top of page

Privacy Policy

PRIVACY POLICY

This privacy notice is provided, pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), to those who connect to the website www.brunacci.eu and its associated third-level domains. It applies only to the aforementioned website and not to any other external websites accessible via links. By browsing the website, users' personal data may be processed.

1) Data Controller and Data Protection Officer

The data controller for processing personal data collected via the website www.brunacci.eu is BRUNACCI & PARTNERS S.r.l., with registered office in Modena, via Pietro Giardini, 625, Tax Code and VAT number 03361630365, email: info@brunacci.eu.

2) Types of Data Processed and Purposes

Browsing Data
During normal operation, the IT systems and software procedures responsible for the website’s functioning collect certain personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified data subjects, but by their nature could allow users to be identified through processing and association with data held by third parties.
This category includes IP addresses or domain names of users’ computers, URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method used to submit the request to the server, the file size of the response, numerical codes indicating the status of the server’s response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.
These data are used exclusively for anonymous statistical purposes on the use of the website and to check its correct operation. They are deleted immediately after processing. Data may be used to determine liability in the event of potential cybercrimes against the site.

Data Provided Voluntarily by the User
This includes personal data voluntarily provided by users via the forms on the site to request information or submit inquiries. These data are used solely to respond to the user and to comply with applicable laws, regulations, and EU rules, or when necessary to assert rights in court.
Special categories of personal data (such as health data or political/religious beliefs) and data of minors are not processed. If users voluntarily provide inappropriate or irrelevant data (e.g., special categories), Brunacci will not process them and is not responsible for the consequences of such unsolicited submissions.

3) Legal Basis for Processing

Aside from browsing data, which are necessary for providing access to the website, the provision of personal data is optional and based on the user’s request for information. The legal basis for processing such data is the need to respond to the user’s request. The user's contact details will be used solely for that purpose.

4) Data Recipients

Access to personal data is granted to authorized staff under the direct authority of Brunacci and to external data processors and sub-processors providing specific services to Brunacci under Article 28 GDPR.
The full list of such processors is available upon request at info@brunacci.eu.
Data processing is carried out only by personnel specifically instructed to lawfully and properly manage data.
Personal data may also be shared with independent data controllers providing commercial, professional, or technical services to manage the website or pursue its goals.
These parties are obliged to use the information only for the stated purposes and to maintain its confidentiality and integrity.
Data may also be disclosed to comply with legal obligations or authorities' orders.

5) Data Transfers

Data processed via this website are stored on servers located in Italy. If any data are transferred outside the European Union due to the location of service providers’ servers, Brunacci will adopt appropriate safeguards as required by GDPR to ensure data protection.

6) Processing Methods and Data Retention

Personal data are processed using automated systems for the time strictly necessary to fulfill the purposes for which they were collected.
Appropriate security measures are in place to prevent data loss, unlawful or improper use, and unauthorized access.
Data are stored in secure facilities accessible only by authorized personnel.
The website is regularly monitored for security breaches, ensuring all data collected are secure, accurate, and inaccessible to unauthorized parties.
User-provided data will be deleted once they are no longer necessary for handling the request.

7) Processing via Social Media Platforms

Regarding personal data processed by social media platforms (such as LinkedIn, used by Brunacci), please refer to the respective platforms’ privacy policies.
Brunacci processes the personal data voluntarily provided by users via its official social media pages for purposes related to managing interactions and user inquiries (comments, posts, etc.).
For data processing related to LinkedIn tracking pixels, please refer to the cookie policy.

8) Right of Access

Under Articles 15 to 22 of the GDPR, users have specific rights concerning their personal data.
Article 15 grants the right to access personal data and obtain a copy (provided it does not infringe on others' rights and freedoms).
Users may request confirmation of whether their data are being processed, details about the processing purposes, categories of data, third parties to whom data are disclosed, and whether data are transferred to a non-EU country with adequate safeguards.
They may also inquire about data retention periods.

9) Additional Rights

Users have the right to request:

  • Rectification of inaccurate data and completion of incomplete ones

  • Erasure of personal data (“right to be forgotten”) under the conditions in Article 17 GDPR

  • Restriction of processing

  • Data portability

To exercise these rights, users can contact Brunacci at info@brunacci.eu or via postal mail to the company’s registered office.
To respond, Brunacci may need to verify the user’s identity by requesting a copy of an identity document.
A written response will be provided without undue delay, and in any case within one month of receiving the request.

10) Complaints

If a user believes their personal data are being processed in violation of the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) in Rome, pursuant to Article 77 GDPR, or seek judicial remedy.

bottom of page