Privacy Policy

Privacy policy web site pursuant to Article 13 of Regulation No 679/2016 (“GDPR”)

Golden Lady Company S.p.a. (hereinafter the Data Controller) provides you, pursuant to article 13 of EU Regulation 679/2016 (GDPR), some information concerning the processing of your personal data during the visit to the website

Collection and processing of personal data

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified individuals, but which, by their very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data provided voluntarily

In the "newsletter" sections, "contacts, you will be asked to provide personal data. In this case you will be provided with the information pursuant to art. 13 of the GDPR concerning the processing of personal data in relation to the purpose pursued.

Provision of data
Apart from that specified for navigation data, the provision of data for further processing purposes is optional. Failure to provide such data may make it impossible to pursue these additional purposes, specifically it will not be possible to subscribe to the newsletter service, purchase our products or be able to use the contact form.

Purpose of the processing and scope of communication of personal data
The Data Controller will process personal data: 

  • To make it possible to browse the website;
  • For the technical and commercial administration of the website;
  • Respond to any requests for contact or information from users;
  • To respond to any requests to subscribe to the newsletter from users;
  • To use the e_commerce feature on the site.

Method of treatment
Your personal data will be processed using company IT tools, through paper archives and with IT tools managed by third parties.
Your data will be processed by employees and collaborators authorized for processing pursuant to Art. 29 of the GDPR.
Pursuant to Art. 32 of the GDPR specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Data Communication
Your data, object of the treatment, can be communicated to Subjects contractually tied to the Holder within the European Union.
The data may be disclosed to third parties belonging to the following categories:

  • Platform managers providing Social Network or Analysis services;
  • Companies that provide hosting services related to the website database, the servers are located within the European Union;
  • Companies that outsource the website database;
  • Platforms that provide services for sending newsletters;
  • Consultants and Freelancers also in associated form;
  • External collaborators with commercial and technical functions;
  • Third-party companies contractually bound to the Owner who deal with the management of shipments;
  • Other companies subject to the management and coordination of Engifin SpA;
  • Public Security Authority.

The subjects belonging to the aforesaid categories perform the function of Data Processor according to Art. 28 of the GDPR, or of the Data Controllers pursuant to Art. 26 of the GDPR or operate in total autonomy as separate Data Controllers. The list of possible managers is constantly updated and available at our office.
Your personal data will not be disclosed.

Data transfer in extra UE Countries
Your personal data is stored in the European Union, but also with providers that provide hosting or analysis services with offices in countries outside the EU. The suppliers in question are all members of the EU-US Privacy Shield agreement which legitimates the transfer in complete safety.

Data controller
Data controller is Golden Lady Company S.p.a. headquarters in Via G. Leopardi, 3/5 – 46043 Castiglione delle Stiviere (MN)  - mail:  

Data Protection Officer
According to Article 37 of the GDPR, the Data Controller has appointed a Data Protection Officer who can be contacted at the email address:


Your rights
You have the right to obtain from the holder the cancellation (right to be forgotten), limitation, updating, correction, portability, opposition to the processing of personal data concerning you, as well as in general can exercise all the rights provided from the articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.
To exercise your rights, you can send a communication to the address below or an e-mail to 
You can file a report or a complaint by contacting the Data Protection Authority located in Piazza di Monte Citorio n. 121 - 00186 ROME - mail: