Privacy Policy

Maltempi S.r.l. recognizes and guarantees the security of this website users’ personal data and recognizes the importance of correct processing; for this reason, it pays the utmost attention in the collection and management of personal data that will be provided during its use or that will be automatically acquired when consulting the website.

In pursuing this aim, Maltempi S.r.l. adopts specific measures to guarantee the security, confidentiality and integrity of personal data, complying with the provisions of EU Regulation 679/2016 (General Data Protection Regulation, hereinafter also referred to as “GDPR”) and the national laws concerning personal data protection .

In the provision of services and within the legal relations related to its business, Maltempi S.r.l. recognizes and respects the right to the protection of personal data as a fundamental right of the person.

The ability of a natural person to maintain control of personal data is an expression of this fundamental right: a conscious and lasting commitment is required in order to guarantee an adequate level of protection of personal data.

In this sense, it is recalled that the GDPR defines as:

  • “personal data” any information concerning an identified or identifiable natural person (who, in this context, assumes the role of “interested in the processing”);
  • “processing” any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

The following information describes the purposes and the way in which personal data are processed, in relation to users who access and use the website (hereinafter only “Site”).

The information is provided exclusively for the online activities of this Site and is valid for visitors / users of the Site. It does not apply to information collected through different channels.

In the event that, in the pages dedicated to the various services rendered by or through the Site, the provision of users’ personal data becomes necessary, the necessary supplementary information will be communicated to allow the user to evaluate the will to proceed or not with the provision of personal data for the purposes illustrated from time to time.

  1. Data controller

The Data Controller of the personal data provided is Maltempi S.r.l .., with registered office in Milan Via Besana n. 7. In the event that, in relation to specific processing purposes, joint relations with third parties emerge, the due information will be provided in advance with respect to the provision of personal data by the data subject.

  1. . Personal data processed

The data processed during the consultation of the site and its sections may come from automatic sources or from voluntary sources. For example, they may come from user navigation, which could bring with it information relating to previous consultations of other sites, including in particular cookies and other similar technologies. The data could also be voluntarily provided by the user or by subjects related to it.

Automatic acquisition of data by the site

Browsing data: the IT systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols.

This piece of information that is not collected to be associated with the user, but which by its very nature could, through processing and association with data held by third parties, allow its identification. This category of data includes the IP addresses or domain names of the computers used for navigation and which connect to the sites, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in the submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment.

These data are not disclosed, but are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are kept for the times defined by the legal regulations of reference.

The data could, however, be used to ascertain responsibility in the event of hypothetical computer crimes against the Site. Except for the latter option, these data do not persist for more than fifteen days.

Geo-location data: the internal search system of the Site collects, only when used and subject to confirmation by the user, data relating to its geographical position in order to obtain the appropriate search results (for example the nearest sales point ).

Data voluntarily provided

To allow the user to take advantage of the various services offered by the Site, based on the service, his personal data will be requested, such as: personal data, contact data (telephone contacts, e-mail account, home or residence address , etc.), data relating to the method of payment, information on purchases and transactions, etc.

While the provision of such data remains voluntary, failure to communicate the same may make it impossible to provide the service for which they were requested.

In order to protect the privacy and safety of children, Maltempi S.r.l. does not voluntarily collect or use personal data relating to persons under the age of sixteen. Users under the age indicated above are invited not to provide their personal data.

  1. Requirements of lawfulness and purpose of the processing

All processing relating to the personal data of users of the Site will be carried out exclusively in compliance with the lawfulness requirements provided for by the legislation on the protection of personal data, with the aim of:

– ensure correct navigation to the areas of the Site, due to the necessary nature of this processing and for the fulfillment of legal obligations (art. 6, paragraph 1, letter c GDPR);

– process the purchase requests for the products of Maltempi S.r.l. or use of the services offered by the Site, due to the necessary nature of this processing to execute contractual and / or pre-contractual measures adopted at the request of the interested party (art. 6, paragraph 1, letter b GDPR);

– follow up on contact requests due to the necessary nature of this processing to execute contractual and / or pre-contractual measures adopted upon request of the interested party (art. 6, paragraph 1, letter b GDPR);

– carry out marketing activities through automated and non-automated tools, based on the explicit consent possibly given by the interested party. Marketing activities can be carried out by sending newsletters, promotions, discounts, concessions, commercial information and other dedicated services, by paper mail, operator call, direct sales, or by e-mail, pre-recorded calls, messaging platforms and SMS / MMS. In this context, the Data Controller may also process the personal data provided by the interested party in order to invite him to participate to manifestation and events, or to report special initiatives dedicated to Maltempi S.r.l. customers.

– carry out profiling activities, based on your explicit consent, if any. The profiling activities can be carried out by analyzing the information regarding the interests and preferences of the interested party with respect to our products and services and his consumption choices, for example through the detection of the type and frequency of purchases made so much on the Site , either through  personal account; in guest mode, as in our boutiques, in order to guarantee a personalized service on the occasion of future visits to the boutiques of Maltempi S.r.l .

In the event that consent is given to the processing of personal data for marketing purposes, it will be possible for Maltempi S.r.l. to communicate promotions and / or invitations to initiatives that better adhere to the profile of the person concerned, his/her preferences and expectations.

  1. Processing methods

The processing will be carried out, using mainly IT tools but also paper or telematics, by means of collaborators and employees authorized to do so, who operate according to the instructions given by the Data Controller, with logic strictly related to the purposes indicated and, in any case, in order to guarantee the security and confidentiality of the data processed.

In particular, the processing of user data, also for profiling purposes, may take place through automated processes, for example through the comparison and comparative analysis of the purchase choices (types, quantities etc.), during a certain period and / or season and by analyzing the type and number of any requests for information on products made over a predetermined time horizon.

Specific security measures are adopted in order to minimize the risks of destruction or loss, even accidental, of the data being processed, unauthorized access, processing not allowed or not compliant with the purposes indicated in this statement.

  1. Disclosure of personal data

The data may be communicated by the Data Controller to consultants and consultancy companies, or also to third parties that operate, also in the name and account of the Data Controller, for the fulfillment of the services connected to the purposes indicated in this information, both within the EU and outside the EU (in the latter case, this will only occur if the level of protection of personal data, guaranteed by the Regulation, is not affected) as well as to public authorities that make a legitimate and formal request.

Browsing data and similar (for which the above is recalled), as well as profiling cookies also of third parties (for which reference is made to the Cookie Policy of this Website), which will be communicated to the respective interested third parties, where these do not manage them directly as Data Controllers.

  1. Duration of processing

The personal data of the interested parties will be processed by Maltempi S.r.l. for periods of time varying according to the different purposes of the processing. In any case, such personal data will be kept only for the period strictly necessary to achieve the purposes for which the data were collected and processed, except  the need for further storage in view of specific provisions of the law.

In particular:

  • Data collected and processed for marketing purposes: up to the revocation of the consent given;
  • Data collected and processed for profiling purposes: 7 years from the date of consent given by the interested party, automatically renewed every time a new purchase is made at a boutique / store in Maltempi S.r.l. or on the Site.
  • Data collected and processed for the provision of a site service: the storage and processing of data will take place for the time strictly necessary to execute the service to which the user has signed up, in any case no later than 7 years from last demonstration of his interest in the service concerned.
  • Data collected and processed to respond to a request: the storage and processing of data will take place for the time strictly necessary to execute the contact request and any activities charged to the Data Controller deriving from it.
  •  Data collected and processed in order to protect the legitimate interests of the Data Controller or third parties: the storage and processing of the data of the interested party will take place for the time strictly necessary to achieve the legitimate interest from time to time pursued.
  •  Data collected and processed in compliance with the law: the storage and processing of the data of the interested party will take place for the time required by the legislation applicable from time to time.

In each section of the Site in which the subject will be asked to communicate his personal data, this will only take place following the provision of the relative Privacy Information in order to guarantee the same adequate knowledge and awareness of the processing which are carried out by the Data Controller on the personal data that it is about to transmit and on the relative terms of storage of the data.

  1. Rights of the interested party

Each interested party has the right of access, rectification, cancellation (oblivion), limitation, receipt of notification in case of rectification, cancellation or limitation, portability, opposition and not to be the subject of an individual automated decision, including the profiling, pursuant to art. from 15 to 22 of the GDPR.

These rights can be exercised in the forms and terms of art. 12 GDPR by written communication sent to the Data Controller by e-mail at

Furthermore, further information or clarifications may be requested from this address or to have an indication of the subjects authorized to access personal data.

  1. Changes to this information

The Data Controller may occasionally modify this information, for example in order to comply with new requirements imposed by applicable legislation or technical requirements. In this case, the updated information will be published closely on the Site. Any substantial changes may also be communicated to the interested party and request the consent to the aforementioned changes, where required by applicable law. Any interested party is invited to periodically consult this page.


Complete cookies policy information for website users

Who are we and how do we use your personal data?

The Maltempi s.r.l in its capacity as Controller is concerned about the privacy of your personal data and guarantees that they are sufficiently protected against any event that could jeopardize their security.

The Controller puts the policy into practice with regard to the collection and processing of personal data and to the exercise of your rights recognized by the applicable regulations. The Controller takes care to update the policies and practices applied for the protection of personal data whenever this becomes necessary and in any case when there are amendments to the legislation and changes within the organization that could affect the processing of personal data.

The Controller has appointed a Data Protection Officer (DPO) whom you can contact should you have any questions concerning the policies and practices adopted. You may contact the DPO at the address

How does the Controller collect and process your data?

Your personal data will be processed for the following purposes:

  1. Navigation of the website

Your personal data, including navigation data, e.g. the IP address and cookies issued during navigation of the website are processed by the Controller to manage the website and gather information, also in aggregated form. Your personal data will not be disseminated or shared indiscriminately in any form to unspecified parties.

  1. Notification to third parties and recipients

Your personal data are disseminated primarily to third parties and/or recipients whose activity is required for fulfilling the activities related to the aforementioned purposes and also for meeting precise legal requirements. Any communication that does not serve these purposes will be subject to your consent.

In particular, your data will be communicated to third parties/recipients for the following purposes:

  1. provision of the service (e.g. IT services providers);
  2. communication to financial administrations, public supervisory and control bodies in relation to whom the Controller is required to meet specific obligations deriving from the specific nature of the activity performed.

The personal data the Controller processes for these purposes are the navigation data (IP address).

  1. Reasons of IT security

Including through its suppliers (third parties and/or recipients), the Controller processes your personal data (e.g., IP address) or data pertaining to traffic collected or obtained in case of services offered on the website that are strictly necessary and proportional to ensure the security and capability of a network or servers connected with it to withstand, at a given level of security, unforeseen events or illicit or criminal acts that would endanger the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. Towards this end, the Controller has provided for procedures to manage data breaches.

What are cookies and what is their primary use?

A “cookie” is a small text file created by certain websites on the user’s computer when the user accesses a site, for the purpose of storing and transmitting information. The cookies are sent by a web server (which is the computer on which the website visited is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the latter’s computer; they are then re-sent to the website during the user’s subsequent visits to the website.

Some operations could not be performed without the use of cookies which, in certain cases, are, therefore, technically necessary. In other cases, the site uses cookies to facilitate and streamline navigation by the user or to allow the user to access specifically requested services.

The cookies can remain in the system for long periods of time and can also contain a unique identification code. This enables the websites that use them to track the navigation of the user inside the website itself, for statistical or advertising purposes, in order to create a personalized profile of the user based on the pages visited and show or send him/her targeted advertising messages (known as Behavioral Advertising).

Which cookies are used and for what primary purpose?

Below, the Controller has provided the specific types of cookies utilized, their purpose and what happens if they are disabled.

TYPE OF COOKIEFirst/Third partyPurposeData retention time Consequence if disabled
Technical cookiesFirstWebsite management Used for the operation and safe and efficient exploration of the websiteValid for the navigation sessionThese cookies are required for the use of the website, if you block them the website will not work
Analytics cookiesFirst
Used to gather aggregated information on user navigation to optimize the navigation experience and the services providedValid for the navigation session
Established by the third parties
It would no longer be possible for the Controller to acquire aggregated information

Third party cookies

Third party cookies also run on this website: these are cookies created by a website other than the one the user is currently visiting.

Specifically, we would like to inform users that this website utilizes the following services that generate cookies:

  • The “Google Analytics” web analysis service provided by Google, Inc. is a World Wide Web analysis service that utilizes “cookies” which are stored on the user computer to allow the website visited to analyze how users make use of it. The information generated by the cookie on the use of the websites visited by the user (including the IP address) is sent to Google, and deposited on the Google servers in the United States. Google will employ this information to track and analyze the use of the website by users, compile reports on website activities for website operators and provide other services concerning website activities and use of the Internet. To consult the Google privacy notice related to the Google Analytics service, and to express your consent for the use of the cookies described above, please refer to the following web page
  • enables the sharing of content such as news, articles and events from the website with other systems. To consult the Share This privacy notice and to express your consent for the use of the cookies described above, please refer to the website

Social buttons

The website contains certain “buttons” (known as “social buttons/widgets”) which display social network icons (e.g., Facebook, LinkedIn) and icons of other web services (e.g., YouTube). These allow users navigating the Controller’s web page to access the referred social networks with a “click”. In this case, the social network and the web services acquire the data concerning the user, but the Controller will not share any navigation information or user data acquired through its own website with the social networks and the web services that are accessible via the social buttons/widgets. These services issue “third party cookies”. The links to the privacy notices of the most commonly used social networks and websites the buttons send users to are given below:

Disabling and enabling cookies

Passing the initial banner containing the short information notice, users provide their express consent to the use of the cookies of the website indicated in this document.

In this section, Users can edit the website cookies settings. Having edited the settings, you must click on the SAVE button.

Technical cookies

These cookies are required for the use of the website, if you block them the website will not work. Your consent is not required for their installation.

Analytics cookies

These cookies are used to gather aggregated information on user navigation to optimize the navigation experience and the services provided. Blocking them will make it impossible for the Controller to optimize the user’s navigation experience, but it is in any case possible to navigate the website.

Having enabled them, you may freely disable individual cookies also from your own browser (select the settings menu, click on the Internet options, open the privacy page and select the required cookie blocking level). For more information, visit the following links: Google Chrome, Mozilla FirefoxApple Safari and Microsoft Windows Explorer.

In addition, the “Do Not Track” option, found in most of the latest-generation browsers, may be activated.

Disabling “third party” cookies does not jeopardize navigation of this website in any way.

What happens if you do not provide your data?

We invite you to examine the consequences of disabling individual cookies, provided in the table above.

How, where and for how long is your data stored?

How do we process your data?

Your personal data are processed via electronic procedures by specially authorized and trained internal employees. They are allowed access to your personal data in the measure and within the limits necessary for processing of your personal data.

The Controller periodically audits the tools whereby your data are processed and the security measures contemplated for them, which require constant updating; the Controller verifies, also via the authorized processors, that no personal data are collected, processed, filed or held unless it is necessary; regular audits ensure that the data are stored ensuring its integrity and authenticity and that they are used for the purposes of the processing effectively done.

Where do we process your data?

The data are stored in computer and telematic archives located within the European Economic Area.

How long do we process your data for?


Please refer to the personal data storage terms as provided in the table above.

Website navigation:

The personal data are kept for the time required to allow navigation of the website and in any case no longer than 36 months, except in cases in which events occur that require the intervention of the competent authorities, also in cooperation with third parties/recipients appointed to manage the Controller’s data IT security activities, for the time required to investigate the causes determining the event and to protect the interests of the Controller in relation to any liability related to the use of the website and the relative services.

What rights do you have?

In essence, at any time, free of charge and without any special procedures for making the request, you can:

  • obtain confirmation that your data are being processed by the Controller;
  • access your personal data and know the origin (when the data were not obtained from you directly), the purposes and aims of processing, the data of the subjects receiving them, the storage period of your data or the criteria used to determine it;
  • update or correct your personal data so that they are always exact and accurate;
  • delete your personal data from the databases and/or archives, including backup archives, of the Controller when, among other things, they are no longer necessary for the purpose for which they were processed or if they received illegitimately, and whenever there are any of the conditions contemplated by law; and in any case if processing is not justified by another equally legitimate reason;
  • limit processing of your personal data to certain circumstances, such as those in which their accuracy has been challenged, for the period necessary to the Controller to check their accuracy. You must be informed, within a congruous time, also about when the period of suspension is terminated or the cause of the limitation to processing has been resolved, and the limitation revoked;
  • obtain your personal data, if received or processed by the Controller with your consent and/or if they are processed on the basis of a contract and using automatic methods, in a computerized form, including for sharing them with another processing entity.

In this case, the Controller must proceed without delay and, in any case, no longer than one month from receiving your request. If necessary, this deadline may be extended to two months, given the complexity and number of requests received by the Controller. In such situations, within a month of receiving your request, the Controller must inform you and provide the reasons for the deadline extension.

How and when can you object to the processing of your personal data?

For reasons regarding your personal situation, you may, at any time, object to the processing of your personal data if it is based on legitimate interests, by sending your request to the Controller, to or or by sending a registered letter to the following address – Operational headquarters – 26012 Castelleone, Via Cicogna, 22, -registered office -33074 Fontanafredda, Via Malignani, 1

You have the right to deletion of your personal data if there is no prevalent legitimate reason with respect to the one that originated your request.

How can you lodge a complaint?

Without prejudice to any other administrative or judicial action, you may lodge a complaint to the relevant authority operating and with jurisdiction in Italy where you regularly reside or work, or if different from the member state in which the violation of Regulation (EU) 2016/679 occurred.