Privacy Policy


We inform the partners / customers / suppliers (interested in the processing) and their contact persons (hereinafter "interested", ex Art.4, c.1 of the GDPR UE 2016/679) that the professional relationships established with the undersigned Holder may involve the treatment of personal data, respecting the following general principles:

  • all data are processed in a lawful, correct and transparent manner in relation to the data subject, in compliance with the general principles set out in Article 5 of the GDPR;

  • specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access;

  • the Data Controller is the undersigned Company: SECOND HAND TEXILE, business unit Cost-fer srl, Via Inglesina 1, 2 21040 - Gerenzano (VA) Italy;

  • You may contact the Data Controller to exercise all the rights provided for by Article 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as to revoke a previously agreed consent or propose a complaint to the Data Protection Authority.


The Holder treats personal identification data of the partner / customer / supplier (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and its operational contact persons (name surname and contact data) acquired and used to provide the requested services.


Data are processed to:

  • conclude contractual / professional relationships;

  • fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as to manage the necessary communications connected to them;

  • fulfill the obligations established by law, by a regulation, by the community legislation or by an order of the Authority; 

  • exercise a legitimate interest and a right of the Holder (for example: the right to defense in court, the protection of credit positions, the ordinary operational, managerial and accounting needs). Failure to provide these data will make it impossible to establish the relationship with the Owner, which may refuse to provide the requested services, according to Article 6, commi b, c, f. If it is intended to carry out treatments for different purposes, a specific consent will be required from the interested parties.


The processing of personal data is carried out by operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data only for the time needed to fulfill the purposes for which they were collected and related legal obligations.


The data are processed by regularly authorized and instructed internal subjects according to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects operating as managers or independent data controllers (consultants, technicians, banks, transporters, etc.). The data are not object of diffusion or transfer to countries outside the EU. When necessary, in the context of tenders / contracts or to fulfill legal obligations, we could acquire personal data of their employees from customers / suppliers. It is agreed between the parties that the undersigned company will be entitled to the processing as external manager (Art.28 GDPR) or authorized subject (Art.29 GDPR). As part of this report, the undersigned company  undertakes to process such data in compliance with the requirements established by the GDPR, guaranteeing any communication to other parties exclusively within the scope of specific legal obligations