Privacy policy statement

Ernestomeda S.p.A. operates in compliance with the General Data Protection Regulation (EU) 2016/679. We appreciate that privacy is an important consideration to users and visitors of the Ernestomeda website and the relative subdomains. The information which follows is designed to help visitors to understand which data are collected and how data are subsequently managed and used.

Ernestomeda has issued privacy policies which apply to all Scavolini Group companies. You are also advised to view the single specific privacy policy statements in the various sections of the site.


Pursuant to Regulation (EU) 2016/679 (hereinafter "GDPR"), below Ernestomeda S.p.A. (“Company” or the “Data Controller") provides the general guidelines regarding the processing of your personal data when you access the website (“Website”) or use its services.

  1. Identity and contact details of the Data Controller

The Data Controller is Ernestomeda  S.p.A., with registered office at Montelabbate (PU), Via dell’Economia 2/8 postcode 61025, Italy, which can be contacted via email at

  1. Contact details of the Data Protection Officer

The Company has designated a Data Protection Officer, who can be contacted via email at

  1. Type of data processed

Pursuant to Data Protection Regulations, the Data Controller processes the following personal data contributed by you (your “Personal Data”) when you navigate the Website:

  1. Ordinary identifying data (for example: first name, surname, email address, etc.);
  2. Navigation data, which include the Internet protocol (IP) address, your access data, your browser type and version, time zone and location, browser plug-in types and versions, and the operating system, platform and other technologies on the devices you use to access our website.

These navigation data are necessary for the use of web services, and are also processed in order to:

•             obtain statistical information concerning the use of the services (most visited pages, number of visitors by time band or per day, geographical area of origin, etc.);

•             check that the services offered are operating correctly.


  1. Legal Basis and Purpose of the personal data processing

The Data Controller processes your Personal Data for clearly defined processes and only if there is a specific legal basis for the said processing under the relevant privacy and personal data protection legislation.

The list which follows covers all the types of processing performed by the Company to enable it to use digital channels, and to enable the Data Controller to guarantee their correct operation and the compliance of data processing.

The Data Controller processes your Personal Data for the following purposes and with the following legal bases:

a)           operation of digital channels, delivery of the relative services and monitoring of their correct operation:

legal basis: fulfilment of a contract to which you are a party (art. 6, comma 1, point b) GDPR);

b)           Direct marketing - Dispatch of marketing communications via newsletters:

legal basis: your optional, freely given consent, which may be withdrawn at any time (art. 6, comma 1, point a) GDPR);

c)           Prevention and prosecution of fraud/deception/fraudulent activity undertaken via the website:

legal basis: legitimate interest of the Data Controller (see art. 6, comma 1, point f) GDPR);

d)           verification, exercise or defence of a right of the Data Controller during judicial proceedings;

legal basis: legitimate interest of the Data Controller (see art. 6, comma 1, point f) GDPR)


  1. Nature of the contribution of personal data

The contribution of your data is compulsory for the service purposes referred to in subpoints a), c) and d) of point 4 above. If you refuse to provide these data, you will be unable to use the Company’s services via the Website.

The contribution of your data is optional for the marketing purposes referred to in subpoint b) of point 4 above. If you refuse to provide your data, you will be unable to receive any marketing communications regarding the Data Controller’s products, projects and/or services.

You may unsubscribe from any service to which you have subscribed at any time by writing to

Withdrawal of consent does not prejudice the lawfulness of the consent-based processing prior to the withdrawal.

  1.  Recipients of personal data

For the purposes referred to in point 4), the Data Controller may disclose your personal data to third parties, such as the following entities or categories of entities:

- police forces, armed forces and other public authorities for fulfilment of the obligations envisaged by the law, regulations or Community directives. In this case, under the relevant data protection law, there is no obligation to obtain the data subject’s prior consent to any such disclosure;

- companies, organisations or associations, or controlling, controlled or associated enterprises as defined by article 2359 of the Italian Civil Code, or between them and subsidiaries of the same parent, and between consortia, networks of enterprises and temporary groups and combines of enterprises and with their member entities, with regard only to communications made for administrative and/or accounting purposes;

specialist marketing companies;

- other companies under contract to the Data Controller, providing consulting, service provision support, etc., formally designated as Data Processors pursuant to art. 28 of the GDPR.

- data controller’s sales force

The Data Controller guarantees that the greatest care will be taken to ensure that the disclosure of personal data concerning you to the aforesaid recipients only relates to the data necessary for the achievement of the specific purposes for which they are intended.

Your personal data are stored in the Data Controller’s databases and will only be processed by authorised staff. They will receive specific instructions regarding the procedures and purposes of the processing. Moreover, these data will not be disclosed to third parties except as described above, and in all cases within the stated limits.

To conclude, kindly remember that your personal data will not be disseminated.

  1. Procedures for processing of personal data

The processing of personal data concerning you, under the provisions of art. 4 of the GDPR, may comprise the following activities (“Treatment”): collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, any other form of provision, comparison or interconnection, restriction, erasure or destruction of the data.

Moreover, your Personal Data:

  • will be processed in a lawful, ethical, transparent manner;
  • will be collected for legitimate purposes;
  • will be processed in an adequate, relevant way and only with regard to the purposes for which they are processed,
  • will be conserved in a form which allows your identification for a period of time not exceeding the scopes for which they are processed
  • will be processed in a manner which guarantees adequate security against the risk of destruction, loss, alteration, disclosure or unauthorised access, by means of technical and organisational security measures;

Your Personal Data may be processed with the aid of paper media and automated, IT or telematic tools, with organisational procedures and methods strictly correlated to the stated purposes.

The Data Controller uses the most appropriate technological and security measures (electronic, IT, physical, organisational and procedural) to guarantee the security and confidentiality of the data processed. These measures include the maintenance of a secure data storage and processing system using encryption, hacking detection and preventive and protective software.

You must be aware and realise that the communication of personal data via Internet sites involves risks of the disclosure of these data, and that no system is totally secure or immune to tampering and/or hacking.

  1. Transfer of personal data outside the EU

In the event that your personal data are internationally transferred outside the EU, on every occasion the Data Controller will adopt all appropriate, necessary contractual measures to guarantee an adequate level of protection of your personal data in accordance with the provisions of this policy, including the Standard Contract Clauses approved by the European Commission.

  1. Data storage period

Data will be stored for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed, in accordance with legal obligations.

  1. External links

This website may contain links to other sites (social medial platforms such as Facebook, Twitter, LinkedIn, Instagram, etc.). Please note that the Data Controller is not responsible for the privacy policies or practices of these other sites. The Data Controller encourages its users to take care when leaving the Ernestomeda website, and to read the privacy policies or statements of every site which collects personal identification data. This privacy policy only applies to data collected by this website.

Other companies or Websites with links to this website, or websites to which this site may provide links, may have their own privacy policies. You are therefore advised to read the privacy policy statements of all Websites visited or reviewed.

  1. Cookies

During their normal operation, the IT systems and software procedures which operate this website acquire some personal data the transmission of which is implicit in the use of Internet communications protocols. These data are not collected for association with identified data subjects, but by their very nature, when processed or associated with data held by third parties, they might allow users to be identified. This category of data includes IP addresses or domain names of the PC's used by users who connect to the site, as well as Uniform Resource Identifiers of the requested resources, the time of the request, the method utilized in presenting a request to the server, the size of the file obtained in response, the numerical code specifying the state of the response provided by the server (positive outcome, error, etc..) and other parameters concerning the operating system and the IT environment of the user.

The optional, explicit, voluntary dispatch of email to the addresses provided on this site, and/or the compilation of data collection forms, leads to the subsequent acquisition of the sender’s address, necessary in order to reply to the enquiry, and any other personal data included in the message.

For further details, please view the cookie policy at: 

  1. Google Signals

This Website uses Google Signals, a Google Analytics feature that combines visitation information acquired from this Website with Google data from the accounts of Google users who have consented to this association for the personalisation of advertisements. This Google information may include the User’s location, their search history, their YouTube history and Data from sites that partner with Google, and is used to provide aggregated and anonymized insights into Users’ cross device behaviours. Any User covered by this association may access and/or delete these Data using the MyActivity function provided by Google (at


  1. Rights of data subjects

In the relevant circumstances, data subjects have the right to obtain from the Data Controller access to their personal data and rectification or erasure thereof or the restriction of the processing of data concerning them, or to object to their being processed (art. 15 and following articles of the Regulation). Application may be made to the Data Controller via email to:

  1. Changes to the Ernestomeda privacy policy

The Data Controller may amend this policy at any time. Users of this website are advised to visit this privacy document again for information regarding new privacy practices or changes to the Data Controller’s policy.

7/5/2023 8:58:12 AM