Privacy Policy

The company U. DEL CORONA & SCARDIGLI S.R.L, with registered office in Livorno (LI) – 57123 – Italy, scali D'Azeglio n. 32, in its status of Data Controller, in the person of its pro tempore legal representative, hereby informs the data subjects on the aims and procedures associated with the processing of their personal data collected, the scope of their communication and diffusion, and the nature of the data conferral.

Pursuant to and by effect of the Italian and European regulations concerning personal data protection [by which is meant Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free circulation of said data (GDPR), (Italian) Legislative Decree no. 196/2003, and any other personal data protection regulation applicable in Italy, including provisions of the Italian Data Protection Authority], hereinafter referred to, for brevity, as the “Privacy Regulation”, the company U. DEL CORONA & SCARDIGLI S.R.L intends to fulfil the obligation stated under Art. 13 of the GDPR through the issue of the disclosure to customers and suppliers. This disclosure can be consulted on the company’s website recalled in the electronic correspondence.

The Data Controller collects and/or receives the information concerning you, namely:

name, surname
date of birth
telephone number
e-mail address
tax no.
bank and economic details;
(for customers only) computer-related data, for example: login credentials, IP address, etc., collected
through the “Tracking” function and the My SDB reserved area present on the Controller’s website.

The above data will be processed for fulfilling pre-contractual, contractual and legal obligations associated with the current relationship, and in particular for managing orders, procuring goods or services, including professional services, and other activities such as archiving, invoicing and processing, in full conformity to the principles of fairness and lawfulness of the data processing and in accordance with the law.
The obligations bearing on the Data Controller in relation to the contract and the specific regulations governing it include, among others, bookkeeping duties.

(for customers only) Your personal data will also be processed for preventing fraud, including contractual fraud. Lastly, your data (namely your fixed-line or mobile telephone number) will be processed for providing assistance on the services governed by the contract and for sending specific communications and information pertaining to the contractual obligations or deadlines, the method used to provide the service or any operating requirements of the company. This without prejudice to the principles of necessity, relevance and non-exceedance.
Your personal data acquired through the “Tracking” function present at the following link and the My SDB reserved area will be processed to allow you to use the services offered by the Data Controller through the website and to access the online portal to track your shipment. Moreover, your personal data will be processed in a strictly necessary and proportional measure for guaranteeing the security of a network or server connected to it and its ability to withstand a given security-related incident, unforeseen events or unlawful or malicious deeds that undermine the authenticity, integrity and confidentiality of the personal data stored or transmitted. For these aims, the Data Controller applies procedures for managing personal data breaches.

The data will be processed through IT procedures or even digital or hard copy instruments by specifically authorised internal subjects. The data is stored in printed, computerised and electronic archives and is protected by the minimum security measures envisaged by the law.

The personal data will not be diffused, sold or exchanged with third parties without the data subject’s express consent. The data may be communicated to: companies belonging to the SDB Group, insurance brokers and banks, agents, Q&A auditors, NPOs, security firms, providers of IT services and HW and SW assistance and maintenance services. In such case, the third parties shall use the data in full conformity to the principal of fairness and to the applicable regulations. The personal data will be accessible to employees, collaborators and consultants of the Data Controller specifically authorised to process it.

The data is stored in hard copy, computerised and electronic archives located within the European Economic Area, and is protected by specific security measures. To fulfil the above-mentioned purposes, the personal data may be transferred to companies of the Group located abroad.

These transfers will be made under the following guarantees:

arrangement of standard contractual clauses aimed at ensuring adequate guarantees, also with regard to the rights of data subjects concerning the transfer of their personal data to non-EU countries.
adequacy decision of the European Commission pursuant to Art. 45 of Regulation (EU) 2016/679.
You may request the list of non-EEA countries by sending an e-mail to

Pursuant to Arts. 15 and subsequent of the GDPR, the data subject may exercise the following specific rights:
1) right to obtain confirmation as to whether or not personal data concerning him or her are being processed;
2) right of access to personal data and to the following information (purposes for which personal data is processed, data categories, data recipients, the storage period, etc.);
3) right to request the rectification or limitation of the data processing;
4) right to obtain the erasure of the personal data on justified grounds;
5) the right to submit claims to the supervisory authority.
The reasons pertaining to your specific situation, you can at any time oppose the processing of your personal data if this is grounded on legitimate interest.
You are entitled to obtain the erasure of your personal data if there is no prevalent legitimate reason with respect to that which gave rise to your request.
In order to allow you to exercise the rights pursuant to the Privacy Regulation, the Data Controller makes available the following address:

The Data Controller is U. DEL CORONA & SCARDIGLI S.R.L, with registered office in Scandicci (FI) – Italy (50018), Via del Botteghino n. 24/26.

The personal data will be stored by the Data Controller in full conformity to the principles of necessity, minimisation and limitation of storage, by adopting the technical and organisational measures adequate to the level of risk of the data processing, for the time strictly required in relation to the contractual relationship and, subsequently, for fulfilling all the legal obligations connected to or deriving from the contract and up to ten years after its termination (Art. 2946 of the Italian Civil Code) or from when the rights that depend on it can be exercised (pursuant to Art. 2935 of the Italian Civil Code); and for fulfilling obligations (e.g. tax and accounting) that remain even after the termination of the contract (Art. 2220 of the Italian Civil Code), for which the Data Controller must store only the data required for their fulfilment.
(for customers only) The computer data collected through the “Tracking” function and the My SDB reserved area (login, IP address) will be stored up to 30 days.
This term shall not apply if the rights deriving from the contract are asserted in the courts, in which case your data – only that necessary for these aims – shall be processed for the time strictly necessary for fulfilling these aims.

The conferral of the above-mentioned data is necessary and your refusal to provide it shall prevent the Data Controller from fully performing all activities that are necessary or functional to the relationship and fulfilling all the obligations related to latter.
The data processing activities performed by the Data Controller for the above-mentioned aims relate to the execution of the contractual relations and the fulfilment of the legal obligations bearing on the Data Controller.