As required by Article 13 of the General Data Protection Regulation of the European Union No. 2016/679 ("GDPR"), before proceeding with the processing, the Data Subject is informed that their personal data, voluntarily provided when sending messages via the form published on the website https://www.montagnasrl.com/ within the "Contact Us" section, are subject to processing by the Company through manual, computerized, and/or telematic tools, for the purposes indicated in this notice.

To this end, the Data Subject is provided with this Notice prepared by F.lli Montagna Srl (hereinafter also referred to as "the Company" or "the Data Controller").

Data Controller

The Data Controller is F.lli Montagna Srl, with registered office at Via A. De Gasperi, 1 - 36073 - Cornedo Vicentino (VI) – ITALIA - P.IVA: IT01245950249 mail: This email address is being protected from spambots. You need JavaScript enabled to view it..

Processing Information

Personal data subject to processing is collected directly by the Company or by third parties expressly authorized by it, or communicated by the Company to such third parties for the pursuit of the purposes described below.

Legal Basis and Purpose of Processing

The legal basis for processing is the consent given by the Data Subject.

The provision of personal data through the optional, explicit, and voluntary sending of messages, forwarded through the "Contact Us" area, involves the acquisition of the sender's contact details, necessary to respond to and follow up on requests for information and/or clarifications, as well as all personal data included in the communications.

Nature of Processing

The provision of personal data is mandatory for the achievement of the purposes pursued; therefore, refusal to provide personal data will result in the inability of the Data Controller to fulfill the Data Subject's requests.

Personal Data Processed

The personal data processed by the Data Controller are those provided by the user when sending messages through the "Contact Us" area, such as, for example, name, surname, email address, as well as personal data included in the communications.

Processing Methods

Processing will take place in accordance with what is provided for in Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the Regulation. In particular, the data will be processed lawfully, fairly, and transparently towards the data subject, collected for specified, explicit, and legitimate purposes, as well as adequate, relevant, and limited to what is necessary with respect to the purposes for which they are processed. Processing may also be carried out through automated tools designed to store, manage, or transmit the data themselves and will be carried out in compliance with the Regulation, as well as according to the provisions of the current legislation.

Data Retention Period

The provided data will be kept for a strictly necessary period to achieve the purposes for which they are processed and related to the type of request made, in particular, for a period of 24 months, after which they will be destroyed.

Recipients and Data Processors

The data collected will not be disseminated in any way but will be processed within the limits and for the purposes described by the Company's employees based on adequate operational instructions. Some data processing may also be carried out by third parties, appointed Data Processors, whom the Data Controller relies on or may rely on for the provision of the services offered and for organizational needs of its business (e.g., for technological maintenance needs of the website). The updated list of Data Processors and authorized data processors is kept at the Data Controller's registered office and is available to the Data Subject upon request.

Data Transfer Abroad

The management and storage of personal data will take place on servers of the Data Controller and/or third-party companies duly appointed as Data Processors. Currently, the servers are located in Italy, but it is understood that the Data Controller, if necessary, has the right to move the server location within the European Union and/or to non-EU countries. Considering that the personal data processed may be subject to transfer outside the European Union, the Data Controller hereby ensures that the extra-EU transfer will take place in accordance with Articles 44 et seq. of the Regulation and the applicable legal provisions by stipulating, if necessary, agreements ensuring an adequate level of protection. In particular, the Data Controller must ensure that adequate technical and organizational measures are put in place to ensure that the processing meets the requirements of the GDPR, that the rights of the data subjects are protected, that data transfers can be traced, and that appropriate security measures can be documented.

Rights of the Data Subjects

Under the Regulation, the Data Subject is entitled to the following rights:

A. Right to request from the Data Controller access to their personal data (Article 15). In particular, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, access to personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data involved;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f) the right to lodge a complaint with a supervisory authority (pursuant to Articles 77 et seq. of the Regulation);

g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4 of the Regulation, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject;

i) where personal data are transferred to a third country or to an international organization, the right to be informed of the appropriate safeguards pursuant to Article 46 of the Regulation relating to the transfer;

B. Right to rectification of personal data (Article 16);

C. Right to erasure – “right to be forgotten” (Article 17);

D. Right to restriction of processing (Article 18);

E. Right to data portability (Article 20);

F. Right to object (Article 21).

It is also noted that the Data Subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal, subject to the consequences indicated regarding any refusal to provide such personal data. The Data Controller undertakes to respond to the Data Subject's requests no later than one month from receipt. This term may be extended, for no more than two months, depending on the complexity or number of requests, and the Company will explain the reason for the extension within one month of receiving the request. Please note that if the Data Controller does not comply with the request, they are obliged to provide feedback to the Data Subject regarding the reasons for non-compliance and the possibility of lodging a complaint with a supervisory authority or judicial recourse within one month of receiving the request. The outcome of the request may be provided in writing or in electronic format. In the event of a request for rectification, erasure, or restriction of processing, the Data Controller undertakes to communicate the results of the requests received from the Data Subject to each of the recipients of their data, unless this proves impossible or involves disproportionate effort. The Company also informs that the Data Subject may be required to provide a contribution if the requests are manifestly unfounded, excessive, or repetitive; in this regard, the Data Controller will keep a register to track intervention requests.

For the purpose of exercising these rights, the Data Subject may send their requests directly to the Data Controller, by:

• sending an email to the address: This email address is being protected from spambots. You need JavaScript enabled to view it.

• sending a registered letter with return receipt to the address: Via A. De Gasperi, 1 - 36073 - Cornedo Vicentino (VI) – ITALIA

Changes to this Notice

The Data Controller reserves the right to make changes to this notice at any time by making it available to interested parties. Therefore, please consult this page frequently, using the date of the last modification indicated at the end of the document as a reference. In case of non-acceptance of the changes, the Data Subject may request the Data Controller to delete their personal data.

As required by Article 13 of the General Data Protection Regulation of the European Union No. 2016/679 ("GDPR" or "Regulation"), the Data Subject is informed that their personal data concerning, connected and/or instrumental to the execution of the sales contract may be processed as described below.

1. Data Controller

   The Data Controller is F.lli Montagna Srl, with registered office at Via A. De Gasperi, 1 - 36073 - Cornedo Vicentino (VI) – ITALIA - P.IVA: IT01245950249 mail: This email address is being protected from spambots. You need JavaScript enabled to view it. (hereinafter also referred to as "the Controller" or "the Company").

2. Processing Information

   Personal data subject to processing are collected directly by the Company or by third parties expressly authorized by it, or communicated by the Company to such third parties for the pursuit of the purposes described below.

3. Purposes and Legal Basis of Processing

   Your personal data, including personal and tax data, as well as the details of your bank account, will be processed (for the definition of 'processing', see Art. 4, par. 1, no. 2 of the Regulation) for purposes related to compliance with the current civil, tax, and tax regulatory provisions, as well as with the measures issued by the competent authorities, for activities related to the management of the contractual relationship in accordance with the current regulations, for the need to defend a right in court or in the appropriate places provided for by the current regulatory provisions. The legal basis for processing is identified in the establishment, execution, and possible termination of the sales contract entered into between you and the Company, and in the regulatory and contractual obligations connected to and/or directly and/or indirectly deriving from the same.

4. Processing Methods

   Processing will be carried out using tools suitable to ensure the security and confidentiality of the data, in compliance with what is provided for and in accordance with what is provided for in Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the Regulation. Processing may also be carried out through automated tools designed to store, manage, or transmit the data themselves. The Data Controller, upon written request by the data subject, will provide a copy of the personal data subject to processing. In case of further copies requested by the data subject, the Controller will charge a fee commensurate with administrative costs. The right to obtain a copy from the data subject must not prejudice the rights and freedoms of others.

5. Data Retention Period

   The data provided will be kept for the entire duration of the contract with the Company and, subsequently, for all the time necessary for purposes related to compliance with administrative-accounting, tax, fiscal, and civil law obligations.

6. Nature of Provision

   The provision of data for the purposes listed above is mandatory. The data acquired, the subject of this information, are essential for the completion of the contractual relationship and for the subsequent execution of the contractual relationship deriving therefrom. The possible refusal to provide the requested data and/or their inaccuracy could result in: a) compliance with current civil, tax, and tax regulatory provisions, as well as with the measures issued by the competent authorities; b) guarantee of the correct regulatory, technical, and economic management of the contractual relationship; c) action or defense of a right in court or in the appropriate places provided for by the current regulatory provisions.

7. Recipients of Personal Data

   For the purposes of Article 3 of this notice, the personal data subject to processing may be made accessible to the following subjects:

   • employees and collaborators of the Controller in their capacity as authorized data processors and/or system administrators;
   • third-party companies performing outsourcing activities on behalf of the Controller, in their capacity as External Data Processors (merely exemplificative and not exhaustive: credit institutions, professional firms, suppliers, consultants, insurance companies for the provision of insurance services for the strictly necessary time for the optimal execution of such service);
   • subjects entrusted with the maintenance and development of our information system, for the strictly necessary time for the optimal execution of such service.

   With specific reference to individuals, companies, associations, or professional firms that provide assistance and consultancy services or provide services to the Company, they will be appointed, by the Data Controller, External Data Processors for the processing of personal data pursuant to Article 28 of the GDPR, by means of a deed of appointment indicating the processing methods and security measures they must adopt for the management and retention of the Controller's personal data.

8. Data Communication

   Without your express consent (pursuant to art. 6 lett. b) and c) of the Regulation), the Controller may communicate your data for the purposes of art. 1 to supervisory bodies, judicial authorities, as well as to all other subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes.

9. Data Transfer

   The management and storage of personal data will take place on servers, located within the European Union, of the Controller and/or third-party companies appointed and duly nominated as Data Processors. Currently, the servers are located in Italy. The data will not be transferred outside the European Union. It is understood, however, that the Controller, if necessary, will have the right to move the location of the servers, in Italy, within the European Union and/or in non-EU countries. In such cases, the Controller hereby ensures that the transfer of data outside the EU will take place in compliance with Articles 44 et seq. of the Regulation and the applicable legal provisions, by stipulating, if necessary, agreements ensuring an adequate level of protection.

10. Rights of the Data Subject

    We inform you that with reference to the processed data you can exercise at any time the rights referred to in Articles 15, 16, 17, 18, 20, 21, and 22 of the Regulation. In particular, you have the right to obtain confirmation of the existence or not of data and in such case access to the same and to verify its accuracy. You also have the right to request the rectification, erasure, restriction of processing, portability of your data, as well as to object to the processing in whole or in part for legitimate reasons, to revoke your consent, if provided for, and to lodge a complaint with a Supervisory Authority.

11. Exercise of Rights

    For the purpose of exercising these rights, the Data Subject may send their requests directly to the Data Controller, by:

    • sending an email to the address: This email address is being protected from spambots. You need JavaScript enabled to view it.

    • sending a registered letter with return receipt to the address: Via A. De Gasperi, 1 - 36073 - Cornedo Vicentino (VI) – ITALIA

    The Data Controller undertakes to respond to your requests no later than one month from receipt. This term may be extended depending on the complexity or number of requests, and the Company will explain the reason for the extension within one month of your request. Please note that if the Data Controller does not comply with the request, they are obliged to provide feedback to the data subject regarding the reasons for non-compliance and the possibility of lodging a complaint with a supervisory authority or judicial recourse within one month of receiving the request. The outcome of your request may be provided to you in writing or in electronic format.

12. Changes to this Notice

    This notice may undergo changes. Therefore, it is advisable to regularly check this notice and refer to the most updated version.

As required by Article 13 of the General Data Protection Regulation of the European Union No. 2016/679 ("GDPR" or "Regulation"), the Data Subject is informed that their personal data relevant to, connected with, and/or instrumental to the execution of the supply contract may be subject to processing as described below.

1. Data Controller

   The Data Controller is F.lli Montagna Srl, with registered office at Via A. De Gasperi, 1 - 36073 - Cornedo Vicentino (VI) – ITALIA - P.IVA: IT01245950249 mail: This email address is being protected from spambots. You need JavaScript enabled to view it. (hereinafter also referred to as "the Controller" or "the Company").

2. Processing Information Personal data

   subject to processing are collected directly by the Company or by third parties expressly authorized by it, or communicated by the Company to such third parties for the pursuit of the purposes described below.

3. Purposes and Legal Basis of Processing

   Your personal data, including personal and tax data, as well as the details of your bank account, will be processed (for the definition of 'processing', see Art. 4, par. 1, no. 2 of the Regulation) for purposes related to compliance with current civil, tax, and tax regulatory provisions, as well as with the measures issued by the competent authorities, for activities related to the management of the contractual relationship in accordance with the current regulations, for the need to defend a right in court or in the appropriate places provided for by the current regulatory provisions. The legal basis for processing is identified in the establishment, execution, and possible termination of the supply contract entered into between you and the Company, and in the obligations connected to the same contract and/or directly and/or indirectly deriving from it.

4. Processing Methods

   Processing will be carried out using tools suitable to ensure the security and confidentiality of the data, as well as in compliance with what is provided for in Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the Regulation. Processing may also be carried out through automated tools designed to store, manage, or transmit the data themselves. The data provided will be kept for the entire duration of the contract with the Company and, subsequently, for all the time necessary for purposes related to compliance with administrative-accounting, tax, fiscal, and civil law obligations. The Controller, upon written request by the data subject, will provide a copy of the personal data subject to processing. In case of further copies requested by the data subject, the Controller will charge a fee commensurate with administrative costs. The right to obtain a copy from the data subject must not prejudice the rights and freedoms of others.

5. Data Retention Period

   The data provided will be kept for the entire duration of the ongoing relationship with the Company and, subsequently, for the time required by the applicable legal and regulatory provisions.

6. Nature of Provision

   The provision of data for the purposes listed above is mandatory. The data acquired, the subject of this information, are essential for the completion of the contractual relationship and for the subsequent execution of the contractual relationship deriving therefrom. The possible refusal to provide the requested data and/or their inaccuracy could result in: a) compliance with current civil, tax, and tax regulatory provisions, as well as with the measures issued by the competent authorities; b) guarantee of the correct regulatory, technical, and economic management of the contractual relationship; c) action or defense of a right in court or in the appropriate places provided for by the current regulatory provisions.

7. Recipients of Personal Data

   For the purposes of Article 3 of this notice, the personal data subject to processing may be made accessible to the following subjects:

   • employees and collaborators of the Controller in their capacity as authorized data processors and/or system administrators;
   • third-party companies performing outsourcing activities on behalf of the Controller, in their capacity as External Data Processors (merely exemplificative and not exhaustive: credit institutions, professional firms, suppliers, consultants, insurance companies for the provision of insurance services for the strictly necessary time for the optimal execution of such service);
   • subjects entrusted with the maintenance and development of our information system, for the strictly necessary time for the optimal execution of such service.
   With specific reference to individuals, companies, associations, or professional firms that provide assistance and consultancy services or provide services to the Company, they will be appointed, by the Data Controller, External Data Processors for the processing of personal data pursuant to Article 28 of the GDPR, by means of a deed of appointment indicating the processing methods and security measures they must adopt for the management and retention of the Controller's personal data.

8. Data Communication

   Without your express consent (pursuant to art. 6 lett. b) and c) of the Regulation), the Controller may communicate your data for the purposes of art. 1 to supervisory bodies, judicial authorities, as well as to all other subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes.

9. Data Transfer

   The management and storage of personal data will take place on servers, located within the European Union, of the Controller and/or third-party companies appointed and duly nominated as Data Processors. Currently, the servers are located in Italy. The data will not be transferred outside the European Union. It is understood, however, that the Controller, if necessary, will have the right to move the location of the servers, in Italy, within the European Union and/or in non-EU countries. In such cases, the Controller hereby ensures that the transfer of data outside the EU will take place in compliance with Articles 44 et seq. of the Regulation and the applicable legal provisions, by stipulating, if necessary, agreements ensuring an adequate level of protection.

10. Rights of the Data Subject

    We inform you that with reference to the processed data you can exercise at any time the rights referred to in Articles 15, 16, 17, 18, 20, 21, and 22 of the Regulation. In particular, you have the right to obtain confirmation of the existence or not of data and in such case access to the same and to verify its accuracy. You also have the right to request the rectification, erasure, restriction of processing, portability of your data, as well as to object to the processing in whole or in part for legitimate reasons, to revoke your consent, if provided for, and to lodge a complaint with a Supervisory Authority.

11. Exercise of Rights

    For the purpose of exercising these rights, the Data Subject may send their requests directly to the Data Controller, by:

    • sending an email to the address: This email address is being protected from spambots. You need JavaScript enabled to view it.

    • sending a registered letter with return receipt to the address: Via A. De Gasperi, 1 - 36073 - Cornedo Vicentino (VI) – ITALIA

    The Data Controller undertakes to respond to your requests no later than one month from receipt. This term may be extended depending on the complexity or number of requests, and the Company will explain the reason for the extension within one month of your request. Please note that if the Data Controller does not comply with the request, they are obliged to provide feedback to the data subject regarding the reasons for non-compliance and the possibility of lodging a complaint with a supervisory authority or judicial recourse within one month of receiving the request. The outcome of your request may be provided to you in writing or in electronic format.

12. Changes to this Notice

    This notice may undergo changes. Therefore, it is advisable to regularly check this notice and refer to the most updated version.