This privacy policy is drafted pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR) and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 



These pages describe the ways in which the website is managed in relation to the processing of the personal data of users consulting the website and anyone interacting with web services accessed telematically from the address, corresponding to the home page of the Company’s official website, or via an APP  

This privacy policy is valid only for the website and not for any other websites which may be consulted by the user via any links. 

The privacy policy is also inspired by the Recommendation No 2/2001, which European personal data protection authorities in the Working Group established by article 29 of Directive No 95/46/EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data on-line, and, in particular, the methods, times and nature of the information Controllers must provide to users connecting to web pages, whatever the purpose of such connection.  

Following the consultation of this website, information relating to an identified or identifiable natural person may be processed. 



To facilitate the understanding of this Privacy Policy, the following definitions are given (art. 4 of the Regulation EU): 

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

  • ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • so-called special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Specifically:

  • ‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;

  • ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

  • ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

  • ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

  • ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 



The Controller for users’ personal data is Ferroli S.p.A. via Ritonda 78/a
37047 San Bonifacio (VR)
Tel: +39 045 6139411 



Any personal data provided by the user shall be used for purposes linked to the performance of the services requested, also via an "APP". 

No data are disclosed or communicated for any reason other than to provide the requested service. 



The Controller has no legitimate interest justifying the processing of data beyond the purposes linked to the performance of the requested services, described in the specific paragraph in this document. 



The Controller does not generally disclose, nor intends to disclose the data to other entities. If within the lawfulness of processing, the transfer of data is made necessary by one of the hypotheses listed in Article 6 of the EU Regulation, the Controller shall inform the user of the reasons and purposes which determined the need for such disclosure.

In this case the personal data may be disclosed to third parties, but solely and exclusively in the event that:

a) there is explicit consent to disclosing such data to third parties;

b) there is a need to disclose the information to third parties in order to perform the requested service;

c) such disclosure is required to fulfill requests from the Judicial or Public Safety Authorities.

No data deriving from the web service are disclosed. 




Data linked to the web services of this website and e-mail services are processed both at the headquarters of the Company, managed by company personnel authorized for such processing, and at the company Studium Group S.r.l. Viale del commercio, 47, 37135 Verona VAT Reg. No. 02333660237 which manages the hosting, mailing and technical management of the Company website on behalf of the company, through the Internet in “on-line” mode, or by any other third party suppliers of occasional maintenance operations, appointed as Processors pursuant to Article 28 of the GDPR. The technical management service is performed by Studium Group directly or through specifically appointed professionals coordinated by the company managing the website.



The Controller shall not transfer, nor intends to transfer, personal data to recipients in third party countries or to international organizations 



Personal data are processed using automated instruments for the time strictly required to achieve the purpose for which they were collected.

Specific security measures are complied with to prevent the loss, unlawful or improper use of the data or unauthorized access thereto.



Data subjects may claim the rights listed in Articles 15-21 of the EU Regulation, i.e.: the right of access to the data, the right to rectification and the right to erasure (“right to be forgotten”) of the data, the right to restriction of processing, the right to data portability and the right to object to processing. 

Requests must be sent by e-mail to



The Data Subject may submit a complaint to the Italian Data Protection Supervisor, via the website



The optional, explicit and voluntary submission of personal data – also via e-mail to the addresses indicated either in the registration forms in the website or via the APPs - involves the subsequent and necessary acquisition of the sender’s address and the data provided - as well as any other data included in the submission – in order to respond to requests.

Specific summary information will progressively be indicated or displayed in the website pages for specific services requested.

No data are disclosed or communicated for any reason other than to provide the requested service. To respond to e-mails sent by the user, on the other hand, please note that the data are processed by personnel in the responsible departments, appointed to process personal data.

Users are free to provide their personal data in the request forms or in any case indicated in their contacts

Failure to provide such data may make it impossible to provide the requested services.



Anonymization is a form of processing which aims to prevent the identification of the data subject. Anonymized data do not fall under the application of the data protection laws. We collect, process and share aggregate data as statistical or demographic data for various purposes. Aggregate data may derive from the personal data provided by users but are not considered personal data because, as specified, they do not allow the direct or indirect identification of the data subject. These data will also be used to improve the quality of our existing products/services, develop new functions, as well as further purposes of general research (for example to check the frequency of use of a given product or service; to calculate the percentage of users who access a specific function of the website etc.). As these data cannot be used to identify a natural person or are not considered personal data, they may be disclosed to other third parties, subsidiaries, parent companies or partners.