Our website address is: luxor-brushes.com.



According to the art. 13 of Legislative Decree 196/2003 (hereinafter the “Privacy Code”) and of art. 13 of the EU Regulation n. 2016/679 (hereinafter “GDPR 2016/679”), laying down provisions for the protection of persons and other subjects regarding the processing of personal data, we wish to inform you that the personal data you provide will be processed in compliance with the aforementioned law and the confidentiality obligations to which the LUXOR CLEANING of Gori Massimo & C. S.n.c. is held

Data Controller

The Data controller is LUXOR CLEANING S.R.L. Via G. Matteotti, 1715 – 51036 Larciano (PT) ITALY
VAT number 01205800475 – Telephone: (+39) 0573 83154
Share capital € 50.000 i.v.; in the person of the legal representative Mr. Massimo Gori,

Data Protection Officer

The Data Protection Officer is Mr. Massimo Gori, that you can contact by e-mail info@luxor-brushes.com , or by ordinary post at the company address

Purpose of the processing and legal basis

The data you provide will be processed by means of the operations indicated in Article 4 of the Privacy Code and Article 4 of the GDPR 2016/679, namely:

  • fulfillment of administrative, managerial, accounting, civil and fiscal obligations;
  • organization, storage, consultation of data, such as company name, VAT number, addresses, IBAN, names and contacts relating to your contacts.
  • preparation of company accounts such as orders, shipments, invoices, payments, data relating to customer solvency and credit recovery.
  • for commercial purposes of the company.

The legal basis for processing your personal data is the need to execute a contract / order / request of which you are an interested party.

The provision of your data and other data necessary for the fulfillment of legal obligations is optional but, any refusal to provide such data could lead to failure or partial performance of the contract and failure to continue the relationship.

Processing methods

Your data will be processed in paper and /or automated mode; by telematics  and/or computerized means also through automated tools designed to memorize, manage and transmit the data, in compliance with every precautionary measure, which guarantees its security and confidentiality.

The treatment is carried out by the owner and with access limitation/control, from:

  • its employees
  • from external collaborators, for example, companies providing administrative, IT, logistic and consulting services, operating by virtue of a specific assignment.

Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.

  • In paper form, the data is processed and stored at the headquarters and offices of the Company.
  • In computerized form, at computers and servers, protected by passwords and adequate security measures.

All in compliance with the provisions of art. 32 of the GDPR 2016/79 and Annex B of the Legislative Decree 196/2003 (articles 33-36 of the Code) concerning safety, carried out by specifically appointed subjects and in compliance with the provisions of art. 29 DGPR 2016/679.

Treatment preservation

Your data will be stored for the period of time necessary to achieve the purposes for which they were collected and in any case not later than 10 years from the termination of the relationship, in compliance with the provisions of the legislation on the keeping of accounting records.

Scope of communication and dissemination

The data collected will not be disclosed and will not be communicated to other parties, but will be used only within the company or by companies connected to it or to other subjects for the fulfillment of legal obligations.

Data transfer

Your data will not be transferred either to Member States of the European Union or to countries outside the European Union.

Special categories of personal data

In the treatment NOT are also involved particular data.

The treatment will NOT also concern personal data that fall within the category of “special” data, that is to say data suitable to reveal the racial and ethnic origin, religious, philosophical or other convictions, political opinions, adhesion to parties , trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as genetic data, biometric data intended to uniquely identify a natural person, personal data that can reveal health status or sexual life or sexual orientation of the person.

Existence of an automated decision-making process, including profiling

The company doesn’t adopt any automated decision-making process, including profiling,

intended by the EU regulation, referred to in Article 22, paragraphs 1 and 4, of EU Regulation no. 679/2016, as any form of automated processing of personal data consisting in the use of such data to evaluate certain aspects relating to a natural person, in particular to analyze or foresee aspects concerning professional performance, economic situation, health, health personal preferences, interests, reliability, behavior, location or travel of said natural person.

Rights of the interested party

According to the provisions of GDPR 2016/679 and the “Privacy Code”, at any time, you can exercise the right to:

  • request confirmation of the existence or otherwise of personal data;
  • obtain information about the purposes of the processing, the categories of personal data, and, when possible, the storage period;
  • access to personal data
  • obtain the rectification or cancellation of the same or the limitation of the processing that concern them;
  • obtain the portability of the data, that is, receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance;
  • oppose the processing;
  • revoke the consent (the right to revoke the consent obviously cannot concern the cases in which the treatment is necessary to fulfill a legal obligation to which the holder of the treatment is subject or for the execution of a task of public interest or connected to the  exercise of public powers vested in the data controller);
  • make a complaint to the Control Authority (Privacy Guarantor).