In compliance with the obligations laid down in the European Privacy Regulation EU/2016/679 (GDPR), we wish to inform you about the processing of personal data collected by us, freely provided by you and/or by other subjects communicated to San Marco Group S.p.a., in particular through:
• browsing web pages, using online services, filling in forms on our applications and on the websites: www.san-marco.com, decorativi.san-marco.com, www.sanmarcogroup.com, www.abcpaints.it, agenti.verniciedilizia.it, www.disegnoitaliandecorative.com, www.lineapalladio.com, quantorisparmi.com, www.eurobeton.net, www.novacolor.it, www.eurocolori.com;
- the establishment of contractual relationships with customers with a VAT number.
The processing of data will be carried out in compliance with the privacy regulations in force and will be based on the principles of propriety, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and non-excessiveness.
- Identity and contact details of the Data Controller
San Marco Group S.p.A.
VAT number and tax code 00229240270
Legal and operational headquarters:
Via Alta 10, 30020 Marcon (VE), Italy
tel. +39 041 4569322
- Contact details of the Data Protection Officer (DPO)
Data Protection Officer
phone +39 041 4569322
- Categories of personal data processed and methods of processing
- Website navigation:
- Form filling:
- VAT-registered customer:
- Using the "Work with us" form
- Purpose of data processing, legal basis and storage time
||Legal basis||Storage time|
||Consent is not required as the processing is necessary for providing the service requested by the user or for establishing and/or executing the contractual relationship (art.6.1.b of the GDPR).||For purposes 1,3,4,5: for the entire duration of the relationship and/or of the service offered and in any case for a period not exceeding 10 years from the termination of the same.|
||For purpose 2:
||Consent is not required as the processing is necessary for the pursuit of the legitimate interest of the Data Controller, security and maintenance (Art.6.1.f of the GDPR).||For the period strictly necessary for the pursuit of the purpose.|
||Consent is required (Art.6.1.a of the GDPR).||For purposes 7 and 9: given the type of product marketed, 5 years from receipt of consent.
For purpose No. 8: until you object via the link in each newsletter.
||Consent is not required as the processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data is processed only as aggregated data and without reference to user identifiers for market research purposes (Art.6.1.f GDPR).||Since this is aggregated data, there is no storage limit.|
||Consent is not required as the processing is necessary to comply with the legal obligations of the Data Controller (Art. 6.1.c GDPR).||10 years after termination of the relationship.|
||Consent is not required as the processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself for breach of contract or other causes of damage (art.6.1.f GDPR);||10 years after termination of the relationship.|
Any refusal, albeit legitimate, to provide all or part of the above data, could make it difficult to access and use our web applications and online services and compromise the smooth functioning of the relationship with our organisation; in particular, for personal data defined as mandatory and indispensable, it could make it impossible to access and use our web applications and online services and for us to carry out the normal course of business operations and the normal provision of the products/services requested.
- Processing methods
In carrying out the processing operations, all technical, IT, organisational and procedural security measures will always be adopted, so that the minimum level of data protection required by law is guaranteed. The above-mentioned methods applied for the processing will guarantee access to the data only to those subjects specified in point 6.
- Categories of recipients of personal data
- Legal Representative of the Data Controller, DPO, system administrator and employees and data processors of the following areas: Management, Administration and Finance, Technical Area, Production, Logistics, Information Systems, Quality, Marketing and Sales.
- Data processors include: companies of the San Marco Group, consultants and IT companies and software houses, consultants and consulting companies, freelance professionals, self-employed workers, agents and representative agencies, and companies dealing in transport and logistics.
- Judicial or supervisory authorities, administrations, public bodies and agencies (domestic and foreign), but exclusively for the purpose of fulfilling legal, regulatory or EU obligations, auditors and auditing companies for the same tasks.
- Retention and transfer of personal data abroad
- Exercisable rights
In accordance with the GDPR, you may exercise the rights set out therein and in particular:
- You may at any time request, from the Data Controller or the Data Protection Officer, a copy of your personal data, information on the where your personal data are processed and an updated list with the identification details of all Data Processors and System Administrators authorised to process your data.
- At any time, you may freely revoke the consent given, without any charge and prejudice to the lawfulness of the processing carried out up to that moment, and exercise the following rights of the Data Subject vis-à-vis the Data Controller as provided for by the European Privacy Regulation EU/2016/679 of Access, Rectification, Cancellation, Limitation, Opposition, Portability and Complaint to the Privacy Guarantor.