pursuant to Article 13 of EU Regulation 2016/679 (GDPR)

Privacy Policy

Sacto S.r.l. (Tax Code/VAT No. 02499790968), with its registered office at Via Valcava no. 15, 20900 Monza (MB), in its capacity as Data Controller pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter also “GDPR” or “Regulation”), recognizes the importance of the fundamental right to the protection of natural persons with regard to the processing of personal data. Therefore, in accordance with the aforementioned Regulation, the processing of the data subjects’ personal data will be carried out and safeguarded in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, accountability and, in all cases, in compliance with the provisions of the GDPR.

  1. DATA CONTROLLER

    The Data Controller, meaning the entity that determines the purposes and means of the processing of personal data, is Sacto S.r.l. (Tax Code/VAT No. 02499790968), represented by its pro tempore legal representative, with registered office at Via Valcava no. 15, 20900 Monza (MB).

    The Data Controller can be contacted at the following e-mail address: sacto@sacto.it

  1. PURPOSES AND LEGAL BASIS OF THE PROCESSING

    The personal data collected through the website (personal details; contact information) will be processed, in accordance with the GDPR, for the following purposes:

         a. to view the products available for purchase through the website and their respective prices;

         b. to provide services, including responding to requests from data subjects and users; in this regard, please note that the optional, explicit and voluntary sending of e-mails through            the “Contact” section inherently entails the subsequent acquisition of the sender’s e-mail address;

         c. to send commercial and promotional communications (by mail, e-mail or other electronic means) regarding products, services, offers, promotions and news related to Sacto S.r.l.

    The data collected through the website is processed in order to allow registration and subsequent viewing of the products and related prices displayed on the website, as well as to comply with legal obligations to which the Data Controller is subject (Art. 6.1.b GDPR and Art. 6.1.c GDPR).

    The data collected, subject to consent, may be used for sending commercial and promotional communications, including through automated systems using e-mail or other similar electronic communication technologies (Art. 6.1.a GDPR). Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

  1. RECIPIENTS OF PERSONAL DATA

    The data may be accessed exclusively by authorized personnel who have been duly instructed pursuant to Articles 29 of the GDPR and 2-quaterdecies of the Italian Personal Data Protection Code (such as employees and collaborators). The data may also be accessed by third parties duly appointed as “Data Processors” pursuant to Article 28 of the GDPR and providing appropriate legal safeguards.

    It is understood that the personal data of data subjects may be freely disclosed to third parties, such as Law Enforcement Authorities, whenever permitted by law or required by an order or decision of a competent authority.

  1. RETENTION PERIOD OF PERSONAL DATA

    The personal data of data subjects will be retained for the period necessary to achieve the purposes described in point 2), as well as for the period during which the Data Controller is subject to retention obligations for administrative, fiscal and/or accounting purposes, in compliance with civil and tax obligations or for other purposes imposed by legal provisions and mandatory rules, whether national or EU-wide.

    Specific security measures are implemented to prevent the loss of personal data, unlawful or improper use, and unauthorized access, in accordance with the GDPR.

    Furthermore, in order to ensure that personal data is always accurate, up-to-date, complete and relevant, you are invited to report any changes to the following e-mail address: sacto@sacto.it

  1. RIGHTS OF THE DATA SUBJECT

    Data subjects may exercise, at any time and where the legal requirements are met, the following rights granted by the GDPR by contacting the Data Controller at the e-mail address sacto@sacto.it:

         a. request and obtain confirmation as to whether or not personal data concerning them is being processed;

         b. where processing is taking place, request and obtain access to their personal data;

         c. request and obtain, without undue delay, the rectification of inaccurate personal data concerning them, as well as the completion of incomplete personal data;

         d. request and obtain, without undue delay and where one of the conditions set out in Article 17(1) GDPR applies, the erasure of personal data concerning them, except as provided           for in Article 17(3) GDPR;

         e. request and obtain the restriction of processing of their personal data in the cases provided for in Article 18(1) GDPR;

         f. object at any time to the processing of their personal data on grounds relating to their particular situation. In such case, the personal data shall no longer be processed unless                   compelling legitimate grounds for the processing exist which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal             claims;

         g. obtain the portability of the personal data concerning them, meaning the right to receive such data from the Data Controller in a structured, commonly used and machine-                       readable format, and to request its transmission to another Data Controller without hindrance;

         h. where consent is required for the processing of personal data, withdraw the consent previously given, limited to cases where processing is based on the data subjects’ consent for           one or more specific purposes or involves special categories of data (e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, health status, or sexual life).               Processing carried out on the basis of consent prior to its withdrawal remains lawful.

    In any case, please do not send or disclose any so-called special categories of data through the website or by any other means. Pursuant to the GDPR, “special category data” refers to any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used to uniquely identify a natural person, health data, or data concerning a person’s sex life or sexual orientation.

    Furthermore, data subjects may lodge a complaint with the Supervisory Authority (Italian Data Protection Authority) if they believe their rights under the GDPR have been violated, following the procedures indicated on the Authority’s website at the address: www.garanteprivacy.it.

  1. CONSEQUENCES OF FAILURE TO PROVIDE PERSONAL DATA

    Providing personal data is mandatory for the purposes referred to in point 2), letters a) and b), and failure to provide such data will make it impossible to deliver the requested services.

    Providing personal data is optional for the purposes referred to in point 2), letter c), and failure to provide such data will make it impossible to send commercial communications.