G.V.T. IMBALLAGGI METALLICI SRL, with registered head offices in Via G. Mameli no. 32, Bollate (Milan, Italy), VAT no. 06830000961 (hereafter the "Data Controller"), as data controller, hereby informs you pursuant to Article 13 of Italian Legislative Decree no. 196 dated 30.6.2003 (hereafter the "Privacy Code") and Article 13 of EU Regulations no. 2016/679 (hereafter the "GDPR") that your personal data will be processed in the manner and for purposes as follows:

1. Object of processing
The Data Controller processes personal data, such as name, surname, company name, address, telephone number, e-mail address, bank and payment details – hereafter the "personal data" or even "data") that you have communicated when finalising contracts involving the Data Controller's goods and services.

2. Purpose of processing
Your personal data are processed without your express consent (Article 24, letters a), b) and c) of the Privacy Code and Article 6, letters b) and e) of the GDPR) for the following Service Purposes:
- conclude contracts for the Data Controller's services;
- fulfil pre-contractual, contractual and tax obligations deriving from current relations with you;
- fulfil the obligations defined by law, regulations, EU legislation or an order of the Authority (such as anti-money laundering requirements);
- exercise the rights of the Data Controller, such as the right to defence in court.

3. Processing methods
Your personal data is processed by means of the operations indicated in Article 4 of the Privacy Code and Article 4 no. 2) of the GDPR, specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, inter-linking, blocking, communication, deletion and destruction of data. Your personal data are subjected to processing both on paper and by electronic and/or automated means.
The Data Controller will process personal data for the time necessary to fulfil the above-mentioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes, or no longer than the time prescribed by law.

4. Access to data
Your data may be made accessible for purposes as per Article 2:
- to the Data Controller's employees and external personnel, in their capacity as persons in charge and/or internal data processing managers;
- to third-party companies or other subjects (by way of example, banks, professional firms, consultants, insurance companies for the provision of insurance services, etc.) which perform outsourced activities on behalf of the Data Controller, in their capacity as external data processing managers.

5. Communication of data
Without the need for express consent (pursuant to Article 24, letters a), b) and d) of the Privacy Code and Article 6, letters b) and c) of the GDPR), the Data Controller may communicate your data for the purposes referred to in Article 2 to Supervisory Bodies, Judicial Authorities and insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the accomplishment of said purposes. These subjects will process data in their capacity as independent data processing managers.
Your data will not be divulged.


6. Security
Data are stored and checked by adopting appropriate preventive security measures designed to minimise risks of loss and destruction and unauthorized access, as well as processing that is not permitted or different from the purposes for which processing is intended to be carried out.

7. Data transfer
The management and storage of personal data will essentially take place within the European Union.

8. Rights of data subjects
As a data subject, you have rights pursuant to Article 15 of the GDPR and specifically the right to:

  • obtain confirmation about the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form;

  • obtain indications: a) of the origin of personal data; b) of processing purposes and methods; c) of the logic applied in the event of processing carried out with electronic instruments; d) of identification details of the Data Controller and data processing managers;

  • get: a) updating, correction or integration of data; b) cancellation, conversion into anonymous form or blocking of data processed unlawfully, including data which is not necessary for the purposes for which data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, even as regards their content, to those to whom data have been communicated or divulged, except in the case where such fulfilment proves to be impossible or involves the use of means manifestly disproportionate to the protected right;

  • oppose in whole or in part, for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection. Where applicable, you also have the rights referred to in Articles 16-21 of the GDPR (Right of rectification, right to be forgotten/erasure, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Data Protection Authority.

9. How to exercise rights
You can exercise your rights at any time by sending a communication:
1. by e-mail to:;
2. or by registered letter with confirmation of receipt to: G.V.T. IMBALLAGGI METALLICI SRL, Via G. Mameli 32, 20021 Bollate MI, ITALY.

10. Data Controller, manager and appointed persons
The updated list of data processing managers and appointed persons is kept and can be consulted at the Data Controller's head offices.