Privacy policy

Information provided according to Art. 13 of EU Regulation 2016/679 on General Data Protection.

SACMAR SRL, as Data Controller, informs you that, for the establishment of business relations and the execution of ongoing and future contracts with you, our organization has directly obtained, as well verbally acquired and collected from you, data qualified as “personal data” by EU Regulation 2016/679 (hereinafter “GDPR”).

According to the law, the data processing is based on principles of lawfulness, fairness, and in a transparent manner to protect your privacy and your rights.

Nature of the data processed:

We process your personal data (for example: name and surnames, company name, tax code, VAT number, address, telephone number, e-mail, bank details) provided by you to us or in the public domain, necessary to perform contractual relationship, existing or future, with your company, and to achieve effective management of business relationships.

The data are processed without your consent according art. 6, paragraph 1, letters b), e) of the GDPR, and exclusively for the following Service Purposes: to subscribe contracts with the Data Controller, to fulfill the pre-contractual, contractual and tax obligations deriving from existing relations with you; to fulfill the obligations required by State law, regulations, Union law or Orders of competent Authorities; exercise the rights of the Data Controller, for example the right to defense in court.

We do not hold any of your personal data defined as “special categories” or relating to “criminal convictions and offences” referred to in Art. 9 and 10 of the GDPR.

Purpose and duration of the processing:

Your data are processed for the entire duration of the contract and further, to meet contractual requirements and to fulfill legal and tax obligations, to meet an effective management of financial and business relationship.

The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the business relationship.

Processing methods:

The processing of data, carried out by means of the operations indicated in Art. 4, paragraph 2) of the GDPR, will be performed with manual and / or computerized and telematic tools with organization and processing logic strictly related to the purposes themselves and in any case in order to guarantee the security, integrity and confidentiality of the data in compliance with the organizational, physical and logical measures required by the provisions of law and current regulations.

Obligation or right to give the data:

As regards your data that we need to know in order to fulfill the obligations required by laws and regulations, the absence of data on your part implies the impossibility of establishing or continuing the business relationship, within the limits in which such data are necessary for the execution of the same.

Knowledge of your data:

Your personal data will be made available for the purposes specified above:

– to employees and collaborators of the Data Controller in their capacity as persons who, under the direct authority of the Controller, are authorised to process personal data and have been on purpose informed and trained
– to third parties (e.g.: consultants) in their capacity as Data Processors.

Communication and dissemination:

Your personal data will not be disclosed by us to indeterminate subjects.

As far as their respective and specific competence is concerned, your data may be communicated by us to bodies and in general to any public or private entity, as well as to our consultants, in order to execute an obligation (or right recognized by law) or fulfill a need for communication, within the limits necessary to carry out their task at our organization, only upon our appointment of Data Processor imposing them the duty of confidentiality when processing your data.

Existence of an automated decision-making process, including profiling:

SACMAR S.R.L. does not adopt any automated decision-making process, including profiling, referred to in Art. 22, paragraph 1 and 4, of GDPR.

Your rights:

As data subject, you have the rights set forth in art. 15 of the GDPR and precisely the rights:

i. to obtain confirmation of the existence whether not of personal data concerning you, even if not yet recorded, and their communication in an intelligible and accessible form;

ii. to obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the data Controller, the data Processors and the designated Representative referred to in art. 3, paragraph 1, of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated Representative in the territory of the State or as Processor;

iii. to obtain: a) updating, rectification or integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment it proves impossible or involves a use of means manifestly disproportionate to the protected right;

iv. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, by email and / or through traditional marketing methods by telephone and / or paper mail.

Where applicable, you will also have the rights referred to in Articles 16 to 21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object).

We kindly ask you to promptly notify us of any changes to your personal data in order to comply with Art. 5 paragraph 1, letter d) of the GDPR, which requires that the data collected are accurate.

Data Controller:

The data controller is SACMAR S.R.L., with registered office in Settimo Milanese (MI) Via G. Keplero n.7, Italy, also attainable at

The updated list of Data Processors is kept at the registered office of the Data Controller.


The above mentioned document, published at, supplemented by the following information, constitutes the Privacy Policy of this site which may be updated anytime.

Data collection on the website:

This site makes use of log files in which information is collected automatically by Google Analytics during visits by users. The information collected can be the following: internet protocol (IP) address; type of browser and device parameters used to connect to the site; name of the Internet service provider (ISP); pages, date and time of visit; web page of origin of the visitor (referral); country of origin; the number of clicks.

The collection of data and information takes place for the following purposes: as aggregated and anonymous data only in order to verify the correct functioning of the site. None of this information is related to the physical person-user of the site, and they do not allow identification in any way; for security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or the profiling of the user, neither crossed with other data nor supplied to third parties, but used only for the protection of the site and its users; communicate the data to third parties who perform functions necessary or instrumental to the operation of the service, such as site maintenance.