Information pursuant to Articles 13-14 of EU Regulation 2016/679 (GDPR)

Data Controller
Lema S.p.A., with registered office at Via Statale Briantea n. 2, 22040 Alzate Brianza (CO), VAT no. IT00222090136, as Data Controller, informs you that your personal data will be processed in compliance with the legislation on personal data protection.

Data Protection Officer (DPO)
The appointed Data Protection Officer (DPO) is Lawyer Barbara Anzani, who can be contacted at [email protected]

Categories of data processed
We process the following categories of personal data:
– Identifying data (name, surname, email address)
– Contact data (telephone number, postal address)
– Browsing data (IP address, browser type, pages visited)
– Data relating to requests for information or services made through the website
We do not process special categories of personal data pursuant to art. 9 GDPR, unless you give explicit consent.

Purpose of processing and legal basis
Your personal data will be processed for the following purposes:
a) Management of information and contact requests
– Purpose: to respond to your requests for information about products and services
– Legal basis: execution of pre-contractual measures taken at your request (art. 6, par. 1, letter b GDPR)
b) Sending commercial communications and newsletters
– Purpose: sending advertising material, commercial offers, information on events and company news
– Legal basis: your explicit consent (art. 6, par. 1, letter a GDPR)
c) Fulfillment of legal obligations
– Purpose: to fulfill obligations required by law, regulations or EU legislation
– Legal basis: fulfillment of a legal obligation (art. 6, par. 1, letter c GDPR)
d) Protection of rights in legal proceedings
– Purpose: establishment, exercise and defense of a right in court
– Legal basis: legitimate interest of the Data Controller (art. 6, par. 1, letter f GDPR)

Nature of provision
The provision of data for the purposes referred to in point a) is optional, but refusal will make it impossible to follow up on your request. The provision of data for the purposes referred to in point b) is entirely optional and refusal will not have any consequence.

Methods of processing
Personal data will be processed using automated and manual tools, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data, through the adoption of appropriate technical and organizational measures.

Cookies and tracking technologies
The website uses cookies and similar tracking technologies to ensure the proper functioning of the site and to improve browsing experience.

What are cookies
Cookies are small text files that are stored on your device when you visit our website. They can be session cookies (which expire when you close your browser) or persistent cookies (which remain on your device for a longer period).

Types of cookies used
Necessary technical cookies
– Purpose: ensure the proper functioning of the website and navigation
– Legal basis: legitimate interest of the Data Controller (art. 6, par. 1, letter f GDPR)
– Duration: session or up to 12 months
– Do not require prior consent
Analytical and performance cookies
– Purpose: collect information on the use of the website to improve its functionalities
– Legal basis: user consent (art. 6, par. 1, letter a GDPR)
– Duration: up to 24 months
– Require prior consent
Profiling and marketing cookies
– Purpose: create user profiles and send advertising messages in line with the preferences expressed
– Legal basis: user consent (art. 6, par. 1, letter a GDPR)
– Duration: up to 24 months and in any case no longer than provided by the Privacy Authority guidelines
– Require prior consent

Third-party cookies
Our website may use third-party cookies for services such as traffic analysis, social media, and embedded content. These cookies are managed directly by the respective third parties according to their privacy policies.
For more details on the third-party cookies used and their retention periods, please refer to the updated list available on the CookieFirst platform or in the dedicated section of the banner.

Cookie preference management
For cookie management, we use the CookieFirst platform, which allows you to express and modify your preferences at any time.
You can manage your preferences:
– Through the banner that appears when you first visit the site
– By clicking the “Manage cookie preferences” button in the site footer
– By changing your browser settings

Management via browser
You can also block or delete cookies by changing your browser settings:
– Chrome: Settings > Privacy and security > Cookies
– Firefox: Options > Privacy and security
– Safari: Preferences > Privacy
– Edge: Settings > Cookies and site permissions

Please note that disabling technical cookies may compromise the correct use of some website features.

Retention period
Your personal data will be stored for the time strictly necessary to achieve the purposes for which they were collected:
– Information requests: 24 months from collection or last contact
– Commercial communications: until consent is withdrawn or objection to processing
– Legal obligations: for the period required by applicable law (generally 10 years for tax and accounting documents)
– Legal defense: until the litigation is resolved and limitation periods expire
Once these periods have expired, the data will be deleted or irreversibly anonymized.

Data recipients
Your personal data may be communicated to the following categories of recipients:
– Subjects acting as data processors: IT service providers, hosting providers, marketing companies, consultants and professionals
– Public authorities and supervisory bodies, to comply with legal obligations
– Authorized resellers and business partners, as necessary for the execution of requested services
– Banks and financial institutions for payment management
Subjects in the above categories act as independent data controllers or data processors, after written appointment imposing the duty of confidentiality and security.
Personal data will in no case be disclosed to unspecified subjects.
The updated list of data processors is available upon request by contacting the DPO.

Transfer of data to third countries
Your personal data are stored on servers located within the European Union. If the transfer of data to third countries (outside the EU) is necessary, such transfer will take place on the basis of an adequacy decision by the European Commission or through the adoption of appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission. In such cases, you may request further information and obtain a copy of the safeguards adopted by contacting the DPO.

Automated decision-making process
The Data Controller does not adopt automated decision-making processes, including profiling, referred to in art. 22 of the GDPR.

Data subject rights
In accordance with Articles 15-22 of the GDPR, you have the right to:
– Access: obtain confirmation of the existence of your personal data and receive a copy
– Rectification: obtain the correction of inaccurate data or the completion of incomplete data
– Erasure: obtain the erasure of data (so-called “right to be forgotten”) in the cases provided for by art. 17 GDPR
– Restriction: obtain the restriction of processing in the cases provided for by art. 18 GDPR
– Portability: receive in a structured format the data provided to the Data Controller and transmit them to another controller
– Objection: object at any time to the processing of data for reasons related to your particular situation
– Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal

To exercise your rights, you may send a request to:
– Email: [email protected]
– PEC: [email protected]
– Postal address: Via Statale Briantea n. 2, 22040 Alzate Brianza (CO)

The request will be fulfilled within 30 days of receipt, unless complexity or the number of requests require an extension of a further 60 days.

Right to lodge a complaint
If you believe that the processing of your personal data is in violation of current legislation, you have the right to lodge a complaint with the Data Protection Authority, located at Piazza Venezia n. 11, 00187 Rome, or via the website www.garanteprivacy.it

Changes to this policy
This policy is updated as of 10/27/2025. The Data Controller reserves the right to amend it at any time by notifying users on its website. Please check this page regularly to be informed of any changes.

Last update: 10/27/2025