Dear User,
This privacy notice is provided in compliance with the obligations established by the laws governing the protection of personal data, including Regulation (EU) No. 2016/679 (hereinafter, the “GDPR”), Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018 (hereinafter, the “Italian Data Protection Code”), as well as the relevant provisions issued by the Italian Data Protection Authority.

The purpose of this document is to provide all the necessary information to safeguard your privacy and allow you to maintain control over the processing of your personal data when browsing the website https://milanilabitare.com/en (hereinafter, the “Website”)..

Personal Data
According to Article 4 of the GDPR, personal data means any information relating to an identified or identifiable natural person, referred to as the “data subject” (hereinafter, the “User”).

Data Controller
The Data Controller, i.e. the entity that determines the purposes and means of processing personal data and to whom Users may address requests in order to exercise their rights under the GDPR, is: MILANILABITARE S.r.l., VAT No. 02328620030, Registered office: Regione alle Nosere, no. 43, 28845 Domodossola (VB), Italy

The Data Controller may be contacted by sending an email to milani@milanilabitare.it or by sending written correspondence to the postal address indicated above.

Sources and Categories of Data Processed, Nature of the Provision of Data and Processing Methods
The personal data processed are mainly collected directly from the User when browsing the Website or using the services made available through it.

This privacy notice refers to the processing of personal data carried out within the various sections of the Website and governs exclusively the processing activities performed through the Website. It does not apply to other websites that may be accessed via links on this Website.

The data collected through the Website are processed primarily by electronic means using software and IT procedures designed to ensure adequate technical and security measures. For example, the implementation of the secure “https” transmission protocol protects the transfer of information entered by Users within the Website.

Browsing Data
Types of Data Processed and Nature of the Provision of Data
The IT systems and software procedures used to operate the Website acquire, during their normal functioning, certain personal data whose transmission is implicit in the use of internet communication protocols.

These data are not collected in order to be associated with identified Users but could, through processing and association with data held by third parties, allow Users to be identified.

This category includes: IP addresses or domain names of the computers used by Users connecting to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response, other parameters relating to the User’s operating system and IT environment (for example the device name and type used to access the Website)

Provision of Data
The provision of such data is not mandatory. However, if the User chooses not to provide such data, it will not be possible to browse the Website or access its functionalities.

Purposes of Processing
These data are used for the following purposes: to obtain anonymous statistical information on the use of the Website, to verify the correct functioning of the Website, to improve the quality of the services offered, including the optimization of the Website’s functionalities, to ensure the security of the networks and information transmitted through the Website

Furthermore, such data is processed to the extent strictly necessary and proportionate to ensure the security of the networks and the information transmitted via the Website.

Legal Basis
Article 6(1)(f) GDPR: the legitimate interest of the Data Controller in maintaining the security of the Website and ensuring that it is not used in ways that could harm the rights of others or facilitate unlawful activities or fraud (see Recital 47 GDPR).

Data Retention Period
The personal data referred to in this section are stored for up to 6 months from the date of collection, unless the data subject exercises their right to object, which may be exercised at any time according to the procedures described in the section “Data Subject Rights”.

“Contacts” Section
Types of Data and Nature of the Provision of Data
The Website contains a “Contacts” section through which Users may submit contact requests or specific assistance inquiries. The following types of data are collected:

• first and last name;
• email address;
• free text field for entering a message.

The Data Controller cannot perform any preventive checks on the information entered in fields freely completed by the User.

Users are therefore invited not to include information revealing special categories of personal data pursuant to Article 9 GDPR.

If such data are provided, the Data Controller will not consider such information and will delete it using secure procedures that prevent any recovery.

Provision of Data
The provision of data in this section is not mandatory. However, if the User chooses not to provide such data, it will not be possible to submit contact requests and the Data Controller will therefore be unable to respond.

Purpose of Processing
These data are processed for the purpose of responding to contact requests submitted through the form.

Legal Basis
Article 6(1)(b) GDPR: processing is necessary for the performance of pre-contractual measures taken at the request of the data subject.

Data Retention Period
The data will be stored only for the time necessary to respond to the User’s request and for 6 months after the response, in order to properly manage any follow-up requests or further information related to the same or similar matters.

Cookie policy
The cookie policy, containing detailed information on the data processed through such tools, is available at the following link: https://milanilabitare.com/en/cookie/

Who May Process the Data
Personal data may be accessed exclusively by individuals authorized by the Data Controller pursuant to Article 29 GDPR.

In addition, the data may be accessed by: independent data controllers (for example, public authorities), or
data processors appointed pursuant to Article 28 GDPR (for example companies supporting the Data Controller in website administration activities, professionals and consultants engaged by the Data Controller).

To obtain an updated list of the entities that may process personal data, Users may send a request to milani@milanilabitare.it, specifying the reason for the request.

The Data Controller guarantees that personal data will not be disclosed in ways different from those described above.

Personal data may also be transferred to countries outside the European Economic Area (EEA). Where such transfers occur, the Data Controller guarantees that they will take place only where: the European Commission has issued an adequacy decision, or appropriate safeguards are in place, such as Standard Contractual Clauses or other mechanisms provided for by data protection legislation.

Individuals Under the Age of 18
Individuals under the age of 18 must not provide personal data to the Data Controller without the consent of their parents or legal guardians. For this reason, the Data Controller encourages parents or legal guardians to inform minors about the safe and responsible use of the internet and to follow any procedures indicated in relation to initiatives involving the processing of minors’ data.

Data Subject Rights
The exercise of the rights described below is free of charge and is not subject to any formal requirement, except for requests that are manifestly unfounded or excessive pursuant to Article 12(5) GDPR.

In relation to the processing described in this notice and pursuant to the GDPR, the User may exercise the following rights:

• the right of access to personal data and to all information referred to in Article 15 GDPR;
• the right to rectification of inaccurate personal data and completion of incomplete data;
• the right to erasure of personal data, except where data must be retained by law or where overriding legitimate grounds exist;
• the right to restriction of processing where one of the conditions under Article 18 GDPR applies;
• the right to object to the processing of personal data, without prejudice to cases where processing is necessary for establishing or managing a contractual relationship;
• the right to withdraw consent (where given) for non-mandatory data processing, without affecting the lawfulness of processing based on consent before its withdrawal;

The User also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it, or with the supervisory authority of the EU Member State where the User habitually resides, works, or where the alleged infringement occurred.

Requests relating to the exercise of these rights may be addressed to the Data Controller by sending an email to milani@milanilabitare.it or by sending written correspondence to: Regione alle Nosere, no. 43 – 28845 Domodossola (VB), Italy

Changes to this Privacy Notice
This privacy notice is updated as of 16 March 2026.
Any updates or changes will be published on this page. Users are therefore encouraged to periodically review this page to stay informed about how their personal data are processed.

Where necessary, Users will be notified directly of any changes via email.