WEBSITE PRIVACY POLICY
Information pursuant to Article 13 of Regulation (EU) 2016/679
Website
www.marmilame.com
Last update
April 10, 2026
This notice describes how MARMILAME S.r.l. processes the personal data of users who consult the website www.marmilame.com and use its contact channels. The website is mainly informational and serves as a commercial showcase; at present, it is not intended for the creation of public user accounts nor for direct online sales.
This notice applies exclusively to the MARMILAME website. Third-party websites, platforms, and services that may be accessed through links on this website—including the site dedicated to the LITEST1 project and any corporate Instagram profile—are subject to their respective privacy policies.
1. Data Controller
The data controller is MARMILAME S.r.l., with registered office at Via Dorsale n. 54, 54100 Massa (MS), VAT no. 00061200457, contactable at the e-mail address info@marmilame.com.
2. Scope of application
This policy applies to the processing of personal data carried out through the pages of the website www.marmilame.com. It does not extend to processing carried out through external websites or services, even if accessible via links, buttons, or hyperlinks on the site.
Should the Data Controller activate new digital features in the future—such as restricted areas, sections dedicated to structured commercial requests, newsletters, or additional promotional tools—this notice will be updated or supplemented with specific information where necessary.
3. Categories of data processed
a) Browsing data. The IT systems and software procedures used to operate the website acquire, during their normal functioning, certain data whose transmission is implicit in the use of Internet protocols. This category includes, by way of example, IP addresses or domain names of the devices used, identifiers of requested resources, information on server responses, date and time of the request, and other technical parameters relating to the user’s operating system and IT environment.
b) Data voluntarily provided by the user. The Data Controller processes data entered into contact forms on the website or transmitted spontaneously via e-mail, phone, or other channels indicated on the site. Depending on the request, such data may include identification and contact details, information on geographical origin, company data, and any additional content included in the message sent by the data subject.
c) Data relating to cookie preferences. The website may process information relating to user preferences regarding cookies and other tracking tools, within the limits and according to the methods described in the Cookie Policy and the related preference management banner.
4. Purposes of processing and legal bases
Personal data are processed for specific, explicit, and legitimate purposes. In particular:
Purposes
Legal basis
- To enable browsing, technical use of the website, infrastructure management, prevention of misuse, and system security.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Data Controller in the proper functioning and security of the website). - To manage requests sent by the user via contact forms, email, or other contact details, and to provide the requested response, including for pre-contractual measures.
Legal basis: Art. 6(1)(b) GDPR, where processing is necessary for the performance of pre-contractual measures taken at the request of the data subject; residually, Art. 6(1)(f) GDPR for the management of general communications. - To comply with legal obligations, requests from authorities, administrative and accounting obligations, and to establish, exercise, or defend a legal claim.
Legal basis: Art. 6(1)(c) and (f) GDPR. - To manage preferences relating to cookies and tracking tools and, where required, collect and document user consent.
Legal basis: - Legal basis: Art. 6(1)(c) GDPR in conjunction with Art. 122 of Legislative Decree 196/2003, as well as the data subject’s consent for non-technical tools where required.
5. Nature of data provision
Providing browsing data is necessary for the technical use of the website. Providing data requested in contact forms or communications is optional; however, failure to provide necessary data may prevent the Data Controller from properly handling the request.
Users are invited not to transmit excessive data and, in particular, not to include special categories of data pursuant to Art. 9 GDPR, unless strictly necessary and justified.
6. Processing methods and security measures
Processing is carried out using paper, IT, and telematic tools, in accordance with the stated purposes and in compliance with the principles of lawfulness, fairness, transparency, minimization, accuracy, integrity, confidentiality, and storage limitation.
The Data Controller adopts appropriate technical and organizational measures pursuant to Art. 32 GDPR to prevent data loss, unlawful use, unauthorized access, alteration, and improper disclosure.
7. Recipients of personal data
Data may be processed by authorized internal personnel and external parties involved in website management, such as hosting providers, cloud service providers, developers, maintenance providers, e-mail providers, consultants, and IT security service providers.
These parties act either as independent controllers or as data processors appointed under Art. 28 GDPR. The updated list can be requested from the Data Controller.
8. Data transfer outside the EEA
If certain providers use infrastructure located outside the European Economic Area, data transfers will be carried out in compliance with Chapter V GDPR, using adequacy decisions, standard contractual clauses, or other appropriate safeguards.
9. Data retention
Personal data are retained for no longer than necessary to achieve the purposes for which they were collected, considering legal obligations and the need to protect the Data Controller’s rights.
Contact data are retained for the time needed to manage the request and thereafter in line with legal obligations and protection needs. Technical logs are retained for periods proportionate to operational and security purposes.
10. Cookies and tracking tools
The website may use technical cookies and, where implemented, other tracking tools. Technical cookies necessary for operation and security may be used without prior consent.
Non-technical cookies (analytics, profiling, advertising) require prior user consent where applicable.
For full details, users should refer to the Cookie Policy and the cookie banner.
11. Links to third-party sites
The website may include links to external resources such as LITEST1 pages and social media profiles. The Data Controller is not responsible for data processing carried out by third parties.
12. Processing of minors’ data
The website is not specifically intended for minors. Where applicable, Art. 8 GDPR and Italian law provisions apply.
13. Data subject rights
Users have the rights provided under Articles 15–22 GDPR, including access, rectification, erasure, restriction, portability, and objection.
Consent can be withdrawn at any time. Requests can be sent to the Data Controller.
14. Complaint to supervisory authority
Users have the right to lodge a complaint with the Italian Data Protection Authority and seek judicial remedies.
15. Updates
The Data Controller may update this policy. The updated version will be published on this page.
Key legal references
This notice is based on Regulation (EU) 2016/679, Articles 13 and 15–22, Legislative Decree 196/2003, and the Italian Data Protection Authority guidelines of June 10, 2021.