NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13-14 OF REGULATION (EU) 2016/679

This notice (“Notice”) is provided pursuant to Regulation (EU) 2016/679 (“GDPR”) and applicable national legislation on the protection of personal data and is addressed to visitors and users (“Data Subjects” or “Data Subject”) of the website https://registmark.com/ (“Website”). Through this Notice, the Data Controller—as indicated below—intends to provide Data Subjects with adequate information regarding the purposes and methods of processing personal data (“Personal Data”) collected through the Site.

👤 Data Controller    

GARBAGNATI INTELLECTUAL PROPERTY S.R.L. VAT No. 10292920963 Tax ID No. 10292920963, email f.martinelli@registmark.com certified email: garbagnatiintellectualpropertysrl@legalmail.it

🎯 Purposes, legal basis for processing, and retention period of Personal Data

Website navigation and security: collection of connection and log data (e.g., IP address, user-agent, pages visited) to ensure the secure operation of the Website, prevent abuse, and support diagnostic analysis.

Legal basis: legitimate interest of the Data Controller (Art. 6, para. 1, letter f) GDPR).    

Retention: for as long as necessary to ensure security and diagnostic analysis. For more information on retention periods and the use of cookies, please refer to the Website’s Cookie Policy.

Handling of requests submitted via the contact form and other channels on the Website. Data voluntarily provided by the Data Subject via the contact form and/or other channels on the Website are processed to respond to requests for information, assistance, or contact, to manage communications with the Data Subject, and to carry out related organizational and administrative activities. Providing the data is necessary to process the request; failure to provide it may make it impossible to respond. 

Legal basis: implementation of pre-contractual measures taken at the request of the data subject (Art. 6, para. 1, letter b) of the GDPR).

Retention: for the time strictly necessary to manage the request and, subsequently, for any period required by legal obligations or to protect the rights of the Data Controller. 

Provision of the services requested through the Website, including trademark registration applications and related activities. The Data Controller processes the data entered by the Data Subject on the Website for the purpose of requesting and managing the services (e.g., completing the trademark registration application, collecting the information necessary for the application, managing operational communications, preparing documentation, tracking progress, and providing support). 

Legal basis: performance of pre-contractual measures and/or a contract (Art. 6, para. 1, letter b) of the GDPR). 

Retention: for the time necessary to manage the service and, subsequently, for the periods required by law and/or for the protection of rights.

Administrative, accounting, and tax management (where applicable). If the Data Subject purchases services and/or administrative documents are issued, the data is processed for administrative, accounting, and tax management purposes (e.g., invoicing, bookkeeping, tax compliance). 

Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR) and/or performance of a contract (Art. 6(1)(b) GDPR).

Retention period: for 10 years and, in any case, in accordance with the terms set forth in applicable civil and tax laws.

Communications to competent authorities/bodies (where required by the service). To the extent necessary for the performance of the service requested by the Data Subject, certain Personal Data may be transmitted and/or made available to competent trademark authorities, such as the Italian Patent and Trademark Office (UIBM) and/or, depending on the territorial scope of the request, the EUIPO, in accordance with their respective procedures. 

Legal basis: performance of the contract/pre-contractual measures (Art. 6(1)(b) GDPR) and, where applicable, compliance with legal obligations (Art. 6(1)(c) GDPR). 

Retention: for the time necessary to manage the case and for any periods required by regulatory obligations or to protect rights.

Analytics and statistics: The Data Controller may process Personal Data, in aggregated or pseudonymized form, for the purpose of conducting statistical analyses on the use of the Website, monitoring its proper functioning, evaluating page performance, and improving the quality of the services offered, as well as the users’ browsing experience. Such processing may be carried out through the use of technical analytics cookies or analytics tools, including those provided by third parties. Further information on the characteristics of the cookies used, their functions, and how to manage or revoke your preferences is available in the Cookie Policy, which can be viewed on the Website.

Legal basis: legitimate interest of the Data Controller (Art. 6, para. 1, letter f) GDPR) or consent of the Data Subject when required for third-party cookies (Art. 6, para. 1, letter a) GDPR).    

Retention: For more information, please consult the Cookie Policy.

Protection of rights and legal compliance: processing of Personal Data to comply with legal obligations, defend against legal claims, or respond to requests from public authorities.    

Legal basis: compliance with a legal obligation (Art. 6(1)(c) of the GDPR) and/or the Data Controller’s legitimate interests (Art. 6(1)(f) of the GDPR).

Retention: until the applicable statute of limitations expires.   

 

📁 Types of Personal Data 

Depending on the purpose and functionality of the Website, the Personal Data processed may include the following:

Browsing data: (e.g., IP address, data regarding the connection, devices used, and browsing patterns on the Website, processed to ensure proper functioning, security, and for statistical purposes)

Identification and contact data (e.g., first name, last name, email, phone number, and other data entered in the Website’s forms)

Data and content entered by the Data Subject for trademark registration requests and related services 

Data collected via cookies and similar technologies: information regarding the Data Subject’s browsing and preferences, as further specified in the Cookie Policy, to which we refer for details on the categories of cookies used and their retention periods.

If the Data Subject enters personal data on the Website pertaining to third parties (e.g., co-owners of the trademark, representatives, delegates, or other parties involved in the matter), the Data Subject declares that they are authorized to provide such data and hereby undertakes to indemnify the Data Controller against any claims arising from unauthorized disclosures.

👥 Categories of Data Subjects

The processing activities are directed at the following categories of Data Subjects:

•    Data Subjects who browse the Website

•    Data Subjects who contact the Data Controller through the Website’s channels; 

•    Data Subjects who create an account and/or use the features and services available on the Website, including the submission of a trademark registration application.

⚙️ Methods of Processing Personal Data 

Personal Data is processed electronically, using appropriate technical and organizational security measures to ensure the protection of Personal Data and prevent unauthorized access. 

🗣️ Recipients of the Processing

Personal Data may be shared with the following categories of recipients:

•    authorized and properly trained personnel of the Data Controller, including with regard to security measures and confidentiality obligations;

•    external consultants engaged by the Data Controller to perform the services offered on the Website, such as IT and tax consultants, etc.

•    service providers whom the Data Controller may engage for various purposes and who have been duly appointed as data processors;

•    entities involved in the management of procedures related to trademark registration, to the extent necessary for the requested service;

•    competent authorities or other entities required by law.

🌍 Transfer of Personal Data Outside the EU

Some service providers used by the Site may involve the transfer of data to third countries, including the United States. Such transfers are carried out in accordance with Articles 44 et seq. of the GDPR, through:

•    Standard Contractual Clauses approved by the European Commission;

•    The EU–US Data Privacy Framework for participating providers (e.g., Google LLC), based on the European Commission’s Adequacy Decision of July 10, 2023;

•    Other appropriate safeguards in accordance with applicable law.

For further information on the safeguards adopted, you may contact the Data Controller by writing to: f.martinelli@registmark.com

🍪 Cookies and Tracking Technologies

The Website may use technical and analytical cookies, including third-party cookies, such as analytics tools and security services. Non-technical cookies are installed only with the explicit consent of the Data Subject, managed via banners and specified preferences:

Cookies and similar technologies may also be used to perform statistical analyses on the use of the Website and measure the effectiveness of the services offered, without ever compromising the security of Personal Data.

For more information on the types of cookies, their purposes, and the management of preferences, please consult the Cookie Policy available on the Website.

📝 Rights of the Data Subject

With regard to the processing described in this Policy, the Data Subject may exercise the rights set forth in Articles 15 through 22 of the GDPR, and in particular the following rights:

•    Right of access (Art. 15 GDPR): the right to obtain confirmation as to whether or not Personal Data concerning the Data Subject is being processed and, if so, to obtain access to such Personal Data.

•    Right to rectification (Art. 16 GDPR): the right to obtain, without undue delay, the rectification of inaccurate Personal Data concerning the Data Subject and/or the completion of incomplete data.

•    Right to erasure (right to be forgotten) (Art. 17 GDPR): the right to obtain the erasure of Personal Data concerning the Data Subject, unless the processing is necessary to fulfill a legal obligation.

•    Right to restriction of processing (Art. 18 GDPR): the right to obtain restriction of processing in the event of inaccurate data or for other legitimate reasons.

•    Right to data portability (Art. 20 GDPR): the right to receive Personal Data in a structured, commonly used, and machine-readable format.

•    Right to object (Art. 21 GDPR): the right to object, at any time, to the processing of Personal Data for legitimate reasons.

•    Right not to be subject to automated decision-making (Art. 22 GDPR), including profiling.

•    Right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

To exercise these rights, you may contact the Data Controller at the following address: Garbagnati Intellectual Property, Via Cherubini 6, 20145 Milan

📅 Updates to this Policy

This policy may be subject to updates. The published version indicates the date of the last update: April 2, 2026. We encourage you to review it periodically.