Welcome to the website of MAGLIFICIO ROSSI S.R.L. (hereinafter “DATA CONTROLLER”), whose Home Page is accessible from the address:


hereinafter “WEBSITE”.

This page contains all the information on the processing of the personal data of visitors to the website performed by the DATA CONTROLLER.

The following information is provided only for the website of MAGLIFICIO ROSSI S.R.L. and not for other websites that may be viewed by the user by clicking on links.



For a better understanding of this policy some definitions are provided below (please refer directly to the current regulations for anything not expressly included here):

“Personal data”, any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person [art. 4, para. 1, no. 1) GDPR].

“Data that belong to special categories”, data that can reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation [art. 9, para. 1 GDPR].

“Data relating to criminal convictions and offences”, personal data relating to criminal convictions and offences or to related safety measures [art. 10, para. 1 GDPR].

“Processing”, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction [art. 4, para. 1, no. 2 GDPR].

“Controller”, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law [art. 4, para. 1, no. 7) GDPR].

“Data processor”, a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller [art. 4, para. 1, no. 8) GDPR].



When viewing this website, data relating to identified or identifiable persons may be processed.

The “data controller” is

COMPANY NAME Maglificio Rossi Idee Moda s.r.l.
TAX CODE / VAT NUMBER 02108050127
REGISTERED OFFICE Via delle Roggette 18, Cardano del Campo (VA) (21010)

in the person of its legal representative pro tempore.


The list of Data Processors is available from the Data Controller.



The processing connected to the web services of this website takes place at the aforementioned headquarters of the Data Controller and is carried out only by personnel appointed to do the processing.

To the extent necessary, with regard to the maintenance of the technological part of the site – the activity connected with the hosting/housing service – processing operations may be carried out at the registered office of the Data Controller or at the offices or the WEB FARM of the Data Processor(s).


Browsing data

During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.

It is information that is not collected to be associated with identified interested parties, but by its very nature could allow users to be identified through processing and association with data held by third parties.

This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of any computer crimes against the website. With the exception of this eventuality, data on web contacts do not persist for more than seven days.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of emails to the addresses specified on this website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Sending the message implies consent to the processing of the data contained in the email. Such consent is mandatory and necessary to allow the Data Controller to provide the requested information. The processing will have a duration consistent with the activity requested and necessary to provide the relevant information. In the event that the user does not intend to provide consent, he/she should not send the email.

More specific information will be provided in the pages of the website that perform particular processing.


For the cookie policy please refer to the Website’s Cookie Policy.


Personal data are processed to allow the user to browse the Website.



For browsing data, the legal basis for the processing performed in the Website is the contract.

The data provided voluntarily by the user (for example by completing a form) are processed under the legal basis consistent with the processing, as specified in the relevant notice.



Apart from what is specified for navigation data, the user is free to provide personal data contained in the request forms or in any case specified in the Contacts page.

Failure to provide such data may make it impossible to obtain what was requested.



Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.



The data subjects whose personal data are being processed have the right at any time to obtain – if the conditions are met:

a) Confirmation of whether or not their personal data are being processed, and in this case, access to personal data and information, in accordance with art. 15 GDPR.

b) The correction of any inaccurate personal data concerning them, including the completion of incomplete personal data, even by providing a supplementary statement, as envisaged in art. 16 GDPR.

c) The erasure of personal data concerning them, in accordance with the provisions of art. 17 GDPR.

d) The restriction of processing in accordance with art. 18 GDPR.

e) The portability of the data, in accordance with art. 20 GDPR.

f) Opposition to processing, in accordance with art. 21 GDPR.

For better management, requests should be addressed as follows:

by email, to the address info@biancadellatorre.it
by fax 0331/260882
by PEC certified email maglificiorossi@pec.it
by post Via delle Roggette 18, Cardano del Campo (VA) (21010)

Please also include in the subject: “Request as per Reg. EU no. 679/2016”, specifying the right being exercised, as specified above.

It is advisable to use the form provided by the DATA CONTROLLER and downloadable here.



If the data subject considers that the processing of his/her data is in breach of the GDPR, he/she has the right to lodge a complaint with a Supervisory Authority. The Supervisory Authority may be that of the Member State in which the data subject has his/her habitual residence, or the place where the alleged infringement occurred.

The data subject has the right to a judicial remedy if he/she considers that his/her rights under the GDPR have been infringed as a result of the processing. Actions against the Data Controller or the Data Processor shall be brought before the courts of the Member State in which the Data Controller or the Data Processor has offices. Alternatively, such proceedings may be brought before the courts of the Member State in which the data subject has his/her habitual residence.


The Website provides the opportunity to interact with the Company’s Social profiles. It should be noted that in this case, the terms and conditions respectively adopted by the operators may be applicable and that they may also take note of the settings adopted by the individual user with regard to the processing of personal data. Interaction with Social Networks may involve the communication or dissemination of personal data.


This document, published at


constitutes the “Privacy Policy” for this website and may be subject to updates.

Previous versions shall be kept at the registered office of the Data Controller.

Version published on: 2019.12.20.

Date of last update: 2019.12.20.