct contact using the details indicated in the footer.
This allows the User to send requests to the Controller through the contact details indicated in the footer.
DATA COLLECTED: those spontaneously provided by the User at the time of contact.
They are collected for the following Purposes:
a - Processing requests
The data are provided for the management and processing of requests.
LEGAL BASIS: Performance of a service, a contract or pre-contractual measures, art. 6(1)(b).
NATURE OF THE PROVISION: The provision of the data is necessary in order to process the requests.
RETENTION PERIOD: for the time necessary to process the request or for the period of validity of the quotation agreed between the parties. Conversely, where the data are collected for purposes connected with the performance of a contract between the Controller and the User, they will be retained until the performance of that contract has been completed and, consequently, for 10 years from the last registration pursuant to art. 2220 of the Italian Civil Code.
TITLE IV - METHODS OF PROCESSING
The Processing of personal data communicated by Users is carried out by means of the operations indicated in art. 4 no. 2) GDPR, namely: “collection, recording, organization, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, communication, deletion and destruction of data”.
The processing of Data Subjects’ (Users’) data is carried out using tools and procedures suitable to ensure a high level of security and confidentiality, pursuant to art. 32 GDPR, by persons specifically authorized, in compliance with art. 29 GDPR, and may be performed both through our Website and through other electronic tools, and sometimes also by telephone or with the aid of paper media. In particular, our Website has an SSL certificate and uses the HTTPS protocol to make personal data more secure. By using this protocol, transactions and data transmitted on websites take place with the highest security and the content of the communication is not read or manipulated in any way by third parties.
TITLE V - RECIPIENTS AND DATA TRANSFERS
The Controller processes Users’ data in compliance with the obligations relating to the protection of personal data laid down by applicable legislation. The Controller ensures that the duty of confidentiality is also respected by its trainees, employees and/or collaborators and guarantees that your data will not be disclosed to unspecified parties by being made available or accessible to them.
SECTION A - RECIPIENTS
In relation to the purposes indicated above, personal data are communicated, meaning thereby disclosed to one or more identified parties, to the following subjects:
-
Authorized persons
Collaborators or other personnel authorized to process data (by way of example: administrative, commercial, accounting staff, system administrators) within the limits necessary to perform their duties for the Controller, following a letter of appointment as authorized persons imposing duties of confidentiality and security.
-
External processors
Parties appointed as external data processors pursuant to art. 28 GDPR, including those providing services for the management of the information system used by the Controller and telecommunications networks (email, newsletter, website management, hosting, etc.) or self-employed professionals, firms or companies within the framework of assistance and consultancy relationships (accountants, lawyers, etc.), and our consultants, within the limits necessary to perform their duties subject to obligations of confidentiality and security. The following are indicated:
- The website hosting provider is Host SpA, located in Italy
- For the management of cookie consents on the website, we use Cookiebot provided by Usercentrics A/S, located in Denmark.
- For spam protection, we use reCAPTCHA provided by Google, located in Ireland and the United States
- For statistics through cookies, we use the Google Analytics tool provided by Google Ireland Limited and its affiliates, located in Ireland and the United States.
- For tracking Marketing/Profiling Cookies, we use the following services: Google ADS provided by Google Ireland Limited and its affiliates, located in Ireland and the United States.
-
Independent Controllers
Parties operating in complete autonomy as separate Independent Data Controllers, who need to access the data for purposes ancillary to the relationship with the Controller (for example, companies carrying out commercial investigation activities on behalf of the Controller).
Public or private bodies that may access the data by virtue of laws and legal provisions, or in respect of which we are under an obligation to communicate the data, within the limits of their respective and specific competence and always within the boundaries established by such laws, such as for example:
- judicial and tax authorities (e.g. for accounting or tax reasons, etc.) where there is a legal notification obligation;
- other recipients (e.g. banking institutions).
SECTION B - TRANSFER
The Controller relies exclusively on certified service providers, transferring personal data to them only when strictly necessary within the limits of the performance of their duties, after verifying compliance with confidentiality and security obligations. Some of the providers, already listed in Title V Section A of this notice, are established:
-
Within the EEA
Those countries belonging to the European Economic Area (EEA, i.e. EU + Norway, Liechtenstein, Iceland).
-
Outside the EEA
Those countries whose adequacy has been recognized by a decision of the European Commission (art. 45 of Regulation (EU) 2016/679), namely:
- in the United States, to third parties that have joined the Data Privacy Framework,
The transfers are authorized and no further consent is required, as they take place in compliance with the applicable legal provisions and, in particular, in accordance with articles 44 – 45 – 46 – 47 – 48 and 49 of the GDPR and other applicable laws.
The Data Subject may request further information by writing to the following email address:
TITLE VI - DATA RETENTION PERIOD
In compliance with the principles of lawfulness, purpose limitation, storage limitation and data minimization, pursuant to art. 5 GDPR, the retention period of Users’ personal data is established for a period not exceeding the achievement of the purposes for which they are collected and processed, or for the entire duration of the fulfillment of the aforementioned purposes. For further information, please refer to Title III of this Policy (what data we process and why)
At the end of the retention period, the Data Subjects’ Personal Data will be deleted from every physical and electronic medium (records/database) of the Controller.
TITLE VII - USER RIGHTS
SECTION A - WHAT YOUR RIGHTS ARE
Below are your rights; in any case, we invite you to always inform us of any change to your personal data so that we can ensure that the data collected are accurate and up to date.
-
Access
Access your data as provided for in art. 15 GDPR
-
Rectification
Request correction of your data as provided for in art. 16 GDPR.
-
Erasure
Request erasure, pursuant to art. 17 GDPR
-
Restriction
Request that your data not be subject to further processing and may no longer be modified pursuant to art. 18 GDPR. Please note that the collection of website browsing data, so-called technical or functional cookies (limited to those collected to make the website usable by enabling only basic functionalities), is essential for the operation of the website itself. Users therefore have no right to restrict such processing.
-
Portability
to receive the personal data concerning them, where processing is carried out by automated means, in a structured, commonly used and machine-readable format, and to transmit them to another Controller or request direct transmission, pursuant to art. 20 GDPR.
-
Objection
Right to object to the processing of data concerning them, as well as to the sending of advertising material, direct sales and the carrying out of market research. Pursuant to art. 21 GDPR.
-
Complaint
The right to lodge a complaint or report with the Data Protection Authority as the supervisory authority in matters of personal data protection, or to bring proceedings before the Judicial Authority.
SECTION B - HOW YOU CAN EXERCISE YOUR RIGHTS
The User may exercise the rights listed above by submitting a request to Pilani, pursuant to art. 38 GDPR, to be sent to the email address:
The Controller will confirm receipt of your request and provide information on the action taken regarding the exercise of your rights under articles 15 to 22 GDPR.
If the Controller fails to comply with the User’s request within 1 (one) month from receipt of the request, the User will be informed of the reasons for the failure to comply, and is hereby informed of the right to lodge a complaint with the Supervisory Authority (Italian Data Protection Authority - GPDP), as specified pursuant to art. 13(2)(d) and governed by articles 77 et seq. GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.
TITLE VIII – DEFENSE IN COURT
The User’s Personal Data may be used by the Controller for its defense in court or in the stages leading to its possible establishment, in the event of abuse or violations committed by the User. The User also declares to be aware that the Controller may be required to disclose the Data upon request by public authorities.
TITLE IX - MINORS
The Controller does not intentionally collect, through the Website, data relating to minors under the age of 18.