Privacy Policy

Rev_5 dated 11.07.2024
In compliance with the obligations laid down in the European Privacy Regulation EU/13/14 (GDPR), we wish to inform you about the processing of personal data collected by us, freely provided by you and/or by other subjects communicated to San Marco Group S.p.A..


Contents

  • Key updates
  • General Information
  • Type and purpose of processing, legal basis and retention time:
    • If you are a user or are on the website (read here)
    • If you wish to contact us or request information by filling out a form (read here)
    • If you are filling in the 'Work with us' form (read here)
    • If you are shopping or registering at our E-commerce area (read here)
    • If you are a 'Distributor' or 'Dealer' customer of ours (read here)
    • If you are an 'indirect' customer of ours (installer, decorator, construction company, architect or architectural firm, etc.) (read here)
    • If you are one of our suppliers (read here)
    • If you participate in the 'LabForPro' webinars (read here)
    • If you participate in training courses at San Marco locations (read here)
    • If you have joined or intend to join the 'San Marco Lovers' community (read here)
    • If you have entered or intend to enter the 'Paint and Fly' competition (read here)
    • If you want to know how we use your images (read here)
  • Data-processing methods
  • To whom we communicate your data
  • Storage and transfer of data abroad
  • Rights that can be exercised
  • Identity and contact details of the data controller
  • Contact details of the Data Protection Officer (DPO)


General information

In compliance with the obligations provided for by the European Privacy Regulation EU/2016/679 (GDPR), we inform you about the processing of the personal data collected we collect that is freely provided by you and/or by other parties communicated to San Marco Group Spa.
The processing of data will be carried out in compliance with the privacy regulations in force and will be based on the principles of propriety, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and non-excessiveness.
Any refusal, even if legitimate, to provide all or part of the above-mentioned data, especially for those defined as mandatory and indispensable, could make it difficult to access and use our web applications and on-line services as well as services or products in general provided by San Marco, making it impossible for us to carry out the activity properly.


Type and purpose of processing, legal basis and retention periods:

• If you are a user or are on the website

While browsing and using the Company website, certain information may be collected and processed for the sole purpose of security and improving the service we offer.
In fact, if you browse corporate websites (www.san-marco.com and their sub-domains, www.sanmarco.com, www.sanmarcogroup.com, www.abcpaints.it, www.disegnoitaliandecorative.com, quantorisparmi.comwww.eurobeton.netwww.novacolor.itwww.eurocolori.com) or purchases on our e-commerce site, the information collected mainly concerns interactions with the website, statistics on pages visited by the user, date and time of access, and technology used by the user. Information on the user's original page and destination page may also be collected.
In addition, some information is collected automatically (in anonymous, aggregated and 'pseudonymised' form) using cookies and similar technologies while browsing the website. You can read more about our use of cookies in our 'Cookies Policy'.
Purpose Legal basis Storage time
For the proper implementation, management, maintenance, security and improvement of the website, e-commerce platform and IT infrastructure. The processing is necessary for the pursuit of the legitimate interest of the Data Controller in the security and maintenance of the IT and web infrastructure (Art. 6.1.f GDPR). For the period strictly necessary for the pursuit of the purpose.
Processing statistical data for market purposes The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.


• If you wish to contact us or request information by filling out a form

Should you decide to contact us by filling in the forms in the 'Contacts' or 'Contact us' section of the aforementioned websites, the information collected will concern your name and surname, your residence or domicile address, e-mail address, telephone number, tax code, VAT number as well as the text you freely enter.
Purpose Legal basis Storage time
Processing requests for information and contact, providing technical and commercial assistance and support services, made by filling in the form in the 'Contacts' section. The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR). For the entire duration of the relationship and/or of the service offered and in any case for a period not exceeding 10 years from its termination.


• If you are filling in the 'Work with us' form

If you contact San Marco to propose your candidature spontaneously or in relation to the positions on offer, the data processed and collected by means of the form are, by way of example but not limited to, your name and surname, tax code, address of residence or domicile, e-mail address, telephone number, curriculum vitae, passport photo and the text you freely enter.
Purpose Legal basis Storage time
Personnel search and selection for possible recruitment by filling in the form in the 'Work with us' section or by receiving spontaneous applications. The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR). 5 years for candidates who have been interviewed but not recruited;
24 months for candidates who were not interviewed;
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself for breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.


• If you are shopping or registering at our E-commerce area

If you decide to purchase products or otherwise register on our E-commerce Platform, you are required to register in the Reserved Area of the Platform and create a personal account (in this regard, we invite you to read the General Conditions of Use and Sale of the E-commerce Platform). In this case, the information collected will include, but is not limited to:
  • simple common data (customer details, shipping address, contact details; user name, user IP sessions, any image associated with the profile);
  • data generated by online sessions resulting from the use of the account;
  • information regarding visits to the e-commerce area, purchases and orders of products; data relating to the order also in relation to discounts/promotions applied;
 
Purpose Legal basis Storage time
To carry out activities related to the establishment, management and continuation of commercial and/or contractual relationships. The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR).
 
for the entire duration of the relationship and/or of the service offered and in any case for a period not exceeding 10 years from its termination.
For acting as an intermediary between the customer and the retailer when purchasing products on an e-commerce platform
Creation and management of customer profile
For the proper implementation, management, maintenance, security and improvement of the website, e-commerce platform and IT infrastructure. The processing is necessary for the pursuit of the legitimate interest of the Data Controller in the security and maintenance of the IT and web infrastructure (Art. 6.1.f GDPR). For the period strictly necessary for the pursuit of the purpose.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself for breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.
 

• If you are a 'Distributor' or 'Dealer' customer of ours

If you are one of our distributors or dealers and there is a current contract, the data may be collected and processed in connection with establishing and managing the contractual relationship and such data concerns your first and last name, residence or domicile, registered office, e-mail address, telephone number, tax code and VAT number.
 
Purpose Legal basis Storage time
To carry out activities related to the establishment, management and continuation of commercial and/or contractual relationships. The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR). for the entire duration of the relationship and/or of the service offered and in any case for a period not exceeding 10 years from its termination.
Communications concerning products and/or services similar to those already purchased or of commercial interest These are communications about similar services (softspam). (Art. 130, para. 4, Legislative Decree 196/2003) Until opposition through the link provided in each communication.
Processing statistical data on product/service quality The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself against breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.


• If you are an installer, decorator, construction company, architect or architectural firm, etc.

If you are one of the above-mentioned subjects and (even if there is no current contract) you interact with San Marco to request information, advice or wish to be updated on our initiatives and activities, your data may be collected and processed at trade fairs and events, or from completing digital forms, or also at your explicit request, and regard your name and surname, registered office, e-mail address, telephone number.
Purpose Legal basis Storage time
Processing requests for information and contact, providing technical and commercial assistance. The processing is necessary to perform the service requested by the Data Subject (Art. 6.1.b GDPR). For the entire duration of the relationship and/or of the service provided, and in any case for a period not exceeding 10 years from its termination.
sending periodic newsletters and communications of commercial and/or technical interest Consent is required (Art. 6.1.a GDPR). Until opposition through the link provided in each communication.
Processing statistical data for market purposes The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the settlement of any legal disputes that may arise;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself against breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.
 

• If you are one of our suppliers

If you are our supplier, the data will be collected and processed in connection with the establishment and management of the contractual relationship, and may also concern your staff. Specifically, the data collected will consist of company name, first and last name, registered office, e-mail address, telephone number, tax code and VAT number.
 
Purpose Legal basis Storage time
To carry out activities related to the establishment, management and continuation of commercial and/or contractual relationships. The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR). for the entire duration of the relationship and/or of the service offered and in any case for a period not exceeding 10 years from its termination.
Processing statistical data on service quality The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself against breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.
 

• If you participate in the "LabForPro" webinars

If you take part in a LabForPro webinar, the processing will be carried out mainly or exclusively by electronic means using images and online identification of the participants, in compliance with the security protocols established by the Data Controller through the External Data Processor.
The platforms used to provide the service (Microsoft Teams and Apprendoo) require participants to enter an e-mail and a nickname.
During registration, the e-mail is communicated to the platform operator, and consists of the communication of the first level identification data, in order to access the connection. The nickname is freely chosen by the participant and is shared on the portion of the screen delimiting the participant's frame during the conference in the 'virtual room'. When registering for Webinar courses, the Data Controller will request consent to process the data provided for marketing initiatives.
Participants are free to switch their camera off or not. If they decide to keep the video camera on, the images of the person on the screen will also be viewed by the other participants, and may be recorded by the Data Controller. The same applies to audio from the 'activated microphone' function.
The e-mail address and data requested during registration are prerequisites for participation. Likewise, it is mandatory to create a nickname to associate with the e-mail, chosen by the person concerned. The choice of whether to keep the camera active, and to actively take part in the session is left to the participant.
Purpose Legal basis Storage time
Providing webinar and LabForPro courses and registering participants; The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR). Personal data relating to the Data Subject's webinar registration will be retained for 10 years.
 
Processing participation certificates;
Configuration and proper implementation of the webinar and LabForPro training service, proper functioning of the platforms used for it, including identity verification and security of the session; The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the security of the communications to which the same responds (Art. 6.1.f GDPR). Platform usage data, nicknames, chat and session data, since they are necessary to provide the service, will be retained by the external data processor until the user stops using the platform or until the user and/or platform administrator deletes the personal data.
Recording of images and/or videos of the course, conference or event held during the webinar and LabForPro meetings for documentation, training or communication purposes. With regard to acquiring video and audio recordings, the consent of the Data Subject (6.1.a. GDPR) is also considered as being granted if, during a webinar meeting, when notified of the start of the recording, they do not deactivate their video camera and decide to actively participate in the meeting.
On the other hand, with regard to the use of nicknames (which could be the same as first and last names), the legitimate interest of the Data Controller is to not lose, for technical reasons, the possibility of recording the meeting in order to prevent the capture of participants' nicknames (6.1.f GDPR);
6 years after registration for documentation and training purposes;
 
3 years from registration for communication purposes
Carrying out direct marketing activities.
 
Consent is required (Art. 6.1.a GDPR). considering the type of product marketed, 5 years from receipt of consent.
sending periodic newsletters and communications of commercial interest; until opposition through the link provided in each newsletter.
Use of registration e-mail for webinars and LabForPro to send newsletters about training courses similar to ones already completed These are communications about similar services (softspam). (Art. 130, para. 4, Legislative Decree 196/2003) until opposition through the link provided in each newsletter.
Processing statistical data for market purposes The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself against breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.
 

• If you participate in training courses at San Marco locations

If you decide to take part in on-site training courses organised by San Marco at one of its locations, during registration you will be asked to provide common personal data such as, by way of non-limiting example, personal details, contact details, type of work carried out, the name of the contact San Marco dealer, as well as granting video-photographic recordings (photo and audio-video images) of the training sessions.
Purpose Legal basis Storage time
Providing the courses on-site and registering participants; The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR). Personal data relating to course registration will be kept for 10 years.
 
Processing participation certificates;
Recording of images and/or videos of the course made for documentary, training or communication purposes. With regard to acquiring video and audio recordings, the consent of the Data Subject (6.1.a. GDPR) is also considered as being granted if they are informed at the beginning of the course, and decide to take an active part in the conference or course. 6 years after registration for documentation and training purposes;
 
3 years from registration for communication purposes
Carrying out direct marketing activities.
 
Consent is required (Art. 6.1.a GDPR). considering the type of product marketed, 5 years from receipt of consent.
sending periodic newsletters and communications of commercial interest; until opposition through the link provided in each newsletter.
Use of the e-mail communicated during registration to send newsletters about training courses similar to those already completed These are communications about similar services (softspam). (Art. 130, para. 4, Legislative Decree 196/2003) until opposition through the link provided in each newsletter.
Processing statistical data on product/service quality The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself against breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.
 

• If you have joined or intend to join the 'San Marco Lovers' community

If you decide to join the San Marco Lovers community as a professional, your personal data, contact details, type of work performed, name of your reference San Marco dealer, and the size of the selected T-shirt, will be processed.
In this regard, we inform you that this information, for organisational, statistical and logistical purposes, will also be communicated to the dealer with whom you have applied for membership, who will act as external data processor.
Purpose Legal basis Storage time
For membership of the 'San Marco Lovers Community' and the Controller's performance of all activities arising from and relating to the membership. The processing is necessary for providing the service requested by the user, or for establishing and/or implementing the contractual relationship (Art. 6.1.b GDPR). For the entire duration of the relationship and membership of the "Community" and in any case for a period not exceeding 10 years after its termination.
Carrying out direct marketing activities.
 
Consent is required (Art. 6.1.a GDPR). considering the type of product marketed, 5 years from receipt of consent.
Sending periodic newsletters and communications of commercial interest; until opposition through the link provided in each newsletter.
For the communication of activities, initiatives or similar services concerning the 'San Marco Lovers Community'. These are communications about similar services (softspam). (Art. 130, para. 4, Legislative Decree 196/2003) until opposition through the link provided in each newsletter.
Processing statistical data on product/service quality The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after termination of the relationship.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself against breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after termination of the relationship.
 

• If you have entered or intend to enter the 'Paint and Fly' competition

If you decide to enter the "Paint and Fly" prize competition organised by San Marco, personal data of yours will be processed, and will include, but not be limited to: your first and last name, company, telephone number, and/or e-mail address.
Please also note that the Data Controller will use a supplier, duly appointed as an external data processor, for managing and implementing the competition. For more information, please send us a specific enquiry.
Purpose Legal basis Storage time
Entry into the 'Paint and Fly' competition with acceptance of the competition rules. The processing is necessary to establish and/or fulfil the contractual relationship (Art. 6.1.b GDPR). For the entire duration of the competition and, in any case, for a period not exceeding 10 years after its termination.
Carrying out direct marketing activities.
 
Consent is required (Art. 6.1.a GDPR). 3 years from the end of the competition unless revoked or opposed.
Processing statistical data on competition entry, and on product/service quality. The processing is necessary for the pursuit of the legitimate interest of the Data Controller and the data are processed only in aggregated form, without reference to identified users for market research purposes (Art. 6.1.f GDPR). Since this is aggregated data, there is no storage limit.
To fulfil any kind of obligation required by laws, regulations or EU legislation. Processing is necessary to fulfil legal obligations that the Data Controller must comply with (Art. 6.1.c GDPR) 10 years after the competition was held.
For the resolution of any legal disputes that may arise during the course of the relationship;
 
The processing is necessary for the pursuit of a legitimate interest of the Data Controller to protect itself against breach of contract or other causes of damage (Art. 6.1.f GDPR); 10 years after the competition was held.
 

• If you want to know how we use your images

During the provision of services and/or the organisation of events or competitions, the Data Controller may record videos (including voice) and/or photographs for communication and promotional purposes (including via social networks), or for sharing the projects you have submitted on the San Marco community. If, in the course of such filming, your image is also recorded, to the extent that it is wholly or partly recognisable, it comes under common personal data.
Before starting such processing, the Controller will notify you and if you do not wish to be recorded in any way, you must notify the Controller.
If images are collected:
  • during public events or events held in public, they will be processed without the need for your explicit consent;
  • during courses or events when recording does not allow you to be recognised (filming from behind, at a considerable distance, etc.), it will be processed without need for your explicit consent;
  • during courses or events where recording of you is recognisable but you have given your consent, which can also be inferred from the framing in group settings or active participation in courses (e.g. souvenir photos, scenes in which you have decided to appear, etc.), this data processing notice applies, and verbal consent will be considered valid;
  • for saving images or recording videos in which you are the main subject, this data-processing notice applies, and you will be asked for specific consent for the processing and use of the images/videos.
In any case, the Data Controller informs you that the images will not be used in contexts that could be detrimental to the personal dignity, decorum and safety of the subjects portrayed.
The posing and use of the images are to be considered free of charge.
 

Data-processing methods

The processing of your personal data is carried out mainly with the help of computer systems, including automated systems, and may consist of the following operations: collection, recording, organisation and storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, disclosure, cancellation, destruction, blocking and restriction. In carrying out processing operations, all technical, IT, organisational and procedural security measures will, however, always be taken so that the minimum level of data protection required by law is guaranteed. The above-mentioned methods applied for processing will guarantee access to the data only to the persons specified in point 6.
 

To whom we communicate your data

The subjects or categories of subjects who may become aware of the personal data or to whom they may be communicated are the following:
  • Data processors include: dealers of the San Marco Group, IT companies and software houses, consultants and consulting companies, freelance professionals, self-employed workers, agents and representative agencies, and companies dealing in transport and logistics.
  • Judicial or supervisory authorities, administrations, public bodies and organisations (domestic and foreign), but solely for the purpose of fulfilling legal, regulatory or EU obligations. Auditors and auditing companies for the same tasks.
Personal data may also be disclosed, but only in aggregate and anonymous form and for statistical purposes.
For further details, please contact the Data Controller


Retention and transfer of personal data abroad

The management and storage of personal data take place in the cloud and on servers located within the European Union and the European Economic Area owned and/or available to the Data Controller and/or third-party companies, duly appointed as Data Processors.
Some of the services offered by the Controller may make use of external suppliers, duly appointed as data controllers, with data storage taking place outside the EU. In such a case, the Data Controller will verify compliance on the basis of an suitability decision or that the transfer is subject to suitable safeguards.

Exercisable rights
In accordance with the GDPR, you can exercise the rights set out therein and in particular:
  1. You may at any time request, from the Data Controller or the Data Protection Officer, a copy of your personal data, information on the where your personal data are processed and an updated list with the identification details of all Data Processors and System Administrators authorised to process your data.
  2. At any time, you may freely revoke your given consent without any burden and prejudice to the lawfulness of the processing carried out up to that moment, and exercise the following rights of the Data Subject vis-à-vis the Data Controller as provided for by the European Privacy Regulation EU/2016/679 of Access, Rectification, Cancellation, Limitation, Opposition, Portability and Complaint to the Privacy Guarantor.
 

Identity and contact details of the Data Controller

San Marco Group SpA
VAT number and tax code 00229240270
Legal and operational headquarters:
Via Alta 10, 30020 Marcon (VE)
phone +39 041 4569322
e-mail privacy@sanmarcogroup.it
corporate websitewww.san-marco.com
group websitewww.sanmarcogroup.it
Certified emailamministrazione@pec.sanmarcogroup.it


Contact details of the Data Protection Officer (DPO)
Data Protection Officer
phone +39 041 4569322
e-mail: dpo@sanmarcogroup.it