Privacy notice pursuant to Articles 13-14 of EU Regulation no. 2016/679 (GDPR)
Date of preparation: 24 June 2026
1. Data Controller
SMC S.r.l.
Via Felino, 6 43044 Collecchio (PR)
Email: info@smcsmc.it
2. Types of data collected
During browsing the following data may be collected:
- Navigation data (IP, browser, pages visited, access time)
- Voluntarily provided data (name, email, message via form)
- Technical identifiers (cookies, session ID)
- Advertising identifiers (if analytics or advertising services are active)
3. Purposes and legal basis of processing
The table summarises the main processing purposes, categories of data, legal basis and retention criteria applicable to the website.
| Purpose | Data processed | Legal basis | Indicative retention |
|---|---|---|---|
| Technical operation of the website | browsing data, technical logs, IP address, session identifiers | controller's legitimate interest in security and proper operation; technical necessity to provide the requested service | for the time necessary for operation, security and maintenance |
| Replying to requests through forms or email | name, email, phone number, message content and other data voluntarily provided | pre-contractual measures or management of the data subject's request | for the time necessary to reply and manage follow-ups |
| External content and preferences | IP, browser technical data, interactions with third-party iframes or widgets | data subject's consent, except where content is strictly necessary for the requested service | until consent withdrawal or according to providers' retention periods |
Contact form
Legal basis: Art. 6(1)(b) GDPR — pre-contractual measures at the request of the data subject.
Form data (name, email, message) is processed to respond to the request. It is not publicly disclosed and may be processed by technical providers or authorised persons supporting the Controller in website and communication management, where necessary and under GDPR-compliant arrangements. Retention: 24 months from last contact.
4. Third-party services
The website uses the following third-party services that may process data on behalf of or independently from the Controller:
Google Maps — Google Ireland Limited / Google LLC
Embedded geographic maps. Data: IP, map interactions. Legal basis: Art. 6(1)(a) GDPR (consent). Extra-EU transfer. Privacy Policy
5. Transfer of data outside the EU
Some providers transfer data outside the EU with the following safeguards:
- European Commission adequacy decisions (Art. 45 GDPR)
- Standard contractual clauses (Art. 46 GDPR)
- EU-US Data Privacy Framework, where applicable
6. Data retention
Personal data is retained for the following periods:
- Navigation data and technical logs: 12 months
- Contact data (form): 24 months from last contact
- Account registration data: until deletion or user request
- Tax/billing data (e-commerce): 10 years due to legal obligations
- Third-party cookies: according to the respective provider policy
7. Data security and data breach
The Controller adopts adequate technical and organisational measures (Art. 32 GDPR). In the event of a data breach with risk for data subjects, the Controller notifies the supervisory authority within 72 hours (Art. 33 GDPR) and, where necessary, the data subjects (Art. 34 GDPR).
8. Rights of the data subject
Pursuant to Arts. 15-22 GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure — right to be forgotten (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time (Art. 7)
To exercise your rights: info@smcsmc.it
9. Supervisory authority
You may lodge a complaint with the competent supervisory authority:
In Italy: Garante per la Protezione dei Dati Personali — www.garanteprivacy.it
10. Definitions
- Personal data
- Any information identifying a natural person (Art. 4 no. 1 GDPR)
- Data Controller
- Entity determining purposes and means of processing (Art. 4 no. 7 GDPR)
- Data Processor
- Entity processing data on behalf of the Controller (Art. 28 GDPR)
- Data subject
- The natural person to whom the data relates (Art. 4 no. 1 GDPR)
- Processing
- Any operation on personal data (Art. 4 no. 2 GDPR)
- Consent
- Freely given, specific, informed indication of agreement (Art. 4 no. 11 GDPR)
- Data breach
- Security breach leading to loss or unauthorised access to data (Art. 4 no. 12 GDPR)
11. Changes to this policy
This policy may be updated at any time. The date shown at the top indicates the current version.
For cookie details please refer to the Cookie Policy.