Welcome to the website (hereafter referred to as the Site). Your privacy and the security of your personal data are very important to B&B ITALIA s.r.l. (“B&B ITALIA”), so it collects and manages your personal data with the utmost care and takes specific measures to keep it safe. The Controller collects and manages your personal data to provide you with the best experience of our services and products.

According to the new General Data Protection Regulation n. 2016/679 (hereafter referred to as “GDPR”), B&B ITALIA updated her privacy policy. This Policy sets out details of your personal data relationship with B&B ITALIA s.r.l., relating to the types of data concerned, the legal basis, the purposes of the treatment and the rights that you can exercise as the data subject.
B&B ITALIA knows it is a long document, as it wants to be as transparent as possible with you. Please, therefore, make sure you read it carefully.


1) Who is the Data Controller?

B&B ITALIA s.r.l. (later we will refer to it as “B&B” or as the “Controller”) is the Data Controller.


2) What personal data does B&B collect from you?

“Personal data” mean any information relating to an identified or identifiable natural person (‘data subject’). As part of his activity, the Controller processes your common and identifying data in order to allow you to conclude and execute the purchase on or to perform the scopes here below. The processed data include:

  • name, address, e-mail address, telephone number, social security number, VAT registration number and bank details (for the payment).


3) What legal bases B&B relies upon to process Your data?

Processing will be performed only if and to the extent that at least one of the legal bases for the processing purpose planned in the GDPR is complied. In particular, B&B will process your data, in accordance with Article 6 of GDPR, pararaph 1, when one of the following applies:

  • lett. A) – explicit consent given to the processing of those personal data for one or more specified purposes;
  • lett. B) – necessity of processing for the performance of a contract or of precontractual measures;
  • lett. C) – necessity of processing for compliance with a legal obligation to which the controller is subject;
  • lett. F) – legitimate interests of the Data Controller, because the data subject to the processing can expect sending advertsing material and/or other information.


4) Why does B&B process your data?

Your data will be processed in order to the following scopes:

  • providing you with the products and services you order;
  • making it possible for you to register on the site and to create your personal page to access all related services;
  • complying with the legal obligation that the controller is subject to;
  • promotional purposes;
  • establishing, exercising or defending legal claims.


5) What are the processing modalities?

The processing will be carried out, respecting the aforementioned purposes and in accordance with the provisions of art. 4 n. 2 of the GDPR, with or without the use of automated means by the owner and / or employees and / or collaborators of the company specifically authorized for this purpose. Specifically, it will consist in:

  • collection of personal data;
  • conservative archiving of the documents received necessary to perform the contractual service;
  • insertion / updating and organization of data in both databases and paper archives;
  • consulting the data;
  • elaboration of data to allow the achievement of the above purposes;
  • interconnection and / or comparison of data;
  • cancellation and / or destruction of data.


6) Who will be allowed to access your data?

In compliance with the Regulations, with the sector regulations and with this information, your data will be accessible to:

  • the staff or partners of the Data Controller specifically authorized;
  • third-party companies or other subjects carrying out activities on behalf of the Data Controller, in their capacity as external data controllers;
  • subjects who can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by such rules;
  • subjects to whom they must be notified by law.


7) Is it necessary that you provide your personal data?

B&B informs you that it can actually provide you with the service and/or service requested only if your personal data will be procured. The sending of advertising is based on the legitimate interests of the Data Controller, but you stop receiving it sending an e-mail to


8) How will your data be protected?

In order to guarantee an adequate level of data protection to limit the risk of improper or illicit use of the same, technical and organizational security measures have been adopted that respect the parameters established by art. 32 of the GDPR.


9) How long will your data be stored?

In accordance with the art. 5 I ° paragraph lett. e) of the GDPR, B&B will treat your data only for the time necessary to pursue the aforementioned purposes.

In particular, the data provided will be stored according to the following scopes:

  • administration, accounting and management of any litigation: 10 years from the formation of the act or from the termination of the contractual relationship;
  • maintaining your personal account, until you decide to delete your account to by sending an email to;
  • exercising the warranty right on the products purchased: for the period prescribed by law or by contract.


10) Where will your data be transferred?

The management and conservation of personal data will take place within the European Union.


11) What are your rights recognized by the Regulations?

As an interested party, the GDPR recognizes the following rights to the data subject:

  • the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (Right of access: art.15);
  • the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (Right to rectification: art.16);
  • the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay, under certain conditions (Right to the erasure: art. 17);
  • the data subject shall have the right to obtain from the controller restriction of processing under certain conditions (Right to restriction of processing: art. 18);
  • the data subject shall have the right to receive a copy of the protection measures concerning the transfer of data to third countries, if applicable;
  • the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, under certain conditions (Right to data portability: art. 20);
  • the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (Right to object: art. 21)
  • the data subject shall have the right to receive without unjustified delay information about data breach (Art. 34);
  • the data subject shall have the rights to revoke the consent expressed at any time (Conditions for consent: art. 7 and art. 13)
  • the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling.

The address for the exercise of the rights specified above is, also with reference to applications against subjects whose data have been transmitted with the prior consent of the interested party. Requests will be processed within 30 days. This period may be extended for reasons relating to the specific right of the interested party or the complexity of your request. The interested party is informed that he has the right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority on; the exercise of rights is not subject to any form constraint and is free.


12) How do we manage the changes made to this Information?

Should there be any substantial changes to this information, the Controller will inform you promptly of such changes.


13) What are the data of the owner and his contacts?

The Data Controller is: B&B ITALIA s.r.l. based in Montelupo Fiorentino (Italy) in via dell’Artigianato n. 25/27. The instruments of appointment of the controllers, of the authorized internal parties and any other information concerning your data can be provided by your written request to be sent to the e-mail