Pursuant to the GDPR (General Data Protection Regulation) 2016/679 EU Regulation and the national data protection legislation, we hereby inform you that the processing of your data will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality, to ensure adequate security and storage of the same.


Pursuant to Articles 4 and 24 of EU Regulation 2016/679 the Data Controller is AXIOTEK di De Benetti Sonia & C. S.A.S., Tax Code / VAT No. 03429140126, 21056 Induno Olona (VA), via Monte Tagliaferro n. 8, in the person of its pro-tempore legal representative.


Personal data acquired through the website will be processed following art. 6 letters b) and e) of the GDPR:

  1. to manage and maintain the website; to allow the use of the services and the fulfilment of the requests of the users; to allow effective communication; to fulfil obligations provided for by the law, by EU regulations or by orders of the Authority, or in any case connected with institutional activities and functions; and lastly to prevent or discover fraudulent activities. The forwarding of e-mails to the addresses indicated in the portal and the filling of forms entails the subsequent acquisition of the address of the sender, necessary to reply to requests, as well as any other personal data included in the e-mail or form. In this case, the data acquired will be processed exclusively to respond to the requests of the users;
  2. for promotional communications, including personalised correspondence; market surveys; economic/statistical analyses; customer satisfaction surveys by sending advertising material and promotional paper, e-mails, SMS, MMS material. The purpose of the collection and the automated processing of personal data also include the forwarding of survey questionnaires, to which the User is not obliged to respond.

In the cases referred to in item a), failure to give consent may make it impossible to provide the requested service, since failure to supply the data needed for providing the service may make it impossible to complete the registration on the institutional website, which will result in the impossibility of delivering the services necessary to fulfil contractual, accounting and fiscal obligations. The legal basis of the treatment for the purposes discussed in item b) is your consent. However, refusal of the same does not have any negative consequences as regards to registration.

Ad hoc information or indications on the reference legislation/legal basis may be published, in case of particular data processing activities, on specific pages of the website, in the formats or document models published on the website.


The processing of data acquired through the website and/or related to the services of the website takes place at the offices of the Data Controller, and if applicable at those of the parties indicated below, specifically appointed as Data Processors

  • providers of services for the management of the information system and the telecommunication networks (including e-mail);
  • service companies for the acquisition, registration and processing of data coming from documents or supports supplied by and originated from the customers themselves, for the processing of payments, bills, cheques and other securities;
  • providers of customer service activities (e.g. call centres, help desks, etc.);
  • studies or companies involved in the support and consultancy relationships;
  • individuals responsible for the control, auditing and certification of the activities of the Data Controller, also in the interest of customers.

The list of possible Data Processors is constantly updated and available upon request of the interested party. The processing of data takes place using both paper and computerised tools, complying with the principles of fairness, lawfulness, transparency, relevance. Moreover, such processing shall not be excessive in relation to the purposes of the collection and the subsequent processing. Appropriate measures shall also be implemented to prevent data loss, illegal or incorrect use, unauthorized access and in general to ensure compliance with the provisions of the GDPR and Italian Legislative Decree No 193/2006 and subsequent modifications. The data are exclusively processed by authorized personnel or by individuals authorised to carry out occasional maintenance activities.



Pursuant to art. 5 of the GDPR, the data will be processed and stored for a period of time not exceeding the fulfilment of the purposes of the service and treatment, and/or in compliance with the terms provided by law and the GDPR.


The Data Subject has specific rights regarding their own data.

In detail, in addition to the right to issue a complaint with a Supervisory Board, the Data Subject also has the rights listed below, which they can exercise through specific written request to the Data Controller and/or Data Processor.

Art. 15 GDPR - Right of access

The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information concerning their processing.

Art. 16 GDPR - Right of rectification

The Data Subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Art. 17 GDPR - Right to erasure (right to be forgotten)

The Data Subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay.

Art. 18 GDPR - Right to restriction of processing

The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c)  the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;

(d)  the Data Subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.

Art. 20 GDPR - Right to data portability

The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided.

 In exercising his or her right to data portability pursuant to paragraph 1, the Data Subject shall have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.

Art. 21 GDPR - Right to object

The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

In order to exercise the above-mentioned rights, the Data Subject may contact Axiotek di De Benetti Sonia Sas at any time, using one of the following methods:

  • registered mail to the above address;
  • e- mail to the following certified e-mail address: Ten adres pocztowy jest chroniony przed spamowaniem. Aby go zobaczyć, konieczne jest włączenie w przeglądarce obsługi JavaScript.
  • fax to n. 0332/1892846