Atag S.p.A recognizes the importance of protecting Personal Data and is committed to treating Personal Data with caution and confidentiality.
With this in mind, before communicating any personal data, we invite you to carefully read this Privacy Policy, as it contains important information on the protection of Personal Data and on the security measures adopted to ensure its confidentiality, in full compliance with the Applicable Regulations.
The following Privacy Policy describes how the Personal Data you provide will be processed and the purposes for which they are requested.
This notice is provided pursuant to art. 13 of the GDPR and exclusively concerns the site and does not concern links to any other connected sites.
The Data Controller is the one who comes into contact with your data and processes it for the purposes indicated in this Privacy Policy.
The Data Controller is: Atag S.p.A., Tax Code 00844980151, with registered office in Milan (20128 – MI), Viale Monza, 274.
The Controller can be contacted for any questions regarding the processing of personal data at the following certified email addresses: ATAG@LEGALMAIL.IT
The DPO is Federico Spagnolo.
The Site's computer systems collect some Personal Data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with you, but which by its very nature could, through processing and associations with data held by third parties, allow you to be identified.
These include IP addresses or domain names of devices used to connect to the Site, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful completion, error, etc.) and other parameters relating to your operating system and computer environment.
This data is used to obtain anonymous statistical information on the use of the Site and to check its correct functioning; to allow – given the architecture of the systems used – the correct provision of the various functions requested by you, for security reasons and to ascertain responsibility in case of hypothetical computer crimes against the Site or third parties and are deleted after 6 months and in any case no more than 72 months, in any case such data is retained by the Site Controller for the strictly necessary period and in any case in compliance with current regulations on the matter.
Through the Site, Personal Data may be voluntarily provided in the "REQUEST INFORMATION: fill out the form to contact Atag" section in order to submit your request and be contacted by the data controller. The data you will need to provide to be contacted are: name, surname, e-mail and telephone number.
You will be asked to enter personal data in the "Cart" section when you proceed to purchase one or more products on our site and you are not registered.
You can provide your data in the "register" section. The data that will be requested from you will be: name, surname, e-mail, telephone number and address.
The data we ask you to enter is necessary to proceed with invoice issuance (name, surname, tax code, telephone, email) and to know where we should ship the products you requested (address).
Payment data is processed by the external provider.
Finally, you can provide your e-mail address in the section "Subscribe to our newsletter to stay updated on our products".
Your email will be used exclusively for sending newsletters containing updates and promotions.
Users are free to provide their Personal Data, but failure to provide it may result in the inability to obtain the requested service or to proceed with the purchase order.
The Controller will process this data in compliance with the Applicable Regulations, assuming that it refers to you or to third parties who have expressly authorized you to provide it based on an appropriate legal basis that legitimizes the processing of the data in question.
With respect to this latter hypothesis, you position yourself as an autonomous data controller, assuming all legal obligations and responsibilities.
In this sense, you provide the broadest indemnification with respect to any contestation, claim, request for compensation for damages from processing, etc. that should reach the Controller from third parties whose Personal Data have been processed through your use of the Site in violation of the Applicable Regulations.
We use technical cookies to make the site work and – only if you authorize us – also analysis and profiling cookies. You can find all the details in our Cookie Policy. Cookie Policy.
The Controller uses analysis and marketing tools such as Google Analytics, Google Ads, Hotjar, Mailchimp and LinkedIn Insight, which involve the processing of personal data subject to your consent.
Personal Data concerning you, communicated by you to the Controller, are processed by the Controller in the context of its activities for the following purposes:
a) follow up on your request to be contacted and receive a response to the question sent through the "REQUEST INFORMATION: fill out the form to contact Atag" section.
The processing is lawful as it is the response to a request from the data subject (Art. 6 GDPR para. 1, lett. b)).
b) Allow you to proceed with the purchase of the items you selected both in the "Cart" section and when you have registered in the "register" section.
The processing is lawful as it is the conclusion of a contract, the response to a request from the data subject (Art. 6 GDPR para. 1, lett. b)).
c) send you newsletters to the e-mail address you voluntarily provided.
The processing is lawful as it is the response to a request from the data subject (Art. 6 GDPR para. 1, lett. b)).
You can always ask, at any time, to no longer receive our newsletters.
d) Your Personal Data will be used by the data controller to ascertain, exercise or defend a right in court or whenever the authorities exercise their jurisdictional functions.
The legal basis is the legitimate interest of the controller (Art. 6 GDPR para.1 lett f)).
e) Your Personal Data will be used by the data controller to comply with legal, regulatory or EU obligations to which the Data Controller is subject (e.g. tax, accounting obligations, obligations provided by professional regulations, requests from competent authorities, etc.).
The processing is lawful as it is necessary to comply with a legal obligation to which the Data Controller is subject (art. 6 GDPR para. 1, lett. c)).
f) Through Google Analytics 4, online identifiers (such as IP address – not stored in full –, Client ID), navigation data (e.g. page views, clicks, scrolls, interactions with content), data relating to the device and browser used, as well as information on the traffic source are collected.
This data is processed for the purposes of statistical analysis of navigation and measurement of site performance.
The processing is lawful as it is based on the consent of the data subject (Art. 6 GDPR para. 1, lett. a)).
g) Through the Hotjar tool, online identifiers (including IP address in masked form), data relating to navigation and user behavior on the site (such as mouse movements, scrolls, clicks, interactions with forms), as well as data relating to the device and browser used are collected.
This data is processed for the purposes of statistical and behavioral analysis of navigation, generation of heatmaps and session recordings, execution of usability and A/B testing, as well as optimization of user experience and site performance.
The processing is lawful as it is based on the consent of the data subject (Art. 6 GDPR para. 1, lett. a)).
h) Google Ads collects online identifiers (such as cookies and device ID), IP address, data relating to interactions with ads, as well as demographic information and interests.
This data is processed for the purposes of delivery and personalization of advertising, remarketing and behavioral profiling (behavioral targeting), measurement and analysis of advertising campaign performance, as well as integration with other Google services for advertising purposes.
The site uses Google Ads, also through conversion tracking features, in order to measure the effectiveness of advertising campaigns.
The processing is lawful as it is based on the consent of the data subject (Art. 6 GDPR para. 1, lett. a)).
i) Through the LinkedIn Insight Tag, online identifiers (such as LinkedIn cookies and device ID), IP address, data relating to interactions with the site and conversion events are collected.
This data is processed for the purposes of remarketing, behavioral profiling, creation of audience segments and measurement of the effectiveness of advertising campaigns on the LinkedIn platform.
The processing is lawful as it is based on the consent of the data subject (Art. 6 GDPR para. 1, lett. a)).
l) For sending newsletters and informational and promotional communications, the Mailchimp email marketing platform, provided by Intuit Mailchimp, is used. The processed data (in particular email address and any name) is also stored within the platform in appropriate contact lists.
The processing is lawful as it is the response to a request from the data subject (Art. 6 GDPR para. 1, lett. b)).
For the pursuit of the purposes indicated above, it may be necessary for the Controller to communicate your Personal Data to the following categories of recipients:
1) Third parties who help us provide the service (e.g. hosting, newsletter, management software, etc.);
2) employees of Atag S.p.A. authorized to process Personal Data;
3) Authorities (for example, judicial, administrative, etc.);
4) self-employed professionals also in associated form (such as accountants, programmers and website developers), banks and credit institutions.
The third parties to whom your Personal Data may be communicated act as: 1) Data Processors, i.e. subjects who process Personal Data on behalf of the Controller
The processing of your Personal Data is carried out through telematic, paper, and automated tools in order to ensure the security and confidentiality of the data itself.
Your Personal Data will be retained for a period of time not exceeding that necessary to achieve the purposes for which they are processed, subject to the retention periods provided by law.
The data you provide to the Data Controller to make requests or ask for information will be retained for a period of 10 years from the request, after which they will be deleted.
Personal Data may also be processed for a longer period, where an act interrupting and/or suspending the statute of limitations occurs that justifies the extension of data retention.
Processing operations are carried out in such a way as to ensure the security of data and systems. Specific security measures are adopted in order to minimize the risks of destruction or loss, even accidental, of the data itself, unauthorized access, processing not permitted or not compliant with respect to the purposes indicated in this notice.
The security measures adopted, however, do not allow absolute exclusion of the risks of interception or compromise of personal data transmitted with telematic tools. It is therefore recommended to verify that the device used by the user is equipped with software systems adequate to protect telematic data transmission, both incoming and outgoing (such as, for example, updated antivirus systems, firewalls and antispam filters).
Personal Data collected through statistical analysis, marketing and profiling tools are retained for a period of time not exceeding that necessary to achieve the purposes for which they were collected and, in any case, for a period not exceeding 30 years from collection, except for early withdrawal of consent by the data subject.
After this period, the Data will be deleted or anonymized, unless their further retention is necessary to comply with legal obligations or for the ascertainment, exercise or defense of a right in court.
Where Personal Data are transferred to countries not belonging to the European Union or the European Economic Area, the transfer will take place in compliance with the guarantees provided by Chapter V of Regulation (EU) 2016/679 (GDPR).
In particular:
- where the recipient has adhered to the EU-U.S. Data Privacy Framework, the transfer to the United States will take place on the basis of the adequacy decision adopted by the European Commission pursuant to art. 45 GDPR, in the absence of an applicable adequacy decision, the transfer will take place on the basis of the Standard Contractual Clauses adopted by the European Commission pursuant to art. 46 GDPR.
Data subjects can obtain further information on the applicable guarantees by contacting the Controller at the addresses indicated in this document
The site uses Google Tag Manager to manage tracking tags.
Below is the Google Tag Manager Privacy Policy: Privacy and data security - Tag Manager Help.
Google Analytics is installed through Google Tag Manager for collecting page navigation data, exclusively subject to user consent.
Below is the Google Analytics Privacy Policy: Information privacy policies - Analytics Help.
Also through Google Tag Manager, the following tags are installed that involve the use of profiling cookies. For more information on the processing of personal data, please refer to the respective privacy policies of the providers: Hotjar Tag (Privacy | Hotjar), Google Ads Tag (Privacy Policy – Privacy & Terms – Google), Google Ads conversion tracking Tag (Privacy Policy – Privacy & Terms – Google), Mailchimp Tag (Mailchimp data security and privacy | Mailchimp) LinkedIn Insight Tag (European Regional Hub).
The user can express their consent to the use of profiling cookies and the activation of tracking tools through the cookie banner and the related preference management center.
None of your personal data with the Data Controller can be traced back to the definition of "Special categories of data" of art. 9 of Regulation EU 2016/679. In the event that you transmit data of this kind, in the absence of your explicit written consent, we will take care to delete them immediately.
As a Data Subject, you can exercise, at any time, the rights provided by the Regulation listed below against the Controller, by sending an appropriate request in writing to the email address, certified email address or by post to the address: ATAG@LEGALMAIL.IT.
In the same way, you can withdraw at any time the consents expressed with this Notice.
Any communications and actions undertaken by the Controller, in response to the exercise of the rights listed below, will be carried out free of charge. However, if your requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the Controller may charge you a contribution to expenses, taking into account the administrative costs incurred, or refuse to satisfy your requests.
You may obtain from the Controller confirmation as to whether or not processing of your Personal Data is underway and, if so, obtain access to Personal Data and the information provided by art. 15 of the Regulation, including, by way of example: the purposes of processing, the categories of Personal Data processed, etc.
Where Personal Data are transferred to a third country or an international organization, you have the right to be informed of the existence of appropriate safeguards relating to the transfer.
If requested, the Controller may provide you with a copy of the Personal Data being processed. For any additional copies, the Controller may charge you a reasonable fee based on administrative costs. If the request in question is submitted by electronic means, and unless otherwise indicated, the information will be provided to you by the Controller in a commonly used electronic format.
You may obtain from the Controller the rectification of your Personal Data that are inaccurate as well as, taking into account the purposes of processing, the integration thereof, if they are incomplete, by providing an additional statement.
You may obtain from the Controller the erasure of your Personal Data, if one of the reasons provided by art. 17 of the Regulation exists, including, by way of example, where the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or where the consent on which the processing of your Personal Data is based has been withdrawn and there is no other legal ground for the processing.
The Controller cannot proceed with the erasure of your Personal Data where their processing is necessary, for example, for compliance with a legal obligation, for reasons of public interest, for the ascertainment, exercise or defense of a right in court.
You may obtain the restriction of processing of your Personal Data where one of the hypotheses provided by art. 18 of the Regulation occurs, including, for example: in response to your contestation regarding the accuracy of your Personal Data subject to processing or where your Personal Data are necessary for you for the ascertainment, exercise or defense of a right in court, although the Controller no longer needs them for processing purposes.
Where the processing of your Personal Data is based on consent or is necessary for the performance of a contract or pre-contractual measures and the processing is carried out by automated means, you may:
– request to receive Personal Data in a structured, commonly used and machine-readable format (example: computer and/or tablet);
– transmit your received Personal Data to another Data Controller without impediment from the Controller.
You may also request that your Personal Data be transmitted by the Controller directly to another data controller indicated by you, if this is technically feasible for the Controller. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data, providing us with appropriate written authorization.
You may object at any time to the processing of your Personal Data where the processing is carried out for the performance of a task in the public interest or for the pursuit of a legitimate interest of the Controller (including profiling activity).
Should you decide to exercise the right to object described here, the Controller will refrain from further processing your personal data, unless there are legitimate grounds to proceed with processing (grounds prevailing over the interests, rights and freedoms of the data subject), or the processing is necessary for the ascertainment, exercise or defense of a right in court.
Without prejudice to your right to appeal in any other administrative or judicial venue, should you believe that the processing of your Personal Data by the Controller occurs in violation of the Regulation and/or applicable regulations, you may lodge a complaint with the competent Supervisory Authority for the Protection of personal data: Home - Privacy Guarantor.
Last updated on: March 23, 2026.
