Note on the processing of website users' personal data

Seller: Pollini Lorenzo E Figli S.R.L

Registered office: Via Gavardina N. 30 – 25081 Bedizzole (Bs)

VAT number: 00696460989

Registration to the Brescia Reg. of Companies No.: 00696460989

Contents

• Why this notice
• Data Controller
• Personal data collected
• Nature of provision
• Purpose of processing and legal basis
• Data recipients
• Security measures
• Data transfer
• Retention periods
• Further information
• Rights of data subjects

This policy applies to users of the Pollini Lorenzo e Figli S.r.l. website, accessible at www.autodemolizionipollini.it, and applies exclusively to the online activities of this website and not to other websites that may be consulted by the user via external links.

Why this notice

Pollini Lorenzo e Figli S.r.l (hereinafter also referred to as the “Company” or “Data Controller”) is committed to respecting and protecting your personal data and wants you to feel secure when browsing the website or using its services.

In compliance with European Regulation 2016/679 (GDPR), the Data Controller provides you with information on how your personal data will be processed, assuring you that it will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.

Data Controller

The Data Controller is Pollini Lorenzo e Figli S.r.l, with registered office in Via Gavardina, 30 – 25081 Bedizzole (BS), VAT number: 00696460989 - Tax code: 02852030176; Contact details: switchboard 0306872037, email info@pollinisrl.it

Personal data collected

The data controller collects and processes common personal data provided by the data subject, including through the IT systems and software procedures used to operate the website, as their transmission is implicit in the use of the internet. Identification and contact data including name, surname, address, telephone number, email address, tax code, vehicle registration number. Tax and financial data: full company name and bank or postal account number. Data relating to the account and its use, including passwords that you choose independently. Technical and navigation data: IP address, URL visited and origin, access data, information on the type of device, browser, and operating system used, and information collected during your navigation on the site, i.e., the services searched for or viewed, the duration of visits, page response times, functional errors, and your behavior on the page, i.e., whether you scrolled or selected something. some information is derived from cookies that you installed on your device when you arrived on our site. For more information, please see our cookie policy. If you fill out the form in the “Work with us” section, we will also process other data, for which you will find specific information on the page.

When filling out our data collection forms, if you provide information about other people, you must ensure that they approve and are aware of how the data controller will process their data.

Nature of provision

The provision of your personal data is optional, but when you access our website, the provision of your browsing data is a direct consequence of that access. The provision of your data is necessary for the conclusion of the sales contract; if you do not provide your personal data, we will not be able to offer you our services.

Purpose of processing and legal basis

The data controller will process personal data for the sole and exclusive purposes indicated below:
with the legal basis of contract execution and pre-contractual measures (Art. 6, paragraph 1, letter b) of the GDPR)

• responding to your requests for information
• creating an account for purchases and ensuring its security to allow you to check out more quickly, monitor your orders and shipping status, and change your details and login password
• Provide the service of selling our products, even without the use of an account;
• Properly manage your order, including shipments, pickups, and communications, such as order confirmation
  with the legal basis of a legal obligation (Art. 6, para. 1, letter c)
• Comply with legal obligations to which it is subject, such as issuing tax documents, managing payments, accounting, and storage
  with the legal basis of the legitimate interest of the data controller (Art. 6, para. 1, letter f)
• Ensuring the usability, security, and improvement of the website, in the legitimate interest of the data controller that the website is functional, secure, and can be improved over time
• Monitoring the quality of the services provided, in the legitimate interest of the data controller to verify that the level of services corresponds to the pre-established level and improve it over time
• Send you commercial communications by email about products related to your purchases within thirty days of the conclusion of the contract, in the legitimate interest of the data controller to promote its products
• Manage a dispute, in the legitimate interest of the data controller to ascertain, assert, or defend a right

On the legal basis of consent, the data controller will activate the non-essential cookies you have authorized, the purposes of which are better specified in our cookie policy. We inform you that any consent given for cookies can be revoked at any time, using the cookie management center, without precluding the lawfulness of the processing carried out up to that point..

Security Measures

The data controller will communicate your data not only to authorized parties but also to the following categories of subjects acting as data processors who are suitably bound and instructed or as independent data controllers: subjects offering services strictly related to the execution of the contract, such as couriers and group companies, IT service providers necessary for the proper functioning and improvement of the site, site developers and maintainers, hosting providers, cookie providers, security, tax, quality and/or legal consultants, public authorities where there is an obligation or necessity. Further information may be requested from the data controller.

Misure di Sicurezza

The technical and organizational security measures used in the processing of personal data are strictly related to the purposes and are designed to ensure the security of the processing in order to prevent unauthorized modification or destruction of personal data, unauthorized access, and disclosure.

Data Transfer

The data controller will not process your personal data outside the European Union. Data acquired through the website is stored in secure digital archives located within the European Union. If a transfer outside the EU to the US is envisaged (e.g. through the use of Google Analytics services https://policies.google.com/privacy?hl=it ), the recipient's adherence to the Data Privacy Framework aimed at protecting your rights has been verified. In other cases, the guarantees required under Chapter V of the GDPR are verified.

Retention Periods

The personal data processed will be retained for the periods indicated below:

• for responses to your requests, one year from the final response
• for the execution and management of a sales contract, ten years from the conclusion of the contract
• your account data will be retained until you request its deletion or for two years from its last use
• for quality control and improvement of services, to ensure the usability, security, and improvement of the site, one year from collection
• for any disputes, ten years from the closure of the dispute
• to send you commercial information -soft spam-, 30 days from the conclusion of the contract
• unless otherwise indicated, browsing data will be stored for 12 months
• to comply with legal obligations: the criterion of compliance with the time necessary to demonstrate compliance or time limits defined directly by the legislation is followed. (For example, for tax and administrative obligations, the time limits are set at 10 years by law. To respond to your rights, the data will be stored for two years from the date of sending the final response to demonstrate compliance with the law. If we receive a request from a public authority, the data will be stored for the time defined by that authority. Etc.)
• With regard to cookie data, you can find information in our cookie policy

Only in the event of requests from public authorities or the occurrence of crimes or fraud may the retention periods be extended. At the end of the retention period, your data will be deleted and will no longer be available. Further information can be requested from the data controller.

Further information

Social bottons

The website features special “buttons” (called “social buttons/widgets”) that display social network icons (e.g., Facebook, LinkedIn, YouTube, etc.). These allow users browsing the Data Controller's website to access the relevant social networks with a single click, which then acquire data relating to the user. These services release “third-party cookies.” Below are links to the privacy policies of the social networks to which the buttons refer:

Facebook	www.facebook.com/help/cookies
LinkedIn	www.linkedin.com/legal/cookie-policy
Instagram	help.instagram.com/1896641480634370?ref=ig
YouTube	policies.google.com/technologies/cookies?hl=it
TikTok	https://www.tiktok.com/legal/page/eea/privacy-policy/it

Rights of data subjects

With regard to your personal data, you may exercise the rights provided for in Articles 15-22 of EU Regulation 2016/679 at any time: the right to access your personal data to verify whether or not the data controller is processing data concerning you, the right to rectify personal data deemed inaccurate, the right to erase personal data concerning you and the right to restrict processing, the right to be notified of the above requests, the right to object to processing, the right to data portability, the right not to be subject to decisions based solely on automated processing, including profiling.

You may send your request to exercise your rights to the Data Controller at the following addresses: Email address privacy@pollinisrl.it, or to the postal address indicated in the opening paragraph in the Data Controller's contact section. The Data Controller will respond to your request within one month of receiving it. This period may be extended by a further two months in cases of particular complexity and depending on the number of requests.

You have the right to be notified of a breach of your personal data by the Data Controller in the cases provided for by law or where such breach has a serious impact on your rights and freedoms.

You have the right to lodge a complaint with the Supervisory Authority (Personal Data Protection Authority – GPDP) Piazza Venezia, 11 – 00187 Rome (RM), in accordance with the procedures indicated on the website of the Supervisory Authority (https://www.garanteprivacy.it/i-miei-diritti).

This policy was updated on November 12, 2025