In compliance with the provisions of Legislative Decree 196/2003 (Code regarding the protection of personal data) and the EU Reg. 2016/679 (European Regulation for the protection of personal data), we provide you with the necessary information regarding the processing of personal data provided. This is an information that is provided pursuant to art. 13 of EU Reg. 2016/679 and is also inspired by the provisions of Directive 2002/58 / EC (directive relating to privacy and electronic communications), as updated by Directive 2009/136 / EC.

  1. Subjects of the treatment

The Data Controller is Hermelin Srl with registered office in Via JF Kennedy, 275 - 21042 Caronno Pertusella (VA) - Italy with the title of owner and legal representative. To exercise the rights referred to in Article 7 of Legislative Decree 196/2003 and from 15 to 22 of the GDPR 2016/679 (detailed below) or for any additional information on privacy, you can contact the Data Controller at the following contact details: e-mail: tel: +39.02.99020055;


  1. Personal details
  1. Pursuant to art. 4 lett. a) of the GDPR, personal data means any information concerning an identified or identifiable natural person ("interested party"); the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity is considered identifiable, physiological, genetic, psychic, economic, cultural or social.
  2. This category includes information such as your personal name, address, telephone number, email address, social security number, bank account details. Information that can not be linked directly to you - for example, your favorite sites or the number of users of a certain site - is not considered personal data.


  1. Aims of treatment


  1. For the establishment and execution of contractual relationships, Hermelin Srl informs the Customer that it is in possession of personal, personal and tax data, also acquired verbally directly or through third parties, relating to you, qualified as personal by the European Regulation 2016/679 .
  2. The personal data provided will be processed in compliance with the conditions of lawfulness pursuant to art. 6 Reg. UE 2016 / 679 for the following purposes:
  • A. Purposes related to the management of the contractual relationship and the provision of the Services: the data will be processed for the following purposes: commercial requests and formalization / sending of estimates, establishment, management and termination of the contractual and commercial relationship; customer service;
  • B. Purposes related to the fulfillment of legal obligations and for the pursuit of legitimate interest: the data will be processed for the following purposes: anti-terrorism checks; anti-money laundering controls; audits of a fiscal and accounting nature; management of disputes;


  1. Nature of conferment and refusal


  1. The provision of personal data is optional.
  2. The provision of personal data for the purposes referred to in point 3.2 lett. A (Purposes related to the management of the contractual relationship and the provision of the Services) of this information document is necessary to refine the specific functions and use the services offered by the Data Controller, for example to receive feedback on the request for information sent. Failure to provide personal data may make it impossible to obtain the requested service or to use the services offered.
  3. For the purposes referred to in point 3.2 lett. B (Purposes related to the fulfillment of legal obligations and for the pursuit of legitimate interest), it is not necessary for the consent to be issued by the Customer as it finds its justification pursuant to art. 6 lett. c) and f) of the GDPR.


  1. Recipients or categories of recipients of data


  1. The personal data provided may be disclosed to employees or collaborators of the Data Controller who, operating under the direct authority of the latter, process data and are appointed internal managers or processors or System Administrators and will receive adequate operating instructions in this regard from the Holder; the same will happen - by the Managers appointed by the Owner - towards the employees or collaborators of the Managers.
  2. The Personal Data may also be brought to the attention of the Controller's external managers, appointed pursuant to art. 28 of EU Reg. 2016/679, as third-party companies or other entities that carry out outsourcing activities on behalf of Hermelin Srl
  3. Categories of External Responsible for the treatment:
  • third-party suppliers, producers, distributors, resellers and commercial partners of Hermelin Srl
  • persons, companies or professional firms, who provide assistance, consultancy or collaboration to Hermelin Srl in accounting, administrative, legal, tax and financial matters relating to the General Conditions of Sale;
  • credit institutes for the profiles relating to the settlement of receipts and payments;
  • the companies that carry out outsourcing activities on behalf of Hermelin Srl including the IT technicians who manage the related electronic communication infrastructures necessary for this, appointed as data processors;
  • external suppliers who provide Hermelin Srl with support services, appointed as data processors;
  • Agents;
  • Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request;
  • In case of administrative and accounting purposes, the data may eventually be sent to commercial information companies for the assessment of solvency and payment habits and / or subjects for purposes of debt collection.
  1. The subjects belonging to the aforesaid categories perform the function of Data Processing Manager, or operate in complete autonomy as separate Data Controllers.
  2. The list of designated data processors is constantly updated and available at the Hermelin Srl headquarters and can be consulted by sending an email to the following address:



  1. Data transfer to a third country and / or international organizations


  1. Hermelin Srl does not share, sell, transfer or otherwise disseminate your personal data to third parties located in a third country and / or to international organizations and will continue not to do so in the future, unless required by law, unless it is necessary to the purposes set out in the contract (e.g. mandate for the shipper function) or you have not given your explicit consent to such processing.


  1. Place, Processing Mode and Data Retention Period


  1. Personal Data are processed mainly at the Data Controller's headquarters and in the places where External Managers are located to process data. For more information, contact the owner.
  2. Personal Data will be processed by means of collection, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
  3. Personal Data will be processed both electronically / automated and on paper, with logic strictly related to the aforementioned purposes, through the Databases, the electronic platforms managed by Hermelin Srl or by third parties appointed for this purpose as data processors.
  4. The treatment will be carried out using methods and instruments aimed at guaranteeing maximum security and confidentiality, by persons specifically appointed to do so.
  5. In compliance with the provisions of art. 5 comma 1 lett. e) of the EU Regulation 2016 / 679 personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which personal data are processed, and in any case deleted without unjustified delay.
  6. To know the criteria for the data retention period, write to
  7. The Owner has adopted a great variety of security measures to protect the Customer against the risk of loss, abuse or alteration of the Data. In particular: it has adopted the measures referred to in Articles. 32 - 34 of the Privacy Code; stores the data on servers located in the European territory.
  8.  The data will not be disclosed or communicated to external subjects, except for the obligations required by law.


  1. Minori


  1. The provision of personal data for the purposes referred to in 3 of this information document must be given by a person over the age of 18.
  2. 8.2. In the case of minors of the 18 years, the data may be conferred and, consequently processed by the Data Controller, only with the explicit, explicit consent of the parents or of those who exercise parental responsibility.


  1. Interested Rights


  1. You can assert your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, by writing to
  2. You have the right, at any time, to ask the Data Controller to access your personal data, to rectify it, to cancel it or limit its processing.
  3. Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing) and to the portability of your data.
  4. Without prejudice to any other administrative and judicial appeal, if you believe that the processing of data concerning you, violates the provisions of EU Reg. 2016 / 679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016 / 679, you have the right to lodge a complaint with the Guarantor for the protection of personal data and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), has the right to revoke the consent given at any time.
  5. In the case of requesting data portability, the Data Controller will provide you in a structured format, in common and legible use, with automatic device, the personal data concerning you, without prejudice to the paragraphs 3 and 4 of the art. 20 of the EU Reg. 2016 / 679.

Contact us for information, quotes, rental services and assistance.