Privacy policy

PRIVACY POLICY
In compliance with the obligations laid down in the European Privacy Regulation EU/2016/679 (GDPR), we wish to inform you about the processing of personal data collected by us, freely provided by you and/or by other subjects communicated to San Marco Group S.p.a., in particular through:
• browsing web pages, using online services, filling in forms on our applications and on the websites:  www.san-marco.comdecorativi.san-marco.comwww.sanmarcogroup.comwww.abcpaints.it,  agenti.verniciedilizia.it, www.disegnoitaliandecorative.comwww.lineapalladio.com,  quantorisparmi.comwww.eurobeton.net, www.novacolor.it, www.eurocolori.com;
  • the establishment of contractual relationships with customers with a VAT number.
 
The processing of data will be carried out in compliance with the privacy regulations in force and will be based on the principles of propriety, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and non-excessiveness.
  1. Identity and contact details of the Data Controller
    San Marco Group S.p.A.
    VAT number and tax code 00229240270
    Legal and operational headquarters:
    Via Alta 10, 30020 Marcon (VE), Italy
    tel. +39 041 4569322
    e-mail privacy@sanmarcogroup.it
    corporate websitewww.san-marco.com
    group websitewww.sanmarcogroup.it
    Certified emailamministrazione@pec.sanmarcogroup.it
     
  2. Contact details of the Data Protection Officer (DPO)
    Data Protection Officer
    phone +39 041 4569322
    e-mail: dpo@sanmarcogroup.it
 
  1. Categories of personal data processed and methods of processing
 
  1. Website navigation:
During the navigation and use of the Company's website, certain information may be collected and processed for the sole purpose of security and improvement of the service provided. The information collected mainly concerns interactions with the website, statistics on the pages visited by the user, date and time of access, and the technology used by the user. Information may also be collected on the user's source page and destination page.
In addition, some information is collected automatically (in an anonymous, aggregated and pseudonymised form) using cookies and similar technologies when the website is browsed. You can read more about our use of cookies in our "Cookies Policy".
 
  1. Form filling:
Should you decide to contact the Data Controller by filling in the forms in the "Contacts" section of the aforementioned websites, the information collected will concern your name and surname, your residence or domicile address, e-mail address, telephone number, tax code, VAT number as well as the text you freely enter.
 
  1. VAT-registered customer:
This policy statement is also addressed to the customers of San Marco Group S.p.A. with VAT numbers whose data may be collected and processed when establishing and managing the contractual relationship. As regards the type of data processed, please refer to paragraph 3.b. The purposes of processing said data are indicated in paragraph 4 and relate exclusively to purposes 3, 7, 8, 9 and 10.
  1. Using the "Work with us" form
This policy statement is also addressed to those who wish to contact the Data Controller to propose their candidacy, whether spontaneously or in response to the positions being offered. The data processed and collected by means of the form are: first and last name, address of residence or domicile, e-mail address, telephone number, curriculum vitae, passport photos and the text you freely enter. The purpose of the processing of such data is indicated in paragraph 4 and relates exclusively to purpose no. 2.
  1. Purpose of data processing, legal basis and storage time
The personal data requested or acquired will be processed exclusively for the purposes and on the legal bases indicated below.
Purpose Legal basis Storage time
  1. Processing requests for information and contact, providing technical and commercial assistance and support services, made by filling in the form in the "Contacts" section.
Consent is not required as the processing is necessary for providing the service requested by the user or for establishing and/or executing the contractual relationship (art.6.1.b of the GDPR). For purposes 1,3,4,5: for the entire duration of the relationship and/or of the service offered and in any case for a period not exceeding 10 years from the termination of the same.
  1. research and selection of personnel for possible recruitment by filling in the form in the "Work with us" section.
For purpose 2:
  • 5 years for candidates who have been interviewed but not recruited;
  • 24 months for candidates who were not interviewed;
  1. To carry out activities related to the establishment, management and continuation of commercial and/or contractual relationships.
 
  1. For acting as an intermediary between the customer and the retailer when purchasing products on an e-commerce platform
  1. Creation and management of customer profile
 
  1. For the proper implementation, management, maintenance, security and improvement of the website, e-commerce platform and IT infrastructure.
Consent is not required as the processing is necessary for the pursuit of the legitimate interest of the Data Controller, security and maintenance (Art.6.1.f of the GDPR). For the period strictly necessary for the pursuit of the purpose.
  1. Carrying out direct marketing activities.
  2. sending periodic newsletters and sales and/or technical communications.
  3. market surveys - conducted internally or with external companies - by email or telephone operator.
Consent is required (Art.6.1.a of the GDPR). For purposes 6 and 8: given the type of product marketed, 5 years from receipt of consent.
 
For purpose No. 7: until you object via the link in each newsletter.
  1. Processing of statistical data for market purposes
Consent is not required as the processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data is processed only as aggregated data and without reference to user identifiers for market research purposes (Art.6.1.f GDPR). Since this is aggregated data, there is no storage limit.
  1. To fulfil any kind of obligation required by laws, regulations or EU legislation.
Consent is not required as the processing is necessary to comply with the legal obligations of the Data Controller (Art. 6.1.c GDPR). 10 years after termination of the relationship.
  1. For the resolution of any legal disputes that may arise during the course of the relationship;
 
Consent is not required as the processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself for breach of contract or other causes of damage (art.6.1.f GDPR); 10 years after termination of the relationship.
 
Any refusal, albeit legitimate, to provide all or part of the above data, could make it difficult to access and use our web applications and online services and compromise the smooth functioning of the relationship with our organisation; in particular, for personal data defined as mandatory and indispensable, it could make it impossible to access and use our web applications and online services and for us to carry out the normal course of business operations and the normal provision of the products/services requested.
  1. Processing methods
The processing of your personal data is carried out mainly with the help of computer systems, including automated systems, and may consist of the following operations: collection, recording, organisation and storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, disclosure, cancellation, destruction, blocking and restriction.
In carrying out the processing operations, all technical, IT, organisational and procedural security measures will always be adopted, so that the minimum level of data protection required by law is guaranteed. The above-mentioned methods applied for the processing will guarantee access to the data only to those subjects specified in point 6.
 
  1. Categories of recipients of personal data
The subjects or categories of subjects who may become aware of the personal data or to whom they may be communicated are the following:
  • Legal Representative of the Data Controller, DPO, system administrator and employees and data processors of the following areas: Management, Administration and Finance, Technical Area, Production, Logistics, Information Systems, Quality, Marketing and Sales.
  • Data processors include: companies of the San Marco Group, consultants and IT companies and software houses, consultants and consulting companies, freelance professionals, self-employed workers, agents and representative agencies, and companies dealing in transport and logistics.
  • Judicial or supervisory authorities, administrations, public bodies and agencies (domestic and foreign), but exclusively for the purpose of fulfilling legal, regulatory or EU obligations, auditors and auditing companies for the same tasks.
Personal data may also be disclosed, but only in aggregate and anonymous form and for statistical purposes.
  1. Retention and transfer of personal data abroad
The management and storage of personal data takes place in the cloud and on servers located within the European Union and the European Economic Area owned and/or available to the Data Controller and/or third-party companies, duly appointed as Data Processors.
  1. Exercisable rights
    In accordance with the GDPR, you may exercise the rights set out therein and in particular:
    1. You may at any time request, from the Data Controller or the Data Protection Officer, a copy of your personal data, information on the where your personal data are processed and an updated list with the identification details of all Data Processors and System Administrators authorised to process your data.
    2. At any time, you may freely revoke the consent given, without any charge and prejudice to the lawfulness of the processing carried out up to that moment, and exercise the following rights of the Data Subject vis-à-vis the Data Controller as provided for by the European Privacy Regulation EU/2016/679 of Access, Rectification, Cancellation, Limitation, Opposition, Portability and Complaint to the Privacy Guarantor.
 
  1. The request can be made using the UNSUBSCRIBE facility of the newsletters, or by writing an email to privacy@sanmarcogroup.it / dpo@sanmarcogroup.it.