The Policy for the Protection of Personal Data adopted by LAPINI AREZZO SRL, consistent with the mission and corporate values and for all the components of the organization that can intervene on any information present within the same, adopts some principles in its activity to which to refer for strategies, objectives and management of the entity:

  • Commitment to protect the personal data of each individual (Confidentiality);
  • Guarantee of the intimacy of each person’s personal sphere and privacy (Confidentiality);
  • Respect for identity and personality, for the dignity of each human being (Individuality and Dignity);
  • Respect for constitutionally guaranteed fundamental freedoms (Protection).


These principles are translated in accordance with current legislation as follows:

  • Personal data are processed through the principles of lawfulness, fairness and transparency;
  • personal data are collected and processed only for specific, explicit and legitimate purposes (Purpose limitation);
  • the use of personal data is always reduced to the minimum necessary essential for the achievement of the stated purposes (Necessity, Non-surplus and Essentiality);
  • personal data are processed in an appropriate, relevant and limited way (data minimization);
  • personal data are collected and processed only if functional to the achievement of the declared purposes (Relevance);
  • personal data are processed with methods and tools proportional to the purposes to be achieved (Proportionality);
  • the collected and processed personal data are always promptly checked so that their correctness and reliability is guaranteed (Accuracy and Completeness);
  • the collected and processed personal data are always periodically updated (Update);
  • the collected personal data are always kept for a limited period of time strictly necessary to achieve the stated purposes (limitation of conservation);
  • personal data cannot be processed for purposes other than those declared during the collection phase, in violation of the regulation on the protection of personal data or without the specific authorization (Prohibition of Illicit and unauthorized processing) and it ensures the adequate security against loss, destruction or accidental damage (Integrity and confidentiality).


Personal data are always collected and processed after the adoption of appropriate security measures (Security), determining the following security principles, ensuring:

  • the continuous confidentiality, integrity, availability and resilience of its systems and services that process personal data;
  • availability and access to data processed through prompt recovery in the event of a physical or technical accident;
  • the use of specific procedures to test, verify and evaluate the effectiveness of technical and organizational measures;
  • maintaining the adequate level of security by assessing the risks presented by data processing deriving in particular from destruction, loss, modification and accidental or illegal unauthorized disclosure.


The data controller is competent for compliance with the principles set out above and able to prove it (Accountability).


Continuous improvement of the protection of personal data by:

  • the adoption of an adequate document system “Management System for the Protection of Personal Data” (procedures, operating instructions, standard document models);
  • the identification of figures with adequate requirements and powers to ensure the correct functioning of the Management System for the Protection of Personal Data;
  • the definition of an organizational model suitable for monitoring the processing of personal data relating to each process of the organization;
  • the adoption of conformity regulations opinions in the definition, integration, modification and / or revision of business processes that provide for the processing of personal data;
  • the adoption of adequate technical and organizational security measures to ensure an adequate level of risk security;
  • the adoption of the best available and economically sustainable techniques to limit damage in the event of accidents or negative events regarding the processing of personal data (Data Breach);
  • the adoption of appropriate criteria and methods for restoring data in case of damage and accidental loss.


Involvement of stakeholders and protection of personal data with actions aimed at:

  • raise awareness among employees, suppliers, customers, shareholders and citizens of the objectives and commitments undertaken regarding the protection of personal data;
  • motivate and involve the employees so that the set objectives are achieved and the sense of responsibility towards the protection of personal data and information security is developed at all levels;
  • train and inform for a lawful and correct treatment of personal data and information security;
  • promote dialogue and axchange with all stakeholders (PA, Authority, Citizens, Associations, customers, workers, etc.), taking into account their requests, regarding the processing of personal data, in accordance with the tools of participation and communication adopted by LAPINI AREZZO SRL


The above principles are reflected in a Management System for the Protection of Personal Data in line with the addresses of LAPINI AREZZO S.R.L..

Pursuant to EU Regulation 2016/679

This information concerns personal data that will be processed in compliance with current legislation on the protection of Personal Data and, in any case, with the principles of confidentiality which inspire the activity of LAPINI S.R.L. and intends to describe its management methods, in the context of the processing of personal data of customers and suppliers.
This information is provided pursuant to art. 13 of EU Regulation 2016/679 of April 27, 2016. Below, for clarity, the definitions of Personal Data and Treatment

Personal data: any information concerning an identified or identifiable natural person («interested party»); the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity is considered identifiable;

Personal Data Processing means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or otherwise making available, comparison or interconnection, limitation, cancellation or destruction.

Categories of processed Personal Data

LAPINI S.R.L. will process the following Personal Data provided by the Customer:

    1. Personal and Identification Data (including name, surname, date of birth, gender), tax code
    2. Contact details (including telephone, email, address)
    3. Bank Personal Data (including Iban code)


Purpose of the Processing

The Personal Data made available to LAPINI S.R.L., will be processed to meet specific purposes, strictly connected and instrumental, administrative and organizational, connected to the obligations established by state, regional and community laws and regulations; therefore, they can be used for the following purposes:

  1. Fulfillment of the legal and contractual obligations connected to the contract;
  2. Administrative and accounting management;
  3. Any disputes;
  4. Additional cases envisaged by current legislation.

We remind you that, with reference to the purposes highlighted in the points listed above, the provision of your personal data is mandatory. Your refusal and / or the provision of incorrect and / or incomplete information would prevent the execution of the contract and the continuation of the relationship.

Processing methods

The processing of personal data will be carried out using suitable paper, electronic and / or telematic tools, with logic strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data.
The collected material will be used exclusively for the purposes listed above (par. 2).

Recipients or categories of recipients of Personal Data (External Data Processors)

The Data Processors appointed by the Data Processing Holder in the exercise of their functions will become aware of your Personal Data.

Your Personal Data may be communicated to any subjects who provide LAPINI S.R.L. services or services instrumental to the purposes indicated in the previous par. 2. Your Personal Data may also be communicated to suppliers, banking and / or insurance institutions or other subjects and / or entities that provide (on behalf of LAPINI S.R.L.) the following aspects:

  • Institutional activities
  • External Collaboration
  • Maintenance and development of the network and IT infrastructure
  • Consultancy
  • Elaborations and fulfilments: administrative, accounting and fiscal
  • Legal

If there is a need to communicate the data to other subjects or for a use other than those mentioned above, an explicit and specific authorization will be required.

The complete list of the External Processors of Personal Data is available on request (see contact details, par. 7).

In any case, your personal data will not be disclosed.

Duration of Processing and criteria used for the storage of Personal Data

  • Duration: for the purposes referred to in paragraph 2 “Purpose of the Processing” of this statement, your Personal Data will be processed for the time necessary to perform the obligations set out in the contract.
  • Storage: The data processed for the fulfillment of legal obligations will be kept for 10 years and in any case within the limits established by law.


Rights of the interested party

Pursuant to art. 15-22 and 77 of EU Regulation 2016/679 the interested party has the right to:

  • Get access to all personal data held by LAPINI S.R.L.
  • Get access to all the information contained in this document
  • Obtain the right to rectification, integration, cancellation of personal data (right to be forgotten) or limitation of the processing of personal data
  • Obtain the right to data portability
  • Right of opposition
  • Right to lodge a complaint with a supervisory authority

For the exercise of these rights, described above, please contact the figures in charge through the contacts listed in par. 7; a suitable reply will be provided for this request according to the timescales set by the GDPR.

Responsible for the data processing, Data Protection Officer and Officers

  • Responsible for the data processing of your data is LAPINI S.R.L.
  • Any request relating to personal data processed by LAPINI S.R.L. can be sent to the premises in Corso Italia, n. 70 – 52100 Arezzo (AR) or by writing to the email address:


This information will be subject to updates.