Privacy Policy

Privacy Policy

according to art. 13 General Data Protection Rules of UE 2016/679 (GDPR)

Sacto S.r.l. (Tax Code / VAT number 02499790968) with registered office in 20900 - Monza (MB), Via Valcava n. 15, as Data Controller pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter also "GDPR" or "legislation"), recognizes the importance of the fundamental right to the protection of individuals with regard to processing of personal data. Therefore, by virtue of the aforementioned legislation, the processing of the personal data of the interested parties will be carried out and protected according to the principles of lawfulness, correctness, transparency, purpose limitation, data minimization, accuracy, limitation of conservation, integrity, confidentiality, accountability and, in any case, in compliance with the provisions of the GDPR.



The Data Controller, i.e. the person who determines the purposes and means of the processing of personal data, is Sacto S.r.l. (Tax Code / VAT number 02499790968), in the person of the pro tempore legal representative, with registered office in 20900 - Monza (MB), Via Valcava n. 15. 

The Data Controller can be contacted at the following e-mail address:


The personal data acquired through the site (personal data; contact data) will be processed, in accordance with the GDPR, for the following purposes:

  1. view the products that can be purchased through the website and their prices;

  1. for the provision of services, including responses to requests from interested parties and users; on this point, it should be noted that the optional, explicit and voluntary sending of e-mails, through the "Contacts" section, by its very nature entails the subsequent acquisition of the sender's e-mail address;

  2. send commercial and promotional communications (by ordinary mail, e-mail or other electronic means) on products, services, offers, promotions and news related to Sacto S.r.l.

The data acquired through the site are processed to allow the registration and subsequent viewing of the products and related prices on the site as well as for the fulfillment of legal obligations to which the data controller is subject (Article 6.1.b GDPR and Article 6.1.c. GDPR).

The acquired data, with prior consent, may be used for sending commercial and promotional communications, including through the use of automated systems by sending e-mails or other similar electronic communication technologies (Article 6.1.a GDPR). It is possible to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.


The data will be accessed only by authorized subjects duly instructed pursuant to art. 29 GDPR and 2-quaterdecies of the Code for the protection of personal data (by way of example, personnel and collaborators). The data will be further accessed by third parties appropriately designated "Data Processors" pursuant to art. 28 GDPR and equipped with suitable legal guarantees.

It is understood that the personal data of the interested parties may be freely disclosed to third parties, such as law enforcement agencies, whenever this is permitted by law or required by an order or provision of a competent authority.


The personal data of the interested parties will be kept for the duration necessary to achieve the purposes referred to in point 2), as well as for the time in which the Data Controller is subject to conservation obligations for administrative, fiscal and / or accounting purposes in compliance with civil and fiscal obligations or for other purposes imposed by law and by mandatory regulations, both national and European.

It should be noted that specific security measures are observed to prevent the loss of personal data, illicit or incorrect use of the same and unauthorized access, in accordance with the provisions of the GDPR.

Furthermore, in order to ensure that personal data are always accurate, updated, complete and relevant, we invite you to report any changes to the e-mail address


Interested parties may exercise at any time, if the legal requirements are met, by contacting the Data Controller at the e-mail address, the following rights recognized by the GDPR:

  1. request and obtain the confirm that a process on owns personal data are not current;

  2. if processing is in progress, request and obtain access to personal data;

  3. request and obtain, without any delay, amendment of incorrect personal data as well as the integration of any incomplete data;

  4. obtain the erasure, without any delay, according to and in occasion of the condition provided by the art. 17 paragraph 1 of GDPR, notwithstanding the provision of art. 17, paragraph 3 of GDPR;chiedere ed ottenere, nelle ipotesi previste dall’art. 18, paragrafo 1, GDPR, la limitazione di trattamento dei propri dati personali;

  5. obtain, under request, the limitation of collection and processing of personal data, according to the condition provided by the art. 18, paragraph 1, GDPR;

  6. makes relevant and reasoned objection, at any time, to the processing of owns personal data when particular situations are met. Specifically, in case of objection, personal data will no longer under processing, notwithstanding the existence of legitimate motivation or obligation prevailing on recipient’s interests, rights and freedom, or in case of judicial exercise of controller’s right;

  7. obtain the portability of personal data concerning them, i.e. the right to receive them from the Data Controller in a structured format, commonly used and readable by an automatic device and request their transmission to another Data Controller, without impediments;

  8. in the event that consent is required for the processing of personal data, revoke the consent already given, limited to the cases in which the processing is based on the consent of the interested parties for one or more specific purposes or in the case of the processing of particular categories of data (e.g. data revealing racial origin, political opinions, religious beliefs, health or sex life, etc.). The treatment based on consent and carried out prior to the revocation of the same does not affect and, therefore, retains its lawfulness.

In any case, we ask you not to send or communicate c.d. “particular data” through the site or by any other means. By "particular data" we mean, pursuant to the GDPR, any data suitable for revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.

Furthermore, interested parties can lodge a complaint with the Supervisory Authority (Authority for the protection of personal data), in the event that they believe that their rights under the GDPR have been violated, according to the methods indicated on the website of the Guarantor itself, accessible at


The provision of personal data is mandatory for the purposes referred to in point 2), lett. a) and b) and failure to provide such data will make it impossible to provide the requested services.

The provision of personal data is optional for the purposes referred to in point 2), lett. c) and failure to communicate such data makes it impossible to send commercial communications.