Privacy Policy

Z.One Concept S.r.l., in its capacity as Data Controller, hereby provides the following specific information on the management of its website ( with regard to the processing of the personal data pertaining to the users consulting it. This is also a disclosure made pursuant to Article 13 of the EU Regulation 2016/679 (“GDPR” or “Regulation”).



  • Directive 2002/58/EC concerning the “processing of personal data and the protection of privacy in the electronic communications sector”;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ec (General Data Protection Regulation).
  • Legislative Decree No. 196 of 30 June 2003 ‘Personal Data Protection Code’, as amended by Legislative Decree No. 101 of 10 August 2018.



The Data Controller is Z.One Concept S.r.l with registered office in Malnate (VA), via Brodolini n. 30, e-mail address:  [email protected].



The processing operations related to the web services of this site take place at the aforementioned headquarters of Z.One Concept S.r.l. and at the offices of other third parties, specifically appointed as Data Processors, who offer outsourcing services. 



Browsing Data 

The IT systems and software procedures used to operate this website acquire, as part of standard operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols. Such information is not collected to be associated with identified data subjects. This data category includes the IP addresses or domain names of users’ computers that connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. Such data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. Data could be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the website.


Data voluntarily provided by the user

The optional, explicit and voluntary submission of personal data by the user (including: name, surname and e-mail address) by filling in the registration forms on this site or by calling any of the telephone numbers shown on the site, entails the subsequent acquisition of the data provided by the user, which are necessary to provide the service or to send the information requested. 


Please refer to the Cookie Policy accessible at for more information on the cookies we use.

Please refer to the following link to issue, revoke or modify your consent to the installation of cookies [•]

Purposes your Data are processed for

What entitles us to process your Data 

How long your Data are stored 

Replying to information requests submitted by users via the website

The legal basis is consent that is manifestly expressed by filling in the form (Art. 6(1)(a) GDPR)

Until the achievement of the intended purpose

Sending of commercial communications by means of the newsletter.

The legal basis of data processing is consent (Art. 6(1)(a) GDPR).

Until revocation of consent

Protection purposes in case of improper website use or fraud attempts

The legal basis of data processing is legitimate interest (Art. 6(1)(f) GDPR)

For the period of time necessary to enable the Controller to act or defend himself/herself against any claims made against him/her or in order to prevent damage resulting from conduct by users in breach of the law

In addition to the above, data and information collected may be processed by the Controller in order to prepare reports or other types of internal statistical analysis. Such activities will be carried out mainly by drawing on information concerning website traffic. Such information will be processed in aggregate form for the sole purpose of enabling us to improve the operation of the website and the quality of our services.



This website may contain links or references to other websites or social media pages. We inform you that the Data Controller does not control the cookies or other tracking technologies of such websites and social media pages to which this Policy does not apply. We therefore suggest that you consult the respective privacy policies of these websites and social media pages.



Aside from browsing data (necessary for the proper functioning of the website), you are free to provide your personal data. However, failure to provide them may result in the impossibility of obtaining what has been requested.



Personal data are processed through automated systems and only for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are applied to prevent data loss, illicit or incorrect use and unauthorised access. 



Personal data will be processed by authorised data processing personnel of the Data Controller pursuant to Article 29 of the GDPR or by third parties carrying out activities strictly related to the above-mentioned purposes and instrumental to the execution of the service, such as IT system management and website management. Other than in these cases, personal data will not be disclosed to anyone, except as provided for in the contract or with your express authorisation. In this regard, personal data may be disclosed to third parties, but only and exclusively in the event that: a) explicit consent is given to share data with third parties; b) information needs to be shared with third parties in order to provide the requested service; c) information is needed to comply with requests from Judicial or Public Security Authorities. No data deriving from the web service will be disclosed.



Personal data will not be transmitted to third countries, meaning countries outside the European Union or the European Economic Area. In the event of such, the Controller declares and warrants to comply with the provisions of Articles 44 et seq. of the GDPR.



The legislation in force and in particular Articles 15 et seq. of the GDPR provide for various rights that you may freely exercise vis-à-vis the data controller, as set out below: Right of Access; Right of Rectification; Right to erasure or “right to be forgotten”; Right to restriction of processing; Right to receive notification in case of rectification or erasure of personal data or restriction of processing; Right to Data Portability; Right to object to processing. 

To exercise these rights, you may contact the Data Controller by sending a registered letter or by writing to the above-mentioned e-mail address. 



You shall have the right, at any time, to withdraw the consent granted for personal data processing without prejudice to the lawfulness of processing based on the consent before the withdrawal.


If you consider that your personal data is being processed in breach of the GDPR, you have the right to lodge a complaint with the Data Protection Authority (Art. 77 of the GDPR) or, alternatively, to take legal action (Art. 79 of the GDPR).



The Data Controller periodically checks its privacy and security policy and, if necessary, revises it in relation to regulatory, organisational or technological changes. If the policy changes, the new version will be published on this website page.