NOTICE ON THE PROCESSING OF PERSONAL DATA

NOTICE ON THE PROCESSING OF PERSONAL DATA
Art. 13 Regulation EU 679/2016
Dear website User,
La San Marco S.p.a. (hereinafter also “La San Marco” or the “Company”) recognises the importance of personal data protection and regards their protection as one of the key priorities of its business.
We inform you that the personal data of the Users interacting with the website www.lasanmarco.com by submitting specific requests and information via the special form available in the “CONTACT” page of the website (“CONTACT FORM”) or by sending email communications to the addresses specified may be subject to processing in the terms set out below, in compliance with the principles of lawfulness, fairness, transparency, restriction of purposes and retention, data minimisation, accuracy, integrity and confidentiality envisaged by the applicable regulations.

1. Applicable regulations
Regulation (EU) 679/2016 – General Data Protection Regulation (“GDPR”) and Legislative Decree 196/2003 supplemented by Legislative Decree no. 101 of 10 August 2018 (“Data Protection Code”) – hereinafter, jointly, “Applicable Regulations”.

2. Data Controller
The Data Controller is La San Marco S.p.A., REA no. 45451, tax ID 00157550302 with registered office in Via Padre e Figlio Venuti, 10, 34072 Gradisca d’Isonzo (GO) – Italia, e-mail privacy@lasanmarco.com.

3. Purpose of the processing and consequences in case you refuse to provide your personal data
The Company shall process your Personal Data for the purposes of managing the website User’s request www.lasanmarco.com and, specifically, for the following purposes:
− the correct and complete management of your request via the Contact form available on the website or through other mail addresses of the Company;
− the creation of a personal account to access some pages reserved for registered users
− the fulfilment of legal and/or regulatory obligations or orders issued by the Authorities;
For the said purposes La San Marco shall process personal data (name, surname, etc.) and contact details (e-mail), and any other personal data supplied by you, in preparation for and/or connected to the acceptance and management of your request.
The provision of your Personal Data for the aforesaid purposes is a necessary requirement: your refusal would prevent us from accepting and managing your request.

4. Profiling and Dissemination of Personal Data
Your personal data shall not be subject to dissemination nor to any fully automated decision-making proc ess, including profiling.

5. Methods and Legal bases of the processing
The Company processes your personal data with and without the help of electronic means, based on logics and procedures that are consistent with the purposes stated above and in compliance with the Applicable Regulations, including the confidentiality and security profiles. In compliance with the Applicable Regulations, your personal data is used to update and correct the previously collected information. The Company processes your personal data based on the following legitimacy criteria:
− acceptance and management of your request;
− the fulfilment of legal obligations and/or orders issued by the Authorities;
− your consent, where applicable;
− the Company’s legitimate interest to protect its rights.

6. Communication of personal data to third parties
Your personal data may be accessed by our duly authorised personnel on the basis of necessity criteria and may be disclosed when the communication is required by law and applicable regulations with respect to legitimate third party recipients of the communications, such as authorities and public entities for the respective institutional purposes, including the police force.

7. Retention of personal data
Your data will be retained for the period of time required for the attainment of the purposes referred to in point 3) and, in any case, for a period not exceeding 12 months starting from the receipt of your request, except in cases where retention for a subsequent period is necessary for any disputes, requests by the competent authorities or in accordance with the law or regulation.

8. Rights of the data subject
The rights recognised to you as data subject under the Applicable Regulations include the rights to: i) ask the Company to access one’s personal data and the associated information (Art. 15, GDPR); the rectification of any inaccurate data or the supplementation of any incomplete data (Art. 16, GDPR); the erasure of one’s personal data (upon the occurrence of one of the conditions specified in Art. 17, no. 1 of GDPR and incompliance with the exceptions provided under no. 3 of the same article); the restriction of personal data processing (upon the occurrence of one of the cases indicated in Art. 18, no. 1 of GDPR); ii) request and obtain from the Company - in the cases whereby the legal basis of the processing is the consent and said consent is given with automated means - the personal data in a structured format that can be read by an automatic device, including with the purpose of disclosing such data to another data controller (Art. 20, GDPR); iii) object at any time against the processing of personal data upon the occurrence of specific situations affecting the data subject and in compliance with the provisions laid down in Art. 21, GDPR; iv) withdraw the consent at any time, limited to the cases whereby the processing is based on the consent for one or more specific purposes and concerns common personal data or special categories of data. The processing based on consent and carried out prior to the withdrawal thereof shall in any event retain its lawfulness (Art. 7, GDPR).
Exercise of the rights may take place by sending a request to the Company to the address Via Padre e Figlio Venuti 10 – 34072 Gradisca d’Isonzo (GO), or via e-mail to the address privacy@lasanmarco.com.
Moreover if the data subject believes that the processing of his/her personal data provided is in breach of the applicable regulations on the protection of personal data, the data subject has the right to lodge a complaint with the Personal Data Protection Authority (Art. 77, GDPR) or bring the matter to the competent courts (Art. 79, GDPR).
The exercise of the data subject’s rights provided for in articles 15, 16, 17, 18, 19, 20, 21 and 22 of GDPR may be delayed, restricted or excluded in the presence of certain conditions set forth in art. 2-undecies of the Data Protection Code.