pursuant to EU Regulation no. 679/2016 (“GDPR”) and of Legislative Decree 196/2003 as amended by Legislative Decree 101/2018

This information (hereinafter “Information”) describes how SOPROGEST SRL (hereinafter the Data Controller) collects and processes the personal data of users who browse and / or interact (hereinafter, the “Interested”) with the BRERA6PERFUMES.IT website ( hereinafter, the Site).

The information may be subject to changes; therefore the Owner invites users to consult it regularly.

It should be noted that the information is provided only for the aforementioned Site and not for other websites that may be consulted by the user via links.


The brera6perfumes.it website uses cookies and similar technologies to allow normal navigation and use of the site. This document is intended to provide detailed information on the type of cookies used and how they are used and managed by Soprogest s.r.l.

  1. Data subject to processing

The Data Controller collects certain categories of personal data (hereinafter, the “Data”) by browsing and using the Site. In particular:

personal, identifying and non-sensitive data (in particular, name, surname, tax code, VAT number, email, telephone number) directly provided by the interested parties, with registration on the Site and / or the request to use the e-commerce service and others of individual services offered;

data directly provided by the interested parties – and in any case acquired within the limits of the provisions of art. 14, paragraph 5, GDPR – the transmission of which is connected to the use of Internet communication protocols (by way of example, access to the page, amount of data transferred, status message after accesses, session ID numbers, IP addresses , URL addresses, etc.). For more information on this type of data and their processing, please read the cookies policy.

As a rule, the Data Controller does not process Data concerning personal beliefs, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information relating to health, sexual life or sexual orientation (of hereinafter “Special Categories of Data”). If it is necessary to process the Special Categories of Data, Soprogest srl undertakes to process such data in accordance with the applicable legislation.

  1. Purpose and legal basis of data processing

The Data Controller processes the Data of the Data Subjects for one or more of the purposes indicated below.

A) Registration on the Site and / or management of purchase orders and related activities (provision of e-commerce service, sales and after-sales customer assistance, communications with the customer on the status of the order, management of payments, reports, delivery to domicile); as well as to ensure the correct fulfillment of the obligations established by law.

Legal basis: the processing is necessary: ​​(i) for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same; (ii) to fulfill a legal obligation to which the data controller is subject (articles 6, paragraph 1, letters b) and c) GDPR).

B) sending commercial communications with traditional tools (ordinary mail and telephone with operator) or automated (e-mail, telephone without operator, sms, RCS, mms, fax, social media, whatsapp, telegram) relating to products and activities of the owner

Legal basis: Consent (Article 6 letter a) GDPR): the interested party has given consent to the processing of their data.

  1. Data retention period

10 years or other legal obligation (Art. 2220 C.C.) for the purpose under 2 A

2 years unless the consent previously expressed by the interested party is revoked for the purpose under 2 B

  1. Data processing methods

Data processing is carried out by means of the operations indicated in art. 4, no. 2), GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing of the Data will be based on principles of correctness, lawfulness and transparency and can also be carried out through automated methods designed to store, manage and transmit them and will take place using suitable tools, as far as reason and state of the art is concerned, to guarantee security and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.

  1. Recipients or categories of recipients of the Data

The data provided will be communicated to recipients, who will process the data as managers (Article 28 of EU Reg. 2016/679) and / or as natural persons acting under the authority of the Owner and Manager (art. 29 of Reg. EU 2016/679), for the purposes listed above.

Specifically, the data will be communicated to: – subjects who provide services for the management of the information system and communication networks (including e-mail); – studies or companies in the context of assistance and consultancy relationships; – competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request; – in the case of administrative accounting purposes, the data may possibly be transmitted to commercial information companies for the assessment of solvency and payment habits and / or to subjects for credit recovery purposes. The subjects belonging to the aforementioned categories perform the function of data processing manager, or operate in total autonomy as separate data controllers. The complete and updated list of data processors can be requested from the Data Controller, using the contact channels referred to in art. 10 below.

  1. Data transfer to a third country

The data provided will not be transferred abroad to non-EU countries.

  1. Nature of the provision

The provision of data for the purpose A) of this information is optional. However, the refusal of the provision will not allow the Owner to provide the service. The provision of data for purpose B) sending commercial communications is optional and failing that, your data will not be processed for the pursuit of this purpose, refusal to provide it will not affect the provision of the e-commerce service.

  1. Non-existence of an automated decision-making process

The Data Controller does not adopt any automated process, including the profiling referred to in art. 22, paragraphs 1 and 4, GDPR

  1. Rights of the interested parties

The interested parties have the right to obtain from the Data Controller, in the cases provided for, access to personal data and the correction or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing (articles 15 et seq. of EU Regulation 679/2016).

They may also oppose the processing based on legitimate interest at any time.

To exercise their rights, interested parties may contact the Data Controller by email at info@brera6perfumes.it, or by sending a written communication to the Data Controller’s office as indicated in Article 10 below.

The interested parties also have the right to revoke the consent given at any time without prejudice to the lawfulness of the treatment based on consent before revocation using the above contact details.

Interested parties who believe that the processing of personal data referred to them is carried out in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the Regulation itself, or to take appropriate judicial offices (Article 79 of the Regulation).

  1. Holder of the treatment

Soprogest s.r.l., with registered office in Milan, Via Fezzan 4

The contact email of the owner is info@brera6perfumes.it

The DATA PROTECTION OFFICER (RPD / DPO – Data Protection Officer) has not been identified in the absence of the conditions set out in Articles 37 – 39 of EU Reg. 2016/679.