last updated: June 12, 2026

PRIVACY POLICY

This Privacy Policy describes how VESCOVINI GROUP S.p.A. (hereinafter also referred to as “VESCOVINI GROUP” or the “Data Controller”) collects, uses and protects the personal data of users, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and Legislative Decree no. 196/2003 as amended by Legislative Decree no. 101/2018.

By using our website, the user declares to have read this Privacy Policy.

Web services covered

This Privacy Policy applies to the web services accessible via the following addresses, corresponding to the home page of the official VESCOVINI GROUP website:

• www.vescovinigroup.com
• www.vescovinigroup.it
• www.vescovinigroup.eu
• www.sbe.it
• www.varvit.com
• www.varvit.it
• www.varvit.eu
• www.sbe-varvit.com
• www.sbe-varvit.eu

Types of data collected

The websites listed above are available in read-only mode. No registration forms, contact forms, restricted areas or newsletter subscription systems are present. The only category of personal data processed is therefore browsing data, automatically acquired by the computer systems responsible for operating the website.

Purposes of data processing

Automatically collected browsing data is used exclusively for the following purposes:

• Ensuring the correct technical operation of the website;
• Obtaining anonymous statistical information on the use of the website;
• Establishing liability in the event of hypothetical cybercrimes against the website, upon request of the competent authorities;
• Complying with legal or regulatory obligations.

Legal basis for processing

The processing of browsing data is based on the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) in the proper technical management and security of its IT systems. This interest has been assessed as prevailing over the fundamental rights and freedoms of data subjects, given the limited categories of data processed and the absence of any profiling or disclosure of such data.

For strictly necessary technical cookies required for the operation of the website, the legal basis is the performance of a service requested by the user (Art. 6(1)(b) GDPR); such cookies do not require consent pursuant to applicable supervisory authority guidance.

Data Controller

The “Data Controller” is VESCOVINI GROUP S.p.A., with registered office at Via Lazzaretti 2/A – 42122 Reggio Emilia (RE) – Italy.

Data Processor

SBE-VARVIT S.p.A. has been designated as Data Processor pursuant to Art. 28 GDPR, as it is responsible for the technical maintenance of the website.

Location of data processing

Processing operations connected to the web services of this website are carried out by authorised technical personnel, operating within the territory of the European Union.

No data resulting from browsing is communicated, transferred or disclosed to third parties, except where required by competent authorities in cases provided for by law.

Types of data processed

Browsing data

The computer systems and software procedures used to operate this website automatically acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified data subjects, but could by its very nature allow users to be identified through processing and association with data held by third parties.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user’s operating system and computing environment.

This data is used solely for the purpose of obtaining anonymous statistical information on the use of the website and to monitor its correct operation.

Cookies

Cookies are small files sent to and stored on the user’s computer by the websites they visit. Cookies are stored in the browser’s file directory. On the next visit to the website, the browser will read the cookie and retransmit the information to the website that originally created it.

This website uses exclusively technical session cookies, strictly necessary for browsing. Such cookies do not allow the acquisition of personally identifying user data, are not used for profiling purposes and expire automatically when the browser is closed.

No profiling cookies, third-party advertising cookies or other tracking tools are used.

To learn more about cookies and how they work, please visit allaboutcookies.org.

Data retention period

Browsing data (system logs) is retained for a period not exceeding 30 days from acquisition, unless longer retention is required by specific requests from competent authorities or by legal obligations. At the end of this period, data is deleted or irreversibly anonymised.

Technical session cookies expire automatically when the browser is closed and leave no persistent traces on the user’s device.

Transfer of information abroad

Browsing data is processed exclusively within the territory of the European Union. No transfer of personal data to third countries or international organisations is envisaged pursuant to Arts. 44 et seq. GDPR.

Methods of processing

Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected.

Specific technical and organisational security measures are adopted to prevent data loss, unlawful or improper use and unauthorised access, in accordance with Art. 32 GDPR.

Rights of data subjects

The data subject, as established by Arts. 15–22 GDPR, may exercise the following rights:

• Right of access (Art. 15 GDPR): obtain confirmation as to whether or not personal data concerning them is being processed and, if so, access to such data;
• Right to rectification (Art. 16 GDPR): request the rectification or completion of inaccurate or incomplete personal data;
• Right to erasure (Art. 17 GDPR): request the deletion of personal data, in the cases provided for by law;
• Right to restriction of processing (Art. 18 GDPR): request the restriction of processing in the cases provided for by law;
• Right to data portability (Art. 20 GDPR): receive personal data in a structured, commonly used and machine-readable format;
• Right to object (Art. 21 GDPR): object at any time to the processing of personal data, on grounds relating to their particular situation, in cases where processing is based on the legitimate interest of the Data Controller.

Requests to exercise the above rights should be addressed to the Data Controller:

• by e-mail, to: privacy@sbe.it

The Data Controller is required to respond without undue delay and, in any case, within one month of receiving the request, subject to a possible extension of a further two months in cases of particular complexity (Art. 12 GDPR).

Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing of their personal data is carried out in violation of the GDPR has the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.

In Italy, the supervisory authority is the Garante per la protezione dei dati personali (Italian Data Protection Authority), with offices at Piazza Venezia 11 – 00187 Rome, reachable at www.garanteprivacy.it.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this policy at any time, by publishing the updated version on this page. Users are therefore invited to check this page periodically. The “last updated” date at the top of the document indicates when the policy was last modified. Continued use of the website following the publication of any changes constitutes acceptance of the updated Privacy Policy.