Privacy Policy

This page describes how the website is managed with regard to the processing of the personal data of the users who consult it.
This information is provided pursuant to articles 13 and 14 of the GDPR 2016/679 and the national legislation in force, to those who interact with the web services accessible by electronic means from the address:

The information is provided only for this site and its subdomains (e.g.:, and not for other external websites consulted by the user using any links on the site.
The information is also based on Recommendation no. 2/2001 that the European authorities for the protection of personal data, meeting in the Group established by art. 29 of Directive no. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the procedures, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

Data Controller
The data controllers are VISA INTERNATIONAL SRL, with registered office in Via Dell’Apprendistato, 2 – 35044 Montagnana (PD) and S.B.F. SRL, with registered office in Via dei Placco, 217 int. 1 – 35040 Casale di Scodosia (PD).
The Joint Owners jointly determine the purposes and means of the processing, within the project relating to the website The Joint Ownership Agreement is available at the link

External Data Processor
Agenzia23 di Paolo Sandrini has been designated as the External Data Processor pursuant to Article 28 of the GDPR 2016/679 and the national legislation in force, as the provider of services for the development and maintenance of the web platform, as well as for the provision and operational management of the technological platforms used.

Type of data processed and purpose of processing

Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or the domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, including through the completion of specific forms, entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.

The data you freely provide may be processed for the following purposes:

– The processing of requests for information on the services provided and products/solutions marketed directly by the Data Controllers (art. 6 par. 1 lett. a) and b) GDPR 2016/679);
– The processing of reports of any kind, also sent through Contact Forms (art. 6 par. 1 let. a) GDPR 2016/679);

Any specific information will be progressively reported or displayed on the pages of the site set up for particular services on request.

The collection and recording of data will take place for specific, explicit and legitimate purposes and in a manner compatible with those purposes, as part of the processing necessary for the operation of the business. Such data will be processed in accordance with the principle of accuracy and, if necessary, appropriately updated, so that they are always relevant, complete and not excessive in relation to the purposes of collection and that their storage is functional for the period of time necessary for the purpose for which they were collected and subsequently processed in accordance with GDPR 2016/679 and applicable national legislation.
Personal data may be processed with the aid of both paper and telematic tools and in any case in such a way as to guarantee its security and protect the utmost confidentiality of the data subject. Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access in full compliance with art. 32 of GDPR 2016/679 and the national legislation in force.

Cookies, plugins and services for interaction with external platforms
Complete information on the use of cookies and services for interaction with external platforms (e.g. social networks) by this site is available at the following link:

Compulsory or optional nature of providing data and consequences of refusal to provide data
Apart from what is specified for navigation data, the user’s consent is optional. However, failure to provide consent may make it impossible for the co-owners to provide the services requested. The consent, where given, may be revoked at any time by sending a request to the following address:

Communication of data
Without prejudice to the communication and dissemination carried out in execution of legal obligations, all data collected and processed may be communicated to:
– Professionals and consultants, in particular subjects who provide services for the management of the information system and telecommunications networks (including e-mail);
– Persons who carry out processing on behalf of the Data Controller in their capacity as Data Processors pursuant to Article 28 GDPR 2016/679, such as, purely by way of example and without limitation: persons who provide services for the management of the information system and telecommunications networks (including electronic mail). A complete and updated list of the Data Processors is available to those entitled to know, by simple request at the Data Controller’s head office.
– Persons authorised to access the data by the regulations in force and/or to whom the data must be communicated in order to comply with legal obligations.
Personal data may be processed by employees and collaborators assigned to the competent offices of the undersigned, who are explicitly authorised to process the data on the basis of the provisions of Article 29 of GDPR 2016/679 and current national legislation.

Transfer of data abroad
Personal data may be communicated and/or transmitted abroad only for the pursuit of the purposes set out in this statement, or for exclusively technical reasons related to the structure of the Company’s Information System and/or the application of technical and organisational security measures deemed appropriate by the Data Controller (art. 32 GDPR 2016/679), and exclusively in accordance with articles 44 f.s. of GDPR 2016/679.

Data retention periods:
The data provided will be stored in our archives according to the following parameters:
– Data provided voluntarily by the user: until the service has been fulfilled (“principle of limitation of storage”, art.5 of GDPR 2016/679) or according to the deadlines provided for by the Law.
– Data processed for information, promotional and commercial purposes: 12 months;
– Data processed for profiling purposes: 12 months;
– Data processed for transfer to third parties (indirect marketing): 12 months;
In relation to the specific limitation periods provided for by the law, data necessary for the ascertainment, exercise or defence of a right in a court of law may be subject to longer storage periods.
The obsolescence of the data stored in relation to the purposes for which they were collected is checked periodically.

Rights of the interested party
With regard to personal data, the data subject may exercise the rights provided for within the limits and under the conditions set out in Articles 15 to 22 of the GDPR 2016/679 and in current national legislation. In particular, the GDPR attributes to the Data Subject:
– Right of access (Art. 15 GDPR 2016/679);
– Right to rectification of inaccurate personal data and right to integration of incomplete personal parts (art. 16 GDPR 2016/679);
– Right to erasure (art. 17 GDPR 2016/679);
– Right to restriction of processing (art. 18 GDPR 2016/679);
– Right to request the recipients to whom any rectification or erasure or restriction of processing has been communicated (art. 19 GDPR 2016/679);
– Right to data portability (art. 20 GDPR 2016/679);
– Right to object (art. 21 GDPR 2016/679);
– Right not to be subjected to a decision based solely on automated processing (art. 22 GDPR 2016/679).
In the event that any form of consent to processing is signed, it should be noted that the data subject may revoke it at any time, without prejudice to the mandatory fulfilments provided for by the legislation in force at the time of the revocation request, by contacting the Data Controller at the following email address:

Right of Complaint
If you believe that the processing of your personal data, carried out through this website, is in violation of the provisions of the GDPR 2016/679, you also have the right to lodge a complaint with the Guarantor for the protection of personal data, as provided for by art. 77 of the GDPR 2016/679 itself, or to take appropriate legal action (art. 79 of the GDPR 2016/679).

For further information you can contact the Data Controllers:

Via Dell’Apprendistato, 2 – 35044 Montagnana (PD)
Tel. +39 0429 804622 – Fax +39 0429 81699

Via dei Placco, 217 int. 1 – 35040 Casale di Scodosia (PD)
Tel. +39 0429 847098 – Fax +39 0429 878287

Last modified: 14/07/2021

Downloadable Privacy and Policy documents

SBF Srl Privacy policy towards Customers
SBF Srl Privacy policy towards Customers
SBF Srl Privacy Policy towards Suppliers
SBF Srl Privacy Policy towards Suppliers

Model 231 and Code of Ethics

Legislative Decree 231/2001 (“Decree”) introduced into the Italian legal system the system of administrative liability of entities for certain offences committed in their interest or to their advantage by persons in top positions or persons subject to their direction or supervision.

In order to ensure the prevention of the offences contemplated in the Decree, SBF S.r.l. has adopted its own organisation, management and control model (“Model”), approved by the Board of Directors on 9 November 2020.

The Model is part of a broader policy pursued by SBF S.r.l. aimed at promoting fairness and transparency in the conduct of its activities and in its relations with third parties, in which the Code of Ethics, adopted by SBF S.r.l., is also included.

The Board of Directors of SBF S.r.l. has set up a Supervisory Body, endowed with autonomous powers of initiative and control, responsible for supervising the operation of and compliance with the Model and for promoting its constant updating.

Full text in downloadable PDF format:

SBF Srl Code of Ethics Model 231
SBF Srl Code of Ethics Model 231
SBF Srl General part MOG231
SBF Srl General part MOG231
VISA INTERNATIONAL Srl Corporate information CLIENTS
VISA INTERNATIONAL Srl Corporate information CLIENTS
VISA Corporate information - SUPPLIERS
error: Content is protected !!