With this information notice Pagano S.p.A. with registered office in Piazza Sante Bargellini, 21 CAP 00157 Rome (RM), email as the Data Controller – wishes to inform you about the processing of personal data that you provide through browsing this Website (hereinafter simply “Website”).

For any clarification, information, exercise of the rights listed in this notice, please contact:


address for sending registered mail: Pagano S.p.A. – Piazza Sante Bargellini, 21 CAP 00157 Rome (RM).

D.Lgs 196/2003 as amended by D.Lgs 101/2018 and EU REG. 2016/679 establish the rules to protect and safeguard individuals with regard to the processing of their personal data, and this information notice is prepared in accordance with the new legislative dictate.

The policy may be subject to change as a result of the introduction of new legislation, so we encourage you to visit this section periodically for updates.

The Privacy Policy you are reading is exclusively referable to the Website and the Owner is not responsible for the way personal data processing is carried out by third party websites that can be linked through the Cookie section, or through any window-links on the Homepage.

According to the law, the processing of personal data is based on the principles of correctness, lawfulness, transparency, accuracy, purpose limitation and storage, minimization, integrity of data, protection of the user’s confidentiality as well as protection of the user’s rights.

The Data Controller undertakes to observe the aforementioned principles and, also for this purpose, informs You from the outset that – except for those processing operations to which the law provides for Your explicit consent – by browsing this Web Site, uploading or providing personal data, You accept and agree to be bound by the conditions and terms set out in this notice. Your consent to data processing – where given by you – may be revoked at any time by contacting the above addresses.

If you are under 16 years of age, Your consent is legitimate only if it is given or authorized by the person who holds parental responsibility for You, in accordance with the provisions of Art. 8 EU Reg. 2016/679. For data subjects on the territory of Italy, consent is also legitimate, under the same conditions as above, if the person is 14 years of age or older.

In any case, we want to give you some information about the concept of processing personal data and the people who handle them.



“Personal data” means all information that could directly or indirectly enable the identification of users.

Such information, for example, may be: name, address, user name, e-mail address and phone number, or even the IP address of the device used, browsing preferences or information about the user’s lifestyle or hobbies and interests in addition to their online shopping preferences.

The personal data processed are those voluntarily provided by the user (e.g., common data such as identification data, one’s phone or email address) and those collected by tracking technologies (cookies).

“Processing of personal data” means any operation or set of operations carried out with or without the help of automated processes and applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.


The “data controller” is the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data. It also deals with security profiles.

With regard to this Website, the data controller is the company as better specified and identified above, and for any clarification or exercise of your rights you may contact it at the following email address:


The “data processor” is the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.

More information is available at the following email address:


On this Website, data are collected electronically and processed by means of operations carried out mainly with the aid of electronic tools, ensuring the use of appropriate measures for the security of the processed data and guaranteeing their confidentiality. In particular, data processing is carried out by minimizing the use of sensitive personal data.

Your personal data will be processed by collaborators and/or employees of the Data Controller as data processors or handlers, within the scope of their respective functions and in accordance with the instructions given by the Data Controller.


The processing of personal data relating to the services of the Web Site takes place at the above-mentioned Data Controller and is handled only by personnel authorized to do so.

Your personal data may be communicated to Judicial Authorities and Police Forces in the only cases in which this is required by law and used by the Owner for the purpose of possible defense of its rights in court, where strictly necessary.

The data collected will not be disseminated. However, for the effective execution of the requested service, some data will be shared with external subjects, appointed as data processors ex art. 28 Reg. UE 2016/679, called to carry out specific tasks on behalf of the company (ex: Web agency, professionals, etc.). The Data Controller is committed to protecting the security of personal data by taking all necessary IT and physical measures to protect the personal data provided. No security system guarantees with absolute certainty such protection, therefore, except in cases of liability for negligence, the Owner is not liable for the act performed by third parties who abusively access the systems without due authorization.


  • To provide the Services through the Website, to allow you to contact the Data Controller to get information related to the Data Controller’s business, to request information regarding the products described online on the Website, through the contact form, to send you the newsletter (if active this service) if you have requested it as a Service by subscribing to it, and which contains only informative and non-commercial material, and to provide you with any other Service or information you request and is available to the Data Controller. The completion of the various request forms that may be present online does not constitute for the Controller any assumption of legal obligations, nor any formal initiation of a pre-negotiation negotiation. For the processing of common data of third parties released through the completion of the form, the Owner will process these data in compliance with applicable regulations, assuming that they refer to You or to third parties who have expressly authorized You to confer them on the basis of a suitable legal basis legitimizing the processing of the data in question. With respect to such hypotheses, You place Yourself as autonomous data controller, assuming all legal obligations and responsibilities. In this sense, you confer on the point the widest indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the Controller from third parties whose personal data have been processed through the completion of the form (“Provision of the Service” Purposes). The data processed are common data. The Owner invites the user not to enter special, so-called “sensitive” data (concerning one’s health condition whether physical or psychological, political, religious orientation, etc.) unless strictly necessary for the purpose of requesting information or purchasing products.

  • send you marketing communications through newsletters, promotions and advertising, including through the email address entered in the fields of compilation (“Marketing” Purposes). The data processed are common data;

  • Send you marketing communications in line with your preferences (“Profiling” Purposes).

  • To monitor statistically in aggregate format the attendance to the site (“Analysis” Purposes);

  • To fulfill legal obligations that require the Controller to collect and/or further process certain types of personal data (“Compliance” Purposes). The data processed are ordinary personal data;

  • to prevent or detect any abuse in the use of the Web Site, or any fraudulent activity and thus enable the Holders to protect themselves in court (“Prevention of Abuse and Fraud” Purposes). The data processed are common personal data.


The legal basis for the processing of personal data provided by You through browsing is:

  • Provision of the Service: the fulfillment of obligations of a contractual or pre-contractual nature ex art. 6 co 1 lett. b) GDPR. Processing for this purpose is necessary to be able to provide you with the requested service (e.g., release more information regarding the Owner’s products), answer your questions or provide you with a quotation, or carry out pre-contractual activities if you request it. It is not obligatory to provide the requested personal data, however, failure to do so will not allow us to provide the requested service and thus respond to requests/initiate pre-negotiations/conclude agreements. Regarding the email address entered in the contact form (with noncommercial content), it is not mandatory to provide your data (email address), however, failure to indicate the email address does not allow subscription to the newsletter. You can always – and at any time – revoke your subscription by unsubscribing from the newsletter using the appropriate link at the bottom of the newsletter or by writing to
  • Marketing: the consent of the data subject ex art. 6 co 1 lett. a) GDPR. The activity is also carried out through the newsletter (if the service is active) with promotional content. It is not mandatory to give your consent for the purpose of Marketing, and you can always revoke it at any time without any consequence (other than not receiving any more marketing communication) by writing to
  • Profiling: the consent of the data subject ex art. 6 co 1 lett. a) GDPR. The activity is carried out through the installation of profiling cookies. The granting of your consent is done by passing the cookie banner present when accessing the Site. The data processed are common data. It is not obligatory to give your consent. If you do not give it, you will not be able to receive promotional communications calibrated to your interests. You can object to such processing at any time by writing to without any consequences.
  • Analysis: the legitimate interest ex art. 6 co. 1 lett. f) GDPR of the Controller.
  • Compliance: the fulfillment of a legal obligation ex art. 6 co 1 lett. c) GDPR. Processing for this purpose is necessary for the Data Controller in order to comply with legal obligations under legislation, including industry regulations, including tax, fiscal or other obligations. The release of your data in this case is compulsory, otherwise it will not be possible to provide you with the service/start pre-negotiations/conclude the contract.
  • Abuse and Fraud Prevention: the legitimate interest under Art. 6 co 1 lett. f) GDPR. Processing for this purpose is aimed solely at enabling the Data Controller to prevent and/or detect any fraudulent activities committed through the Website and thus protect itself in court.

We remind you that as of 07/27/2022 the Public Register of Oppositions is operational. Please note that pursuant to Presidential Decree No. 26 of January 27, 2022, you may object to or revoke your consent to marketing activities by registering with the Register of Oppositions.

If you have given your consent to marketing activities in the context of existing contractual relationships with the Holder, or the same have ceased no more than thirty days ago and therefore the Register of Oppositions does not apply, where you are no longer interested in receiving such promotional communications you may revoke your consent at any time by writing to the e-mail address


Data processed to fulfill legal obligations will be retained until the fulfillment itself, and in any case for the period of time necessary to prove the fulfillment; data processed to respond to your requests (Service Provision) will be deleted once the purpose has been fulfilled and then the request processed, unless there are other legitimate reasons to keep them in its systems/archives. If necessary to retain them to fulfill contractual purposes until they are fulfilled and, if a contract is concluded or there have been pre-contractual negotiations, for ten years from the conclusion of the contract in order to allow any judicial or extrajudicial protection as well as the demonstration of the correct fulfillment of the obligations contractually undertaken. The data processed for marketing and profiling purposes until the data subject withdraws consent.

With regard to the activity of analytical cookie management and the purpose of Analysis, the data will be retained until any opposition by the data subject, to be exercised in the manner indicated below, or for processing based on consent, until the consent is revoked. The data processed for Compliance purposes for the period of time indicated by the specific legislation.

Data processed for the purposes of Abuse and Fraud Prevention for the time strictly necessary to enable the Data Controller to defend itself in court.


The personal data You provide may come to the attention of the Data Controller and/or any data processors appointed.

Possible additional categories of recipients who may become aware of Your personal data during or after the execution of the contract are:

  1. parties who process the data in performance of specific legal obligations;
  2. external consultants and professionals who provide services functional to, arising from or related to the above purposes (e.g. marketing activities), identified in writing and to whom specific written instructions have been given with reference to the processing of personal data;
  3. subjects with whom it is necessary to interact in order to execute the requested services (e.g. hosting providers, maintenance or repair companies of computer systems);
  4. persons authorized by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of the Services, who have committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees of the Data Controller);
  5. in general, to all those public and private entities (e.g. postal service or other mail delivery companies, banks, credit or insurance institutions,) for which the communication is necessary for the correct and complete fulfillment of the indicated purposes;
  6. subjects or entities to which it is mandatory to communicate the data for the purposes of Compliance, abuse and fraud prevention, or by order of the authority.


Unless specifically requested by You in writing, or specifically ordered by the A.G./regulatory obligation, the personal data provided by You are not subject to dissemination.


In order to provide certain services, personal data may be transferred to third party organizations or countries, where the servers of the hosting or providers are located.

Where this occurs, the Data Controller ensures that Your Personal Data is processed by these recipients in accordance with applicable data protection legislation, including European and Italian legislation to which we are subject. Where required by European data protection legislation, the transfer of Your Data outside the European Union will take place on the basis of appropriate safeguards (such as EU standard contractual clauses for the transfer of data between countries within the EU and countries outside the EU) and/or other legal bases in accordance with EU legislation.

More information is available from

The Website also processes YOUR personal data through cookies. For more information on this topic, please read our Cookie Policy which is an integral part of this Privacy Policy.


Chapter III of EU REG. 2016/679 lists the user’s rights.

The Data Controller therefore wishes to inform you of the existence of specific rights, including the right to obtain from the Data Controller confirmation, or not, of the existence of your personal data (i.e. access), their provision in an intelligible form, as well as their rectification, or deletion or to restrict its processing in whole or in part or to object for legitimate reasons to it and/or to withdraw consent to its processing at any time (without prejudice to the consequences referred to in point 5 above), or to request the portability of your data with regard to the data subject to specific consent, or even to update it. As a “data subject”, you also have the right to request the transformation into anonymous form, the limitation or blocking of data processed in violation of the law; you can also lodge a complaint regarding the unauthorized processing of Your data with the Guarantor for the Protection of Personal Data in the manner published on the site of that authority (see You have the right to have knowledge of the origin of the data, the purposes and methods of processing, the logic applied to the processing, the identification details of the Data Controller and the persons to whom the data may be communicated.

Requests relating to the exercise of the aforementioned rights may be addressed to the Data Controller, at the contact details indicated above, without formalities or, alternatively, using the form provided by the Garante per la Protezione dei Dati Personali (Data Protection Authority) that can be found at the Site:

Likewise, in the event of a violation of the regulations, you have the right to file a complaint with the Garante per la Protezione dei Dati Personali, as the authority in charge of controlling the processing in the Italian state. The template for filing a complaint with the Privacy Guarantor can be found at:

To exercise one or more of the above rights, you may contact us at the following email address: