Privacy notice

Privacy Policy

Information document on the processing of personal data under Regulation (EU) 2016/679 (GDPR).

Website / companySMC
Last updated24 June 2026

Privacy notice pursuant to Articles 13-14 of EU Regulation no. 2016/679 (GDPR)

Date of preparation: 24 June 2026

1. Data Controller

SMC S.r.l.
Via Felino, 6 43044 Collecchio (PR)
Email: info@smcsmc.it

2. Types of data collected

During browsing the following data may be collected:

  • Navigation data (IP, browser, pages visited, access time)
  • Voluntarily provided data (name, email, message via form)
  • Technical identifiers (cookies, session ID)
  • Advertising identifiers (if analytics or advertising services are active)

The table summarises the main processing purposes, categories of data, legal basis and retention criteria applicable to the website.

PurposeData processedLegal basisIndicative retention
Technical operation of the websitebrowsing data, technical logs, IP address, session identifierscontroller's legitimate interest in security and proper operation; technical necessity to provide the requested servicefor the time necessary for operation, security and maintenance
Replying to requests through forms or emailname, email, phone number, message content and other data voluntarily providedpre-contractual measures or management of the data subject's requestfor the time necessary to reply and manage follow-ups
External content and preferencesIP, browser technical data, interactions with third-party iframes or widgetsdata subject's consent, except where content is strictly necessary for the requested serviceuntil consent withdrawal or according to providers' retention periods

Contact form

Legal basis: Art. 6(1)(b) GDPR — pre-contractual measures at the request of the data subject.

Form data (name, email, message) is processed to respond to the request. It is not publicly disclosed and may be processed by technical providers or authorised persons supporting the Controller in website and communication management, where necessary and under GDPR-compliant arrangements. Retention: 24 months from last contact.

4. Third-party services

The website uses the following third-party services that may process data on behalf of or independently from the Controller:

Google Maps — Google Ireland Limited / Google LLC

Embedded geographic maps. Data: IP, map interactions. Legal basis: Art. 6(1)(a) GDPR (consent). Extra-EU transfer. Privacy Policy

5. Transfer of data outside the EU

Some providers transfer data outside the EU with the following safeguards:

  • European Commission adequacy decisions (Art. 45 GDPR)
  • Standard contractual clauses (Art. 46 GDPR)
  • EU-US Data Privacy Framework, where applicable

6. Data retention

Personal data is retained for the following periods:

  • Navigation data and technical logs: 12 months
  • Contact data (form): 24 months from last contact
  • Account registration data: until deletion or user request
  • Tax/billing data (e-commerce): 10 years due to legal obligations
  • Third-party cookies: according to the respective provider policy

7. Data security and data breach

The Controller adopts adequate technical and organisational measures (Art. 32 GDPR). In the event of a data breach with risk for data subjects, the Controller notifies the supervisory authority within 72 hours (Art. 33 GDPR) and, where necessary, the data subjects (Art. 34 GDPR).

8. Rights of the data subject

Pursuant to Arts. 15-22 GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure — right to be forgotten (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7)

To exercise your rights: info@smcsmc.it

9. Supervisory authority

You may lodge a complaint with the competent supervisory authority:

In Italy: Garante per la Protezione dei Dati Personali — www.garanteprivacy.it

10. Definitions

Personal data
Any information identifying a natural person (Art. 4 no. 1 GDPR)
Data Controller
Entity determining purposes and means of processing (Art. 4 no. 7 GDPR)
Data Processor
Entity processing data on behalf of the Controller (Art. 28 GDPR)
Data subject
The natural person to whom the data relates (Art. 4 no. 1 GDPR)
Processing
Any operation on personal data (Art. 4 no. 2 GDPR)
Consent
Freely given, specific, informed indication of agreement (Art. 4 no. 11 GDPR)
Data breach
Security breach leading to loss or unauthorised access to data (Art. 4 no. 12 GDPR)

11. Changes to this policy

This policy may be updated at any time. The date shown at the top indicates the current version.

For cookie details please refer to the Cookie Policy.