Privacy Policy

This page describes how to manage the site with reference to the processing of personal data of users who consult it or use the services it offers.

The information is provided only for this site and not for other websites that may be consulted by the user via links.

OWNERNSHIP OF DATA PROCESSING (who decide why, how and to whom to process data)

The data controller (i.e. the subject who determines the purposes and means of the processing of personal data and assumes the responsibility to treat and have the personal data processed correctly) is Carapelli Firenze S.p.A. - C.F./P.IVA IT06271510965 - based in Via Leonardo da Vinci, 31 - 50028 Tavarnelle Val di Pesa (FI) - tel. 800.489501 - email:


With reference to the treatments referred to in this document, the interested parties (users of the site) have the right:

  • to ask the data controller for access to personal data and the correction or cancellation of the same or the limitation of the processing of personal data concerning him and to oppose their processing,
  • if the processing is carried out by automated (computer) means and on the basis of one's consent, to receive personal data concerning him in a structured format, commonly used and readable by an automatic device and / or to obtain direct transmission to another data controller, if technically feasible
  • to withdraw their consent at any time (without prejudice to the lawfulness of the treatment based on consent before the revocation), obviously for the treatments carried out on the basis of this assumption
  • to lodge a complaint with a supervisory authority: Guarantor for the protection of personal data - Piazza di Monte Citorio n. 121 00186 ROME - Fax: (+39) 06.69677.3785 - Telephone switchboard: (+39) 06.696771 - E-mail: - ​​certified mail

More information at the end of this policy.

To assert the rights, the interested party may contact the Data Controller, bearing in mind that personal data cannot be communicated by telephone if there is no security on the identity of the interlocutor and that also in other cases the interested party must be identified with certainty.

NAVIGATION DATA – data processed in relation to the visit to the site

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the user, such as the type and version of the browser, the types and versions of the browser plug-ins, the identification of the mobile device (IDFA or AndroidID) and other parameters relating to your operating system and IT environment,

These data, in the absence of specific consent to processing for further purposes, are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site and only in this case can specific procedures be activated to identify the author.

The LEGAL BASIS FOR THE PROCESSING of these data is constituted by the legitimate interest of the owners consisting in the protection of data security, proper functioning of the site and improvement of service standards.


Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. The treatments to the web services of this site are handled by personnel appointed by the Data Controller as well as by external subjects, appointed as managers, who are entrusted with the technical management and maintenance of the site and its IT systems. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. No data deriving from the web service is disclosed.

No data deriving from the web service is disclosed.

The personal data provided by users who submit requests to send information material (newsletters, answers to questions, etc.) are used for the sole purpose of carrying out the service or provision requested and are disclosed to third parties only if this is to this is necessary.


Apart from what is specified for navigation data, the user is free to provide the personal data requested during navigation to request the sending of informative material or other communications. Failure to provide them may make it impossible to obtain what is requested.

When the user visits a part of the Site that requires the collection of personal data, a link to this information document is proposed again and, if necessary, consent is requested

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message which, unless otherwise duly communicated, will be kept for the time necessary to satisfy requests

Specific information relating to the pages of the site prepared for particular services on request or through which further personal data can be acquired are made available below.


Personal data provided spontaneously by the interested party through the e-mail addresses made available on the site:

  1. are processed with mainly automated tools for:
    1.1 Ensuring a certain and timely response and satisfying the requests of the interested party
    1.2 fulfill obligations deriving from EU laws, rules and regulations; fulfillment of provisions issued by the Judicial Authority,
  2. The contact details, postal and e-mail addresses provided may be used to send courtesy communications and / or informative material / offers relating to the proposed products and services provided by the Data Controller, obviously with the consent of the interested party.
  3. may be processed by personnel in charge of the maintenance of IT systems who have the task of guaranteeing the functionality of the systems, data security and backup operations, other personnel in charge within the limits of the tasks assigned and as required by company procedures and other subjects who provide services for auxiliary purposes to satisfy the requests of the interested party, also within the limits strictly necessary to perform their duties;
  4. may be communicated or made available:
    • to subjects who can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by these rules,
    • other associated companies (subsidiaries - parent companies) always for current "administrative accounting purposes" related to satisfying the requests of the interested party
    • to other subjects who provide services for purposes related to satisfying the requests of the interested party, within the limits strictly necessary to carry out their duties - business partners, whose collaboration is necessary for the provision of the requested services

Personal data will be transferred to subjects located outside the European Union to the country in which the interested party resides or is located only if necessary to satisfy his requests and in compliance with current legislation.

When filling in the forms, the fields whose compilation is optional are indicated, in the absence of the other required data it will not be possible to satisfy the requests of the interested party.

If at the time of the contact request the interested party should communicate particular categories of data (such as: personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as process data genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person) specific consent may be required for their treatment, in the absence of which it may be impossible to carry out the requests from the interested party himself.


The data communicated, unless otherwise indicated by the interested party duly communicated, will be kept for the time necessary to satisfy the requests of the interested party and comply with the law. If the interested party has a contractual relationship with the Data Controller, the data will be kept, if pertinent to it, for the duration of the contract, after which the conservation will be continued only if required by law and in compliance with the rules on the conservation of documentation. administrative. The contact details for which consent has been given for the sending of commercial communications will be kept for up to 12 months following the last sending or until the consent is revoked by the interested party.



Cookies are not used to transmit information of a personal nature, nor are systems used to track users. The use of so-called session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers necessary to allow safe and efficient exploration of the site.

Below we list the cookies divided into two macro-categories:

  • TECHNICAL COOKIE” analytics and functioning: Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service "(see art. 122, paragraph 1, of the Code). They are not used for any other purposes. They can be divided into navigation or session cookies, which guarantee the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, similar to technical cookies when used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site; functionality cookies, which allow the user to browse according to a series of criteria selected by him (for example, the language, the products selected for purchase) in order to improve the service provided. The prior consent of users is not required for the installation of these cookies;
  • PROFILING COOKIES: Profiling cookies are aimed at creating profiles relating to the user and are used in order to send advertising messages in line with the preferences expressed by the user while surfing the net
Cookie names Type of cookie First or Third party Can be blocked Session or Persistent Expiry Time Purpose


Cookies are small text files that are placed on the user's device when the user visits a website. At each subsequent visit, the cookies are sent back to the website that originated them (first-party cookies) or to another site that recognizes them (third-party cookies). They have different purposes such as, for example, to allow you to navigate between pages efficiently, remember your favorite sites and, in general, improve the browsing experience. Some cookies also help to provide targeted advertising content to the user based on his interests. Based on the function as well as on the subject that originated them, cookies can be divided into technical cookies, analytical cookies, profiling cookies, first-party cookies and third-party cookies. We remind you that the browser is the software that allows you to browse the Internet by viewing and transferring information to the hard disk of the user's computer. If the browser preferences are set to accept cookies, any website can send its cookies to the browser, but - in order to protect privacy - it can only detect those sent from the site itself or from affiliated sites, and not those sent to the browser from other sites.

In any case, cookies cannot cause damage to the user's computer.


The user's privacy is essentially guaranteed by the fact that he can AT ANY TIME:

  • configure the browser to accept all cookies, reject them all or receive a warning note when one is sent,
  • delete one, some or all cookies.

Each browser has its own specific settings, so please remember to consult the "Help" section of the browser used for more information on how to change your preferences. Most browsers are initially set to accept cookies automatically. In the case of different devices (for example, computers, smartphones, tablets, etc.), the User must ensure that the browser settings of each device are configured in such a way as to reflect their cookie preferences. By way of example, here are some links to the online documentation of the main browsers:

  • Internet Explorer:
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari
  • Opera


Just like with browsers on computers, browsers on mobile devices allow you to change your privacy configuration or settings to disable or delete cookies. If you want to change your privacy settings, please follow the instructions provided by the browser developer for your mobile device. Here are the links that are valid for some browsers:

  • IOS
  • Chrome Mobile
  • Opera Mobile
  • Apple Safari
  • Windows Phone


Right of access

The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:

  • a) the purposes of the processing;
  • b) the categories of personal data in question;
  • c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients of third countries or international organizations and, in this case, the existence of adequate guarantees;
  • d) when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
  • e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
  • f) the right to lodge a complaint with a supervisory authority;
  • g) if the data are not collected from the data subject, all available information on their origin;
  • h) the existence of an automated decision-making process, including profiling, which produces legal effects concerning him or which significantly affects his person and, at least in such cases, significant information on the logic used, as well as the importance and the expected consequences of such processing for the data subject.

Right of rectification

The interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay.

Right of cancellation

The data subject has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay, if one of the following reasons exists:

  • a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  • b) the interested party revokes the consent on which the processing is based and there is no other legal basis for the processing;
  • c) the interested party opposes the processing, and there is no legitimate overriding reason to proceed with the processing;
  • d) the personal data have been unlawfully processed;
  • e) personal data must be deleted to fulfill a legal obligation under European Union law or the law of the Member State to which the data controller is subject;

Rights to limit the processing

The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:

  • a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
  • b) the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that its use be limited;
  • c) although the data controller no longer needs it for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
  • d) the interested party opposed the processing, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

Right to object

The interested party has the right to object at any time to the processing of personal data concerning him for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing.

Right to data portability

The interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the data controller to whom he provided them if:

  • a) the processing is based on consent or on a contract; is
  • b) the processing is carried out by automated means.

In exercising their rights relating to data portability, the interested party has the right to obtain the direct transmission of personal data from one data controller to the other, if technically feasible.