Customer communications’ pursuant to Art. 13 “General Data Protection Regulation – GDPR” (REG. EU 2016/679)


Personal data will be handled in compliance with the applicable regulations and the confidentiality and security obligations that the business of Bergamaschi & Vimercati S.p.A. aspires to.

Data Controller

The Data Controller is Bergamaschi & Vimercati S.p.A., VAT and Tax code no. 01842440156, registered office at Via Santa Tecla 5, 20122 Milan, which can be contacted in the following ways:
  • by sending an e-mail to
  • by telephoning +39 02 96752031
  • by ordinary mail, writing to the registered office.

Type of data processed

The types of data processed are personal identifying data (name, surname, e-mail address, telephone number and company name).

Purpose, legal basis and storage time


Sending communications to customers to best define the products offered by the Data Controller.

Legal basis

Legitimate interest. In detail, the Data Controller intends to improve the offer of its products and services for current customers who have supplied their contact e-mail.

Storage time

2 years.

Data processing method

The handling of personal data shall be marked by principles of honesty, lawfulness and transparency, protecting your privacy and your rights and shall take place using the appropriate instruments to ensure security.

Failure to provide the data

Provision of the personal data mentioned above is necessary to pursue the purposes indicated; as a result, failure to provide that data will make it impossible to carry out the processing.

Categories of persons to whom the personal data may be advised or who may become aware of it; sphere of circulation of personal data

Personal data shall only be processed by the Data Controller’s employees and/or co-workers, also through third parties appointed as Data Processors (e.g. companies sending newsletters and electronic communications), respecting the provisions of the law, also with regard to the security measures protecting and safeguarding the data.
The data shall not be circulated in any way unless the person concerned consents.
The list of Data Processors can be requested from the Data Controller.
The Data Controller may only advise and circulate personal data for the sole purpose of fulfilling the legal obligations. Personal data can be advised to the following in Italy and abroad:
  • Public and private bodies, also following inspections or checks (for example, financial administration, revenue police bodies, the judicial authorities and social security agencies).
  • Persons who can access the data by virtue of legal provisions.

Rights of the person concerned

The person concerned may, at any time, exercise the rights set out by European Regulation No. 2016/679. In particular, the right to:
  • access their personal data;
  • obtain its rectification or cancellation or the limitation of the processing concerning it;
  • oppose processing;
  • the portability of the data;
  • revoke consent, where set out. Revocation of consent does not prejudice the lawfulness of processing based on the consent given before the revocation;
  • make a complaint to the supervising authority.
In Italy, the supervising authority is the Autorità Garante per la protezione dei dati personali (Personal Data Protection Authority).

The above rights may be exercised by sending an e-mail to