Privacy Policy

Per leggere questo testo in italiano:
informativa sulla privacy

Dear User,

pursuant to art. 13 of the Regulation (EU) 2016/679 (hereinafter also referred to as GDPR) and in accordance with the national legislation about personal data protection, by this policy we provide you the information about the methods and the purposes of the processing of your personal data, collected through our web site.

1. Data Controller and Data Protection Officer

The Data Controller is Italdesign-Giugiaro S.p.A., with registered office in Torino, via San Quintino 28 and with headquarters in Moncalieri (TO), via Achille Grandi 25, which can be contacted by writing to

The Data Protection Officer (DPO) can be contacted by writing an e-mail to

2. Categories of personal data processing

Data Controller processes personal data (name, surname, email) you provided compiling the on-line form available within the “Contacts” section on our website.

Furthermore, the acquisition of further of your personal data is necessary, due to our website normal mode of operation.

This concerns information that are not collected to be associated with identified individual concerned, but that could allow to identify users through the processing and connection with data held by third parties, due to their own nature. This category of data includes Cookies, small text files that the websites visited by users send to user’s terminal, in which data are stored and later retransmitted to the same sites during a subsequent visit by the same user.

For further information about cookies used on our website please visit:

3. Purposes of the processing

Your personal data are processed only for the purpose of receiving and possibly giving answer to your request of a business contact, of evaluating the use of the website.

Please note that any requests without commercial purposes will be ignored and the personal data contained therein will be immediately deleted.

4. Processing method and retention of Data

Personal data are processed by the Data Controller according to lawfulness, fairness and transparency principles.

The processing of your personal data is carried out by the following operations: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use,

disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.

Data Controller will process personal data for the time necessary to fulfil the purposes mentioned above and, in any case, no longer than 2 years from the data collection.

5. Data access

To the purposes of paragraph 3, your data can be notified to the following subject:

– companies or other third parties (subjects providing services to manage the computer system and the telecommunications network, as well as the website) that handle personal data in outsourcing on the Data Processor’ behalf;

– subjects appointed as external Data Processor, and person authorized by the Data Controller that need to process personal data in order to perform their duties and the functions assigned to them;

– public entities, in order to comply with legal obligation, and judicial authorities, if officially required.

6. Transfers of personal data to extra- EU countries

Your personal data is not transferred in countries located outside the European Union and it is stored on servers located within the EU. In any case, it is understood that the Data Controller, if necessary, will have the right to transfer data even outside the EU.

In this case, the Data Controller ensures from now on that the transfer of data in non-EU Countries will only occur at the presence of one of the conditions set out in Chapter V of the GDPR.

7. Legal basis of the processing

The basis of the personal data provision and their processing for the purposes described in paragraph 3 relies on Article 6, paragraph 1, letter f) GDPR (legitimate interests pursued by Data Controller) since the processing is necessary to the possible reply to the requests with business purposes you could send us.

In case of refusal, you will not be able to send requests and to receive any answer from Data Controller.

8. Data subjects’ rights

As data subject, you have the following rights in accordance with the GDPR. You may request Data Processor, addressing to the Data Processor Officer: the access to personal data, the indication of the modalities, purposes and logic of processing, the request for restriction, objection or data portability, the rectification and erasure, in accordance with restrictions and conditions specified by the European Regulation. Lastly, you have the right to lodge a complaint to the supervisory authority pursuant to art. 77 European Regulation.

You can exercise your rights, described above, writing to