Privacy Policy
  1. Home
  2. Privacy Policy

Privacy Policy

Maggioli S.p.A. – registered offices in Via Del Carpino, 8 – 47822 Santarcangelo di Romagna (RN), Italy, publisher of THE PLAN magazine and owner of media, websites, applications, digital magazines and dedicated platforms, considers it a priority to protect the Personal Data of its users/customers/Data Subjects, (hereinafter, solely “Data Subjects”), from whom it collects certain data. The company therefore guarantees data processing is performed in accordance with the dispositions of EU Regulation 2016/ 679 (GDPR), and other applicable Personal Data protection regulations.

Data Controller

Maggioli S.p.A is the Data Controller. VAT no. 02066400405. Registered office: Via Del Carpino, 8 – 47822 Santarcangelo di Romagna (RN), Italy.

Data Protection Officer

The Data Controller has appointed a Data Protection Officer, who may be contacted at the following email addresses:

What Data We Collect

The Personal Data collected by Maggioli S.p.A., either independently or via third parties, consist of cookies, usage data, first name, last name, username, email, password, company name, Tax ID, VAT number, profession, country, billing address, shipping address, phone number, fax number, province, zip code, city, and street number. Maggioli S.p.A. does not process any sensitive data.

Full details on each type of data collected are provided in dedicated sections in this privacy policy, or in specific informative texts presented prior to data collection. Data Subjects may freely provide their Personal Data or, in the case of usage data, it is automatically collected during use of our media. Unless otherwise specified, all requested data is mandatory; if the Data Subject refuses to provide such data, Maggioli S.p.A. may be unable to provide the service. In cases where Maggioli S.p.A. indicates that certain data is optional, Data Subjects are free not to convey such data, without impacting service availability or operation. Data Subjects in doubt about what data are mandatory are encouraged to contact the Data Controller.

Any use of cookies – or other tracking or profiling tools – by our websites or the owners of third-party services used by our websites, unless otherwise specified, is for the purpose of providing the service requested by the Data Subject, in addition to additional purposes described herein and in the Cookie Policy.

Data Subjects who provide data regarding a third-party take responsibility for publication or sharing via media, warranting their right to communicate or disseminate such data, and releasing the Data Controller from any liability to third parties. 


Cookies are small text files websites send to the terminals of users who visit them. They are stored and then transmitted back to that site the next time the user visits.

Typically, cookies may be installed:

  • Directly by the website owner and/or manager (so-called first-party cookies);
  • By managing parties unrelated to the website visited by the user (so-called third-party cookies), via elements on the consulted site that may be traced back to different sites or different web servers (e.g., images, specific links to pages on other domains, etc.).

Maggioli qualifies as Data Controller only in relation to the first of these categories.

Types of Cookies

Cookies are used for a variety of purposes (e.g., performing computer authentication, session tracking, etc.). Based on the owner’s purpose, they may be differentiated into different categories:

a. Technical Cookies

Technical cookies enable normal site navigation, ensuring that the site functions correctly. The function of these cookies is to enhance users’ consultation of the site by facilitating activities essential to optimal site use.

By facilitating activities essential to optimal site use, their function is to enhance users’ site consultation experience.

They are not used for any additional purposes. Normally, they are installed directly by the website owner or operator. Such cookies may be divided into:

i. Navigation or session cookies: ensure normal navigation and website use (enabling, by way of example, making a purchase or authenticating access to restricted areas);

ii. Analytics cookies: used to collect information on how sites are used. They are similar to technical cookies where used directly by the site operator to collect information in aggregate form, user numbers, and site visit behaviour;

iii. Functionality cookies: enable the user to navigate according to a set of selected criteria (e.g., language) in order to improve the service rendered to users.

Use of such cookies (first- or third-party) is essential to ensure the website and related services function properly (e.g., login or access to restricted functions on a site).

No prior user consent is necessary for installation of such cookies.

b. Profiling cookies

Profiling cookies (including browser experience, statistical measurement and marketing) set up profiles related to each user who visits a site. They send advertising messages that match the preferences users have set during their web browsing.

Data Subjects registered by Maggioli must give prior consent for the installation of profiling cookies.

Users are encouraged to read the Cookie Policy, which may be viewed via this link (link to Cookie Policy) for detail on the list of cookies, retention times, how to disable cookies, and their respective Data Controllers.

Method and Location of Processing Collected Data

It is incumbent upon the Data Controller to adopt appropriate technical security measures that prevent unauthorized access, theft, cyberattack, accidental loss, disclosure, modification or destruction of Personal Data, including the use of pseudonymization and anonymization methods.

Processing is carried out via computer and/or online tools, featuring organizational methods and approaches strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other data processors involved in running this website (administrative, sales, marketing, legal, system administrators personnel) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) appointed if necessary as data processors by the Data Controller may have access to the data. The updated list of data processors, if appointed, may always be obtained from the Data Controller.

Legal Basis for Processing

The Data Controller processes Personal Data relating to the user when one of the following conditions pertains:

- The user has given their consent for one or more specific purposes;
- Processing is necessary for the performance of a contract with the user and/or execution of pre-contractual measures;
- Processing is necessary to fulfill a legal obligation incumbent upon the Data Controller;
- Processing is necessary to perform a task of public interest or the exercise of public authority vested in the Data Controller;
- Processing is necessary to pursue the Data Controller’s or third parties’ legitimate interest.>

Consent is always required for minors under the age of sixteen who access the site or other media. Such consent must be given by parents or guardians.

However, the option exists to request that the Data Controller clarify the concrete legal basis of each process, in particular to specify whether processing is based on the law, required by a contract, or necessary to enter into a contract.

Processing Location

Data are processed at the Data Controller’s operational offices and at any other location where the parties involved in processing are currently located within the European Union. For more information, contact the Data Controller.

Should operational technical issues arise regarding the transfer of data abroad outside the European Union, Maggioli S.p.A. guarantees compliance with high security standards, basing such transfers on: 

- European Commission adequacy decisions regarding third-country recipients; 
- Appropriate guarantees issued by third-party recipients;
- Adoption of binding enterprise standards. 

Click here – > for more information on data transfer abroad and the legal basis for such transfers.

Retention Period

Data are processed and retained for the length of time required for the purposes for which they were collected. 

- Personal Data collected for purposes related to execution of a contract between the Data Controller and the Data Subject shall be retained until execution of that contract has been completed;
- Personal Data collected for purposes attributable to the Data Controller’s legitimate interest shall be retained until that interest is satisfied, albeit no longer than ten years. Data Subjects may obtain further information on the Data Controller’s pursuit of their legitimate interest in the relevant sections of this document, or by contacting the Data Controller.

When processing is based on Data Subject consent, the Data Controller may keep the Personal Data for longer, until such consent is revoked. In addition, the Data Controller may be obliged to retain Personal Data for a longer period, in compliance with a legal obligation or by order of an authority. Upon conclusion of the retention period, Personal Data shall be deleted. This implies that, upon expiration of the period, rights of access, deletion, rectification and the right to data portability may no longer be exercised.

Purposes of Processing Collected Data

Data Subject data is collected to enable the Data Controller to provide its services and for the following purposes: statistics, displaying content from external platforms, registration and authentication, managing addresses and sending email messages, contacting the person concerned, advertising, and hosting and backend infrastructure. 

To obtain further detailed information on processing purposes and the Personal Data tangibly relevant to each purpose, Data Subjects may refer to the relevant sections of this document below.

Details of Processing Personal Data

Personal Data are collected for the following purposes and using the following services:

- Contacting the Data Subject

Mailing list or newsletter (this website)

By registering for the mailing list or newsletter, with their consent the Data Subject’s email address is automatically added to a list of contacts to whom email messages containing information, including information of a commercial and promotional nature, relating to this website may be sent. With their consent, Data Subjects’ email address may be added to this list as a result of registering on this website or after making a purchase.

Personal Data collected: ZIP code, city, last name, email, country, first name, phone number, and profession. 

- Managing addresses and sending email messages

These types of service enable the management of a database of email contacts, telephone contacts, or contacts of any other type used to communicate with Data Subjects.These services may also enable the collection of data related to the date and time that the Data Subject views messages and the Data Subject’s interaction with them, such as information about clicks on links included in messages.

Diennea S.r.l. (Magnews)


Personal Data collected: email and phone number. 

Processing Location: Italy – Privacy Policy

- Hosting and backend infrastructure

The function of these types of services is to host data and files that allow this website to function, enabling their distribution, and providing ready-made infrastructure to deliver specific features of this website.Some of these services operate through servers located geographically in different locations; if this is the case, it may not be possible to determine the exact location where the Personal Data is stored.

ArubaCloud (Aruba S.p.A.)

ArubaCloud is a hosting service provided by Aruba S.p.A.

Personal Data collected: various types of data as specified by the service’s privacy policy. 

Processing Location: Italy – Privacy Policy

- Advertisement

This type of service enables the use of Data Subject data for marketing and communication purposes in various forms of advertising, such as banners, including in relation to the Data Subject’s interests; however,not all Personal Data is used for this purpose. The data and terms of use are detailed below. Some of the services below may use cookies to identify the Data Subject, or use the technique of behavioral retargeting, i.e., displaying advertisements tailored to the Data Subject’s interests and behavior, including as detected externally to this website. For more information on this, please check the privacy policies of the respective services.

Smart AdServer (Smart AdServer SA)

Smart AdServer is an advertising service provided by Smart AdServer SA.

Personal Data collected: Cookies and Usage Data. 

Processing Location: France – Privacy Policy - Opt Out

Adform (Adform)
Adform is an advertising service provided by Adform.
Personal Data collected: Cookies and Usage Data. 
Processing Location: Denmark – Privacy Policy

- Registration and authentication

By registering or authenticating, the Data Subject allows the application to identify them and give them access to dedicated services.Depending on the following, registration and authentication services may be provided with the help of third parties. If this occurs, the application may access some data stored by the third-party service used for registration or identification.

Direct Registration (this website)

The Data Subject registers by filling out the registration form and providing their Personal Data directly to this website.

Personal Data collected: ZIP code, city, tax code, last name, email, address, billing address, shipping address, country, first name, house number, fax number, phone number, VAT number, password, profession, province, company name, username, and various types of data. 

- Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to track Data Subject behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Data collected for the purpose of tracking and examining use of this website, compiling reports and sharing them with other services developed by Google.Google may use Personal Data to contextualize and personalize ads in its advertising network.

Personal Data collected: Cookies and Usage Data. 

Processing Location: USA -  Privacy Policy - Opt Out.

Directly collected statistics (this website)

This website uses an internal statistics system that does not involve third parties.

Personal Data collected: Cookies and Usage Data. 

ScorecardResearch (ScorecardResearch)

ScorecardResearch is a statistics service provided by Full Circle Studies, Inc.

Personal Data collected: Cookies and Usage Data. 

Processing Location: USA -  Privacy Policy – Opt Out

- Viewing content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this website and interact with them.If a service of this type is installed, it is possible that, even if the Data Subjects do not use the service, it may collect traffic data related to pages on which it is installed. Web Fonts (Monotype Imaging Holdings Inc.) Web Fonts is a font style display service operated by Monotype Imaging Holdings Inc. that allows this website to embed such content on its pages.

Personal Data collected: Usage Data and various types of data as specified by the service’s privacy policy. 

Processing Location: USA – Privacy Policy

Widget Video YouTube (Google Inc.)

YouTube is a video content display service operated by Google Inc. that allows this website to embed such content on its pages.

Personal Data collected: Cookies and Usage Data. 

Processing Location: USA – Privacy Policy

Video Vimeo (Vimeo, LLC)

Vimeo is a video content viewing service operated by Vimeo, LLC that allows this website to embed such content on its pages.

Personal Data collected: Cookies and Usage Data. 

Processing Location: USA - Privacy Policy

Widget Google Maps (Google Inc.)

Google Maps is a map display service operated by Google Inc. that allows this website to integrate such content on its pages.

Personal Data collected: Cookies and Usage Data. 

Processing Location: USA –Privacy Policy

More Information on Personal Data

- Online sale of goods and services

Personal Data collected is used to provide services to the Data Subject or for the sale of products and, if required, delivery. 

Personal Data collected to finalize credit card payments depend on the payment system used (PayPal, Alipay); the payment system manages and ensures the anonymization of processing this data, safeguarding data to the highest possible levels of protection.

PayPal: Privacy Policy

AliPay:Privacy Policy

Data Subjects’ Rights
Data Subjects may exercise the following rights at any time:
- Revoke consent at any time. Data Subjects may revoke previously given consent to process their Personal Data. 
- Object to processing their data. Data Subjects may object to processing their data when it is performed on a legal basis other than consent. Further details on the right to object are provided in the section below.
- Access their data. Data Subjects have the right to obtain information about data processed by the Data Controller, certain aspects of the processing, and to receive a copy of data processed.
- Verify and request rectification. Data Subjects may check the accuracy of their data and request that it be updated or corrected.
- Obtain restriction on processing. Data Subjects may request the restriction of processing their data. In such cases, the Data Controller shall not process the data for any purpose other than storage.
- Obtain the deletion or removal of their Personal Data. Data Subjects may request the deletion of their data from the Data Controller.
- Receive their data or have it transferred to another Data Controller. Data Subjects have the right to receive their data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred unimpeded to another Data Controller. 
- Submit a complaint. Data Subjects may file a complaint with the relevant data protection supervisory authority or take legal action. 

Details of the Right to Object
Users may at any time object to processing their Personal Data if it is processed without their consent, provided that detailed reasons are submitted. Maggioli S.p.A. does not perform profiling activities without User consent.

How to Exercise Rights
For a Data Subject to exercise their rights, it is sufficient to contact the Data Controller via one of the following methods: 
1) By writing to Maggioli S.p.A. – Via del Pratello 8 – 40122 Bologna, Italy
2) By sending an email to the mailbox [email protected]
The Data Controller will process requests free of charge in writing as soon as possible, and in any case within one month of the request being made. 

Cookie Policy
This website makes use of cookies. Data Subjects may consult the Cookie Policy to learn more and view detailed information.

Further Information on Processing

Litigation Defense
The Data Controller may use the Data Subject’s Personal Data in legal proceedings or during preparatory stages to the potential establishment of a defense against abuses in the use of this website or related services by the Data Subject. The Data Subject declares that he/she is aware that the Data Controller may be obliged to disclose their data by order of the public authorities. 

Specific Disclosures
At the Data Subject’s request, in addition to information contained in this privacy policy, this website may provide the Data Subject with additional and contextual disclosures regarding specific services, or regarding Personal Data collection and processing. 

System Logs and Maintenance
For operation and maintenance purposes, this website and any third-party services it uses may collect System Logs, files that record interactions and may also contain Personal Data, such as Data Subjects’ IP address. 

Information Not Contained in this Policy
Further information in relation to processing Personal Data may be requested at any time from the Data Controller via their contact details. 

Response to “Do Not Track” Requests
This website does not support “Do Not Track” requests. To find out whether any third-party services used supports them, the Data Subject is encouraged to consult their respective privacy policies set out in the paragraph above.

Amendments to this Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time by informing the Data Subjects on this website as well as, if technically and legally feasible, by notifying Data Subjects using some of the contact details the Data Controller holds. It is consequently advisable to consult this page regularly, referring to the last modification date indicated at the bottom.Where changes affect processing on the legal basis of consent, if necessary the Controller shall seek the Data Subject’s renewed consent. 

Definitions and Legal References 

Personal Data (or Data)
Personal Data is any information that, directly or indirectly, including in association with any other information, and including a personal identification number, renders a natural person identified or identifiable.

Usage Data
This information is automatically collected via this website (including by third-party applications integrated into the website), including: the IP addresses or domain names of computers used by the Data Subject to connect with this website, addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), country of origin, the characteristics of the browser and operating system used by the visitor, various time-related details about the visit (e.g., the length of time spent on each page) and details of the path followed within the application, with particular reference to the sequence of pages consulted, parameters relating to the operating system, and the Data Subject’s computer environment.

Data Subject
The natural person to whom the Personal Data and Media User of Maggioli S.p.A. refer.

Data Processor (or Manager)
The natural person, legal entity, public administration or any other entity that processes Personal Data on behalf of the Data Controller, as set out in this privacy policy.

Data Controller (or Handler)
The natural or legal person, public authority, service or other body that, individually or jointly with others, determines the purposes and means of processing Personal Data and the tools adopted, including security measures relating to this website’s operation and use. Unless otherwise specified, the Data Controller is the owner of this website.

This Website (or this Application) 
Hardware or software tool whereby Users’ Personal Data are collected and processed.

The service provided by this website as defined in the relevant terms (if any) on this site/application.

European Union (or EU)
Unless otherwise specified, any reference to the European Union in this document is understood to extend to all current member states of the European Union and the European Economic Area.

Small portion of data stored on the Data Subject’s device, as per a dedicated Cookie Policy

Legal References

This privacy policy is prepared in accordance with GDPR 2016/679 and other applicable data protection regulations.

Unless otherwise specified, this privacy policy covers all Maggioli S.p.A. media, websites, applications, digital magazines and dedicated platforms. 

Last modified: September 5, 2022

© Maggioli SpA • THE PLAN • Via del Pratello 8 • 40122 Bologna, Italy • T +39 051 227634 • P. IVA 02066400405 • ISSN 2499-6602 • E-ISSN 2385-2054
ITC Avant Garde Gothic® is a trademark of Monotype ITC Inc. registered in the U.S. Patent and Trademark Office and which may be registered in certain other jurisdictions.