IT
EN
arredocreativo

MAYA

The Extendable Table that Reinvents Your Spaces

Privacy and Cookie Policy

Last update: November 4, 2025
Information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)

This privacy policy is provided by Zigri Lab S.r.l., as Data Controller, to users who visit and interact with the website www.arredocreativo.it. This policy transparently and comprehensively describes how users' personal data is collected, processed, stored, and protected, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) and current Italian legislation on personal data protection.

Privacy protection and personal data security are our top priorities. We are committed to ensuring that all personal information provided by users is treated with the utmost confidentiality, security, and in full compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality required by the GDPR.

1. Data Controller

Controller Identification Details
Company Name: Zigri Lab S.r.l.
Registered Office: Via Mottola Km 2,260 SNC, 74015 Martina Franca (TA), Italy
VAT Number: 03219380734
Email: info@arredocreativo.it
Phone: +39 3933727890
PEC: (if available)

The Data Controller is the entity that, alone or jointly with others, determines the purposes and means of processing personal data. For any information regarding the processing of personal data, to exercise the rights provided by the GDPR, or for any clarification requests, you can contact the Controller using the contact details provided above.

2. Types of Personal Data Collected

Our website collects and processes different categories of personal data, which can be distinguished based on the method of acquisition and the nature of the information. Below is a detailed description of all types of data that may be collected during browsing and use of the site.

2.1 Browsing Data (Log Files)

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This data is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category includes:

IP addresses or domain names of computers and terminals used by users connecting to the site
URI/URL addresses in notation (Uniform Resource Identifier/Locator) of requested resources
Request time to the server with complete date and timestamp
Method used in submitting the request to the server (GET, POST, etc.)
File size obtained in response to requests
Numerical code indicating the status of the response given by the server (success, error, etc.)
Parameters related to the operating system and user's computing environment
Browser type used for browsing and its version
Preferred language set in the browser
Screen resolution and other technical information about the device

This data is used solely to obtain anonymous statistical information on site usage, to check its correct functioning, and to identify any anomalies and/or abuse. Browsing data is temporarily stored in system logs for the time strictly necessary for the above purposes and in any case in compliance with the timeframes provided by current legislation. Subsequently, the data is deleted or made irreversibly anonymous.

2.2 Data Provided Voluntarily by the User

Users can choose to voluntarily provide their personal data through the interactive features present on the site, particularly through the contact form. This data is collected only when the user independently decides to send it to request information, quotes, or assistance on our products and services.

Data that may be voluntarily provided includes:

Name and Surname or company name (for businesses)
Email address to receive responses and communications
Phone number and/or WhatsApp number for telephone contact
Product model of interest (MAYA table or other products)
Free text message with requests, questions, or additional information
Address or location for calculating shipping costs
Specific preferences on finishes, dimensions, or customizations

The optional, explicit, and voluntary sending of personal data through the contact form entails the subsequent acquisition of the user's data necessary to provide the requested service or information. The user, by providing their data, expressly consents to their processing for the purposes indicated in this policy.

Important Note
The provision of personal data is optional. However, failure to provide data marked as mandatory in the contact form will make it impossible to fulfill the user's requests and provide the requested services, such as sending personalized quotes or answering specific questions about products.

3. Purposes of Processing and Legal Basis

Personal data collected through the site is processed for specific, explicit, and legitimate purposes, in full compliance with the principles of necessity and proportionality. Each processing is based on a specific legal basis provided by the GDPR, which ensures its lawfulness.

3.1 Processing Purposes

Personal data is processed for the following purposes:

Response to contact requests: provide answers to questions, information requests, and assistance sent through the contact form on the site
Preparation of personalized quotes: prepare and send detailed quotes for requested products, with technical specifications, prices, and sales conditions
Management of commercial relationships: establish, manage, and develop commercial relationships with customers and potential customers
Order management: process, fulfill, and track purchase orders for products
After-sales assistance: provide technical support, assistance, and after-sales services to customers
Accounting and tax compliance: issue invoices, manage accounting, and fulfill tax and tributary obligations required by law
Legal compliance: comply with legal obligations, regulations, and provisions of competent authorities
Protection of rights: exercise, ascertain, and defend the Controller's rights in judicial or extrajudicial proceedings
Technical management of the site: ensure the correct technical functioning of the website, prevent fraud, abuse, and security issues
Statistical analysis: process anonymous statistics on site usage to improve content and services offered

3.2 Legal Bases of Processing

Each processing of personal data is based on a specific legal basis provided by Article 6 of the GDPR:

Execution of pre-contractual measures (Art. 6, par. 1, lett. b) GDPR): processing is necessary to follow up on the user's requests before the conclusion of a possible contract (e.g., sending quotes, answers to questions about products)
Contract execution (Art. 6, par. 1, lett. b) GDPR): processing is necessary for the execution of the sales contract and for the provision of requested products and services
Legal obligations (Art. 6, par. 1, lett. c) GDPR): processing is necessary to comply with tax, accounting, and regulatory obligations required by Italian and European legislation
Legitimate interest (Art. 6, par. 1, lett. f) GDPR): processing is necessary to pursue the legitimate interest of the Controller, such as managing and developing business activities, preventing fraud, and protecting rights in judicial proceedings
Consent (Art. 6, par. 1, lett. a) GDPR): in specific cases, processing may be based on the user's explicit consent, which can be withdrawn at any time

4. Processing Methods

Personal data is processed using IT, telematic, and paper tools, adopting all necessary technical and organizational security measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

4.1 Technical Security Measures

Encryption: use of HTTPS/SSL security protocols for secure data transmission over the network
Firewall and protection systems: implementation of firewalls and intrusion detection and prevention systems
Regular backups: execution of periodic data backup copies to ensure their availability and integrity
Security updates: constant maintenance of all IT systems updated with the latest security patches
Access control: limitation of access to personal data only to authorized personnel through protected credentials
Monitoring: continuous monitoring activities of systems to detect any anomalies or unauthorized access attempts

4.2 Organizational Measures

Personal data is processed exclusively by personnel specifically authorized by the Controller and adequately trained on security procedures and obligations regarding the protection of personal data. All authorized personnel is bound by professional secrecy and confidentiality.

Internal procedures have been adopted that regulate access, management, modification, and deletion of personal data. Regular training activities are also conducted for personnel on regulations regarding data protection and IT security best practices.

5. Data Retention Period

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected, in compliance with the principle of storage limitation provided by Article 5 of the GDPR. The criteria used to determine retention periods are based on the nature of the data, the purposes of processing, and applicable regulatory obligations.

5.1 Specific Retention Periods

Browsing data (log files): retained for a maximum of 12 months from collection, except for the need to ascertain crimes
Information/quote requests not converted into orders: retained for 24 months from the date of last contact, except for explicit request for early deletion by the user
Data related to executed contracts: retained for 10 years from contract conclusion to comply with tax and accounting obligations required by Italian legislation (D.P.R. 600/1973 and subsequent amendments)
Data related to disputes, controversies, or litigation: retained until the complete definition of the controversy and the expiration of the limitation periods for rights
Data collected on the basis of consent: retained until the withdrawal of consent by the data subject

At the end of the indicated retention periods, personal data will be permanently deleted or made anonymous in an irreversible manner, so that it is no longer possible to trace the identity of the data subject. Before permanent deletion, data may be kept in archived mode with access limited exclusively for the purpose of defending rights in court or for regulatory compliance.

6. Communication and Disclosure of Data

6.1 Data Communication

Personal data may be communicated, when necessary for processing purposes, to categories of recipients who operate as independent Controllers or as Data Processors appointed by the Controller pursuant to Article 28 of the GDPR. All external parties to whom data is communicated are bound to comply with regulations on the protection of personal data.

Personal data may be communicated to the following categories of recipients:

Technology service providers: companies providing hosting, maintenance, and technical management services for the website, servers, and IT infrastructure
Email service providers: email service providers used to send communications to users
Couriers and shippers: shipping and logistics companies for the delivery of ordered products
Professionals and consultants: accountants, lawyers, tax consultants, and other professionals who assist the Controller in carrying out its activities
Banking and financial institutions: for the management of payments and financial transactions
Competent authorities: judicial bodies, law enforcement, administrative authorities when required by law or for the protection of rights
Other parties: any other parties necessary for the provision of requested services, always in compliance with privacy regulations

6.2 Data Disclosure

Personal data is not subject to disclosure. The term "disclosure" means making personal data known to undetermined parties, in any form, including through their availability or consultation. The Controller guarantees that users' personal data is not made public or sold to third parties for commercial or marketing purposes.

Non-Sale Guarantee
Zigri Lab S.r.l. undertakes not to sell, transfer, rent, or in any way transfer users' personal data to third-party companies for marketing purposes, commercial profiling, or sending unsolicited promotional communications. Personal data is communicated to third parties exclusively when strictly necessary for the purposes indicated in this policy and always in compliance with current legislation.

7. Data Transfer Abroad

Personal data collected through the website is processed and stored on servers located within the European Union, at selected providers that guarantee high security standards and GDPR compliance. Currently, no transfer of personal data to third countries located outside the European Economic Area (EEA) is envisaged.

Should it become necessary in the future to transfer personal data to third countries, the Controller guarantees that such transfer will take place in full compliance with the provisions of Chapter V of the GDPR and only in the presence of adequate safeguards, such as:

Adequacy decisions: the destination country is recognized by the European Commission as having an adequate level of protection
Standard contractual clauses: adoption of standard contractual clauses approved by the European Commission
Binding corporate rules: for transfers within multinational corporate groups
Explicit consent: acquisition of informed and specific consent from the data subject

Users have the right to receive detailed information on adequate safeguards relating to the transfer of their data to third countries, by contacting the Data Controller at the addresses indicated in this policy.

8. Data Subject Rights

As a data subject, the user has the right to exercise, at any time, the rights provided by Articles 15-22 of the GDPR towards the Data Controller. The exercise of these rights is free of charge and the Controller undertakes to provide a response to requests within one month of receipt, except in cases of complexity of the request.

8.1 Rights Recognized by the GDPR

Right of Access (Art. 15 GDPR)
The data subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and the following information: purposes of processing, categories of data, recipients, retention period, existence of other rights, origin of data.
Right to Rectification (Art. 16 GDPR)
The data subject has the right to obtain the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of processing, they also have the right to obtain the integration of incomplete personal data, including by providing a supplementary statement.
Right to Erasure (Art. 17 GDPR)
The data subject has the right to obtain the erasure of personal data concerning them without undue delay when the data is no longer necessary, when consent is withdrawn, when there is an objection to processing, when data has been unlawfully processed, or when erasure is required to comply with a legal obligation.
Right to Restriction (Art. 18 GDPR)
The data subject has the right to obtain restriction of processing when they contest the accuracy of the data, when processing is unlawful but the data subject opposes erasure, when the Controller no longer needs the data but the data subject needs it to establish, exercise, or defend a legal claim in court.
Right to Data Portability (Art. 20 GDPR)
The data subject has the right to receive in a structured, commonly used, and machine-readable format the personal data concerning them provided to a Data Controller and has the right to transmit that data to another Data Controller without hindrance, when technically feasible.
Right to Object (Art. 21 GDPR)
The data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them when processing is based on the legitimate interest of the Controller. The Controller shall cease to process the data unless there are compelling legitimate grounds.
Right to Withdraw Consent (Art. 7 GDPR)
When processing is based on consent, the data subject has the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal can be effected with the same ease with which consent was given.
Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR)
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This site does not carry out automated decision-making processes or profiling.

8.2 How to Exercise Rights

To exercise the rights provided by the GDPR, the data subject can send a written request to the Data Controller using one of the following channels:

Email: write to info@arredocreativo.it specifying in the subject line "Exercise of GDPR rights"
Regular mail: send written request to Zigri Lab S.r.l., Via Mottola Km 2,260 SNC, 74015 Martina Franca (TA)
PEC: use certified email (if available)

The request must clearly specify which right is intended to be exercised and provide sufficient information to identify the personal data subject to the request. The Controller may request additional information necessary to confirm the identity of the data subject in order to prevent fraudulent access to personal data.

Response Times
The Controller provides information on actions taken following a request within one month of receiving the request. This period may be extended by two months if necessary, taking into account the complexity and number of requests. The Controller informs the data subject of such extension and the reasons for the delay within one month of receiving the request.

8.3 Right to Lodge a Complaint with the Supervisory Authority

Without prejudice to any other administrative or judicial remedy, the data subject who believes that the processing concerning them violates the GDPR has the right to lodge a complaint with a supervisory authority, particularly in the Member State where they habitually reside, work, or where the alleged infringement occurred.

In Italy, the competent supervisory authority is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):

Website: www.garanteprivacy.it
Address: Piazza Venezia n. 11, 00187 Rome
Switchboard: +39 06 696771
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it

Complaints can be submitted online through the Authority's website, using the appropriate form available in the "Complaints" section, or through written communication to be sent by regular mail or PEC to the addresses indicated above.

9. Cookie Policy

This Cookie Policy aims to clearly and transparently illustrate the types of cookies used by the website www.arredocreativo.it, their purposes, and the ways in which users can manage their use, in compliance with the Guidelines of the Italian Data Protection Authority and the Provision of June 10, 2021.

9.1 What are Cookies

Cookies are small text files that the websites visited by users send and record on their computer, tablet, or smartphone (devices), to be subsequently retransmitted to the same websites on the next visit. Cookies are stored, according to user preferences, by the individual browser on the specific device used (computer, tablet, smartphone).

Technologies similar to cookies, such as web beacons, transparent GIFs, and all forms of local storage introduced with HTML5, can be used to collect information on user behavior and use of services. In the remainder of this policy, the term "cookie" will be used to refer both to cookies proper and to all similar technologies.

9.2 Types of Cookies

Cookies can be classified according to different characteristics: by function, duration, and origin. Below are the main types of cookies usable by websites.

Classification by function:

Technical cookies: used to allow the transmission of a communication on an electronic communications network or to provide a service requested by the user. They are not used for other purposes and are normally installed directly by the site owner
Analytics cookies: used to collect statistical information on site usage (pages visited, number of visitors, time spent, etc.) in order to improve performance and user experience
Profiling cookies: used to create user profiles and to send advertising messages in line with the preferences shown by the user during browsing on the web

Classification by duration:

Session cookies: automatically deleted when the browser is closed and have a duration limited to the single browsing session
Persistent cookies: remain stored on the user's device until their expiration or manual deletion and allow user preferences to be remembered in subsequent visits to the site

Classification by origin:

First-party cookies: installed directly by the visited website (in our case www.arredocreativo.it)
Third-party cookies: installed by websites different from the one being visited, through elements present on the page (e.g., plugins, widgets, embedded content)

9.3 Cookies Used by This Site

The website www.arredocreativo.it uses exclusively technical cookies, which do not require prior user consent as they are strictly necessary for the functioning of the site or to provide a service explicitly requested by the user.

Details of technical cookies used:

Session cookies: allow the user's browsing session to remain active during the visit to the site and are automatically deleted when the browser is closed
Language preference cookies: store the language selected by the user (Italian or English) to display the site in the preferred language in subsequent visits, improving the browsing experience
Security cookies: used to implement security measures, such as preventing fraudulent access and protection from cyber attacks
Cookies for contact form functioning: necessary for the proper functioning of the information request form and to prevent spam sending
Important Note on Technical Cookies
The technical cookies used by the site are essential to ensure the correct functioning of the features requested by the user. In the absence of these cookies, the site may not function properly and some features may not be available. According to current legislation, prior user consent is not required for technical cookies.

9.4 Third-Party Cookies

The site uses Google Fonts to improve the graphic appearance and readability of texts. Google Fonts is a third-party service provided by Google Inc. that allows the use of custom fonts.

Information collected by Google Fonts: When a user visits a page using Google Fonts, the browser sends a request to Google's servers to load the fonts. During this process, Google may collect some technical information, including:

User's IP address (which could be considered personal data in some jurisdictions)
Browser type and operating system used
URL of the page that requested the font
Date and time of the request

Google may use this information for analytical and aggregate statistical purposes. For more information on how Google processes personal data, you can consult Google's Privacy Policy available at: https://policies.google.com/privacy

The site owner has no direct control over cookies potentially installed by Google Fonts and cannot guarantee that Google does not use the collected data for other purposes. Users who wish to prevent data collection by Google Fonts can disable web fonts in their browser settings, although this may affect the visual appearance of the site.

9.5 Cookies Not Used

The site DOES NOT use the following types of cookies:

Profiling cookies: no information is collected to create user profiles based on their browsing habits
Advertising cookies: no cookies are used to display personalized advertising or to track users for advertising purposes
Social media cookies: there are no social network plugins that install third-party cookies (Facebook, Twitter, Instagram, LinkedIn, etc.)
Profiling analytics cookies: analytical tools that track individual user behavior for marketing purposes are not used
Commitment to Transparency
Zigri Lab S.r.l. undertakes to maintain maximum transparency regarding the use of cookies and not to install profiling cookies without prior explicit and informed consent from the user. Any changes to the Cookie Policy will be promptly published on this page.

9.6 How to Manage and Disable Cookies

Users have the ability to manage cookie preferences directly through their browser settings. Most browsers allow you to view, block, or delete cookies installed on the device. Below are links to official guides for cookie management in the most common browsers:

Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies
Microsoft Edge: Microsoft Edge cookie guide
Safari: https://support.apple.com/guide/safari/manage-cookies
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

To manage cookies on mobile devices (smartphones and tablets), you need to access the settings of the browser used on the mobile device. The steps vary depending on the operating system (iOS, Android) and the browser used.

Consequences of Cookie Disabling
Total or partial disabling of technical cookies may compromise the use of site features reserved for registered users or make it impossible to use some services. In particular, blocking technical cookies could prevent the proper functioning of the contact form and the storage of language preferences. Disabling third-party cookies (Google Fonts) does not compromise site navigability, but may affect its graphic appearance.

9.7 Third-Party Tools for Cookie Management

In addition to native browser features, there are services and tools provided by third parties that allow centralized management of cookie preferences. Some examples are:

Your Online Choices: https://www.youronlinechoices.com/ - platform managed by European industry associations that allows disabling or enabling advertising cookies of participating companies
Network Advertising Initiative: https://www.networkadvertising.org/ - organization that offers tools for managing advertising preferences

10. Changes to the Privacy Policy

This Privacy and Cookie Policy is subject to periodic revisions and updates to ensure compliance with the evolution of legislation on personal data protection and to reflect any changes in data processing methods or technologies used by the site.

The Data Controller reserves the right to modify, update, add, or remove parts of this policy at any time. Changes will take effect immediately after their publication on the site. It is the user's responsibility to periodically check this page to view any changes.

The "Last update" date indicated at the beginning of the document allows you to identify when the last changes were made. Any substantial changes requiring new consent from users will be communicated prominently through notices on the site or through direct communications to provided email addresses.

How to Stay Updated
It is recommended to regularly consult this page to be always informed about how the Controller collects, uses, and protects personal data. Continued use of the site after the publication of changes to the Privacy Policy constitutes acceptance of such changes. Users who do not accept the changes are invited to stop using the site and request deletion of their personal data.

11. Contact

For any questions, clarification requests, reports, or to exercise the rights provided by the GDPR regarding this Privacy and Cookie Policy, you can contact the Data Controller using the following contact details:

Zigri Lab S.r.l.
Registered Office:
Via Mottola Km 2,260 SNC
74015 Martina Franca (TA)
Italy
VAT Number: 03219380734
Email: info@arredocreativo.it
Phone: +39 3933727890
Website: www.arredocreativo.it

The Controller undertakes to respond to all requests within the timeframes provided by current legislation (generally within one month of receiving the request, except in cases of complexity). To ensure the security of personal data, the Controller may request additional information to verify the requester's identity before providing access to data or proceeding with other requests.

Document prepared in compliance with Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018

arredocreativo

Home

Elegant Solution

Dynamic Spaces

Multifunctional Container

Models

FAQ

Privacy Policy
Facebook Instagram

Copyright © Arredo Creativo 2025 all rights reserved

Created by WeeAgency