Privacy Policy

User section


The undersigned company F.lli Menabò S.R.L. (VAT no. 00176860351), owner of the website (hereafter “Website”), in its capacity as controller of the personal data of the Website’s users (hereafter “Users”) hereby provides its privacy policy in accordance with article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereafter “Regulation”, or “Applicable Rules”).


This Website and any services offered through the Website are reserved for persons aged eighteen and over.  Accordingly, the Controller does not gather any personal data regarding individuals under the age of 18. By request of the Users, the Controller shall promptly cancel all personal data regarding minors under the age of 18 which have unwittingly been gathered.


The Controller attaches the utmost importance to the privacy and protection of its Users’ personal data. For any information regarding this privacy policy, Users can contact the Controller at any time using the following methods:


  • By sending a recorded delivery letter with return receipt to the head offices of the Controller: F.lli Menabò, Via 8 Marzo, no. 3, Cavriago (Reggio Emilia, Italy);
  • By sending an e-mail to the following addresses: PEC (certified e-mail);



  1. Category of data processed:

The types of data involved in this processing are as follows:

  1. a) all personal data whose transmission is involved in using Internet communication protocols which computer systems and software procedures used to run the Website acquire in the course of ordinary operations: IP addresses or domain names of computers operated by Users, addresses identified with a URI (Uniform Resource Identifier) for requested resources, the time of the request, method used to submit the request to the server, size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system and computing environment of the User;
  2. b) personal identification data (e.g. name, surname, e-mail, country signalled at time of accessing the website, IP address, log file, etc.);


  1. Purposes of processing

The personal data of Users will be processed by the Controller in a lawful manner, in accordance with Article 6 of the Regulation for the following processing requirements:


  1. Provision of the service, to allow the User to navigate on the Website. The User's data gathered by the Controller for this purpose include all data used solely for the purposes of obtaining anonymous statistics on how the Website is used, and to allow it to function properly. Notwithstanding any other provisions outlined in this privacy policy, under no circumstances shall the Controller render its User’s personal data accessible to other Users and/or third parties.
  2. Fulfilling the User’s request: the Users’ personal data are gathered and processed by the Controller solely for the purpose of fulfilling their requests. User data gathered by the Controller for these ends include: name, surname, e-mail, telephone number, IP address and any other data of the User which may have voluntarily been supplied in the sections “Reserved area” “Registration” (for B2B and for general access to the area), “Product Registration”, “Returns and Exchanges”, “Dispatch and Delivery”. The Controller will not carry out any other processing in respect of the Users’ personal data. Notwithstanding any other provisions outlined in this privacy policy, under no circumstances shall the Controller render its User’s personal data accessible to other Users and/or third parties.
  3. Administrative-accounting purposes, to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisation tasks and activities required to fulfil contractual and pre-contractual obligations.
  4. Legal obligations, to fulfil requirements legally stipulated by an authority, a regulation or by rules, and to ascertain responsibility in the event of hypothetical cyber-crimes affecting the Website.
  5. Fulfilment of a contract, if the processing is required to fulfil a contract with the User and/or to fulfil pre-contractual measures (such as accessing the Reserved Area of this Website).

It is always possible to ask the Controller to clarify the legal basis underpinning each processing task, and in particular to verify whether the processing is based on legal requirements, stipulated by a contract or necessary to conclude a contract.

Providing personal data for the above processing purposes is optional but necessary, as failure to confer said data shall render it impossible for the User to submit his or her request to the Controller.


The personal data which are needed to pursue the processing purposes described under point 2) are indicated with an asterisk in the request form.


  1. Processing methods and data retention times

The Controller handles the personal data of its Users with both manual and computerised instruments, adopting approaches strictly linked to the purposes themselves, and ensuring that it guarantees the security and confidentiality of the data concerned.


The personal data of the Website’s Users will be retained for the amount of time strictly necessary to fulfil the primary purposes outlined under previous point 2) or in any case as long as needed to protect the interests of both Users and the Controller in accordance with civil law requirements.


  1. Sphere of communication and distribution of data

Persons appointed to manage the Website and User requests may become aware of the personal data of Users.  Such persons, who have been trained accordingly by the Controller in compliance with Article 29 of the Regulation, will process the User’s data solely for the purposes indicated in this policy, and in accordance with the provisions of the Applicable Rules.

Third parties that may process personal data on behalf of the Controller in their capacity as “External Processors” may also become aware of the personal data of the Users. Said Processors can include, by way of example, IT and logistical service providers needed to run the Website, outsourcing or cloud computing service providers, professionals and consultants.

Users are entitled to obtain a list of any Data Processors appointed by the Controller by submitting a request to the Controller as indicated in point 6) below.


  1. Transfer of data

Data gathered for the above purposes are not transferred to non-EU countries.   The Controller shall, however, reserve the right to use cloud-based services; in such cases, service suppliers will be picked from those offering suitable guarantees, as stipulated under article 46 of EU Regulation 2016/679.


  1. Rights of Data Subjects

Users may exercise the rights guaranteed by the Applicable Regulations by contacting the Controller as follows:


  • By sending a recorded delivery letter with return receipt to the head offices of the Controller: F.lli Menabò, Via 8 Marzo, no. 3, Cavriago (Reggio Emilia, Italy);
  • By sending an e-mail to the following addresses: PEC (certified e-mail);



Users are entitled to:

  • Access the personal data to learn more about the purposes of the processing (“reactive transparency”), the categories of personal data gathered, the recipients of any data communicated, particularly if the recipients are in third-party countries or international organisations, and the period for which data is stored (art. 15);
  • obtain rectification (art. 16);
  • the right to erase personal data if they are no longer needed for the purposes for which they were gathered, and if there is no further legal requirement to preserve them (art. 17 GDPR);
  • request restriction of processing (art. 18);
  • request data portability (art. 20);
  • the right to oppose processing for reasons related to particular circumstances concerning you (art. 21 GDPR). In such cases, we will refrain from processing your data further unless it is proven that there are compelling and legitimate reasons for proceeding with the processing (e.g. to defend its rights in legal proceedings).
  • not to be subjected to an automated decision-making process, including profiling (art. 22).

Lastly, the individual concerned shall be entitled to submit a complaint to the Data Protection Authority in accordance with article 13 par. 2 lett. d) of the above regulations, and in accordance with article 77 of the regulation.

The Italian supervisory Authority is the Data Protection Authority, based in Piazza Venezia 11, 00186 – Rome (


For any points not covered in this policy, please refer to EU Regulation 2016/679, Legislative Decree 196/03 as amended by legislative Decree 101/2018 as amended, and any other provisions issued by the Italian Data Protection Authority.


The Controller is not held responsible for updating all the links contained in this Cookie Policy. As a result, if a link is not working and/or up-to-date, the Users shall acknowledge and accept that they must always refer to the document and/or section of the websites referenced in said link.  If the User does not accept the changes made to this privacy policy, he or she must cease using  and can ask the Data Controller to remove his or her Personal Data. Except where specified otherwise, this privacy policy shall continue to apply to any Personal Data gathered up until that moment.