In compliance with the obligations laid down in European Privacy Regulation EU/2016/679 (GDPR), we hereby inform you about the processing of personal data freely provided by you and/or other subjects communicated to San Marco Group Spa, in particular through:
• browsing web pages, using online services, filling in forms on our applications and on the websites of www.san-marco.com, www.sanmarcogroup.it, www.abcpaints.it, agenti.verniciedilizia.it, www.disegnoitaliandecorative.com, www.lineapalladio.com, quantorisparmi.com, www.eurobeton.net;
• the filling in of paper forms we have provided.
The data processing will be carried out in compliance with the privacy regulations in force and based on principles of correctness, lawfulness and transparency, and carried out in compliance with the principles of relevance, completeness and non-excess.
1. Identity of, and information on, the Data Controller
San Marco Group Spa
VAT and Tax Code number 00229240270
Administrative and operational headquarters:
Via Alta 10, 30020 Marcon (VE)
telephone +39 041 4569322
corporate web site www.san-marco.com
group web site www.sanmarcogroup.it
certified email email@example.com
Legal representative of the Data Controller: Dott. Marco Pietro Zini
2. Contact details of the Data Protection Officer (DPO)
Date Protection Officer: Dott. Maurizio Cataldo
telephone +39 041 4569322
3. Categories of personal data processed and purposes of the processing for which the personal data are intended, and their legal basis
3a. Data collected without the need for your explicit consent (according to Article 6(1)(b), (c), (f) of the GDPR) and for what purposes:
• personal data freely provided by you and/or by other subjects communicated to San Marco Group Spa, in particular by filling in forms on our applications or paper, such as: name and surname, address of residence or domicile, e-mail address, telephone number, tax code, VAT number. The purposes for which they may be used without your consent are as follows:
- to pursue the purposes related to obligations of laws, regulations or European Union legislation;
- to perform tasks connected with the establishment, management and continuation of commercial and/or contractual relations;
- to perform tasks necessary to meet requests received from you, and to provide technical and commercial assistance and support services;
- to pursue legitimate interests of the company or third parties.
3b. With your explicit, specific and free consent (as per Article 6, paragraph 1 letter a) and Article 7 of the GDPR) through dedicated online or paper forms, for the following purposes:
• sending newsletters and promotional and/or technical notices;
• profiling tasks;
• market surveys - internally-conducted or outsourced - by e-mail or telephone operator.
Any refusal, albeit legitimate, to provide all or part of the above data, may make it difficult to access and use our web applications and online services, and compromise the smooth running of the relationship with us and, in particular, regarding personal data defined as mandatory and indispensable, may make it impossible to access and use our web applications and online services, and make it impossible for us to provide normal business operations and smooth provision of the requested products/services.
4. Processing procedures
Your personal data is processed with or without the use of computer systems - including automated - and may consist of the following operations: collection, recording, organization and storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, dissemination, deletion, destruction, blocking and limitation.
In carrying out the processing operations, all technical, IT, organisational and procedural security measures will always be adopted, so as to guarantee the minimum level of data protection required by law. The above-mentioned procedures applied for the processing, will guarantee access to the data only to the subjects specified in point 5.
5. Recipient categories of personal data
The subjects or categories of subjects which may become aware of personal data or which may receive such data, are:
• Legal Representative of the Data Controller, DPO, System Administrator and employees and entrusted with the processing the areas of: Management, Administration and Finance, Technical Area, Production, Logistics, Information Systems, Quality, Marketing and Sales.
• Data processors, for example: legal entities of the San Marco Group, IT consultants, IT and software companies, consultants and consulting companies, freelance professionals, self-employed workers, technical and engineering studies, agents and representative agencies, auditors and auditing companies, transport and logistics companies.
• Judicial or supervisory authorities, administrations, public bodies (domestic and foreign), but solely for the purpose of fulfilling legal obligations, regulations or Community legislation.
Personal data may also be disclosed but only in an aggregate and anonymous form and for statistical purposes.
6. Preservation and transfer of personal data to third countries
Personal data is managed and stored in cloud and on servers located within the European Union owned by and/or at the disposal of the Data Controller and/or third-party companies, duly appointed as Data Processors.
7. Period of retention of personal data
The data will be collected and recorded only for the purposes described below and will be retained for a period strictly necessary for such purposes, and in any case for no longer than twenty-four months from their collection for marketing purposes, twelve months from their collection for profiling purposes and for automated decisions, and ten years from their collection for administrative or legal purposes.
8. Exercisable rights
In accordance with the provisions of the GDPR, you may exercise the rights set out therein and in particular:
8a. You may at any time request from the Legal Representative of the Data Controller or the Data Protection Officer, a copy of your personal data, information regarding the place where your personal data are processed and an updated list with the identification data of all the Data Processors and System Administrators authorised to process your data.
8b. As Data Subject, you may at any time freely withdraw your previously-given consent without any charge and prejudice to the legality of the processing carried out so far, and exercise the following rights against the Data Controller as provided by European Privacy Regulation EU/2016/679 on Access, Rectification, Erasure, Restriction, Objection, Portability and Complaint to the Privacy Guarantor.
The request can be submitted using the UNSUBSCRIBE functionality of the newsletter, or by writing an email to firstname.lastname@example.org