top of page


Farmat vGmbH with registered office at Vierbrunnenstraße 21, 39030 Antholz Mittertal, Italy, VAT No. 03116590211 (hereinafter the "Controller"), owner of the website:


(hereinafter the "Websites"), as controller of the processing of personal data of users navigating and registering on the websites (hereinafter the "Users"), hereby submits the information letter on data protection pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter the "Regulation").

Users' personal data may be disclosed to third parties in order to comply with legal requirements or to comply with orders from public authorities or to exercise a right before a court.

The contents of the websites listed above and any services offered there are reserved for persons who have completed their 18th year of age. The responsible party therefore does not collect personal data from persons under the age of 18. At the request of users, the Controller will delete as soon as possible any personal data collected unintentionally and relating to persons under 18 years of age.


1. Purpose of the processing and legal basis

Users' personal data are lawfully used by the Controller for the following processing purposes, in accordance with Article 6 of the Regulation:

(a) navigation on the websites, in relation to the possibility of collecting the user's data necessary from a technical point of view, such as the IP address, during navigation on the websites;

b) for administration/accounting purposes or to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and functional activities to fulfil contractual and pre-contractual obligations;

c) legal obligations, i.e. the fulfilment of obligations arising from the law, a public authority, a regulation or European legislation.

The transfer of personal data for the above processing purposes is voluntary, but necessary, since in case of refusal, the user will not be able to navigate the web pages, make registrations or use the services offered by the data controller. With reference to the purposes as in point 1/a, the legal basis of the processing is in fact the performance of the services offered through the websites and requested by the user (pursuant to art. 6, paragraph 1, letter b of the Regulation); with reference to the purposes as in points 1/b and 1/c of the previous paragraph, the legal basis is the fulfilment of a legal obligation to which the data controller is subject (pursuant to art. 6, paragraph 1, letter c of the Regulation).



2. Modalities of the processing and retention period of the data

The data controller will process the personal data of users using manual and computerised means, the logics of which are closely related to the purposes of the processing, always guaranteeing the security and confidentiality of the data.

Personal data of users of the websites will be stored only for the required period of time and only for the execution of the main purposes listed in section 1 or, in any case, for as long as it is necessary for the protection of the interests of the users and of the data controller from a civil point of view.


3. Scope of communication and dissemination of data

Employees and/or collaborators of the responsible party entrusted with the management of the websites may obtain knowledge of the personal data of the users. These persons, authorised by the data controller, may process the users' data only for the purposes specified in this information notice and in compliance with the provisions of the Regulation.

In addition, third parties who process personal data on behalf of the data controller as "external processors", such as providers of computer and logistic services for the maintenance of the websites, outsourcing or cloud computing service providers, professionals and consultants, may also become aware of users' personal data.

Users have the right to obtain a list of any processors engaged by the data controller by making a request as regulated in Section 4.


4. Rights of the data subjects

Users may exercise their rights guaranteed by the Regulation by contacting the data controller in the following ways:

- by registered letter with reply to the registered office of the data controller;

- by e-mail to the address

The Data Protection Officer (DPO) appointed by Farmat vGmbH in accordance with art. 37 of the regulation may be contacted at the registered office of the company or by e-mail at


The users of the services of the websites, as data subjects of the processing, have a right to:

(a) access, updating, rectification or, where interested, integration of their data;

b) a request for the erasure, anonymisation or blocking of data processed unlawfully, including those for which no retention is necessary in relation to the purposes for which they were collected or subsequently processed;

c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their contents, of those to whom the data have been communicated or disseminated, except in cases where this would be impossible or would involve a manifestly disproportionate effort compared with the right that is to be protected;

(d) to withdraw their consent at any time, where the processing is based on their consent;

e) Data portability (the right to receive any personal data concerning them in a structured, commonly used and machine-readable form), the right to restrict the processing of personal data and the right to erasure ("right to be forgotten");

f) To oppose:

(i) on legitimate grounds, in whole or in part, to the processing of personal data concerning them, including for the purposes for which they were collected;

ii. in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising material or direct selling or for carrying out market research or commercial communications;

iii. where the personal data are processed for direct marketing purposes, to object at any time to the processing of their data for such purposes, including profiling, to the extent that it is related to such direct marketing.

g) If data subjects consider that the processing concerning them infringes the Regulation, to lodge a complaint with a supervisory authority (in the Member State where they usually live, in the one where they work or in the one where the alleged infringement took place). The Italian supervisory authority is the Garante per la protezione dei dati personali, with its registered office in Piazza Venezia 11, 00187 - Roma (

bottom of page