Subject of the processing may be your personal data such as:


Automatically collected data. The computer systems and applications dedicated to the functioning of this website collect, during their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected include the IP addresses and domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system.) and other parameters concerning the operating system, the browser and the computer environment used by the user, the name of the internet service provider (ISP), the date and time of the visit, the visitor's web page of origin (referral) and exit.


Data provided voluntarily by the user. The voluntary and explicit sending of electronic mail to the addresses indicated in the various access channels of this site does not imply a request for consent and entails the acquisition of the sender's address and data, necessary to respond to requests, as well as any other personal data included in the message. This data is understood to be voluntarily provided by the user at the time of the request. By entering a comment or other information, the user expressly accepts the privacy policy, and in particular consents to the contents entered being freely disclosed to third parties. On the contrary, specific summary information will be reported or displayed on the pages of the site set up for particular services on request (forms). The user must therefore explicitly consent to the use of the data contained in these forms in order to send the request.


Cookies. The site uses cookies. The data collected through cookies can be used to access parts of the site or for statistical purposes or to make the browsing experience more pleasant and more efficient in the future, by trying to assess user behaviour and to modify the content offerings according to their behaviour. A separate cookie policy is available for further information.

Plug-ins. The site also incorporates plug-ins and/or buttons for social networks, in order to allow easy sharing of content on your favourite social networks. These plug-ins are programmed so that no cookies are set when the page is accessed, in order to safeguard the privacy of users. Cookies are only set, if so provided by the social networks, when the user makes actual and voluntary use of the plug-in. Keep in mind that if the user browses while logged into the social network then he or she has already consented to the use of cookies conveyed through this site at the time of registration with the social network. The collection and use of the information obtained through the plug-in are governed by the respective privacy policies of the social networks, to which please refer.


the data controller is IL TOMOLO S.r.l., with registered office in Via Medina, 40 - 80133, Napoli, VAT No. IT 09792781214, which can be contacted by telephone on 081 199 667 84 or by email info@iltomolo.it



The personal data held by the Controller are collected directly from the data subject.




The purpose and legal basis of the processing of your data is:


For automatically collected data, the legal basis is the legitimate interest of the data controller and the purpose is to ensure and improve the web browsing experience.


For data provided voluntarily by the user, the legal basis is consent and, for sending e-mails to our addresses, the purpose is to be able to send replies to specific requests made by the user; for forms, the purpose is indicated in the specific information notice.

For cookies and plug-ins: see the specific cookies policy.




to the extent relevant to the stated processing purposes, your data may be disclosed to partners, consulting companies, private companies, third-party technical service providers, hosting providers, IT companies, communication agencies,...




this site may share some of the data collected with services located outside the European Union area. In particular via social plug-ins and the Google Analytics service. The transfer is authorised and strictly regulated by Article 45(1) of EU Regulation 2016/679, so it does not require any specific authorisation.


according to the principle of retention limitation (Art.5, GDPR), a check on the obsolescence of the retained data in relation to the purposes for which they were collected is carried out periodically. In particular:

  • data collected automatically are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation, including for security purposes or in accordance with the deadlines laid down by law.


The data provided voluntarily by the user will be kept for a period of time not exceeding the achievement of the purposes for which they are processed or in accordance with the deadlines provided for by law.



the data subject shall always have the right to request from the Controller access to his/her data, rectification or erasure of the same, restriction of processing or the possibility to object to processing, to request data portability, to withdraw consent to processing by asserting these and the other rights provided by the GDPR by simple communication to the Controller. The data subject may also lodge a complaint with a supervisory authority.


The provision of your data is compulsory when browsing our website with regard to points D.1 and D.2 of the aforementioned purposes, in order to allow the correct provision of the service. On the other hand, the provision of your data for point D.3 is optional and will not compromise the provision of the service in any way.



The personal data you provide will be processed in compliance with the above-mentioned legislation and with the confidentiality obligations that govern the Controller's activities. The data will be processed using both computerised tools and on paper or any other suitable type of support (e.g. cloud systems, digital storage and substitute storage systems, ...), in compliance with the appropriate technical and organisational security measures envisaged by the GDPR.