© 2025 Brightwood srl | privacy policy | cookie policy

made with by AC Consulting

Privacy policy

This privacy policy describes how Mr. Leonardo Gianfrate, as owner of Brightwood srl, processes the personal data of users in relation to the use of the site https://www.brightwood.it/. Mr. Leonardo Gianfrate operates in compliance with the provisions of current national (D.L.gs. 196/2003, Personal Data Protection Code) and European Union (EU Regulation no. 2016/679, GDPR) legislation.

1. Data Controller
The Data Controller is Mr. Leonardo Gianfrate, in his capacity as the owner of Brightwood srl Registered and operational office in Via IV Novembre, 455 - 21042 Caronno Pertusella (VA), P.IVA 03945370124. For any information, please contact Mr. Leonardo Gianfrate at the following e-mail address: info@brightwood.it.

2. Legal basis and purpose of processing
The data that may be provided, also through the contact form, are necessary for the performance of the contractual relationship with Mr. Leonardo Gianfrate and for the execution of pre-contractual measures, to fulfil contractual and legal obligations. Their conferment is a necessary requirement for the conclusion of the contract and the provision of the services requested; without it, Mr. Leonardo Gianfrate would be unable to establish the relationship or execute it or provide the services requested. The legal basis for the processing is, therefore, the fulfilment of contractual, pre-contractual, administrative and/or fiscal and/or legal obligations, consent and/or the protection of rights in a court of law.

3. Categories of data processed
Mr. Leonardo Gianfrate processes personal data supplied and/or collected directly from the data subject, or from third parties, including but not limited to personal data (e.g. first name, last name, address, tax code, VAT number), contact details or other data entered by the data subject in the contact form and necessary for the performance of the services offered.

4. Processing methods and storage period
Processing will be carried out in automated and/or manual form, in compliance with the provisions of Article 32 of GDPR 2016/679 on security measures, by specially appointed persons and in compliance with the provisions of Article 29 GDPR 2016/ 679.

5. Period of data retention
Personal data will be retained for the entire duration of the contractual relationship, for the performance of the fulfilments inherent and consequent thereto and, thereafter, for the fulfilment of legal obligations and for the maximum time permitted by Italian law to protect your rights and/or interests, pursuant to Art. 5 GDPR 2016/679, subject to your free and explicit consent expressed at the foot of this notice.

6. Scope of communication and dissemination
Your data may be disclosed to the natural and legal persons appointed as Data Processors and to the natural and legal persons authorised to process the data necessary to perform the tasks assigned to them, such as, by way of example but not limited to, other persons to whom stages of the activities are entrusted, external collaborators, employees, trainees, as well as consultants, accountants or lawyers. We also inform you that the data collected will never be disseminated and will not be communicated without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants or other parties for the fulfilment of contractual or legal obligations.

7. Transfer of personal data
Your data will not be transferred either to member states of the European Union or to third countries outside the European Union.

8. Rights of the data subject
At any time, You may exercise, pursuant to Articles 15 to 22 of EU Regulation No. 2016/679, the right to:

  1. request confirmation of the existence or non-existence of their personal data;
  2. richiedere la conferma dell'esistenza o meno dei propri dati personali;
  3. obtain rectification and deletion of data;
  4. obtain restriction of processing;
  5. obtain portability of data, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
  6. object to processing at any time and also to processing for direct marketing purposes;
  7. oppose automated decision-making concerning natural persons, including profiling;
  8. withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal.

You may exercise your rights by sending a written request to Mr. Leonardo Gianfrate, to the postal address of the registered office or to the e-mail address info@brightwood.it. If you perceive a breach of law in the processing of your personal data, you may lodge a complaint with the competent supervisory authority. Pursuant to Article 77 of EU Regulation 679/2016, the Garante per la protezione dei dati personali (www.garanteprivacy.it) is competent to hear the complaint. However, this is without prejudice to the possibility of appealing before the competent judicial authority. Furthermore, you may request to know the identification details of the administrators of the systems and management applications in which your data are stored.

9. Exceptions to the exercise of rights
The data protection legislation recognises specific exceptions to the rights granted to the data subject. Therefore, Mr Leonardo Gianfrate may continue to process the personal data of the data subject upon the occurrence of one or more of the following applicable conditions ex art. 17 GDPR):

  1. for the exercise of the right to freedom of expression and information;
  2. for the performance of a legal obligation that requires the processing as provided for by the law of the Union or of the Member State where the controller is established; or for the performance of a task carried out in the public interest; or in the exercise of official authority vested in the controller;
  3. for reasons of public interest;
  4. for archiving purposes in the public interest;
  5. for the establishment, exercise or defence of a legal claim.

Navigation data
The computer systems and procedures used to operate this website automatically acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. In particular, this involves IP addresses or domain names of the computers used by users who connect to the website, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system, device and IT environment. This data is used in aggregate form for the sole purpose of obtaining anonymous statistical information on the use and functionality of the site. They are therefore not collected to be associated with identified interested parties or for profiling, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. They could be used to ascertain responsibility in case of hypothetical computer crimes against the site and/or users, as well as to prevent such activities from being carried out. The purposes of the processing are therefore the verification of the correct operation of the site, security and any communications to third parties who perform functions necessary for the operation of the site. The storage period will be that which is strictly necessary for the performance of the activities specified above.