PRIVACY POLICY

Art. 13 EU Regulation 679/2016 (GDPR)
Last updated: 16/02/2026

1) Data Controller
The Data Controller is Nuova Vetreria Resanese
Registered office: Via Boscalto, 13, 31023 Resana (TV) – Italy
Tel: +39 0423 480883 – Fax: +39 0423 480898
Email: commerciale@vetreriaresanese.it

2) Categories of Data Processed
While browsing the website, the following data may be processed:

a) Browsing data and technical logs
IP address, device/browser identifiers, information on pages visited, date/time of access, technical and security parameters (logs). Such data may be necessary for the operation of the website, security purposes, and the prevention of misuse or fraud.

b) Data voluntarily provided by the user
For example, data submitted via contact/request forms (name, email, telephone number, message content), or through communications sent to the Controller’s contact details.

c) Cookies and similar technologies
The website uses technical cookies (always active) and, subject to prior consent, analytical and profiling/marketing cookies. For further details, please refer to the “Cookies” section (para. 9) and to the Cookie Policy, where published as a separate document.

3) Purposes of Processing and Legal Bases
Personal data are processed for the following purposes:

  1. To enable browsing and ensure the proper functioning of the website (technical cookies, essential features, session management, technical preferences).
    Legal basis: the Controller’s legitimate interest in the functioning and security of the website (Art. 6(1)(f) GDPR) and/or performance of a requested service (Art. 6(1)(b) GDPR), as applicable.

  2. To manage user requests and communications (e.g. information requests, quotations, commercial contacts).
    Legal basis: performance of pre-contractual/contractual measures (Art. 6(1)(b) GDPR) and/or legitimate interest in responding (Art. 6(1)(f) GDPR).

  3. To comply with legal obligations or requests from authorities (e.g. accounting/tax obligations where applicable, legal defence).
    Legal basis: legal obligation (Art. 6(1)(c) GDPR) and/or legitimate interest in protecting rights (Art. 6(1)(f) GDPR).

  4. To carry out statistical analyses on website usage (analytical cookies) in order to measure traffic and performance.
    Legal basis: user consent (Art. 6(1)(a) GDPR), where analytics are not configured as “technical” under applicable legislation.

  5. Profiling/marketing and campaign measurement (profiling cookies), to display personalised content/advertisements or measure their effectiveness, where active.
    Legal basis: user consent (Art. 6(1)(a) GDPR).

Provision of data for purposes 1–3 may be necessary: without such data, the website may not function properly and/or we may be unable to respond to requests.
Provision of data for purposes 4–5 is optional and based on consent: refusal does not affect essential browsing.

4) Methods of Processing and Security Measures
Processing is carried out using electronic tools and, where necessary, paper-based means, strictly related to the stated purposes, and adopting appropriate technical and organisational security measures to reduce risks of destruction, loss, unauthorised access or unlawful processing.

5) Recipients and Categories of Recipients
Data may be processed by:
• Authorised personnel of the Controller (within the scope of their duties).
• Suppliers/partners acting as Data Processors pursuant to Art. 28 GDPR (e.g. hosting providers and technical service providers).
• Independent third-party controllers (e.g. authorities, legal/accounting advisers, institutions/entities) where required by law or for the protection of rights.

Hosting and platform: the website is hosted on Squarespace (platform provider). In this context, Squarespace may act as a Data Processor for “customer-controlled” data (e.g. data collected via website forms) and may also process certain data for its own purposes (e.g. security/service provision) in accordance with its own documentation.

6) Transfers to Non-EU Countries
The use of platforms/providers may involve transfers of data to non-EU countries (e.g. the United States). In such cases, transfers take place in compliance with Chapter V GDPR, through appropriate safeguards (e.g. Standard Contractual Clauses – SCCs and/or participation in recognised frameworks, where applicable). Squarespace declares the use of SCCs for transfers and participation in the Data Privacy Frameworks (EU–US/UK Extension/Swiss–US), in accordance with its public documentation.

7) Data Retention Periods
• Contact/request data: for the time necessary to handle the request and, where applicable, for the duration of any pre-contractual/contractual relationship and statutory periods (e.g. legal defence, administrative obligations).
• Technical and security logs: for limited periods proportionate to security and technical management purposes.
• Cookies: in accordance with the durations indicated in the Cookies/Cookie Policy section (and, in any event, until consent is withdrawn for non-technical cookies, where applicable).

8) Data Subject Rights
The user, as data subject, may exercise the rights set out in Articles 15–22 GDPR, including: access, rectification, erasure, restriction, objection, and data portability (where applicable).

Withdrawal of consent: for processing based on consent (e.g. analytical/profiling cookies), consent may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

Complaint: a complaint may be lodged with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

To exercise your rights, please write to: commerciale@vetreriaresanese.it (specifying in the subject line “Privacy – exercise of rights”).

9) Cookies, Preferences and Consent Management
The website uses:

A) Technical cookies (always active)
Necessary for the functioning of the website and/or to provide the requested service.

B) Analytical cookies (subject to prior consent)
Used for statistics and performance, activated only after the user’s positive choice via the banner/cookie settings.

C) Profiling/marketing cookies (subject to prior consent)
Used for content/advertisement personalisation or campaign measurement, activated only after consent.

How to manage cookies
• Via the consent banner and the “manage preferences” panel.
• Via browser settings (limitation/deletion of cookies).
• Choices may be modified or withdrawn at any time using the banner controls.

10) Minors
The website and related services are not intended for minors. If data relating to minors are collected in error, the Controller will delete them in compliance with applicable legal obligations.

11) Updates to this Notice
This Privacy Policy may be subject to amendments/updates. The updated version is published on this page with an indication of the latest update date.