Privacy Policy

Derbe S.r.l. – Processing of personal data and Privacy Policy of the website


Information document art. 13 Reg. EU 2016/679-GDPR – Information notice for the processing of personal data provided to the data subject


This document has the objective of providing every clarification regarding the privacy policy adopted, with reference to the website, by Derbe s.r.l. having its registered office Via Aldo Moro no. 24, Sesto Fiorentino (FI) owner of the Derbe brand, respective what is provided by Regulation EU 2016/679 GDPR (General Data Protection Regulation) as well as by Directive 2002/58/EC, as updated by the Directive 2009/136/EC in terms of Cookies and by the Measure of the Italian Data Protection Authority in terms of Cookies of 8 May 2014.

The use of the website entail full acceptance of this Privacy Policy.


  1. General information relative to the Privacy Policy.
  2. Derbe s.r.l. complies with the privacy protection policies contained in the GDPR Regulation (General Data Protection Regulation) as well as the precautions and procedures that the Italian Data Protection Authority has specified in the document on the Privacy Policy published on the Authority’s official website. Derbe s.r.l. complies with measure no. 229 of 8 May 2014.
  3. This information notice is made available only for the website and not also for other websites possibly consulted by the user by means of the links contained therein.
  4. The purpose of this document is to provide users of the website, whatever the purposes for which this connection is made, the mandatory information according to the Italian and European legislation.
  5. The information notice may undergo modifications on account of the introduction of new rules on the subject and the user is therefore invited to check hits page periodically.
  6. If the user is aged under sixteen they must legitimate their consent, pursuant to art. 8 paragraph 1 of the GDPR Regulation by means of the authorisation of their parents or the persons acting in their place.


  1. Processing of data


  1. Data Controller
  2. The data controller is the (natural or legal) person, public authority, the service or other organism which, individually or together with others, determines the aims and means of processing of personal data. They also concern themselves with the security profiles.
  3. In relation to the website the data controller is, pursuant to art. 4 and 24 GDPR Regulation, Derbe s.r.l., having its registered office in Via Aldo Moro no. 24, Sesto Fiorentino (FI) in the person of the Chairman of the Board of Directors. The contact e-mail address of the Data Controller is


  1. Data Processor
  2. The data processor (RPD/DPO – Data Protection Officer) is the (natural or legal) person, public authority, agency or other body which processes personal data on behalf of the data controller.
  3. Pursuant to art. 28 of regulation EU no. 2016/679, on appointment of the data controller, the data processor of the website is Turchi Roberto and contact email address is
  4. The data provided by means of use of the website is taken care of by the staff tasked with the processing or by persons possibly tasked with occasional maintenance operations.


  1. Place where data is processed
  2. The processing of data generated by using the website takes place at the registered office of the same.
  3. In the event of necessity connected to the newsletter service it can be processed by the data processor or by parties tasked by him for this purposes at the relative office.
  4. The personal data shall not be transferred outside the EU.


III. Data processed


  1. Method of processing data
  2. It is possible that the website’s log files conserve information collected in an automated manner during the visit of users (for example IP address, type of browser and parameters of the device used for the connection, name of the ISP, the URI addresses of the resources requested, date and time of visit, web page of provenance, numerical code of state of the response given by the server (successful, error etc.) and other parameters relative to the operating system and to the user’s IT environment).
  3. This information is processed in an automated form and collected in a form exclusively aggregated in order to check the correct functioning of the website and for security reasons. The aforesaid information shall be processed on the basis of the legitimate interests of the controller.
  4. For the purposes of security (anti-spam filters, firewall, virus detection) the data recorded autonomously may possibly include personal data that can be used, in accordance with the laws on the subject, in order to block attempts to damage the website or to cause harm to other users. This data is used solely for the purposes of protecting the site, in accordance with the legitimate interests of the data controller, and never used in order to identify or profile the user.
  5. Wherever the website allows the entry of comments, or in the case of specific services requested by the user (including the possibility of sending a CV) the website automatically detects and records some identifying data such as the email address. This data is understood to be provided voluntarily by the user and entail the express acceptance of this privacy information notice. The data received shall be used exclusively for the performance of the service requested and only for the time necessary for the provision of the same.
  6. The information which the users of the website consider making public by means of the services and tools made available by the same must be understood to have been provided knowingly and voluntarily exempting the website in relation to possible breaches of the law.


  1. Recipient or categories of recipient of data
  2. The data obtained by navigating the website www.derbe.shall not be disseminated and is taken care of by the staff tasked with the processing or by persons possibly tasked with occasional maintenance operations.
  3. The data deriving from the website can be communicated to technological and instrumental partners of which the Controller avails itself for the performance of the services requested by users.
  4. The personal data provided by users who submit requests for information, for sending of informative material, for answers to queries or other communications (for example orders) are made available to the staff of the business and are used by this latter only for the purposes of providing the service or performance requested and in any event only in the event in which this shall be necessary (for example performance of services by means of the technological and instrumental partner).
  5. In the context of this Privacy Policy, “personal data” is understood to be information or fragments of information which could allow the identification of the user, information deriving also from the issuing of tax documents consequent to the sale of the product purchase on the website (by way of example, the name, the address, the user name, the tax code, the spending habits, the lifestyle preferences, hobbies and interests).


  1. Purposes of processing of the data
  2. The data collected by the website during its functioning are used exclusively for the following purposes respecting the conditions of lawfulness specified at art. 6 para. 1 Letter F (Taking into Account 47) of the GDPR Regulation:

– reviews and improvement of the use of the website, of the products and services offered;

– analyses of the effectiveness of the advertising, the promotions and competitions offered;

– personalisation of the experience on the website by means of the review (in anonymous and aggregate form of the statistics relative to the activities on the website);

– simplification of the use of the website adjusting it to the user’s interests and choices;

– any filling out of forms to register on the website/login, signing up for a newsletter, sending of advertising material and/or request of contact with sending of the information requested;

– any administrative and/or accounting purposes for payments;

– contacting the user regarding products and services that may interest them (after obtaining consent);

  1. The processing of data is based on the said art. 6 taking account of the reasonable expectations held by the data subjects at the time and in the context of the collection of personal data, when the data subject can reasonably expect that processing shall take place for that purpose. For specific marketing activities the legal basis shall be the consent.
  2. Every direct marketing communication that Derbe s.r.l. makes with regards to the users of the website must contain the information that the offer may be refused and specify what are the means necessary to set out this refusal.
  3. The information generated by users who visit the website without being registered (or, whilst registered, without having an active session) could be used by Derbe s.r.l. to allow the user an optimal navigation of the website, for statistical analyses and for the personalization of content (including advertising) as subsequently, to supplement the information provided by the user during registration. In order to have more information regarding the technologies that allow Derbe s.r.l. to offer the services described up to now, you are invited to read the Cookie Policy.


  1. Period of conservation of the data
  2. The processing of data shall be performed in automated and manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality by the parties who are duly entrusted for this purpose.
  3. Respecting art. 5 paragraph 1 Letter and of the GDPR Regulation the personal data collected shall be conserved in a form that allows the data subjects to be identified for a period of time not exceeding the achievement of the purposes for which the personal data is processed. The conservation of personal data depends upon the purposes of processing:

– navigation on the website (session);

– for request of contact (maximum one year);

– collection of data for selection of staff (maximum two years);

– receipt of newsletter or personal communication in general via e-mail (maximum two years);

– profiling (maximum two years).


  1. Rights of the data subjects
  2. The data subject can assert their rights as expressed by the GDPR Regulation by making reference to the Data Controller, by sending an email to the address or writing to the office of the Data Controller indicated above.
  3. The data subject is entitled, at any time to ask the Data Controller to access their personal data, to correct or erase the same, to limit the processing, or to object to the processing of it based on the legitimate interest. The data subject is also entitled to the portability of their personal data.
  4. The communication of personal data is not an obligation. The User is free to provide personal data in the dedicated areas on the website. The failure to provide the personal data entails the impossibility of benefiting the services offered by the Data Controller.
  5. In the event of breach of the legislation the user is entitled to make a complaint to the Italian Data Protection Authority, as the authority in charge of controlling the processing of personal data in the Italian State.


  1. Amendments to the information notice regarding privacy
  2. The Data Controller reserves to itself the right to modify, update, add or remove parts of this information notice regarding privacy at its discretion and at any time including in conformity with any modifications made to the legislation in force. The users are bound to check modifications to this information notice periodically.