Privacy Policy

pursuant to the Italian Privacy Code, as amended, and articles 13 and 14 of EU Regulation 2016/679

Your privacy is important to us!

  • We are aware of the value that your personal data has
  • We want to protect them in a responsible way
  • We only deal with indispensable data within the limits of the purposes that we communicate to you through updated, clear and transparent information
  • We adhere to procedures that provide the adequate technical and organizational measures in compliance with the current legislation.


We want to offer a transparent service in terms of the confidentiality and protection of each visitor’s and user’s personal data. The information provided below concerns the lawfulness, correctness and transparency with which BMT Bagni srl processes the personal data of visitors to and users of the website. Interactions with the social media networks referred to on the website are not governed by this privacy policy. For information, the user is invited to read the relevant information

Controller and contact data

The Controller: BMT srl.
Contact references:
BMT srl, Via delle Fabbriche no. 2, 61020 loc. Borgo Massano di Montecalvo in Foglia (PU), Italy, tel. 0722 580407, fax 0722 580385.

Purposes and legal basis

Processing is done for the specific, explicit and legitimate purposes given below:
To execute a contract or to execute pre-contractual measures upon the user’s request. To provide the service requested by the user and to process any requests received
Necessary for a contract or pre-contractual measures to be carried out
Necessary for a contract or pre-contractual measures to be carried out

Categories of personal data and their source

Data communicated directly by the user when completing the data collection forms found on the website. Contacts form. Identification and contact data is collected (first name, last name, address, city, province, postcode, telephone, fax, email), Messages (freeform text), Documents through attaching files. Job application and internship request form. CVs and internship requests are collected through attaching files. Find retailer form. Identification and contact data is collected (first name, last name, address, state, region, province, telephone, fax, email). Registration. Identification and contact data is collected (role, company name, VAT no. first name, last name, username, city, postcode, province, email). Subscription to the newsletter. Identification and contact data is collected (first name, last name, email). Data collected automatically through technical cookies that does not require any specific consent. For more details, see the Cookie Policy Data provided through interactions with social media networks. Requests for information and freeform text comments are provided directly by the user through interactions with social media networks. Using social media networks could involve personal data sent by the user to BMT srl being processed by a third party. With regard to this situation, the user acts as an independent controller (in terms of processing personal data), assuming all the obligations and responsibilities required by law. For information regarding the processing of data by social media networks, refer to the relative privacy policy.  

Communication of personal data and the consequences of refusing

The data collection forms have mandatory and option fields.
The optional data allows requests to be better managed but not providing this data will not prevent an adequate response from being provided.
Not providing the mandatory data, however, will make it impossible for a response to be given.
Disabling technical cookies will not allow data to be transmitted, content to be displayed or the service made available through the website to be best used.

Legitimate interests

The processing done for BMT srl’s legitimate interests are:

  • communications and direct marketing;
  • the pursuit of its corporate business;
  • safeguarding its assets and rights;
  • website security, ascertaining responsibility in the event of a computer crime against the website and protecting its rights

Recipients of personal data

Personal data will not be disclosed.
BMT srl’s internal personnel may access personal data, within the limits of specific authorisation and in respect of the confidentiality obligation.
Some processing may be done by third parties in their specifically appointed role as either independent Controllers or as Processors.
The parties mentioned above are essentially included in the following categories: a) Agents and commercial representatives; b) Retailers; c) Companies and/or web agencies; d) Commercial companies and consultants, and those working in communication and marketing.
The complete list of appointed processors is available from BMT srl. For more information, send an email to:

Transfer and storage location of personal data

Data will not be transferred to a country outside of the European Union.
Data collected will be processed at the Controller’s offices.
Some processing (or parts of it) may be done at the offices of the appointed Controllers or Processors, but in any case still within the European Union.
The website is run on WordPress by Up Studio srl, with offices at via Lugo no. 2, 61100 Pesaro, Italy. This company collects personal data – as an independent Controller – including technical cookies in order to provide the browsing service on the BMT srl website.
For more information, send an email to:

Storage period

Data will be made available for the time strictly needed to fulfil the purposes for which the data was collected.
Data processed for pre-contractual purposes/information requests is kept until the request has been executed/satisfied.
Data processed for contractual purposes is kept for the time needed to execute the contract except in the case of storage obligations required by tax, accounting and administrative legislation, and until the statute of limitations expires as provided for by the Italian Civil Code regarding the protection of rights.
Data collected for marketing purposes and to send promotional communications and newsletters via email is stored for a period of 24 months from the date on which the data is collected and/or updated except for any request received prior to this date to delete the said data.
Data relating to an unsolicited job application or an internship request is stored for a period of 24 months from the date on which the data is received. At the end of this period, the data is deleted/destroyed.
Data relating to registering on the website is stored until a request is received from the user to close their account or until the user revokes their consent.
Data collected automatically through cookies as users browse the website is kept for varying periods, from two years to one day or until the end of the session.
For more details, see the Cookie Policy

The Data Subject’s rights and response

In relation to the processing of personal data, the Data Subject has the right to ask BMT srl:

– to confirm whether or not the personal data that concerns him/her is subject to processing and, if so, to ask for access to this data and to receive clarifications and/or further information as referred to in this privacy policy (art. 15 of EU Regulation 2016/679);

– to obtain the rectification of any inaccurate personal data and, whilst bearing in mind the purposes for which processing is being done, to supplement any incomplete personal data (art. 16 EU Regulation 2016/679);

– to obtain the deletion of the personal data if it is no longer needed for the purpose(s) for which the data was collected; to revoke any consent previously granted; to object to processing, in the case of legitimate interests and direct marketing, to request the deletion of personal data in the case of unlawful processing or in the case in which deletion is a legal obligation (art. 17 EU Regulation 2016/679);

– to obtain a restriction to the processing of personal data for the period needed to verify the accuracy of the data or to verify the prevalence of the Controller’s legitimate interests, and in the case of unlawful processing or in the case in which the data is needed by the Data Subject to ascertain, exercise or defend a right in a court of law (art. 18 EU Regulation 2016/679);

In the event of a request to rectify or delete data, or to restrict processing, BMT srl undertakes to forward these requests to each recipient to whom the personal data has been transmitted except where this proves impossible or involves a disproportionate effort (art. 19 EU Regulation 2016/679).

When processing is carried out by automated means, the Data Subject has the right to data portability, to obtain the data in a structured, commonly used and machine-readable format if processing is based on consent or on a contract (art. 20 EU Regulation 2016/679).


To exercise a right and for any other information regarding the processing of personal data, send an email to:

Upholding the rights of Data Subjects is a fundamental value for BMT srl which will provide the due response in the shortest time possible.


Processing methods and automated decision-making process

Data is processed by BMT srl by using telematic, paper and electronic tools; this processing is based on the principles of correctness, lawfulness and transparency and on protecting the rights and the confidentiality of users of and visitors to the BMT srl website. Data collected automatically by the website is processed in an anonymous and aggregate form. BMT srl has taken security measures and has adopted technology aimed at ensuring that electronic transmissions involving its website are done appropriately and safeguard personal data. However, it is not possible to 100% guarantee the security of data transmitted over the internet due to the possibility of data being intercepted and/or due to unauthorised actions by a third party during or after the data has been transmitted. BMT srl is not liable for any disclosure of data, or any loss of control over data, nor any financial losses due to errors, omissions or unlawful actions or unauthorised actions by a third party. In the unlikely event that personal data, in the possession of or under the control of BMT srl, is breached, BMT srl will act in compliance with the regulatory provisions and notify the relevant Supervisory Authority and, where necessary, notify the Data Subject(s) of the breach. BMT srl does not use automated decision-making processes that might produce legal effects or that might significantly affect the Data Subject.  

Changes and updates

Data is not processed for any purpose other than or different to those declared herein.

Changes to the purposes pursued will be communicated to Data Subjects and, if necessary, consent from them will be requested.

Updates to this privacy policy will take place periodically and will always be available at the website.We invite users to take note and stay updated.