Privacy policy


Data treatment holder

With reference to art. 13 of the European Regulation (EU) 2016/679 (hereinafter GDPR) we declare that the data controller is C.M.G. Macchine S.r.l., p. VAT IT02720780234, based in Villafranca di Verona (Vr) – Via Lussemburgo n. 5, Tel (+39), Fax (+39), mail:, pec: (the “Owner”).

We inform you that the Data Controller provides for the protection of data subjects with respect to the processing of personal data and that this treatment will be based on the principles of lawfulness (Article 6), the conditions for consent (Article 7), transparency (Article 12) and to the protection of your privacy and your rights.

Purpose and legal basis of the processing

The Owner collects information in the following cases:

  • Respond to your requests for a quote or for information relating to an ongoing contract.
    Contractual purpose: execution of a contract of which you are a party.
  • Fulfill obligations established by regulations and by applicable national and supranational legislation.
    Legal obligations: need to fulfill legal obligations.
  • If necessary, to ascertain, exercise or defend the rights of the Data Controller in court.
    Rights of the owner: legitimate interest.
  • View the web pages and take advantage of any services offered within the site (hereinafter: the Site).
    Operation of the site: legitimate interest.
  • Send advertising and information material, carry out direct sales or placement of products or services, send commercial information, make interactive commercial communications.
    Promotional and marketing purposes: your explicit consent.

Categories of data processed

  • Identification data (name, surname, company region, address / registered office)
  • Contact details (email, telephone, fax)
  • Other data related to the requested service

Methods of processing

Your data will be used by the staff assigned to carry out the requested service using IT tools and / or through manual processing by means of paper archives. Each treatment takes place in compliance with the procedures set out in art. 6 and 32 of the GDPR and by adopting the appropriate security measures provided. We are aware that the security of the processed data is important, therefore we have put in place the necessary administrative, technical and physical controls for a reasonable control of your data.

Data security

Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in compliance with the principle of necessity and proportionality, avoiding the processing of personal data if the operations can be carried out through the use of data. anonymously or by other means. We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access but please do not forget that it is essential for the security of your data that your device is equipped with tools such as constantly updated antivirus and that the provider that provides you with the Internet connection guarantees the secure transmission of data through firewalls, spam filters and similar safeguards.


The data may be processed by external parties operating as owners such as, by way of example, supervisory and control authorities and bodies and in general subjects, public or private, entitled to request the data, as well as persons, companies, associations or professional firms. who provide assistance and advice. The data may also be processed, on behalf of the Data Controller, by external parties designated as data processors pursuant to art. 28 of the GDPR, to which adequate operating instructions are given. These subjects are essentially included in the following categories:

  • companies that offer website and information systems maintenance services;
  • companies that carry out management and maintenance services of the Data Controller’s database.


Personal data will not be disclosed, but may possibly be transmitted to Public Authorities who make an express request to the Data Controller for administrative or institutional purposes, in accordance with the provisions of current national and European legislation.

Right to the interested party (articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR)

Under certain conditions, you have the right to ask the Data Controller:

  • access to your personal data,
  • a copy of the personal data you have provided us (so-called portability),
  • the correction of the data in our possession,
  • the cancellation of any data for which we no longer have any legal basis for processing,
  • opposition to processing where required by applicable law
  • the withdrawal of your consent, in the event that the processing is based on consent;
  • the limitation of the way in which we process your personal data, within the limits established by the legislation for the protection of personal data.

Should you wish to lodge a complaint pursuant to art. 77 GDPR to the competent supervisory authority based on your habitual residence, place of work or place of violation of your rights; for Italy, the Guarantor for the protection of personal data is competent, who can be contacted via the contact details shown on the website
The exercise of these rights is subject to some exceptions aimed at safeguarding the public interest (for example the prevention or identification of crimes) and our interests (for example the maintenance of professional secrecy). In the event that you exercise any of the aforementioned rights, it will be our responsibility to verify that you are entitled to exercise it and we will reply to you.

Data retention

  • Contractual purpose and legal obligations: for the entire duration of the contract and, after termination, for 10 years.
  • Rights of the owner: in the case of legal disputes, for the entire duration of the same, until the end of the terms of enforceability of the appeals.
  • Operation of the site: for the entire duration of the browsing session on the site.
  • Promotional and marketing purposes: 12 months from the end of the contractual relationship.

Once the retention terms indicated above have elapsed, your personal data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures.