Privacy notice for the processing of personal data of website users
pursuant to Art. 13 of EU Regulation no. 2016/679 (“GDPR”)
Cimolai S.p.A. pays the utmost attention to the security and confidentiality of the personal data of users (hereinafter, the “Users” or “User” in the singular) of the website https://www.cimolai.com (hereinafter, the “Website”) and wishes to provide them with information regarding the processing of their personal data.
The data controller is Cimolai S.p.A., with registered office at Viale Pasteur, 49, 00144 – Rome (RM), Tax Code and VAT no. 01507200937 (hereinafter, the “Company”).
For any request regarding the processing of personal data, as well as to exercise the rights recognized by the GDPR and described in greater detail in paragraph 7 below, the Company may be contacted at the e-mail address GDPR@cimolai.com.
Through the Website, the Company collects certain personal data relating to Users, either voluntarily provided by them or collected during the normal operation of the Website, which are processed for the purposes described below.
The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses of the computers used by Users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system used. These data are used solely to obtain anonymous statistical information on the use of the Website and to check its proper functioning, and are deleted immediately after processing. The data may be used to ascertain liability in the event of any cybercrimes against the Website.
The Website also uses cookies and other tracking tools. Please refer to the cookie notice available at the following https://cimolai.com/it/cookie-policy/, as well as to the related control panel available at the following link, for further information and to manage your preferences in this regard at any time.
The processing activities carried out by the Company are set out schematically below.
| Purpose of processing | Categories of data processed | Legal basis and provision of data | Retention period | |
1 |
Responding to requests from the data subject.The personal data provided by the user through the contact forms on the Website will be processed solely for the purpose of responding to submitted requests and providing any clarifications or information. Such data may also be used to follow up on any formal requests submitted by the data subject pursuant to the applicable personal data protection legislation. | Name and surnameE-mail addressTelephone number, if providedAdditional personal data contained in the request message | Performance of a contract to which the User is party, Art. 6 (1) (b) GDPR. The provision of data is necessary, since otherwise the Company will not be able to provide a response. |
The data will be deleted 6 months after collection. |
2 |
Online advertisingIf the User interacts with social pages and has given consent to the use of profiling cookies on the Website, the Company may process personal data to show the User marketing advertisements and content consistent with their interests, based on preferences and consumption habits identified through cookies and/or other tracking systems of social media operators, such as Meta, and/or following the analysis that the social media themselves carry out on their users.In particular, the Company may show personalized marketing content through digital platforms based on the User’s interests or behavior, using all information that may be collected through profiling activities carried out on the Website and shared with digital platforms, or by using the tools made available by social media. | Contact details, in particular the e-mail address. Data communicated during interaction with the Social Pages, such as information provided by the User to the social media based on the privacy settings selected on that social media. Data collected through cookies, the details of which are available in the Cookie Policy: https://cimolai.com/it/cookie-policy/. |
Consent, Art. 6 (1) (a) GDPR. In this case, consent is given through the specific banner displayed when accessing the Website and may be withdrawn at any time using the methods specified in the cookie control panel. |
For cookie retention periods, please refer to the more detailed description in the Cookie Policy: https://cimolai.com/it/cookie-policy/ |
3 |
Defending its rights.The Company may process personal data to defend its rights in judicial, administrative or out-of-court proceedings and in disputes arising in relation to the Services. | Depending on the case, the personal data collected for purposes 1 to 3 will be processed. | The Company’s legitimate interest in protecting its rights, Art. 6 (1) (f) GDPR. No new and specific provision of data is required, since the Company will pursue this further purpose, where necessary, by processing the data collected for the purposes indicated above. |
The data will be retained for the time necessary to pursue the protection of the right. |
4 |
Complying with legal obligations.The Company may process personal data to comply with the obligations to which it is subject under laws, regulations or EU legislation, provisions/requests of authorities legally entitled to do so and/or supervisory and control bodies. | Depending on the need, the personal data collected for purposes 1 to 3 will be processed. | Compliance with a legal obligation, Art. 6 (1) (c) GDPR. The provision of personal data for this purpose is mandatory, since otherwise the Company would be unable to comply with specific legal obligations. |
The time necessary to process the request. |
The Company adopts appropriate security measures in order to ensure the protection, security, integrity and accessibility of Users’ personal data. The appropriate security measures are intended to prevent unauthorized access, disclosure, modification or destruction of personal data.
All personal data are stored on the Company’s protected IT devices, or suitably archived paper copies, or on those of our suppliers, and are accessible and usable in accordance with our security standards and policies, or equivalent standards for our suppliers.
The Company retains the User’s personal data only for the time necessary to achieve the purposes for which they were collected or for any other related legitimate purpose.
Personal data that are no longer necessary, or for which there is no longer a legal basis for their retention, will be irreversibly anonymized or securely destroyed.
If the processing of personal data serves multiple purposes, the data will be deleted or anonymized as soon as the retention period relating to the last purpose has expired.
The retention periods provided for each purpose are set out in the table in paragraph 2.
Personal data may be accessed by duly authorized employees of the Company, as well as by external suppliers, appointed, where necessary, as data processors, who provide support for the provision of the Services, including those necessary for the operation of the App.
The Company may be contacted at the following address GDPR@cimolai.com to request access to the list of data processors and other parties to whom we disclose the data.
Your personal data will be processed mainly within the European Economic Area (EEA). However, the use of certain tools by the Company may involve, albeit residually, the transfer of such data to parties established in countries that do not belong to the European Union (EU) or the EEA (hereinafter, the “Third Countries”). In any case, such transfer is carried out in compliance with Chapter V of the GDPR.
Such external parties will process personal data as independent data controllers or as data processors, duly appointed by the Company in accordance with personal data protection legislation, depending on the role they play in relation to the processing.
You may write to the Company at any time, using the contact details indicated below, to ask which parties the personal data are transmitted to and to receive a copy of the safeguards adopted for the transfer.
Each User has the right to request from the Company, subject to the existence of the legal basis underlying the request:
Right to object: in addition to the rights listed above, the User always has the right to object at any time to the processing of personal data carried out by the Company in pursuit of its legitimate interest.
In the event that the rights described above are exercised, the Company will process any personal data provided by the User exclusively in order to respond to the request. The data thus processed will then be stored in a dedicated archive for 2 years from the sending of the last response by the Company.
The exercise of these rights, which may be carried out through the Company’s contact details indicated in paragraph 1, is free of charge and is not subject to formal constraints. It will be the Company’s responsibility to verify that the User is entitled to exercise the relevant right and to provide a response, as a rule, within one month.
If the User believes that the processing of their personal data is carried out in violation of the provisions of the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority, using the contact details available on the website www.garanteprivacy.it, or to bring proceedings before the competent courts.
Last updated: May 2026
Ownership data
Cimolai S.p.A.
Single-member company
Cimolai Head Office
F +39 0434 361401