Privacy policy
PRIVACY POLICY PURSUANT TO EU REGULATION 2016/679 (GDPR) (WEBSITE)
This communication is provided pursuant to Articles 13 and 14 of European Regulation 2016/679 on the protection of personal data (hereinafter ‘GDPR’) and subsequent amendments and additions and the relevant Italian legislation, including Legislative Decree 101 of August 10, 2018, by CERMESONI GROUP s.r.l., with registered office in Via Giuseppe Garibaldi 43 – 21047 – Saronno (VA), VAT number 00195210125 (hereinafter also referred to as the ‘Company’), in its capacity as Data Controller of your personal data, and is addressed to those who interact with the Company’s web services accessible electronically from the address https://www.cermesonigroup.com. The purpose of this Policy is to inform users about how their personal data is processed. These Data may be collected because you voluntarily provide them (for example, when you write to the Company through the ‘Contacts’ section) or simply by analyzing the pages visited on the site. The Personal Data processed through the website are listed in the following paragraphs.
- Types of data collected
While browsing the website https://www.cermesonigroup.com, the Data Controller may therefore acquire information about the visitor in the following ways:
Browsing data
During their normal operation, the IT systems and software procedures which operate this website acquire some data, the transmission of which is implicit in the use of Internet communications protocols. This information CANNOT be associated with identified individuals or include personal data. This category of data includes only IP addresses, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used when submitting the request to the server, the size of the file obtained in reply, the numerical code indicating the server’s response status (concluded successfully, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information concerning use of the website and to check that it is operating correctly and are deleted immediately after processing; currently, web contact data is not stored for more than 30 days.
Data provided voluntarily by users
The optional, explicit, and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition (by the Company) of the sender’s email address, as well as any other personal data included in the email voluntarily, which is necessary to respond to requests for information or contact. The same applies to data voluntarily entered in the form within the sections:
- ‘CONTACTS’
- ‘JOIN OUR TEAM’
In such cases, therefore, the user may be required to provide their first name, last name, telephone number, and email address; the Company will use this information solely for the purpose of processing the user’s request and sending the information specifically requested. The information provided will not be used for marketing purposes unless consent is given and will not be sold, transmitted, granted or forwarded to third parties in any other way.
- Optional provision of data
Apart from what has been specified for navigation data, users are free to provide or not provide personal data via the aforementioned collection forms published on the website and to navigate the various sections of the website anyway, but failure to provide such data will make it impossible to fulfill any requests made to CERMESONI GROUP s.r.l.
- Cookies
Cookies are used on our website to provide users with a better service and browsing experience: for information on this type of data and its processing, please refer to the specific ‘cookie policy’ section on the website:
https://www.cermesonigroup.com/en/cookie-policy
- Data processing procedures
Personal data will be processed using computerized and/or telematic tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are implemented to prevent the loss of data, illegal or improper use, or unauthorized access. The processing is carried out using organizational methods and logic strictly related to the indicated purposes. In addition to the Data Controller, categories of persons involved in the organization of the site (administrative staff, system administrators) or external parties (such as third-party technical service providers, hosting providers, IT companies) appointed as Data Processors by the Data Controller may have access to the data. The updated list of Data Processors may always be requested from the Data Controller by sending a specific communication to the contact details provided in the ‘Contact details’ section of this policy.
- Location and recipients
The data collected by the Company will only be shared for the purposes mentioned above; we will not share or transfer Personal Data to third parties other than those indicated in this Privacy Policy. In the course of our activities and exclusively for the same purposes as those listed in this Privacy Policy, Personal Data may be transferred to the following categories of recipients:
- persons authorized by the Company to process Personal Data necessary to perform activities strictly related to the provision of services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality (e.g., Company employees)
- business partners of CERMESONI GROUP s.r.l. to whom the Data Controller may communicate the data exclusively for the purpose of processing online requests (external consultants)
- individuals, companies, or professional firms that provide assistance and advice to companies in accounting, administrative, legal, tax, and financial matters
- persons whose right to access data is recognized by law or by orders of the authorities
The updated list of Data Processors is available at the Data Controller’s operational headquarters and will be provided upon written request to the contact details listed in the ‘Contact Details’ section of this policy.
- Personal data protection
The Company has implemented a study on risk assessment in relation to the processing of personal data in accordance with GDPR regulations: it has therefore put in place specific security measures, observed by all personnel involved, to prevent data loss, illicit or incorrect use, and unauthorized access. These measures take into account:
- the state of the art of the technology
- the costs of its implementation
- the nature of the data
- the risk of processing
The purpose is to protect them from accidental or unlawful destruction or alteration, accidental loss, disclosure or unauthorized access, and other forms of unlawful processing. Furthermore, when managing your personal data, CERMESONI GROUP:
- collects and processes personal data that is adequate, relevant, and not excessive, as required to fulfill the above purposes
- ensures that such personal data remains up to date, accurate, and properly deleted
- Purpose of processing the collected data
The user’s Data are collected to allow the Data Controller to provide its services, as well as for the following purposes:
- to allow navigation of the site and the provision of requests through the contacts requested from time to time from the Company
- to comply with any obligations under applicable laws, regulations, or EU legislation, or satisfy requests from authorities (tax, judicial, etc.)
- for statistical purposes, but in such a way that it is not possible to trace the identity of the user.
The legal basis for the processing of Personal Data for the purposes referred to in the previous sections is contained in Articles 6(1)(b); 6(1)(c), 6(1)(f), 9(2)(a), 9(2)(b) of EU Regulation 2016/679.
- Storage period
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. For each purpose, it will be stored for the time strictly necessary to achieve those purposes. The data of Users who have interacted with the Company by registering or requesting online services will be deleted 12 months after the last useful contact, unless there are ongoing contractual relationships lasting longer than 12 months. The User may always request that the processing be interrupted or that the Data be deleted by sending a specific communication to the Data Controller at the addresses listed in the ‘Contact details’ section of this policy.
- Rights of data subjects
The rights associated with the personal data processed by the Company are:
- right to rectification: you may obtain the rectification of personal data concerning you or communicated by you. The Company makes reasonable efforts to ensure that the personal data in its possession is accurate, complete, up-to-date, and relevant, based on the most recent information available
- right to restriction: you may obtain restriction of the processing of your personal data if:
- the user disputes the accuracy of the personal data during the period in which the Company processes the data
- the processing is unlawful and you request a restriction of processing or the erasure of personal data
- the Company no longer needs to retain the personal data, but the user needs it to ascertain, exercise, or defend their rights in court
- the user objects to the processing while the Company verifies whether its legitimate reasons prevail over those of the user
- right of access: users may request information from the Company about the personal data it holds about them, including information about what categories of personal data the Company owns or controls, for what purpose it is used, and to whom it may have been disclosed
- right to portability: following a written request, the Company will transfer personal data to another Data Controller, if technically possible, provided that the processing is based on the consent of the data subject or is necessary for the performance of a contract
- right to erasure: you may obtain from the Company the erasure of your personal data if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- the user has the right to object to further processing of personal data and exercise this right to object
- the personal data has been processed unlawfully
Unless the processing is necessary due to legal or tax obligations in order to establish, exercise, or defend a right in court:
- right to object. The user may object at any time to the processing of personal data, provided that the processing is not based on consent but on the legitimate interests of the Company or third parties. In such cases, the Company will no longer retain personal data unless it can demonstrate compelling and legitimate reasons, an overriding interest in processing or verification, or the exercise or defense of a right in court. If the user objects to the processing, you must specify whether you intend to delete the personal data or restrict its processing.
- right to lodge a complaint. In the event of an alleged violation of applicable privacy laws, you may file a complaint with the competent authorities in the country or location where the alleged violation occurred
- Changes to this Privacy Policy
Any future changes or additions to the processing of personal data as described in this Privacy Policy will be published on this website: https://www.cermesonigroup.com/en/privacy-policy
- Data Controller, contact details
To exercise the rights referred to in Articles 15 et seq. of the EU Regulation, users may contact info@cermesonigroup.it or the Data Controller by writing to: CERMESONI GROUP s.r.l. – Via per Busto Arsizio, 70 – 21054 Fagnano Olona (VA).
CERMESONI GROUP S.R.L.
Centro Operativo e Direzionale:
Via per Busto Arsizio, 70
21054 Fagnano Olona (Varese) Italy
Tel. +39 0331 616911
info@cermesonigroup.com
VUOI RIMANERE AGGIORNATO?
Iscriviti alla nostra newsletter, rimani sempre aggiornato sulle novità.
© 2026 Copyright Cermesoni – Partita IVA 00195210125 R.E.A.44657