Privacy Policy

Privacy Policy

Welcome to the Versilfungo S.p.A. website, present at the url and/or on the e-shop present at the url together the “Site”).

Please read carefully this policy relating to the collection and processing of personal data applicable to each of your accesses to the Site (the “Policy”), even independently of the purchase of products marketed through the Site itself. This Policy is provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (the “Regulation”) and the Italian implementing legislation on the matter. The Regulation guarantees that the processing of personal data is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity and the right to protection of personal data. This Policy does not apply to personal data collected through channels other than those indicated.


Versilfungo S.p.A., with registered office in Capezzano Pianore (LU), 55041, via dei Ghivizzani 84, Italy, Tax Code/VAT no. 01205620469, certified e-mail: (hereinafter “Versilfungo” or “Data Controller”) is the data controller of the personal data of users who browse the Site (the “Users”).


Different types of personal data are collected and processed through the Site, for different purposes and in different ways. More precisely: (a) personal data relating to navigation on the Site; (b) personal data provided voluntarily by the User: for example, the e-mail address, personal data and any other data acquired as part of the online registration processes, fill in of the purchase order forms of products on the e-shop and as part of any necessary assistance before and after the sale and contact by the User with the customer support service (“Customer Service”).

Users’ personal data will be processed for the following purposes:

  • Use of the contents and services offered by the Site

The personal data of the Users will be processed in order to

  • allow the use of the contents and services offered by the Site;
  • guarantee the correct functioning of the Site;
  • offer Users the pre- and post-sales assistance and service and information requested about the products and the Versilfungo world;
  • send the order forms for the purchase of products on the Site and carry out all the activities functional and instrumental to the sale;
  • respond to any requests from Users made through Customer Service.

The legal basis of the processing is the execution of a contract or pre-contractual measures (art. 6, par. 1, lett. b) GDPR).


  • Fulfilment of legal obligations, regulations, provisions of authorities legitimised by law.


The legal basis of the processing is the fulfilment of the legal obligations to which Versilfungo is subject (art. 6, par. 1, lett. c) GDPR). Sending informative and promotional newsletters linked to Versilfungo products via e-mail Versilfungo will send the User who has signed up to the newsletter and who has given consent information and updates on the products, sales, any promotional campaigns, events and other initiatives promoted by Versilfungo. The legal basis of the processing is the consent given by the User (art. 6, par. 1, lett. a) GDPR).



The personal data collected through the Site are processed using mainly IT and telematic methods and tools, adopting the necessary security measures in order to reduce the risks of destruction or loss, even accidental, of the data itself, of unauthorised access or processing not permitted or not compliant with the collection purposes indicated in this Policy. However, due to the nature of the online transmission medium, these measures cannot absolutely limit or exclude any risk of unauthorised access or loss of data. To this end, it is advisable to periodically check that the computer is equipped with adequate software devices for the protection of data transmission over the network, both incoming and outgoing (such as updated antivirus systems) and that the internet service provider has adopted suitable measures for the security of data transmission over the network (such as firewalls).


The provision of personal data collected through the Site to guarantee the use of the contents and services offered by the Site and to conclude the contract for the purchase of products through the Site is mandatory; in their absence, it will not be possible to provide the User with the pre- and post-sales assistance service, carry out all the functional and instrumental activities for the sale and respond to any requests from the Users made through the Customer Service. The provision of personal data collected through the Site to subscribe to the Versilfungo newsletter is optional and failure to provide it will result in failure to receive the newsletter, but will not result in failure to access the Site and use its contents and services. Depending on the case and, where necessary, the mandatory or optional nature of the data communication will be indicated from time to time, by adding a specific character (*) to the information of a mandatory nature or only to the data necessary for the provision of the services and for the purchase of products on the Site. Failure to provide optional personal data will not entail any obligation or disadvantage.


Versilfungo communicates the personal data of Site Users only within the limits permitted by law and in accordance with what is indicated below. The personal data may be known by:

  • employees and consultants of Versilfungo, who will operate as subjects authorised to process them for the internal organisation of company activities; e
  • and companies that perform for Versilfungo, as data processors, specific technical and organisational services connected to the Site (logistics, IT and marketing services).

The personal data may also be known by:

  • third parties, solely to execute the contract for the purchase of products on the Site (such as the credit institution for the completion of remote electronic payment services via credit/debit card);
  • to police forces or judicial authorities, in accordance with the law and following a formal request from such subjects, or in the event that there are well-founded reasons to believe that the communication of such data is reasonably necessary to (1) investigate, prevent or take initiatives relating to suspected illicit activities or assist state control and supervisory authorities; (2) defend against any third-party claims or allegations, or protect the security of a website or a company; or (3) exercise or protect the rights, property or safety of Versilfungo, its Users, its employees or any other person.

The transfer of personal data to countries not belonging to the European Economic Area (“EEA”) or to international organisations is not foreseen.


Personal data collected for sales purposes are kept for a period not exceeding 10 years, in compliance with tax and civil legislation (unless there is a need to keep some personal data for a longer period due to necessity for the establishment, exercise or defence of a right in court). The personal data provided for marketing purposes through the newsletter, also on the basis of the particular sector of activity and in consideration of the interest shown by the Customer in receiving updates regarding products, promotions and events organised by Versilfungo, are retained until the unsubscription of the ‘User from the Site’s newsletter. Unsubscribing from the Site’s newsletter is possible at any time by clicking on the appropriate link at the bottom of each email received.


Pursuant to articles 15-22 Regulations, by contacting the Data Controller, the User may exercise specific rights, including:

(I) Right of access: right to obtain confirmation from the Data Controller as to whether or not personal data is being processed and, if so, to obtain access to the personal data and further information on the origin, purpose, category of data processed, recipients of communication and/or data transfer, etc.

(II) Right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without unjustified delay, as well as the integration of incomplete personal data, also by providing a supplementary declaration.

(III) Right to cancellation: right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that: – the personal data are no longer necessary for the purposes of the processing; – the consent on which the processing is based is revoked and there is no other legal basis for the processing; – the personal data have been processed unlawfully; – the personal data must be erased for compliance with a legal obligation under a Union or Member State law to which the data controller is subject.

(IV) Right to object to processing: right to object at any time, for reasons related to a particular situation, to the processing of personal data referred to in art. 6, par. 1, letter. e) or f) GDPR, including profiling based on these provisions.

(V) Right to limit processing: right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of the personal data is contested (for the period necessary for the data controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has opposed the processing.

(VI) Right to data portability: right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only for cases in which the processing is based on the consent and only for data processed via electronic means.

(VII) Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or jurisdictional appeal, the data subject who believes that the processing concerning him or her violates the Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which he/she habitually resides or works, or of the State in which the alleged infringement occurred.

The rights listed above may be exercised by contacting the Data Controller by written communication to the following address:

Last update: May 2023