Select Page

Privacy Policy

Information provided, pursuant to art. 13 et seq. of EU Regulation 679/2016, hereinafter called "GDPR" and articles. 13 and 122 of the Code on the protection of personal data (D.Lgs. 196/03) to users who link to the site, hereinafter called "site".

Purpose of Processing

Personal data provided through the site, or otherwise acquired in compliance with the laws and contractual provisions in force, shall be processed in compliance with the aforementioned legislation and the obligations of confidentiality exclusively for the following purposes:

  • purposes related to registration and authentication on the site as a registered user;
  • purposes related and/or instrumental to the performance of the requested activity
  • sending the periodic newsletter with any commercial information of interest to the registered user;
  • sending of personal communications in response and/or related to requests made through the contact forms of the site (request for clarification, reporting errors, suggestions, etc.)
  • publication of professional cards, subject to further authorization of the user, for the collaborators of the drafting of the site;
  • management of articles sent by users and collaborators, as referred to in the respective information. informativa.

The processing of information concerning the user is based on the principles of correctness, lawfulness, transparency and protection of confidentiality. Therefore, any use other than and/or conflicting with the user’s interests is excluded.

Information subject to processing

Regarding the data processed, a distinction must be made based on the activities that the user performs on the site.


1) Navigation

Applies to the user (registered or not) who navigates the site to consult texts or use online applications.

The information entered in the masks of the online applications of the site are not stored permanently on the server but remain available to the user only for the duration of the working session.

We also do not keep on the server all the information relating to the accounting documents (invoices, notes, estimates, etc.) that the user fills out through this site, such as the subject, the number and the date of the document.

As for the textual contents, we record in aggregate the number of readings of each article.


2) Interaction via contact forms

Applies to requests for online advice, domiciliation, reporting pages, sending suggestions etc.

In addition to the data expressly entered by the user in the form (name, email, telephone if required, etc.), we register the following information in our databases:

  • consent to the processing of data based on this information.
  • the IP address from which the requests come (this information is classified by the GDPR as "personal data").
  • the type of browser used and whether it is a mobile device.
  • the anonymous user identifier created by an internal proprietary algorithm. The identifier is constructed in a way that cannot be traced back to the user’s IP address.
  • in some cases even the page of the site visited immediately before submitting the request.
  • the date and time of the operation.

With regard to requests for legal advice made through the site, additional documents may be requested to be sent by email or PEC for which the GDPR regulations apply and in any case professional ethics in the field of confidentiality.


3) Registration on site

It applies in the phases in which the user wants to register to the site to open their own personal account and use their reserved area.

The passwords for registered users to access the site are stored so that they can never be traced back to their original content.

In addition to the data requested at the time of registration (username, email and password), we store in special archives the information that the user, after registration, enters in their private area.

Registered users who become collaborators of the site, by sending free articles for publication, as indicated in the specific information, can publish their professional card through a special option available in the reserved area.


4) Subscription to the newsletter

Applies to users who do not intend to register for the site but wish to subscribe to the newsletter.

In this case, we only record in our archives the email address entered by the user at the time of registration, in addition to what is described in point 2).

The cancellation of the newsletter and its archives can be made directly by the user through a special link inserted at the bottom of each newsletter. Registered users can also unsubscribe from the newsletter from the reserved area.


5) Sending articles to the editorial staff

Applies to users who propose to the editorial staff of the site their articles for publication.

The same considerations apply as for point 1).

In addition, if the user is registered as a contributor, he can make public his professional card that will be automatically linked in all published articles.


6) Code for webmasters

Applies to those who intend to use the webmaster code that allows you to share on third-party sites the application masks under the conditions set out in the policy.

For statistical purposes we record in aggregate the use of the code for webmasters, storing in our archives the following information that does not concern users who visit the site that makes use of this code but only the use of the code itself: domain name, shared application, number of views, date of last display.

In accordance with the GDPR, the sending of data for the purposes referred to in points 2), 3), 4) and 5) requires explicit acceptance by affixing a "tick" on a specific field that is located in the various masks from which this information can be directly consulted.

In the absence of such acceptance it is not possible to execute the requested online transaction.

The site does not currently perform any tracking of the user’s location.

Method of processing and storage

The data will be processed using instruments that guarantee security and confidentiality and may also be carried out using automated tools to store, manage and transmit the data.

The information is stored using IT tools protected by security systems (e.g. firewalls, hacker attack monitoring tools, tools for the automatic detection of malware and possible vulnerabilities, etc.). The site is developed with a proprietary CMS with tools and techniques that implement best-practices in software security and robustness.

The contents of the web pages as well as all data entered on the site sent to the server are encrypted using the SSL protocol (secure browsing); the use of the secure browsing protocol is identifiable by the presence of Internet addresses starting with https:// and by the wording 'Secure' that most modern browsers place in the address bar at the Internet address visited.

However, should all the security systems put in place not be sufficient to prevent the theft of information, as provided for in Article 33 of the GDPR, the data controller undertakes to report and promptly notify the national Data Protection Authority of any theft of information relating to users' personal data.

The data of registered users are stored without any predetermined expiry date and the user may request their deletion (right to be forgotten) in accordance with Article 17 of the GDPR at any time by following the procedure set out in the reserved area, which is adequately documented.

In order to provide the pages to the user, we use the Apache web-server which, like all web servers, records user requests to the site resources (web pages, images and other files necessary for operation) in special protected log files that are not accessible from the outside. The purpose of these log files is to identify any users who carry out malicious actions to the detriment of the site (hacker attacks) and at the same time to counter any abuse of the site's resources to protect other users. These files are kept on the server for a maximum of 10 days and in some cases, if necessary, we can make copies in other archives, protected and inaccessible from the outside, for a longer storage period, not exceeding 3 months in any case.

Nature of provision, refusal and withdrawal of consent

The provision of personal data is not a legal obligation.

However, the absence of the same, refusal or withdrawal of consent to their processing in the manner specified below, will make it impossible to entertain any professional consultancy relationship with the user or to perfect the use of the online services of the site listed below:

  • the request for professional advice and collaboration
  • the registration to the site.
  • the user's request for assistance, both regarding the reserved area and the use of the applications.
  • sending communications and messages to the editorial staff or webmaster via the site.
  • receiving the newsletter.
  • access to confidential documents (e.g. case law attached to articles).
  • publication of the professional file for editorial staff members.

Communication / dissemination

The data shall not be communicated to other parties, nor shall they be disclosed or transferred to third parties for any reason whatsoever, either in Italy or abroad, with the exception of personal data that, for tax reasons, it will be necessary to communicate to the Association's accountant (limited to the invoicing of online legal consultations), who has provided assurances regarding compliance with the Privacy Regulations and absolute confidentiality.

The data controller reserves the right to analyse the data acquired in aggregate form for the purpose of carrying out internal statistics on the use of certain services (e.g. newsletter readings and the use of particular applications), as a complement to what is already done with third-party tools for detecting site traffic (Google Analytics).

Data controller

The data controller is: EB Marmi & Graniti | P.IVA 08127920968 - Via Milano, 18 - 23875 Osnago (Lc) -


User Rights

In relation to the processing of personal data and pursuant to art. 13 of the GDPR and art. 7 of Legislative Decree 196/2003, the user has the right to:

  • Access to data(art. 15 GDPR) The user has the right to obtain confirmation of the existence or otherwise of personal data concerning him/her and its communication in intelligible form. The request can be made directly by email to the data controller (see email addresses ).
  • Rectification and deletion (Art. 16 and 17 GDPR) The user has the right to request rectification, erasure, or restriction of the processing of personal data. Registered users can modify their personal and professional data directly from their reserved area using special management masks. For deletion, again in the reserved area, a checkbox is available on the personal data page.



  • The account deletion request is automatically forwarded to the site's technical staff and is irrevocable, i.e. once confirmed, it can no longer be cancelled.
  • The user will receive confirmation after a few days that the data concerning him/her has been deleted.
  • Once the request has been made, the user can no longer access the reserved area.
  • The user name cannot be re-used for a new registration.
  • Limitazione al trattamento(art. 18 GDPR)
    L’utente ha il diritto di opporsi, in tutto o in parte, per motivi legittimi, al trattamento dei dati personali che Lo riguardano, ancorché pertinenti allo scopo della raccolta.
    Nella fattispecie:


    • Invio newsletter:
      Gli utenti registrati possono revocare in qualsiasi momento l’utilizzo dell’indirizzo email per l’invio della newsletter accedendo all’area riservata; gli utenti non registrati iscritti alla newsletter possono esercitare tale opzione cliccando sull’apposito link presente in fondo alla newsletter.
    • Pubblicazione scheda professionale:
      Gli utenti registrati che collaborano con la redazione possono bloccare la pubblicazione della loro scheda professionale direttamente dall’area riservata.
      La revoca della pubblicazione, così come la cancellazione dell’account utente ai sensi dell’art. 17 GDPR, comportano automaticamente l’oscuramento delle schede da tutti gli articoli del sito.
      Si precisa tuttavia che, poiché le schede professionali pubblicate dietro consenso dell’utente possono essere state indicizzatedai motori di ricerca e/o pubblicate da terzi su altri siti senza alcun intervento da parte nostra, l’utente dovrà esercitare il “diritto all’oblio” nei confronti di tutte le fonti presso le quali sono presenti i propri dati personali.
  • Data portability (Art. 20 GDPR) Registered users have the right to receive personal data concerning them in a structured, machine-readable format. The request must be addressed to the data controller; personal data will be provided in xml format.
  • Communication The user has the right to obtain the identification details, as well as those of the data controller, of any collaborators to whom the data may be communicated or who may become aware of it; the site collaborators who are responsible for providing assistance to the user shall restrict access to personal data exclusively for the purposes requested by the user (requesting clarification, helpdesk, troubleshooting, etc.).
  • Complaint The user has the right to lodge a complaint with the national supervisory authority (Garante) in the event that he or she perceives a use of the data that differs from the provisions of the aforementioned legislation;

Communications to the site can be forwarded via the contact menu or by sending an email to the data controller.