Corman S.p.A. firmly believes that transparency is the core of a strong relationship with its customers and users. For this reason, the company wishes to be entirely clear and open on how personal data is used.

Here follows a description of how the website is managed, with reference to the processing of personal data of users.

This notice is given pursuant to art. 13 of Regulation (EU) 2017/679 “on the protection of natural persons with regard to the processing of personal data and the free movement of such data” (the GDPR), to those who interact with the web services of Corman S.p.A., accessible electronically at www.cottonybaby.it, i.e. the home page of the official website of Corman S.p.A..

The policy is also based on Recommendation no. 2/2001 that the European data protection authorities, meeting as the Working Party established by art. 29 of Directive 95/46/EC, adopted on 17 May 2001 regarding certain minimum requirements for collecting personal data on-line, and, in particular, the manner, timing and nature of the information that Data controllers must provide users with when they connect to web pages, regardless of the purpose of the connection.


  1. Data Controller

The data controller is Corman S.p.A., with registered office in Via Liguria, 3 – 20084 Lacchiarella (MI).


  1. Place of processing of personal data and data processors

The processing operations connected to the web services of this website take place at the company’s registered office in Via Liguria 3 – 20084 Lacchiarella (MI) and are carried out only by the technical staff of the Office responsible for processing, pursuant to art. 29 of the GDPR.

For the various specific services, related data files are processed by specialised companies which are appointed as Data Processors pursuant to art. 28 of the GDPR.

The complete list of Data Processors can be requested by contacting info@corman.it.


  1. Type of data processed


3.1 Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning, and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.


3.2 Data provided by the user

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, necessary in order to respond to requests, as well as any other personal data included in the message.


  1. Purpose and legal basis of data processing

Notwithstanding the terms on browsing data referred to in point 3.1), personal data provided by users through the website is processed for the following purposes:

  1. to allow the performance of operations strictly connected and instrumental to the management of relations with website users – including but not limited to – responding to queries received via the contact form and the management of other relevant information sent by the website user;
  2. to allow the correct execution of contractual obligations assumed by the company towards its website users and customers and vice versa, as well as the consequent accounting and fiscal requirements;
  3. to permit compliance with obligations laid down in European law, regulations and rules, or regulations issued by authorities empowered to do so by law and by supervisory and auditing bodies;
  4. when processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  5. for purposes of statistical research/analysis on aggregate or anonymous data, without thus being able to identify the User, aimed at measuring the functioning of the website and its operational functions, including the resolution of any technical issues.

The legal basis for the processing of personal data for the purposes referred to in point 1) is the provision of a service or the response to a request, which does not require a user’s consent, in accordance with applicable law.

As regards the purposes referred to in point 2), data processing is necessary to fulfil the contract;

As regards the purposes referred to in point 3), data processing is necessary for the fulfilment of a legal obligation.

As regards the purposes referred to in point 4), data processing is necessary for the purpose of the legitimate interests of the Company.

The purpose referred to in point 5) does not involve the processing of personal data.


  1. Processing methods and storage time

Personal data is processed by automated tools for the time strictly necessary to achieve the purposes for which it was collected.

Specific security measures are implemented to prevent data loss, illegal or incorrect use and unauthorized access.


  1. Rights of interested parties

The parties to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of such data and to know its content and origin, verify its accuracy or request its integration or updating, or correction (art. 15 et seq. of GDPR).

According to the aforesaid article, one has the right to request the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, their processing.

Requests should be sent by e-mail to: info@corman.it.


  1. Modifications

The company reserves the right to modify the Privacy Policy at any time (also due to changes in current regulations) by updating this page. Users are therefore required to periodically check the Privacy Policy to remain informed of updates.



This notice, Rev.00, was issued on 31/08/2020 and comes into effect as of 20/09/2020.