This site uses cookies to improve navigation and collect statistics. To learn more about our cookie policy, see this complete information.
By continuing to browse or by clicking X, you consent to the use of cookies.

EN IT
big-cover-privacy-policy-xl

Privacy policy statement customers suppliers

pursuant to Regulation (EU) 2016/679

The writer Company LUTECH S.p.A. informs you that, to manage the ongoing contractual relationship, it is the Controller of your data classified as personal data in accordance with Regulation EU 2016/679, hereafter GDPR; therefore, we provide below to the Data Subjects the information required by law concerning the processing of your personal data.

Data Controller and Data Protection Officer (DPO)

The data controller is LUTECH S.p.A. Via Dante, 14 - 20121 Milan (MI) – VAT no. 02824320176, in the person of its acting legal representative who is domiciled at the office of the Company.

Lutech S.p.A. has appointed a Data Protection Officer, who can be contacted at the following email address:  DPO@lutech-group.com.

Legal Basis and Purposes of the Processing

The legal basis for the processing of your personal data is the performance of the contract and the compliance with legal obligations, to which the Controller is subject and of which you - in the capacity of Data Subject - are a party.

As established by Art. 6, par. 1, point b), c) of the GDPR the provision of personal data is mandatory for the purposes indicated below. Any refusal to provide them, in whole or in part, may give rise to the impossibility for Lutech S.p.A. to perform the contract or to fulfil correctly all related obligations, such as those of tax, administrative and technical nature. The Data Subject is informed that, in respect of the illustrated processing purposes, your data will be processed by Lutech S.p.A. and by companies forming part of the Lutech Group.

Purposes Personal Data Categories of Recipients
Execution of measures preliminary to the signature of contracts of sale or supply of services Common data including personal details, residential address, telephone numbers and email
  • Employees of Lutech S.p.A. who, due to the role or function exercised, process your data to carry out their duties
  • Employees of the Lutech Group companies who, due to the role or function exercised, process your data to carry out their duties
  • Third party suppliers
  • Contractual obligations towards the Data Subject Common data including personal details, residential address, telephone numbers and email
  • Employees of Lutech S.p.A. who, due to the role or function exercised, process your data to carry out their duties;
  • Employees of the Lutech Group companies who, due to the role or function exercised, process your data to carry out their duties;
  • Consultants instructed to provide advice, assistance or services to our structure;
  • Third party suppliers
  • Obligation provided by laws or regulations in force Common Dataincluding personal details, residential address, telephone numbers and email.
  • Public Administrations and Authorities, where required by law, members of the Control Bodies;
  • Legal representatives, administrators, guardians, etc.
  • Operational, managerial, accounting, project or consultancy requirements Common Data including personal details, residential address, telephone numbers and email
  • Employees of Lutech S.p.A. who, due to the role or function exercised, process your data to carry out their duties;
  • Employees of the Lutech Group companies who, due to the role or function exercised, process your data to carry out their duties;
  • Consultants instructed to provide advice, assistance or services to our structure;
  • Third part suppliers
  • To start improvement processes of the quality of services provided, by sending anonymous questionnaires to a client representative Common Data including personal details (including the family unit), residential address, telephone numbers and email.
  • Survey and opinion polling companies operating for the B2B market

  • Transfer of Personal Data

    All data collected will be processed in Italy exclusively for the specified purposes and, only if necessary, they will be transferred to Third Countries subject to verifying the adequate safeguarding of the rights of the Data Subject.

    Security Measures

    The Controller, in line with the provisions of recital no. 49 of the GDPR, processes, even by way of its suppliers (third parties and/or recipients) and/or companies of the Lutech Group, your personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of security, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data.

    The Controller will promptly inform the Data Subject if there is a risk of violation of his or her personal data, subject to the obligations deriving from the provisions of Art. 33 of the GDPR in relation to notifications of personal data breaches.

    Rights of the Data Subject

    The GDPR, as well as guaranteeing the right to lodge a complaint with the Supervisory Authority, which, for Italy, is the Autorità Garante per la protezione dei dati personali, grants to you the following rights:

    • Right of access (art. 15): The Data Subject may obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed and may obtain further information, including the purposes of the processing, the categories of personal data and the recipients.
    • Right to rectification (art. 16): The Data Subject may obtain from the Controller the rectification of inaccurate personal data.
    • Right to erasure (art. 17): The Data Subject may request the erasure of personal data concerning him or her where one of the grounds provided by that article applies, including: withdrawal of consent, unlawful processing and exercise of the right of defence.
    • Right to restriction (art. 18): The Data Subject may obtain the restriction, configurable as a total or partial suspension of the data processing or even in some cases an immobilisation of the same. This may be requested only in exceptional cases expressly determined by the rule, including the period enabling the controller to verify the accuracy of the personal data, unlawful processing, exercise of a right during judicial proceedings.
    • Right to data portability (art. 20): The Data Subject has the right to ask that the data concerning him or her are transmitted, in the exercise of his or her rights, in an easily comprehensible format.
    • Right to object (art. 21): The Data Subject may, on grounds related to his or her particular situation, object to the processing concerning him or her pursuant to Art. 6 paragraph 1, points e) and f).
    • Right not to be subjected to automated processes (art. 22): The Data Subject may object to being subject to a decision based solely on automated processing which produces legal effects concerning him or her or similarly significantly affects him or her.


    If you have any doubts or require clarifications and also to exercise your rights, please contact Lutech S.p.A. by writing to the following address: https://lutech.group/en/privacy-rights

    We inform you that if you decide to exercise one or more of the above rights, your personal data will be communicated by the Controller to the processing recipients for the connected fulfilments (art. 19 of the GDPR).

    Personal data storage time

    Your personal data will be stored for the time strictly necessary to execute the legitimate purposes for which they were collected, or even after the end of the collaboration relationship to fulfil any legal and tax requirements connected to or deriving from the conclusion of the contract itself.

    Download the statement