Information on the protection of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679)

N.M.B. ITALIA S.r.l., with registered office at Via A. Grandi, 39/41- 20017 Mazzo di Rho (Mi), VAT No./tax code No. 06642460155 – Tel. 02-939711 – e-mail info@nmbitalia.it, in its capacity as Data Controller (hereinafter, the “Company” or the “Controller”), provides the following information common to the processing of personal data carried out within the context of its institutional website, accessible by electronic means from the address: www.nmbitalia.it (hereinafter, the “Site“).

In this regard, it should be noted that the information is provided only for the Site and not for other websites that may be consulted via hypertext links or widgets (e.g., social networks) published on the Site, but referring to resources outside the Controller’s domain or to the processing that may result from the voluntary sending of messages.

  1. Categories of data subjects and personal data processed

The Controller processes the personal data of natural persons (identified or identifiable) who visit and consult the Site or who voluntarily interact with the Controller (hereinafter, “Users“).

The personal data processed are:

  1. Browsing data: in the course of their normal activity, the computer systems and software procedures used to operate the Site acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes: the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, ) and other parameters relating to the user’s operating system and computer environment;
  2. Data communicated: the optional, explicit and voluntary sending of messages by filling in and forwarding forms on the Site and/or to the Company’s contact addresses or institutional profiles/pages on social media (where this possibility is provided for) entails the acquisition of the User’s contact data necessary to reply, as well as any further personal data included in the registration form or in the communications. Specific information will be published on the pages of the Site containing the form or designed to provide certain services.
  3. Cookies and other tracking systems: for more information on the type of cookies used, how they are used and their purposes, please consult the cookie policy on the Site.

(hereinafter, all ‘Personal Data‘).

  1. Purposes of the Processing and Legal Basis:

The Controller processes the Personal Data collected in the context of the Site for the purposes and on the legal basis indicated in the following table:


What are the PURPOSES of the processing? What is the LEGAL BASIS for processing?


1)      Fulfilment of a legal obligation related to civil, fiscal and administrative provisions, EU legislation, standards, codes or procedures approved by Authorities and other competent Institutions, as well as to comply with requests from the competent administrative or judicial authority and, more generally, from public entities in compliance with the formalities of the law. Fulfilment of a legal obligation to which the Controller is subject.
2)      To assert and defend its rights, also through extrajudicial initiatives and also through third parties, as well as to prevent and detect fraudulent activities or abuse of the Site (for potentially criminal purposes, such as identity theft, cybercrimes, etc.). Pursuit of the legitimate interest of the Controller.
3)      To enable Users to access and navigate the Site optimally and to manage requests received through the Site. Performance of steps at the User’s request prior to entering into a contract.


4)      Limited to the Users’ browsing data under par. 1 point a), for security purposes of the Controller’s systems and to obtain statistical information on use of the Site (such as the most frequently visited pages, the average time spent on each page), as well as to control and administer operation of the Site and to improve the services provided. Pursuit of the legitimate interest of the Controller.
5)      To manage the contact section of the site and therefore to respond to any user requests received by filling in the appropriate form or by sending communications to the Controller’s e-mail address Performance of steps at the User’s request prior to entering into a contract.


  1. Obligation to provide the requested data and consequences of failure to do so

With the exception of that specified for browsing data (and, in the specific policy, for the management of cookies), the user is free to provide his/her personal data (through forms – on the pages that allow it – or with other modalities to the contacts of the Controller) to send information requests or to receive commercial communications.

It is understood that failure to provide them, even in part, may prevent the Controller from carrying out the User’s request and communication activities, as well as from fulfilling any related obligations.

  1. Processing methods

The Personal Data will be processed by means of both manual and automated means exclusively by authorised and specially trained persons.

  1. Recipients/categories of recipients of personal data

For the purposes set out in this policy:

  • Users’ Personal Data may be communicated:
  • to those authorised to process data by the Controller (employees or collaborators);
  • to third-party service providers of the Controller (including IT service providers, hosting providers, web editors, as well as companies or entities providing legal or insurance services) who will act, where appropriate, as data processors;
  • to companies and third-party professionals appointed to enforce rights, interests, claims of the Controller arising from the relationship with the Users;
  • to State Administrations, judicial or administrative authorities, public and private bodies, also following inspections and audits;
  • to persons who can access the data by virtue of legal provisions or secondary or Community legislation.

Only the category of recipients is indicated, as it is subject to continuous updates. For an updated list of recipients, Users may contact the Controller directly by writing to the contact details given in paragraph 9 of this policy.

  1. Personal data storage periods

The Personal Data will be kept by the Controller for the time strictly necessary for the purpose for which they were collected; specifically, the Controller will store:

  • Users’ browsing data (indicated in paragraph 1, letter a) for the duration of the browsing session and, in any case, for no more than seven days, except in the event of system failures, in which case they will be stored until the problem is resolved;
  • the data communicated by the Users (indicated in paragraph 1, letter b):
  1. with regard to personal data communicated by filling in the forms on the website, for the time necessary to process the relevant request;
  • Personal Data whose processing is necessary in connection with legal obligations, for the period required by law;

and in any event, for the purposes set out in paragraph 2(2), for a maximum period equal to the limitation period for the relevant actions, plus a prudential period of six months, in order to ensure the Company’s right of defence in respect of possible future litigation before a court or administrative authority.

In all cases, upon expiration of the respective time-limits, all Personal Data will be erased or rendered anonymous. This is without prejudice to the fact that the periods indicated may be extended in cases where storage for a longer period is required in the event of litigation, requests by competent authorities or pursuant to applicable legislation.

  1. Transfer of personal data to a third country or international organisation

Within the scope of the above-mentioned purposes, your data may be transferred to countries within the EU.

  1. Rights

Users may exercise the following rights vis-à-vis the Controller if the circumstances apply:

  • Right of access: allows Users to obtain from the Controller confirmation as to whether or not Personal Data concerning them are being processed and, where that is the case, to obtain access to their Personal Data;
  • Right of rectification: allows Users to obtain rectification/addition of inaccurate/incomplete Personal Data;
  • Right to erasure: allows Users to obtain, in the cases provided for by the regulation, the erasure of their personal data;
  • Right to restriction of processing: allows Users to obtain, in the cases provided for in Article 18(1) of the GDPR, the restriction (i.e., the marking of personal data stored with the aim of restricting its processing in the future) of the processing of their personal data;
  • Right to data portability: allows Users – in cases where processing is carried out by automated means on the legal basis of contract or consent – to receive in a structured, commonly used and machine-readable format, limited to the data provided to the Controller, the personal data concerning him/her and similarly the right to transmit such data to another data controller.

In addition, Users have the right:

  • to object to the processing of their Personal Data for the purposes indicated in paragraph 2;
  • as well as, if they consider that the processing of Personal Data relating to them carried out through this Site is in breach of the GDPR, to lodge a complaint pursuant to 77 of the GDPR, to the national supervisory authority of the member state of the European Union in which the Data Subject has his/her habitual residence or place of work or where the alleged breach of his/her right occurred (if this state is Italy, the person to whom he/she may refer is the Supervisory Authority for the protection of personal data) or to take appropriate legal action (art. 79 of the GDPR).
  1. Contact

In order to exercise all rights, the data subject may submit an appropriate request by contacting the Controller in the following ways:

  • by mail c/o M.B. ITALIA S.r.l. at the address Via A. Grandi, 39/41- 20017 Mazzo di Rho (Mi);
  • by sending an e-mail to the ordinary e-mail address info@nmbitalia.it
  1. Changes

This privacy policy was updated on 14 November 2022

The Company reserves the right to partially or fully modify this policy or update its content, for example, as a result of changes in applicable law. Therefore, the Company invites the User to regularly consult this Policy in order to be aware of the latest version, so that they are always informed about the way in which Personal Data is collected and used.