Privacy Policy

Terms & Conditions

Privacy Policy


Need help?


+39 030 2808776

Mon-Fri 9:00 - 18:00 (CEST)

Privacy policy for visitors to the website

This privacy policy describes the management of the website in relation to the processing of users' personal data, regardless of whether it is followed by the purchase of services and/or products offered through the website.

The policy only applies to the aforementioned website and not to other websites that the user might visit through relevant links; the presence of these links is not a recommendation or advice to access and browse these websites, nor is it a guarantee regarding their contents or the goods or services supplied by them to Internet users.

This document is intended as an integral part of the website's general terms and conditions of use, as they also contain information on the website's privacy and security systems.

Giravolt srl guarantees compliance with legislation on the protection of personal data (Legislative Decree 196/03 and Regulation (EU) 2016/679).

Users are therefore invited to read this Privacy Policy carefully before submitting any personal information and/or completing any electronic forms on the website.

Data Controller

Giravolt srl (Taxpayer’s ID code:03656300989) with registered offices in No. 1 Via della Spiga, Milano (MI) email address:, are the Data Controller of personal data. In addition, any partner sites that take part in data processing activities on their own from time to time can take on the role of independent data controllers.

The Controller decides the purposes and methods of data processing and also the tools to be used in relation to data security.

Data subject to processing

1) Browsing data

During their normal operation, the computer systems and software procedures used to operate this website acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information, by its nature, could allow the identification of users/visitors through the association and processing with data held by third parties.

However, website contact data is not stored for more than seven days, except in the event of an investigation of IT offences against the website.

No data deriving from the website service will be communicated or disseminated except as outlined in this policy.

2) Data provided voluntarily by users/visitors

If users/visitors connecting to this website send their personal data to access certain services, or to make requests by email, they must be aware that this involves the Controller acquiring the sender's address and/or any other personal data that will be processed exclusively to respond to their request, or for the service provision.

In particular, as part of the product purchasing process on the Website, Personal Data (such as personal residency data, email address, postal address, credit card number and bank details, telephone number) will be collected through the product order form.

Personal data provided by users/visitors will only be communicated to third parties if it is necessary to comply with the users/visitors' requests or for legal obligations (as in the case of billing).

Personal data will be stored in a format that allows us to identify the user only for the period strictly necessary for the purpose for which the data was collected and subsequently processed and, in any event, within the limits of the law.

3) Cookies

In addition to the data expressly provided to the Controller, other data may be collected through website browsing: when the user accesses the website it can send a "cookie" to the user. A "cookie" is a small text file that the website can automatically send to the user's device when they view our website pages. "Cookies" are used to make browsing easier, as well as to obtain information on the individual user's navigation of the website and to allow some services to be provided that require the user's path to be identified through different pages of the website. When the website is accessed, regardless of the presence of a "cookie", it records the type of browser (e.g., Internet explorer, chrome, Firefox), the operating system (e.g., Windows, macOS) and the user-browser's host and URL of origin, in addition to the data on page requested. This data may be used in aggregate and anonymous form for the statistical analysis of the website's use. For complete information about cookie management, see the "cookie policy" page of this website.

Processing methods

The processing of your personal data is carried out through the methods listed in Article 4(2) of European Regulation No. 679/2016.

In particular, processing is carried out with IT tools (e.g. using electronic procedures and support) and/or manually (e.g. on paper) for the time strictly necessary for the purposes for which the data was collected and in any event, in compliance with current regulations in force.


In addition to those stated in the information given before completing forms on the different sections of the website. the purposes of the processing carried out by the Data Controller must be understood as: the collection, storage and processing of data for the purposes of establishing, and the administrative management of, the contractual relationship for the provision of the service offered on the website and/or to ensure successful completion of purchases made; the use of the user's personal data (in particular their email address) for communications relating to the performance of the established contractual relationship; the processing of provided personal data and that collected from website browsing to provide a service consistent with the information transmitted during the service use; the data collection, storage and processing to perform an anonymous and/or aggregate statistical analysis; the purposes that allow us to carry out our activities, such as offering personalised contents for newsletter services; the communication of commercial information on future initiatives, new product or service announcements; for market research, statistical and economic analysis; to send advertising or promotional material, and to run competitions with prizes and/or promotional initiatives in general.

Legal basis

The legal basis for the processing of customer data carried out by the Controller through the website identified in the introduction is the contract entered into with Data subjects. Your personal data is processed for the execution of the contract and to fulfil pre-contractual, contractual and tax obligations arising from our relationship with you and any further obligations required by law.

A further legal basis is provided by the rights expressly provided for by European Regulation No. 679/2016 in favour of the Data Controller and in the legitimate interest of the Controller under Article 41 of the Italian constitution for freedom of private economic initiative. Consent in a specific form will be requested for additional purposes that require consent and must also be considered a valid legal basis.

Your personal data is only processed for marketing purposes (e.g. sending you advertising material) with your specific and distinct consent.


In addition to the Controller, in some cases, categories of processors and authorised parties involved in the company's Website organisation (administrative, commercial, marketing, legal, system administrators) may have access to the data. Furthermore, the Controller may use external parties (such as third-party technical service providers, carriers, hosting providers, cloud services, IT companies, communication agencies) who may be appointed as external processors.

For exclusively organisational and functional needs, external processors have been appointed to process Website users' personal data, for purposes strictly connected and related to the provision of services on the Website, including product sales. These processors were selected because they demonstrated their ability, experience and reliability, and provide a suitable guarantee of full compliance with the current provisions on the processing of personal data, including data security. The Data Processors process the personal data of Website users according to Giravolt srl.'s instructions.

For a complete list of the processors in charge of processing users' data, please contact Customer Services or send an email to the Controller at the address indicated above.

Giravolt srl may also process third party personal data communicated directly by users to Giravolt srl (e.g., when a user wants to recommend a service or product for sale on the Website to a friend or if the user purchases a product to be delivered to a friend or when the subject paying for the product is different from the person to whom the product is shipped).

In this event, Giravolt srl will, within the limits of the law in force, comply with the disclosure obligation to the reported user and, where necessary, will ask for their express consent when registering their personal data on its systems.

Personal data may be made available to third parties who process data independently to execute the contract for the purchase of products on the Website and only if that purpose is not incompatible with those for which the data was collected and subsequently processed and, in any event, in compliance with the law.

Except as otherwise provided herein, users' personal data will not be disclosed to third parties for purposes not permitted by law or without their express consent.

Transfer to a Third country

For the services offered by the website, the Controller uses servers located in Italy and therefore, on the basis of Regulation (EU) 2016/679 they are considered as being within the EU. The data processed by the Controller will never be disclosed.

Place of data processing

The processing related to this website's services takes place at the aforementioned registered office of the Controller and is only handled by the office's technical staff in charge of processing. Where necessary, data related to the newsletter service may be processed by the staff of the company who manage the Data Centre (responsible for processing according to Article 28 of Regulation (EU) 2016/679), at the registered office of the company.

Time and place of data retention

Data is processed for the contract duration and for the period necessary for the performance of the service requested by the user and then destroyed by secure means. It is also kept for as long as the Controller is subject to retention obligations for tax purposes or other purposes provided for by law or regulation.

Optional or mandatory data provision

Apart from navigation data that is automatically acquired as specified, users/visitors are free to provide their personal data or not. Failure to provide such data may only result in not being able to provide the requested service if the required consent is necessary for the provision of the service.

Rights of Data Subjects

Data subjects to whom personal data refers have the right under the GDPR (articles 12-23 of Regulation (EU) 2016/79) to obtain at any time confirmation of the existence or not of the data and to be informed about its content and origin, verify its accuracy or request its integration, updating, or rectification.

In relation to the processing of the aforementioned data, the customer has the right to obtain from the Controller:

1. the confirmation of what personal data is held about you, its communication in an intelligible form and information about its origin, as well as the rational for the processing;

2. the erasure, within a reasonable time, of your data, its conversion into an anonymous format or its deletion where it was processed unlawfully;

3. the updating of data, its rectification or, if interested, its integration;

4. confirmation that the requested actions referred to in points 2) and 3) have been brought to the attention of those to whom the personal data has been communicated, provided this is not impossible or does not involve a disproportionate use of resources.

5. The customer also has the right to the rectification or erasure of data concerning them to restrict its processing.

6. The customer has the right to revoke their consent related to optional processing which is not connected to the execution of the contract signed with the Controller.

7. The customer also has the right to object to the processing of their personal data even if collected on the grounds of legitimate interest, to ask for its portability, to exercise the right to be forgotten and to contact the competent supervisory authority for the protection of personal data for any violation they believe has taken place. In Italy the supervisory authority is the Italian Data Protection Authority, who can be contacted by email at:, by fax: 06 696771, or by post, to the Italian Data Protection Authority, with registered offices in Rome (Italy), Piazza Venezia No. 11, Postcode 00187, PEC (Certified email address):

To exercise their rights, data subjects can contact the Controller at the address given above


Giravolt srl has adopted security measures to minimise the risk of destruction or loss, including accidental, of the data itself, unauthorised access or processing which is not permitted or compliant with the collection purposes outlined in this Privacy Policy.

However, since we cannot guarantee that the security measures adopted for the Website, and the transmission of data and information on the Website itself, limit or prevent all risks of unauthorised access or data loss, we invite you the user to ensure your computer has up-to-date anti-virus software for the protection of uploaded or downloaded data, and that your Internet service provider has suitable firewalls and anti-spam filters for the security of internet data transmission.

No automated decision-making is carried out on the aggregated data collected, other than that for better website management.

Final clauses

In consideration of the evolving nature of legislation relating to the protection of personal data, we inform you that this privacy policy may be subject to amendments.