Privacy Policy


The companies GALBIATI ITALIA SRL and GALBIATI 1935 SRL, as Data Controllers and Joint Data Controller of the personal data acquired through the website, have always considered the protection of the personal data of their customers and Users to be of fundamental importance and ensure that the processing of the personal data collected will take place in full compliance with the European Regulation on the protection of personal data No. 2016/679 (General Data Protection Regulation, hereinafter “GDPR”) and of the other applicable rules regarding the protection of personal data. According to Article 4 point 1 of the GDPR, “personal data” refers to “any information concerning an identified or identifiable natural person; the identifiable natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his or her physical, physiological, genetic, psychic, economic, cultural or social identity” (hereinafter “Personal Data”).

The GDPR provides that, before proceeding to the “processing” of the Personal Data – this term meaning, pursuant to Article 4, point 2) of the GDPR. “any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, the conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction” (hereinafter the “Processing”) – the Data Controller must adequately inform the person to whom such Personal Data belongs, i.e.” the Data Subject” of the purposes for which the data is requested, how it will be used and the recipients.

For this reason, this privacy policy (“the Policy”) aims to provide the User, in a simple and transparent manner, all useful and necessary information so that he or she can provide his or her Personal Data in an informed manner, requesting and obtaining, at any time, clarifications and/or adjustments to the Processing. In particular, in compliance with the legislation referred to in Article 13 of the GDPR, below we provide the information relating to the Processing of Personal Data of Users, with the precise indication of the use made of it, the subjects with whom they are shared, and the Users’ rights. This Policy exclusively concerns the processing of the data communicated by the User or otherwise obtained due to the use of the website with the URL The Policy is provided only for this Website and not for other websites that may be consulted by the User via links.


According to Article 26 of the GDPR, the Website is managed according to a joint data controller criterion and through an internal agreement by:

GALBIATI ITALIA SRL (Tax Code/ VAT No. 09210670965), with registered office in Piazza Velasca No. 6   – 20122 Milan, e-mail:
GALBIATI 1935 SRL (Tax Code/ VAT No. 04287410163), with registered office in Via Giuseppe Verdi No. 14 – 24121 Bergamo, email:

The contacts mentioned above are those that the User can use to exercise its “control rights” on the Processing of its Personal Data, according to Article 15-22 of the GDPR, as better explained below.



Description of the Processing and type of data processed:

The Processing of data of the natural persons who are voluntarily provided by the User for the purposes listed below. The simple browsing of the Website, without entering any personal data, can only involve the acquisition of navigation data in a completely anonymous manner. In this regard, see the appropriate Cookies Policy of the website.

In particular, the types of Personal Data being processed may include:

1. Navigation data: during normal operation, the computer systems and software procedures used to operate the Website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow Users to be identified. This data is used only to obtain anonymous statistical information on the use of the website and to check its correct functioning and are not, nor will in any case be used by the Data Controller to carry out profiling activities.

2. data provided voluntarily by the User, in particular:

–       name, e-mail address, company, telephone number, and any other Personal Data provided by completing the contact form on the Website, as well as those provided on the occasion of calls made to the Data Controller’s contacts, in order to verify the User’s requests;

–       e-mail address and any other Personal Data provided by completing the newsletter service registration form, in order to send periodic information communications on the Data Controller’s activity;

–       e-mail address and any other Personal Data contained in the e-mail messages sent to the addresses indicated on the Website, in order to carry out the processing activities necessary to respond to the User’s requests;

–       e-mail address for any registration in restricted areas of the Website.



Purpose of the processing / Conditions of lawfulness and legal basis of reference:

The Personal Data collected through this Website will be processed for the following purposes:

1.     management and execution of the relationship with Website Users: the personal data provided voluntarily by the User, as indicated above, is acquired and processed as needed to respond to requests sent and/or to be able to proceed with the subsequent provision of the services offered by the Data Controller (Article 6, paragraph 1, letter b) GDPR).

Only with prior consent (Article 6, paragraph 1 letter a GDPR), which the User can freely express in the dedicated section of the Website, the Controller can also ask, in addition to the Personal Data above, other Personal Data for the following further purposes:

2.        sending periodic newsletters relating to the services and activities carried out by the Data Controller with information and commercial promotions, also based on the interests and preferences expressed.


The Users’ personal data may be disclosed if necessary, in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Privacy Policy, to “Data Processors”, pursuant to Article 28 of the GDPR, as they carry out part of the processing activities on behalf of the Data Controller, to individuals (employees, interns and/or collaborators) “authorised” by the Data Controller to process personal data, and to additional third parties, including but not limited to: External consultants who work with the Data Controller in the performance of their activities, Business partners, Postal and transport services, Suppliers of services offered through the Website or connected to its operation as Webmasters, providers of newsletter, web hosting, system administrator housing services. Where requested by the law or Authorities, the Personal Data may be disseminated to the Courts and/or Authorities. Furthermore, the data may be communicated to the Data Protection Officer (DPO) where appointed, to the Company’s shareholders, legal representatives and/or managers designated by the Company (all, limited to the respective function and/or role).



The Personal Data being processed will be kept for a period of time not exceeding that necessary to achieve the purposes for which it was collected or subsequently processed and, in particular, the Retention Period is determined as follows:

a) for the purposes referred to in point 1) above, the Users’ data collected through this Website will be kept for 6 months from the time the requested information was provided, unless further data storage is necessary to proceed with the execution of the services contract offered by the Data Controller and fulfil legal obligations;

b) in case of express consent for the purposes referred to in point 2), the data will be stored and used until the User has revoked the consent, with a request to unsubscribe from the service, unless the data retention is still necessary for other legal purposes.

After the expiry of the storage terms according to the indicated criteria the Data Controller will adopt measures intended for the cancellation or anonymisation of data that should not be kept for specific regulatory obligations.



According to Article 7, paragraph 3 of the GDPR, the User has the right to revoke at any time consent provided for one or more specific purposes without prejudice to the lawfulness of the processing based on the consent given before the revocation. The methods of revocation are very simple: simply contact the Data Controller using the contacts indicated in this Policy.



According to Articles 15-22 of the GDPR, the User has the right to ask the Data Controller access to personal data, rectification, deletion of data (the right to be forgotten), limitation of processing, opposition to processing, portability, as well as the right not to be subjected to a decision based solely on automated processing, including profiling. The relative requests, as well as any other question relating to this Policy, may be sent to the Data Controller’s contacts, indicated above, without particular formalities, attaching an identity document of the applicant, for the purpose of identification by the Data Controller, who will answer within a reasonable time, depending on the circumstances of the case. Without prejudice to the right to appeal in any other administrative or judicial office, the User has the right to lodge a complaint with the Guarantor, the Supervisory Authority for the protection of Personal Data(see, if the user considers that the Processing of its Personal Data conducted by the Data Controller occurred in violation of the GDPR and/or applicable legislation. In any case, to learn more about rights and remain updated on the legislation regarding the protection of people with reference to the processing of Personal Data, the User can consult the Authority for the Protection of Personal Data’s website at the address



The Personal Data will be processed by the Data Controller within the territory of the European Union, at the offices where it exercises its activity. If for technical and/or operational purposes, or for the pursuit of legitimate interests, it is necessary to make use of subjects located outside the EU, the Users are informed of the possible transfer to countries outside the EU , in addition to the cases in which this is guaranteed by the adequacy decisions of the European Commission, in order to provide appropriate guarantees pursuant to the articles 46, 47, 49 of the GDPR.

The Personal Data will not be disseminated nor used for automated decision-making.

The Personal Data will be processed using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

In order to guarantee the security of the users’ personal data, the Data Controller will adopt adequate and appropriate technical and organisational measures, in compliance with the provisions of Article 32 of the GDPR.



The User must necessarily provide the Personal Data requested while browsing the Website for the purposes referred to in point 1) as well as to receive the information required. On the other hand, consent for the purposes referred to in point 2) is optional.


Please note that the Policy may be changed due to the introduction of new regulations and, consequently, users are invited to periodically check this page.