This Privacy Policy (the "Privacy Policy") contains important information about your personal data that is collected by visiting this website https://lorenzi-milano.com (the "Site") as a registered or unregistered user (the "User" or the "Users").

In particular, the company Lorenzi Milano SRL, C.F. and P.IVA 03121550127 with registered office in Milan, Via Morimondo n. 26, as data controller (the "Company" or the "Owner"), informs you, in accordance with current legislation on the protection of personal data (the "Privacy Policy"), including Regulation (EU) 2016/679 (the "GDPR"), which will process the data of its Users in the manner and for the purposes described below. 

The terms of this Privacy Policy apply only and exclusively to the Site and not to other websites owned by the Owner or owned by third parties that the User may access through links contained on the Site. Should the User access another website, it is advisable to read the information regarding the processing of personal data applicable to the site visited.


By visiting the Site, using its Services or interacting with the Company, you confirm that you have read and understood this Privacy Policy and that you agree that the Company processes the personal data collected through the Site in accordance with this Privacy Policy and the Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not visit this Site, create an account (as defined below) or otherwise use this Site or submit your personal information.

The Owner reserves the right to make changes to this Privacy Policy at any time, giving publicity to Users on this page. Therefore, please consult this page often, taking as reference the date of last modification indicated at the bottom of it. If the User does not accept the changes made to the Privacy Policy, he/she is required to stop using the Site and may request the Owner to remove his/her personal data. Unless otherwise specified, the previous privacy policy will continue to apply to personal data collected up to that moment.

This Privacy Policy contains important information about the following:












  1. Types of Data collected and processed through the Site

In accordance with the Privacy Policy, the Owner processes the following personal data provided by the User (the "Personal Data") while browsing the Site or registering in the Reserved Area:

  • common data (such as, but not limited to: name, surname, residence and/or domicile address and other identification data, tax code, e-mail address, navigation data (e.g. IP address, etc.).

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Site.

Unless otherwise specified, all Data required by this Site is mandatory. If you refuse to provide it, it may be impossible for this Site to provide Service. In cases where this Site indicates certain Data as optional, Users are free to refrain from communicating such Data, without this having any effect on the availability of the Service or its operation.

Users who have any doubts about which Data are mandatory, are encouraged to contact the Owner.

Please note that the computer systems, cookie technology and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of the Internet. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, make it possible to identify the Users browsing the Site.

Therefore, any use of Cookies - or other tracking tools - by this Site or by the owners of third party services used by this Site, unless otherwise stated, is intended to provide the Service requested by you, in addition to the further purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Site and guarantees that he or she has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.

  1. Personal Data provided by Users in case of registration to the reserved area

Most of the pages and contents of the Site are accessible and consultable by the User without the need for his/her registration and/or identification. Access to and consultation of the Site therefore does not require any registration, except in relation to the "Registration" area (hereinafter, for convenience, the "Reserved Area").

The User, in fact, has the right, if he or she wishes, to register in the Reserved Area which is dedicated only to certain categories of Users (the "Registered Users") - such as, for example, users who wish to purchase a product or service offered by the Owner (the "Buying Users"). To consult the terms and conditions of use of the Site and the Reserved Area, please refer to the "General Conditions of Sale".

  1. Treatment modalities

We inform you that the processing of Personal Data of the User, pursuant to art. 4 GDPR, may consist of the following activities (the "Processing"): collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, any other form of making available, comparison or interconnection, limitation, deletion or destruction of data.

We also inform you that the Personal Data of the User:

  • will be treated in accordance with the principles of lawfulness, fairness and transparency;
  • will be collected for the legitimate Purposes determined above;
  • will be adequate, relevant and limited to what is necessary in relation to the Purposes for which they are treated;
  • will be kept in a form that allows the identification of the User for a period of time not exceeding the achievement of the Purposes for which they are processed and, in any case, no later than 10 years from their collection for the Purposes referred to in point 3 of this Privacy Policy;
  • will be treated in such a way as to ensure adequate security against the risk of destruction, loss, modification, disclosure or unauthorised access through technical and organisational security measures.

The Processing of the User's Personal Data may be carried out by means of paper, automated, computerised or telematic means, with organisational methods and logics strictly related to the Purposes indicated.

The Owner uses the most appropriate technological and security measures (electronic, computer, physical, organizational and procedural) to ensure the security and confidentiality of the data processed. These measures include maintaining a secure system of data storage and use based on encryption, intrusion detection and prevention and protection software.

In addition to the Owner, in some cases, other subjects involved both in the Owner's business organization (e.g. administrative, commercial, marketing, legal, system administrators) and in the management of this Site or external parties (such as third party technical service providers, postal carriers, hosting providers, IT companies, communication agencies) may also have access to the User's Personal Data and, if necessary, will be appointed as Data Processors by the Owner. The updated list of Managers can always be requested from the Data Controller.

The User acknowledges, however, that the communication of personal data by means of websites presents risks associated with the disclosure of such data and that no system is totally secure or tamper-proof and/or intrusion by third parties.

  1. Legal basis and purpose of the Processing

We wish to inform you that your Personal Data will be processed, without your prior consent, in accordance with art. 6 GDPR, for the following purposes (together with the purposes listed in paragraph 3.1. the "Purposes"):

  1. Conclusion and execution of a contract with the User and/or execution of pre-contractual measures
  2. carry out the maintenance and technical assistance necessary to ensure the proper functioning of the Site and related services;
  3. improve the quality and structure of the Site, as well as to create new Services, functionalities and/or features of the same;
  4. allow the Owner to provide its Services;
  5. monitoring contractual obligations;
  6. allow the Company to exercise its rights in court and for the management of litigation;
  7. fulfil legal and/or regulatory obligations;
  8. cooperate with public authorities for the prevention and repression of illegal acts, including disciplinary action;
  9. for statistical and historical purposes.

In this regard, it should be noted that statistical purposes also allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User's behaviour. For example, Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and analyzing the use of this website, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize the ads on its advertising net.

  • The data provided by the Registered User may be processed, subject to the consent of the latter, pursuant to art. 6 letter a) GDPR, for the following commercial purposes and by e-mail, fax, MMS or SMS message:

a) to allow the sending to the Registered User of communications by e-mail about products, initiatives and/or Services proposed by the Company and/or newsletters, or other advertising, informative or promotional material (e.g. commercial communications relating to Orthopaedic Products similar to those that have been the subject of contracts between Retailers and users).

Users with whom the Company has entered into contractual relations are advised that the Company may send them communications of a promotional nature for its services, in compliance with the Privacy Policy, unless they disagree in accordance with art. 21, paragraph 2 GDPR.

However, it is always possible to ask the Owner to clarify the concrete legal basis of each treatment.

  1. Nature of the provision of Personal Data

The provision of data by the User is obligatory for the purposes of the service referred to in point 3 of this notice. Any refusal to provide such data may make it impossible to use the services related to the use of the Site.

The provision of data by the User is optional for the promotional and marketing purposes referred to in point 3.1 of this Privacy Policy. However, refusal to provide the data will not allow the User to receive any commercial communications about products, initiatives and/or services proposed by the Company.

  1. Personal Data Access

Without prejudice to communications made in compliance with legal and/or regulatory obligations, your Personal Data may be made accessible, for the Purposes, to employees and/or collaborators of the Company, duly authorised by the Data Controller, in their capacity as internal managers and/or, subjects authorised to process and/or system administrators;

  1. Communication of Personal Data

Without the express consent of the User (pursuant to art. 6 letter b) and c) of GDPR), the Data Controller may communicate the User's data for the Service Purposes to supervisory and/or control bodies, judicial authorities as well as to all other subjects to whom the communication is obligatory by law for the fulfilment of the said Purposes, as autonomous data controllers.

Users' data will not be disclosed to the public or to unspecified subjects.

In addition to the Data Controller, in some cases, categories of third parties involved in the organisation of the Data Controller or of the site - and in turn appointed, if necessary, as data processors by the Data Controller - such as, by way of example (the "Recipients"), may have access to the Personal Data and process them for the Purposes mentioned above:

  • third party technical service providers;
  • medical practitioners and paramedical personnel (doctors and/or paramedics employed by the Retailers);
  • couriers and postal services;
  • hosting provider;
  • computer companies;
  • professionals and consultants (in legal, commercial, administrative, tax, quality and safety, budget certification,) who are entrusted with tasks for which knowledge of the User's personal data is necessary;
  • communication agencies;
  • credit institutions
  • insurance company.
  1. Place, transfer and storage period

The Data are processed at the headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For further information please contact the Data Controller.

Your Personal Data may be transferred to a country other than the country in which you are located.

The User's Personal Data may also be communicated to Recipients who are in European Union Member States for the pursuit of the Purposes only.

Any transfer of Personal Data to countries outside the EU may only take place within the terms and with the guarantees provided by the Privacy Policy and, in particular, in accordance with Articles 44 - 49 of the GDPR.

The User has the right to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or constituted by two or more countries, such as the UN, and about the security measures taken by the Data Controller to protect the Data.

7.1. The Data are processed and stored for the time required by the purposes for which they were collected.


  • Personal Data collected for purposes related to the execution of a contract between the Owner and the User will be retained until the execution of such contract is completed.

Personal Data collected for purposes related to the legitimate interest of the Owner will be retained until such interest is satisfied. The User may obtain further information about the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.

  • When the processing is based on the User's consent, the Data Controller may retain the Personal Data for a longer period of time until such consent is revoked. In addition, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period Personal Data will be deleted.

  1. User Rights

We inform you that, in accordance with the Privacy Policy, you have the right to revoke your consent at any time and may at any time exercise the following rights (the "Rights"):

  1. the so-called "right of access" to your Personal Data pursuant to art. 15 GDPR, and specifically: to obtain confirmation of the existence or non-existence of Personal Data concerning you, even if not yet recorded, and their communication in an intelligible form, as well as to obtain the following information:
  1. the purposes and methods of the Processing of your Personal Data (including the existence of an automated decision making process, including the profiling referred to in art. 22, par. 1 and 4 GDPR and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject), the categories of your Personal Data processed, the origin of your Personal Data, the storage period of your Personal Data (where possible), or the criteria used to determine such period;
  2. the identification details of the data controller, data processors and the representative designated pursuant to art. 5, paragraph 2, letter e) GDPR and in general of all subjects or categories of subjects to whom your Personal Data has been or will be communicated on Italian territory, in particular if there are recipients from third countries or international organizations (and in this case, you are also entitled to be informed of the existence of adequate guarantees pursuant to art. 46 GDPR relating to the transfer);
  3. the existence of your right, as data subject, to ask the data controller to correct, cancel or limit the processing of your Personal Data or to oppose their processing;
  4. the right to lodge a complaint with the Guarantor for the protection of your Personal Data (the "Guarantor");
  1. the so-called "right of rectification" referred to in art. 16 GDPR: the right to request the rectification or, if interested, the integration of your Personal Data;
  2. the so-called "right to deletion" (or "right to be forgotten") referred to in art. 17 GDPR: the right to request cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which your data was collected or subsequently processed;
  3. the so-called "right of limitation of processing" in art. 18 GDPR: the right to obtain from the data controller the limitation of processing in certain cases provided for under the Privacy Policy;
  4. the right to request from the data controller, in accordance with Art. 19 GDPR, an indication of the recipients to whom he has notified any rectification or cancellation or restriction of processing (made in accordance with Art. 16, 17 and 18 GDPR, in fulfilment of the notification obligation except where this proves impossible or involves a disproportionate effort);
  5. the so-called "right to data portability" referred to in art. 20 GDPR: the right to receive (or to transmit directly to another data controller) your Personal Data in a structured, commonly used and machine-readable format;
  6. the so-called "right of opposition" under Article 21 GDPR: the right to object, in whole or in part:
  1. for legitimate reasons to the processing of your Personal Data, even if pertinent to the purpose of collection;
  2. the processing of your Personal Data, for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.

In the above cases, where necessary, the Data Controller will inform the third parties to whom the Personal Data have been communicated of the possible exercise of your rights, with the exception of specific cases (e.g. when such fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right).

  1. Exercise of Rights and Complaint to the Data Protection Supervisor

To exercise the User's rights, Users may address a request to the contact details of the Owner. Requests are deposited free of charge and processed by the Owner as soon as possible, in any case within one month.

Therefore, you may at any time exercise your Rights in the following ways:

a) by sending a registered letter with return receipt to the address of the Owner;

(b) by sending an e-mail to info@lorenzi-milano.com

We also inform you that under the Privacy Policy you have the right to lodge a complaint with the Guarantor. For the submission of the complaint, you may use the method you deem most appropriate, by hand delivery of the complaint at the offices of the Guarantor (at the address below) or by forwarding of:

a) registered letter with return receipt addressed to "Garante per la protezione dei dati personali", Piazza di Monte Citorio, 121 00186 Rome;

(b) e-mail: garante@gpdp.it, or protocollo@pec.gpdp.it;

(c) fax: 06-696773785.

For more information, please consult the Guarantor's web page available at the link:


  1. Details of external services that may access Personal Data

Please note that this Site may allow you to view content hosted and offered by and/or on external platforms. If there is a service of this type, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.

  • Google Maps Widget (Google Inc.)

Google Maps is a map view service operated by Google Inc. that allows this website to integrate such content within its pages. Personal Data Collected: Cookies and Usage Data.

Place of processing: United States - Privacy Policy(https://policies.google.com/privacy?hl=itl=it). Subject adhering to the Privacy Shield.

  • Shopify

The purpose of this service is to host and operate key components of this Website, making it possible to deliver them from a single platform. This platform provides the Owner with a wide range of tools such as, for example, analytical tools, user registration management, comment and database management, e-commerce, payment processing, etc.. The use of such tools involves the collection and processing of Personal Data. Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where Personal Data is stored.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: Canada - Privacy Policy: https://www.shopify.com/legal/privacy. Subject adhering to the Privacy Shield.

  • PayPal (PayPal Inc.) [for example; it will then be replaced by the one you use, if it is an app or plugin other than Shopify].

PayPal is a payment service provided by PayPal Inc., which allows the User to make payments online.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of treatment: See the privacy policy of Paypal - Privacy Policy.

  1. Data Controller and Data Processor

TREATMENT HOLDER is Lorenzi Milano SRL, C.F.F. and P.IVA 03121550127 with registered office in Milan, Via Morimondo n. 26.

The updated list of any data processors is freely available at the Company's registered office.



Lorenzi Milano SRL

(EU Regulation n. 679/2016 on the processing of personal data - art. 13)

1. Introduction

The current legislation on the processing of personal data defined in accordance with the provisions of Legislative Decree no. 196/2003 (hereinafter, the "Privacy Code") and EU Regulation 679/2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter, the "EU Regulation") contains provisions designed to ensure that the processing of personal data is carried out in compliance with the fundamental rights and freedoms of individuals, with particular regard to the right to the protection of personal data.

The company Lorenzi Milano SRL, C.F. and P.IVA 03121550127, with registered office in Milan, Via Morimondo n. 26, informs that it is the Data Controller, pursuant to the Privacy Code and Articles 4, n. 7) and 24, EU Regulation.

The Company informs, therefore, pursuant to art. 13 of the EU Regulation that it will proceed with the relevant processing for the purposes and in the manner indicated below.

2. Notion of personal data

The term personal data means, according to art. 4 EU Regulation "any information concerning an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity".

Some personal data are part of the subcategory of the so-called sensitive data, according to the Privacy Code, or special categories of personal data, according to the art. 9, paragraph 1, EU Regulation as they are suitable to reveal "racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as to process genetic data, biometric data aimed at uniquely identifying a natural person, data concerning the health or sexual life or sexual orientation of the person" (so-called "special data" or "special data").

The same art. 9 EU Regulation in paragraph 2, letter b), authorizes the processing of data of a particular nature if necessary to fulfill the obligations imposed on the employer and exercise the specific rights of the Data Controller or the data subject in the field of labour law, to the extent that it is authorized by EU or Member State law or by a collective agreement, in the presence of appropriate guarantees for the fundamental rights and interests of the data subject.

3. Notion of treatment

Processing of personal data means, according to art. 4, n. 2 EU Regulation, any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

According to the Guarantor for the Protection of Personal Data (hereinafter referred to as the "Guarantor" or the "Authority") the collection, recording, storage and, in general, the use of images is a processing of personal data (Measure 8.04.2010).

The processing of personal data will respect the fundamental rights and freedoms of citizens and the dignity of persons with particular reference to confidentiality, identity and protection of personal data of the person concerned.

4. Primary purposes of personal data processing

The activity of video surveillance or video recording by means of special electronic instruments, carried out in the internal/external areas of the premises in use/owned/legally available premises of the Company pursues the purpose both of a commercial nature strictly connected to a pre-contractual or contractual activity of the Owner and of protection of the assets and property of the Company with respect to possible aggression, theft, robbery and vandalism and to the possible defense of the Company in court as well as to the protection of the production processes and company products.

External/internal video surveillance equipment is active 24h - 7/7 and in any case will not film locations reserved exclusively for employees.

The filming tools used for commercial purposes will be active only when strictly necessary to carry out activities related to the contractual or pre-contractual execution and in any case will not take back in the foreground those who pass through the relevant field of vision.

5. Stakeholders

All those who, for whatever reason, pass through the field of vision of the active surveillance cameras and/or electronic recording instruments, as well as the Company's employees, are interested in the processing of the data.

The Data Controller has provided to report the presence of surveillance cameras with special signs in accordance with the provisions of the Guarantor's Provision of 8.04.2010 as well as the places where the Interested Parties could be filmed for commercial purposes.

6. Legal basis

The processing of data for the pursuit of the above mentioned primary purpose, pursuant to art. 6 EU Regulation, excludes the need to obtain the specific consent of the data subject since the processing is necessary for the pursuit of a legitimate interest of the Data Controller, pursuant to art. 6, paragraph 1, letter f), EU Regulation.

7. Acceptance

The Interested Party, entering the business premises or passing through the specially marked areas where video surveillance and video recording tools are active for commercial purposes, confirms to have read and understood this Privacy Policy and to accept that the Company processes the Personal Data collected in accordance with this Privacy Policy and the Privacy Policy. If you do not accept the conditions of this Privacy Policy, please do not pass through the business premises where the video surveillance or video recording tools are active for commercial purposes.

8. Communication and dissemination of personal data for the pursuit of the primary purposes of processing

The images collected may be processed only by employees, specifically authorized and in charge of data processing, internal functions of the Company as well as the Data Processors appointed by the Data Controller.

The data may be communicated, for the purposes described above, also externally, to third parties who deal, by way of example, with control and surveillance services, plant maintenance and video surveillance activities, marketing and/or commercial activities, to consultants who will assist the Company in any legal proceedings, as well as to supervisory and control authorities and to any public entity entitled to request the data, such as judicial authorities and/or public security authorities.

However, personal data will not be disclosed to an indefinite public.

Communications made in accordance with a legal obligation, regulation or Community legislation shall remain unaffected.

The updated list of Data Processors and Persons in charge of processing is available for consultation by making a request to the Data Controller at the following e-mail address _ .

9. Duration of treatment

The images detected will be stored for the period of time strictly necessary to achieve the above purposes and, in any case, for a period of time not exceeding 24 (twenty-four) hours from the detection or 7 (seven) days in the cases provided for by the Guarantor, without prejudice to any longer period allowed by the Provision of the Guarantor of 8.04.2010 or that may be necessary to comply with specific requests of the judicial authority or police in relation to the investigative activities in progress.

At the end of the period of conservation foreseen, the recorded images are automatically deleted from the storage system by means of computer rewriting of the same recordings; their storage on supports will take place exclusively in cases of criminal offences and investigative requests by the competent Authorities, through appropriate procedures in the presence of the Data Processors.

10. Methods of treatment

The processing is carried out in compliance with the methods and requirements of the Guarantor's Order of 8.04.2010 and will include all the operations or set of operations indicated in art. 4, n. 2, EU Regulation - carried out with the help of computer systems - and precisely: collection, recording, organization, structuring, updating, storage, adaptation or modification, extraction and analysis, consultation, use, communication through transmission, comparison, interconnection, limitation, cancellation or destruction of data.

The processing is carried out through the use of electronic instruments and is managed by personnel specifically appointed, authorized and/or designated.

11. Data transfer outside the European Economic Area

Your personal data will not be transferred to third countries.

12. Security measures

The Company guarantees that the security and confidentiality of the data subject's personal data will be protected by appropriate protection measures, in accordance with the provisions of the EU Regulation and applicable national legislation, in order to reduce the risks of destruction and loss - even accidental loss - of data, unauthorized access or processing that is not permitted or does not comply with the purposes of collection.

13. Exercise of rights by the person concerned

Pursuant to Articles 13, paragraph 2, letters b) and d), 15, 18, 19 and 21 of the EU Regulation, the interested party is informed that:

  1. has the right to ask the Company, as data controller, for access to the images, their cancellation or the limitation of the processing concerning him/her;
  2. has the right to object to their processing in the cases provided for;
  3. any cancellation or limitation of processing carried out at the request of the data subject - provided that this proves impossible or involves a disproportionate effort - will be communicated by the Company to each of the recipients to whom the personal data have been transmitted. The Company may notify the data subject of such recipients if the data subject so requests;
  4. has the right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority www.garanteprivacy.it.

The right to update or supplement, as well as the right of rectification as per art. 16 of the EU Regulation, cannot be exercised due to the intrinsic nature of the data processed (images collected in real time concerning an objective fact).

Nor is the right to the portability of data pursuant to art. 20 of the EU Regulation exercisable, since the processing is carried out in execution of a legitimate interest of the Data Controller.

The exercise of these rights is not subject to any formal restrictions and is free of charge.

To exercise the above mentioned rights, the interested party may contact the Data Controller using the following addresses: info@lorenzi-milano.com

The response to a request for access to the images in which the data subject believes he or she has been filmed may not include any data relating to third parties, unless the breakdown of the data processed or the deprivation of certain elements makes the personal data relating to the data subject incomprehensible.

Once the data retention period has expired, it will be impossible to satisfy the access request.

This information is available for consultation on the website www.lorenzi-milano.com and in printed form at the reception of the Company's business premises.