Information notice pursuant to and by effect of Articles 13-14 of EU Regulation 2016/679
(European regulation on the protection of personal data)

Dear Sir/Madam
We are writing to inform you that EU Regulation 2016/679 (“European regulation on the protection of personal data”) establishes rules regarding the protection of natural persons with regard to the processing of their personal data, and rules regarding the free circulation of said data. The Regulation in question protects the rights and the fundamental freedoms of natural persons, and in particular the right to personal data protection.

Therefore, pursuant to Article 13 of the Regulation, we are providing you with the following information:

Identity and contact data of the Data Controller

B.A.G. S.p.A., with registered office in Via dell’Industria 11 – postcode 63815 – Monte San Pietrangeli (FM), Tax ID and VAT Reg. No 01485570442; Data Controller ENRICO BRACALENTE (hereinafter, the “Data Controller” in his capacity as legal representative of the Company). The updated list of data processors and processing representatives is kept at the registered office of the Data Controller. The Data Protection Officer is: NEW SYSTEM srl located in Via Brodolini 58/B, e-mail:

Purpose of the Processing

The Data Controller processes the personal data communicated by you during the supply of the services offered by this website.

1. Purpose, legal basis of the processing for which the data are collected

The personal data provided by you are processed for the purposes of:

  • Registering them for the receipt and vision of our services of the website in order to create a personalised account; registration is mandatory in order to proceed in viewing those services and for accessing the reserved servers through the website. Please note that the only data mandatory for those services are those marked with an asterisk.
  • Fulfilling the requirements relating to any laws, regulations, European Community law or any orders from the authorities (for example relating to anti-money laundering);
  • Exercising the rights of the Data Controller, for example the right to defence before the courts;
  • Placing orders and/or restocking from the platform
  • Performing profiling activities using the data provided by you.

Si precisa che i dati richiesti per tali servizi sono esclusivamente i dati contrassegnati con l’asterisco.

2. Data Retention Period

The data are retained for the entire duration of the period during which you are registered on our website, until you cancel said registration, if this occurs. The user can request that their personal data be deactivated and/or erased at any time.

Therefore, should you cancel your registration, you can no longer exercise your rights to access and correct your data or your right to data portability.

The Data Controller will process your personal data for the time required to fulfil the purposes referred to in Article1 of this information notice: 10 years for fiscal purposes from the start of the end of the relationship for the purposes indicated in point 1). and marketing purposes (unless you decide to cancel your registration).

3. Processing methods

B.A.G. S.p.A., in the person of the Data Controller, and each one of any external data processors as identified above, will manage the processing of your personal data by way of the operations indicated in Article 4 paragraph 2 of the GDPR, which are: collection, recording, organisation, storage, alteration, consultation, processing, modification, selection, retrieval, comparison, use, alignment, restriction, communication, erasure and destruction of the data. Your personal data may be processed in hard copy or using automated electronic means.
Specific security measures are in place to prevent the loss of the data, any unlawful and incorrect use of and unauthorised access to the same.
The data shall only be processed by staff authorised by the Data Controller to do so.
Under no circumstances will be the data be disseminated.
If the website is accessed using your social profile (e.g. Facebook or Instagram), where foreseen, your personal data will also be collected by the Data Controller from third parties, i.e. from the manager of the social network used to access the website. In this case you will be able to view this Information Note in the Privacy section of each Website:
This website uses cookies, or markers, which are, technically speaking, information sent by a web server (in this case, by this website) to the user’s browser and are saved by the latter on their own device (personal computer, tablet, mobile phone, etc.) and automatically sent back to the server every time the user visits the website thereafter.
In order to learn about the types and purposes of the cookies used, and to express your preferences regarding their use, you can consult the Cookie Policy:

4. Nature of the personal data

The processing is carried out on your identifying and not specific data (first name, surname, email address) – hereinafter “personal data” or also “data” personally supplied by you and necessary for your registration in the reserved area of the website and for the relative reserved services as well as the data issued by you in order to establish contracts with the provider of the platform

5. Mandatory or optional nature of the data conferral

The conferral of the required data is necessary for the purposes of registering the user in the reserved area of the website and on the platform; should a user fail to fill in all or some of the data required, we will not be able to fulfil their request.

6. Scope of data communication and dissemination

Without prejudice to the communications performed for the purpose of fulfilling obligations dictated by the law and by the relative contracts, all the data collected and processed can only be communicated for the above-mentioned purposes to:

  • Our authorised technicians
  • Software houses
  • Support/maintenance companies.
  • Third party companies or other parties, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services

7. Data transfer

The personal data provided by you are kept on servers located in Monte San Pietrangeli – Via dell’Industria 11, in Rome and in Gunzenhausen (Germany) in the European Union. They are managed at the headquarters of B.A.G. S.p.A. It is in any case understood that the Data Controller, if necessary in future, will also have the faculty to move the servers outside the EU. In this case, the Data Controller hereby ensures that the data will be transferred outside the EU in conformity with the applicable laws in force, concluding standard contractual clauses laid down by the European Commission.

8. Rights of the Data Subject

7.1 Article 15 (right to access the data) of EU Reg. 2016/679
The Data Subject is entitled to obtain from the Data Controller confirmation of whether their personal data is being processed and if so, to gain access to the personal data and to the following information:

  • the purposes of the processing;
  • the relative personal data categories;
  • the recipients or categories of recipients to whom the personal data have been or will be communicated, particularly if these are third country recipients or international organisations;
  • the envisaged retention period of the personal data or, if this is not possible, the criteria used to determine said period;
  • the presence of the Data Subject’s right to ask the Data Controller to correct or erase the personal data or to restrict the processing of their personal data or to object to their processing;
  • the right to submit a claim to a supervisory body;
  • the presence of an automated decision-making process, including profiling and, at least in those cases, significant information about the logic used, and on the importance and the consequences envisaged by said processing for the Data Subject.

8.2 Article 16 (right to have the data corrected) of EU Reg. 2016/679
The Data Subject is entitled to have the Data Controller correct any of their personal data that may be incorrect without delay. Considering the purposes of the processing, the Data Subject is entitled to have their incomplete personal data completed, also by providing an integrative statement.

8.3 Article 17 (right to erasure) of EU Reg. 2016/679
The Data Subject is entitled to have the Data Controller erase their personal data without undue delay and the Data Controller is obliged to erase the personal data without undue delay, if one of the following reasons exists:

  • the personal data are no longer required for the purposes for which they have been collected or otherwise processed;
  • the Data Subject revokes the consent on which the processing is based, in compliance with Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a) and if there are no legal grounds for the processing;
  • the Data Subject objects to the processing pursuant to Article 21, paragraph 1 and there is no prevalent legitimate reason for carrying out the processing, or they object to the processing pursuant to Article 21, paragraph 2;
  • the personal data have been processed unlawfully;
  • the personal data must be erased to fulfil a legal obligation envisaged by the law of the Union or member state to which the Data Controller is subject;
  • the personal data have been collected with regard to the offer of information society services pursuant to Article 8, paragraph 1 of EU Reg 2016/679

8.4 Article 18 (right to restrict the processing) of EU Reg. 2016/679
The Data Subject is entitled to have the Data Controller restrict the processing when one of the following situations occurs:

  • the Data Subject challenges the accuracy of the personal data, for the period required by the Data Controller in order to verify the accuracy of the same;
  • the processing is unlawful and the Data Subject objects to the erasure of the personal data and instead requests that its use be restricted;
  • despite the Data Controller no longer requiring the personal data for the purposes of processing the same, the personal data is needed by the Data Subject for the verification, exercising or protection of a right in court;
  • the Data Subject has objected to the processing pursuant to Article 21, paragraph 1 of EU Regulation 2016/679, while awaiting verification of whether the legitimate reasons of the Data Controller prevail over those of the Data Subject.

8.5 Article 20 (right to data portability) of EU Reg. 2016/679

  • The Data Subject is entitled to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, where:
    a. The processing is based on consent pursuant to Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a) or on a contract pursuant to Article 6, paragraph 1, letter b); and
    b. The processing is carried out by automated means.
  • In exercising their right to data portability pursuant to the previous paragraph, the Data Subject shall have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.
  • The exercising of the right referred to in paragraph 1 of this Article shall be valid without prejudice to Article 17 (right to erasure). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or related to the exercising of official authority vested in the Data Controller.
  • The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

8.6 Article 21 (right to object to the processing) of EU Reg. 2016/679

  • The Data Subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6 paragraph 1, letter e) or f), including profiling.
  • Where personal data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to the processing of their personal data for such purposes, which includes profiling to the extent that it is related to such direct marketing.

You have the right to withdraw your consent to the processing of your personal data at any time.

9. Methods of exercising your rights as set forth in Point 8:

You can always exercise your rights:

  • by sending a registered letter with return receipt of delivery to the following address: B.A.G. S.p.A. with registered office in Via dell’Industria 11 – CAP 63815 – Monte San Pietrangeli (FM);
  • via e-mail to the following address:
  • certified email:


B.A.G. S.p.A.