The present notice is compliant with the latest law decree dated June 30th, n° 196 (the privacy code) and the art. 13 of the GDPR 679/2016.
It is applicable to all subjects ( onwards respectively referred to as “the Users”) that decide, independently from the potential purchase of products, to access, browse and make use of the services offered on the website ( onwards respectively referred to as the “Website” ) which is property of Boncina189 srl. The present Privacy Policy solely regulates the browsing of the Website; this does not include other websites which links may be found in the Website even in case those other websites are property of the Owner or companies controlled, controlling or connected to the Owner ( in reference to Civil Code art. 2359); in this case the Privacy Policy of the respective websites will apply.
The browsing of the Website by the Users determines the implicit acceptance of the Present Policy



The Data Controller is Bonacina1889 srl with headquarters at 12, Via Madonnina -22040 Lurago d’ Erba in the person of the legal representative Mario Bonacina whose elected legal domicile are the legal headquarters of Bonacina1889 srl.
The Data Controller and Data Processor can be contacted by email at the following address Within the bounds of GDPR Regulation the Data Controller can designate one or more Data Processors: the updated list of the Data Processor can be found at the Data Controller’s legal headquarters. The Data Processors unroll their activities following the Data Controller’s instructions and under his supervision; the Data Controller periodically checks that the Data Processors have complied to their duties and that they keep on providing the adequate guarantees fully respecting the provisions regarding personal data protection. It is explicitly stated, in any case, that all Users’ personal data protection operations will be carried out by subjects specifically appointed, that carry out such activities under the direct authority of the Data Controller and following its instructions.



The data processing connected to the services of the Website ( physically placed in “hosting” from third party) take place at the legal headquarters of the Data Controller and are curated only by collaborators, processors, or possible external subjects for maintainance operations or updates of the Website pages.



The simple navigation of the Website entails the collection of the so called “ navigation data” by the Data Controller; the transmission of this data is implicit in the use of Internet communication protocols.
Under this category fall the following types of data: IP addresses, the kind of browser used, the Operating System, domain names and the websites form which the access or exit was made, time of stay on each page, internal path analysis and other parameters related to the Operating System and technology system information of the IT environment of the Users, as well as data from Cookie (the regulation of which is stated by the Cookie Policy ). The processed data is Personal data : any information regarding individuals, identified or identifiable, even indirectly, through any reference to any other information, including a personal identification number; Identification Data: personal data that allows the direct identification of the concerned person ( e.g. first name, family name, date of birth, address, email address, phone number, etc..) Data spontaneously provided by the Users: the optional, explicit and spontaneous forwarding of emails to the addresses found on the website and/or the drawing up of forms for data collection, involves the consequent acquisition of the sender’s email address necessary to answer the requests, as well as any other data provided. Data relating to minors: minors can provide personal data. The Data Collector will in no case be responsible of any mendacious statements that might be provided by the minor and should the statement be ascertained as false, the data Cllector will proceed in the immediate cancellation of each personal data and any acquired material. Data concerning third party: if the user provides personal data of third party: ( e.g. siblings and/or other interested people), he must ensure that those third parties are aware and gave their permission, if necessary, to the use of their data according to what described in this notice.



Personal data provided spontaneously during the drawing up of data collection forms and /or through the forwarding of emails will be matter of data processing for the following purposes:
A) enquiries management, involving the forwarding of information requested by the User and the related accountings or financial activities.
B) possible reception of communications through automatic e-mail, messages like MMS, SMS or of other kind as well as through telephone and post, of informative material of the Data Collector’s products or enquiries about the satisfaction level, promotional material, commercial or publicity or inherent to events held by the Data Collector also through the Data Processors. All the data will be inserted in the Company’s CRM system.
The Data Collector in order to compare and enhance the results of communications, uses newsletters system and reports communications systems. Thanks to those reports the Data Collector will come to now, for example: the number of readers, the number of opened messages, of the “one-click users “ and umber of clicks; the devices and Operating System used to read communications; detail of sent emails, received and un-received emails and of those forwarded; all this data is used to the purpose of confronting and possibly enhance the result of communications.



The processing will be both automatic and manual, through methods and means that ensure the maximum safety and confidentiality, by subjects specifically appointed to do so according to the provisions of this GDPR. Data will be kept for a time no longer than necessary to the purposes for which they have been collected and subsequently processed and/or for period of times provided for by the law.



Data, object of the processing, will not be distributed and could be released to companies bound to the Data Collector by contract, both in foreign countries and in the EU, according to and within the limits provided by art. 42 of the Legislative Decree 196/2003. Personal data could be transferred to non EU countries within the limits provided by the GDPR, with the sole purpose of implementing contracts or complying with purposes connected to those contracts.
Data could be released to third parties belonging to the following categories:
subjects that provide services for the management of IT systems used by the Data Controller and telecommunications network (including emails and platforms); studies or companies in the field of assistance and consultancy; companies connected to, controlled by or contract bound with the Data Collector and/or is part of its distribution network (such as branches, importers, distributers, shippers, etc.) that eventually might have its headquarters in non EU countries; competent authorities for legal enforcements and/or, upon request, public bodies’ provisions. The subjects belonging to the above mentioned categories carry out the role of Data Processors and are responsible for it, or operate autonomously as Data Controllers. The list of the data processors is constantly updated and is available at the legal headquarters of the Dta Controller.



Data bestowal for the purposes listed at point A) is not compulsory but is necessary. The possible refusal to confer the necessary data related to point A) entails the impossibility of all activities strictly linked to and instrumental, for example to obtain what is requested or to use the services made available by the Data Collector
The assignment and consent to data processing for the purposes at point B) is not compulsory. The possible refusal of consent for purposes listed at point B), on the other hand does not entail any negative consequence related to the purposed above listed.



Among the rights that you are entitled with by GDPR there are:
• The right to request access to your personal data and information related to that data: the amendment of incorrect data or integration of the incomplete one. The cancellation of personal data that concerns you ( when one of the events listed at art. 17, paragraph 1 of the GDPR occur and in compliance with the exceptions listed at paragraph 3 of the same article); the limitation to the processing of your personal data( in the event one of the cases listed at art. 18, paragraph 1 of the GDPR might occur).
• The right to object in any moment to the processing of your personal data should any particular situation occur.
• The right to request the cancelation, transformation in anonymous form or the blockage of data in violation of the law, as well as the right to oppose in any caseto their processing, for legitimate reasons.
• The right to propose a claim to a Competition Authority ( Autorità Garante for personal data –
In order not to receive any more direct automatized marketing communications ( emails, MMS, SMS) all is required is to address an email to the following address with “unsubscription from automatized marketing” as object or use our systems of automatic unsubscribe option (intended for the emails only), and you will no longer be disturbed.
In order not to receive any more communication of traditional direct marketing ( phone calls with operators, mail by post..) ) all is required is to address an email to the following address with “unsubscription from traditional marketing” as object and you will no longer be disturbed.



The Data Collector reserves the right to modify, update, add or take out parts of the present notice on Privacy to its discretion and at any time. The concerned person is required to periodically check the possible modifications.
To the end of facilitating the periodical check, the notice will report the date of the last update. The use of the Website, after the publication of the modifications, will constitute acceptance of the modifications.



Data Holder

1. The data controller is the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of data processing personal. He also deals with safety profiles.
2. With regard to this website, the data controller is:, and for any clarification or exercise of the rights of the user can contact him at the following email address:

Responsible for data processing

1. The controller is the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller.
2. Pursuant to Article 28 of EU Regulation no. 2016/679, on the appointment of the data owner, the the data controller of the site is: Bonacina1889.

Data processing place

1. The processing of data generated by the use of takes place at Via Madonnina 12 – 22040 Lurago d’Erba (Como).
2. In case of necessity, the data related to the newsletter service can be processed by the person in charge of the treatment or subjects appointed by it for this purpose at the relevant office.



Type of Cookies

1. The site uses cookies to make the user’s browsing experience easier and more intuitive: cookies are small strings of text used to store some information that may concern the user, his preferences or the device for accessing the Internet (computer, tablet or mobile phone) and are mainly used to adapt the operation of the site to the user’s expectations, offering a more personalized browsing experience and memorizing the choices made previously.
2. A cookie consists of a reduced set of data transferred to the user’s browser from a web server and can only be read by the server that made the transfer. This is not executable code and does not transmit viruses.
3. Cookies do not record any personal information and any identifiable information will not be stored. If you want, you can prevent the saving of some or all cookies. However, in this case the use of the site and the services offered could be compromised. To proceed without changing the options related to cookies, simply continue browsing. Below are the types of cookies that the site uses:

Technical cookies

1. There are many technologies used to store information on the user’s computer, which are then collected by the sites. Among these the best known and used is that of HTML cookies. They are used for navigation and to facilitate access and use of the site by the user. They are necessary for the transmission of communications on the electronic network or the supplier to provide the service requested by the customer.
2. The settings to manage or deactivate cookies may vary depending on the internet browser used. In any case, the user can manage or request the general deactivation or cancellation of cookies, modifying the settings of his internet browser. This deactivation can slow down or prevent access to some parts of the site.
3. The use of technical cookies allows the safe and efficient use of the site.
4. Cookies that are inserted in the browser and retransmitted by Google Analytics or the statistics service of bloggers or similar are technical only if used for the purpose of optimizing the site directly from the owner of the site, which can collect information in aggregate form on the number users and how they visit the site. Under these conditions, for analytics cookies the same rules apply, in terms of information and consent, provided for technical cookies.
5. From the point of view of duration we can distinguish temporary session cookies that are deleted automatically at the end of the browsing session and are used to identify the user and thus avoid logging in to each page visited and the permanent ones that remain active in the PC up upon expiry or cancellation by the user.
6. Session cookies may be installed in order to allow access to and access to the reserved area of ​​the portal as an authenticated user.
7. They are not stored permanently but only for the duration of the navigation until the browser is closed and disappear when the browser is closed. Their use is strictly limited to the transmission of session identifiers consisting of random numbers generated by the server necessary to allow the safe and efficient exploration of the site.

Third-party cookies

1. In relation to the provenance we distinguish the cookies sent to the browser directly from the site you are visiting and those of third parties sent to the computer from other sites and not from the one you are visiting.
2. Permanent cookies are often third-party cookies.
3. The majority of third-party cookies consists of tracking cookies used to identify online behavior, understand the interests and then customize the proposals
advertising for users.
4. Third-party analytical cookies may be installed. They are sent from the domains of the aforementioned third parties external to the site.
5. Analytical cookies of third parties are used to detect information on user behavior on The survey takes place anonymously, in order to monitor the performance and improve the usability of the site. The third-party profiling cookies are used to create profiles relating to users, in order to propose advertising messages in line with the choices expressed by the users themselves.
6. The use of these cookies is governed by the rules set by the third parties themselves, therefore, users are invited to read the privacy policies and indications to manage or disable the cookies published on the related web pages.

Profiling cookies

1. Profiling cookies are those that create profiles related to the user and are used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net.
2. When these types of cookies are used, the user must give explicit consent.
3. Article 22 of EU Regulation 2016/679 and Article 122 of the Code on data protection will apply.



Data processing mode

1. Like all websites, this site also makes use of log files in which information collected in an automated manner is stored during user visits. The information collected could be the following:
• internet protocol (IP) address;
• type of browser and device parameters used to connect to the site;
• name of the Internet service provider (ISP);
• date and time of visit;
• web page of origin of the visitor (referral) and exit;
• possibly the number of clicks.
2. The aforementioned information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site, and for security reasons. This information will be processed according to the legitimate interests of the holder.
3. For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to damage other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, but only for the protection of the site and its users, such information will be treated according to the legitimate interests of the owner.
4. If the site allows comments, or in case of specific services requested by the user, including the possibility to send the Curriculum Vitae for a possible working relationship, the site automatically detects and records some identification data of the user , including the email address. These data are voluntarily provided by the user at the time of requesting service delivery. By inserting a comment or other information, the user expressly accepts the privacy policy, and in particular agrees that the contents included are freely disseminated to third parties. The data received will be used exclusively for the provision of the requested service e only for the time necessary for the provision of the service.
5. The information that users of the site will deem to make public through the services and tools made available to them, are provided by the user knowingly and voluntarily, by exempting this site from any liability for any violation of laws. It is up to the user to verify that they have permission to enter personal data of third parties or contents protected by national and international standards.

Purposes of data processing

1. The data collected by the site during its operation are used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the activities specified, and in any case not later than one year.
2. The data used for security purposes (block attempts to damage the site) are kept for the time strictly necessary to achieve the previously indicated end.

Data provided by the user

1. As indicated above, the optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
2. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.

Support in configuring your browser

1. The user can manage cookies also through the settings of his browser. However, deleting cookies from your browser may remove the preferences you have set for the site.
2. For further information and support, you can also visit the web-specific help page
browser you are using:
• Internet Explorer:
• Firefox:
• Safari:
• Chrome:
• Opera:



1. The art. 13, c. 2 of EU Regulation 2016/679 lists the user’s rights.
2. The website therefore intends to inform the user about the existence:
• the right of the interested party to ask the holder for access to personal data (Article 15 of the EU Regulation), their updating (Article 7, paragraph 3, letter a) of the Legislative Decree 196/2003), the rectification (Article 16 of the EU Regulation), integration (Article 7, paragraph 3, letter a) of the Legislative Decree 196/2003) or the limitation of processing that concerns it (Article 18 of the EU Regulation) or to oppose, for legitimate reasons, to their treatment (Article 21 EU Regulation), in addition to the right to data portability (Article 20 EU Regulation);
• the right to request cancellation (Article 17 of the EU Regulation), the transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data are been collected or subsequently processed (Article 7, paragraph 3, letter b) of Legislative Decree 196/2003);
• the right to obtain the attestation that the operations of updating, rectification, integration of data, cancellation, blocking of data, transformation have been brought to
knowledge, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment proves impossible or involves
a use of resources manifestly disproportionate to the protected right (Article 7, paragraph 3, letter c) of Legislative Decree no. 196/2003);
3. The requests may be addressed to the data controller, without formalities or, alternatively, using the model provided by the Guarantor for the Protection of Personal Data, or by sending an email to:
4. If the treatment is based on art. 6, paragraph 1, lett. a) – express consent to use – or on art. 9, paragraph 2, lett. a) – express consent to the use of genetic, biometric, health-related data revealing religious beliefs, philosophical or union membership, revealing racial or ethnic origin, political opinions – the user has the right to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation.
5. Likewise, in the event of violation of the law, the user has the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as the authority responsible for monitoring the processing in the Italian State.
6. For a more in-depth examination of the rights that compete with it, see articles 15 and ss. of the 2016/67 EU Regulation and the art. 7 of Legislative Decree no. 196/2003.



1. This site may share some of the data collected with services located outside the European Union. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of EU Regulation 2016/679, for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
2. Data will never be transferred to third countries that do not comply with the conditions set out in Article 45 e ss of the EU Regulation.



1. This site processes the data of users in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
2. In addition to the owner, in some cases, may have access to the data categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, couriers postal services, hosting providers, IT companies, communication agencies).



1. This document, published at the address:
constitutes the privacy policy of this site.
2. It may be subject to changes or updates. Users are invited to periodically consult this page to keep up to date with the latest legislative news.
3. Previous versions of the document will still be available on this page.
4. The document was updated on 24/05/2018 to comply with the relevant regulations, and in particular in compliance with EU Regulation 2016/679.