Privacy Policy

This Privacy policy describes the procedure for processing personal data of the users that access the website by sending specific requests and information or even by simply consulting the content of its pages.
This Privacy policy is drawn up pursuant to Art. 13 of Regulation 679/2016 (European Regulation for the protection of personal data, GDPR) and national legislation on personal data protection.
The policy is also inspired by the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, regarding cookies and by the Provision issued by the Italian Data Protection Authority for the protection of personal data regarding cookies.
Cookie: see cookie policy at the following link
The Privacy Policy covers exclusively the website and not other external websites that may be consulted by the user through links present on the website pages.


The Data Controller is Formec Biffi S.p.A. with headquarters in Milan, via Brera and operating headquarters in San Rocco al Porto (LO), via Piacenza, 20, in the person of its legal representative that can be contacted at the following contact details:
Tel. 0377/45401


The navigation on this website and/or the access to some website sections may lead to the collection and processing of personal data.


Data acquired during navigation
The information systems and software procedures used to operate the Website acquire, during their standard operation, some personal data whose transmission is implicit to the use of the Internet communication protocols.
These data are not collected in order to be associated with identified data subjects, but, by their very nature, could, by being processed and associated with data held by third parties, make it possible to identify users.
This category of data includes IP addresses or domain names of the computers used by the users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, request time, method used to submit the request to the server, size of the response file, numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.


Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses given on this website implies the subsequent acquisition of the sender’s address that is necessary to answer the requests, as well as any other personal data contained in the request.
The optional, explicit and voluntary registration through web forms present on the website implies the subsequent acquisition of all the data contained in the boxes filled out by the user and processing is carried out exclusively to provide the service requested.
Specific policies are present on the website pages regarding special services provided and are displayed before collecting data.


The personal data collected will be processed by Formec Biffi S.p.A. in compliance with the conditions of Art. 6 Reg. EU 2016/679, for the following purposes:
1. The data acquired during navigation are processed to enable the operation of the Website.
2. The personal data provided by the users sending requests are used with the exclusive purpose of following up the request sent.


For the purposes described above, the personal data collected may be communicated to recipients that will process data as data processors and/or as natural persons acting under the authority of the Data Controller and the Data Processor:

  • subjects that provide services for the management of the website, information system and communication networks;
  • Professional firms, firms for consultancy or assistance purposes to the Data Controller;
  • Authorities responsible for enforcement of compliance with the law and/or provisions of public bodies, upon request.

The updated list of the Data Processors can be requested by writing to or getting in touch with the contact details specified in point 1 of this Privacy Policy.



Within the scope of the purposes described above, the personal data collected may be transferred to Information Systems in EU or non-EU countries in compliance with the regulation, Article 44– General principle for the transfer; Article 45– Transfer on the basis of an adequacy decision; Article 46– Transfer subject to appropriate safeguards.
The data subject can obtain information about data transfer safeguards by writing an e-mail


The processing will be carried out by automated or manual means, with methods and tools aimed at guaranteeing maximum security and privacy, by subjects specifically appointed to do so in compliance with the security measures established by GDPR 2016/679.


In compliance with the provisions of Art. 5, paragraph 1, letter e) of Reg. UE 2016/679 personal data collected will be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data were collected and other purposes allowed and associated, or in compliance with the provisions of the applicable legislation.
The data processed for purpose 1 of art. 3 above are stored for the duration of the navigation session.
The data processed for purpose 2 of art. 3 above are stored for the period of time required to follow up the request sent from time to time.


Data subjects can assert their rights as established by EU Regulation No. 679/2016 by contacting the Data Controller, sending an e-mail to or writing to the headquarters of the Data Controller indicated above.
Data subjects have the following rights:

  • the right, at any time, to obtain from the Data Controller access to your personal data (Article 15), to modify them (Article 16) or erase them (Article 17), or to limit processing (Art. 18) or oppose data processing based on legitimate interest (Article 21).
  • The right to withdraw consent: if the treatment is based on consent, data subjects have the right to withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal.
  • The right to lodge a complaint with a supervisory authority.

To object to data processing and to exercise other rights, you can write to the Controller to the address: or to the addresses given in point 1 of this policy.

Irrespective of what specified for navigation data, users are free to provide their personal data.

Failure to provide personal data will make it impossible, for certain services, to use the services offered by the Data controller.


Updated on 23/01/2019