Last updated: 29/06/2026
Publication page: https://baretti.it/privacy
This Privacy Policy describes how Baretti Mefe S.r.l. processes personal data of website users, customers, suppliers, potential customers/leads and other parties interacting with the company.
This notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree no. 196/2003, as subsequently amended and supplemented.
1. Data Controller
The Data Controller is:
Baretti Mefe S.r.l.
S.S. Paullese Km 18.415
26016 Spino d'Adda (CR) - Italy
Tax Code and VAT No.: 00828620963
Telephone: +39 0373 96701
General email: info@baretti.it
Privacy email: privacy@baretti.it
2. Categories of personal data processed
Depending on the relationship or request received, Baretti Mefe S.r.l. may process the following categories of personal data:
- identification and contact data, such as name, surname, company name, business role, address, email address and telephone number;
- administrative, accounting, tax and contractual data required for customer and supplier management;
- data included in requests sent by email, contact forms, requests for quotation, commercial or technical communications;
- browsing data technically required for the operation of the website, such as IP addresses, technical logs, browser identifiers and information relating to access to pages;
- any data voluntarily provided by the user in communications with the company.
The company does not request special categories of personal data pursuant to Article 9 GDPR through the website. If the user voluntarily provides such data, it will be processed only where strictly necessary to manage the request received.
3. Purposes and legal bases of processing
Personal data may be processed for the following purposes:
3.1 Management of requests, pre-contractual and contractual relationships
Data may be processed to reply to information requests, technical requests, requests for quotation, orders, supplies, after-sales assistance, warranties and for the definition, management and execution of contractual relationships.
Legal basis: performance of a contract or pre-contractual measures pursuant to Article 6(1)(b) GDPR.
3.2 Administrative, accounting, tax and legal obligations
Data may be processed to comply with administrative, accounting, civil, tax, regulatory obligations and possible checks by public authorities or other entitled parties.
Legal basis: compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.
3.3 Operational and commercial management of the relationship
Data may be processed for the administrative, technical, organizational and, where relevant, commercial management of the relationship with customers, suppliers or business contacts.
Legal basis: performance of a contract, pre-contractual measures and legitimate interest of the Data Controller pursuant to Article 6(1)(b) and (f) GDPR.
3.4 Fraud prevention and protection of rights
Data may be processed to prevent fraud, abuse, unlawful use of the website or company services and to establish, exercise or defend a right in judicial or extrajudicial proceedings.
Legal basis: legitimate interest of the Data Controller pursuant to Article 6(1)(f) GDPR.
3.5 Commercial communications and direct marketing to customers
Baretti Mefe S.r.l. may send commercial communications, newsletters or information and advertising material to its customers relating to products and services similar to those already supplied, within the limits permitted by applicable law and unless the data subject objects.
Legal basis: legitimate interest of the Data Controller pursuant to Article 6(1)(f) GDPR.
3.6 Commercial communications to potential customers and leads
Baretti Mefe S.r.l. may send commercial communications, newsletters or information and advertising material to potential customers and leads only after obtaining the data subject's consent, where required by applicable law.
Legal basis: consent of the data subject pursuant to Article 6(1)(a) GDPR.
4. Processing methods
The processing of personal data may include the operations of collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data.
Processing may be carried out using paper-based, IT and telematic tools, in accordance with the principles of lawfulness, fairness, transparency, minimization, integrity and confidentiality. Baretti Mefe S.r.l. adopts appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction or unlawful disclosure.
5. Provision of data
The provision of data required to reply to requests, perform contracts or comply with legal obligations is necessary. Failure to provide such data may prevent the company from replying to the request, establishing or continuing the contractual relationship, providing goods or services, or complying with legal obligations.
The provision of data for consent-based marketing purposes is optional. Refusal to provide consent does not affect contractual relationships or the management of the main requests.
6. Data retention period
Baretti Mefe S.r.l. retains personal data for the time strictly necessary to achieve the purposes for which it was collected and thereafter for the periods provided for by law or necessary to protect the rights of the Data Controller.
| Data category | Retention period |
|---|---|
| Customers | 10 years |
| Suppliers | 10 years |
| Employees/collaborators, where applicable | 10 years |
| Potential customers/leads | 24 months |
| Technical website browsing data | for the technical time necessary for website operation and security, without prejudice to further legal obligations or investigation needs |
7. Recipients of personal data
Personal data may be disclosed, within the limits necessary for the purposes indicated, to the following categories of recipients:
- data processing centers, IT suppliers, hosting providers, service companies and parties supporting company operations;
- credit institutions, financial companies, parties in charge of transport, delivery, logistics and correspondence management;
- tax, administrative and legal consultants, auditors, technical consultants and parties responsible for debt collection;
- public and private bodies, authorities, supervisory bodies or entitled parties, where required by law, regulations or orders of an authority;
- external parties carrying out technical assistance, warranty, installation, maintenance or supply of goods and services on behalf of the company.
Parties processing personal data on behalf of Baretti Mefe S.r.l. are appointed, where necessary, as Data Processors pursuant to Article 28 GDPR. Personal data is not subject to indiscriminate dissemination.
8. Transfers of data outside the European Economic Area
For operational or technical needs, some suppliers or services may involve the transfer of personal data to countries located outside the European Economic Area. In such cases, Baretti Mefe S.r.l. ensures that the transfer takes place in compliance with Articles 44 et seq. GDPR, on the basis of adequacy decisions, standard contractual clauses or other safeguards provided for by applicable law.
9. Cookies and tracking technologies
The website may use technical cookies necessary for the proper operation of pages and browsing security. Any analytical cookies, tracking tools or third-party services, if present, must be described in the relevant Cookie Policy and managed through consent tools compliant with applicable law.
10. Automated decision-making
For the purposes set out in this Privacy Policy, Baretti Mefe S.r.l. does not use automated decision-making processes that produce legal effects concerning the data subject or similarly significantly affect him or her.
11. Rights of the data subject
The data subject may exercise the rights provided for by Articles 15, 16, 17, 18, 19, 20 and 21 GDPR, including:
- right of access to personal data;
- right to rectification of inaccurate data or completion of incomplete data;
- right to erasure of data, in the cases provided for by law;
- right to restriction of processing;
- right to data portability, where applicable;
- right to object to processing, including processing for direct marketing purposes;
- right to withdraw consent, without affecting the lawfulness of processing based on consent before its withdrawal.
The data subject is invited to promptly communicate any corrections, additions or updates to his or her personal data.
12. How to exercise rights
To exercise his or her rights, the data subject may contact Baretti Mefe S.r.l. by:
- registered letter with return receipt addressed to Baretti Mefe S.r.l. - S.S. Paullese Km 18.415 - 26016 Spino d'Adda (CR) - Italy;
- email to privacy@baretti.it.
The data subject also has the right to lodge a complaint with the Italian Data Protection Authority - Garante per la protezione dei dati personali, based at Piazza Venezia 11 - 00187 Rome, email protocollo@gpdp.it, certified email protocollo@pec.gpdp.it, according to the procedures indicated by the Authority.
13. Updates to this Privacy Policy
Baretti Mefe S.r.l. may update this Privacy Policy to reflect regulatory, technical, organizational or service changes. The updated version will be published on this page.
