Privacy policy (GDPR EU 2016/679)

Last updated: April 2026 — Data controller: LC GROUP S.R.L., Italy

This notice describes how we process personal data when you visit the StampaExpert portal, register as a customer, submit a supplier application or contact us, in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Italian legislation (including Legislative Decree 196/2003 as amended and, where relevant, the Privacy Code and cookie rules).

1. Data controller

LC GROUP S.R.L. — contact details as published on the Portal (registered office, email, PEC where applicable). You may contact us for privacy matters at the addresses indicated on the “Contacts” page.

2. Categories of data

We may process: identification and contact data (name, company, email, telephone, address); tax / billing identifiers for B2B (e.g. VAT, tax code where required); account credentials (hashed password); technical and usage data (IP address, browser, logs, cookies and similar technologies); content of messages you send us; and data necessary to manage quotations, orders and after-sales.

3. Purposes and legal bases

• Portal registration and contract / pre-contractual steps (Art. 6(1)(b) GDPR): creating and managing your account, B2B verification, responding to quote requests.
• Legal obligations (Art. 6(1)(c) GDPR): accounting, tax, anti-fraud where applicable.
• Legitimate interests (Art. 6(1)(f) GDPR): IT security, abuse prevention, improvement of the service, internal statistics in aggregated form.
• Marketing (Art. 6(1)(a) GDPR): only if you give separate optional consent (e.g. newsletter); you may withdraw consent at any time.

4. Supplier applications

If you apply to become a supplier, we process the data you provide to evaluate the application and, if relevant, to start a business relationship. Legal basis: pre-contractual measures and legitimate interest in managing the supply chain (Art. 6(1)(b) and (f) GDPR), subject to balancing your rights.

5. Recipients and transfers

Data may be processed by authorised personnel and by processors (e.g. hosting, email, IT support) bound by contract under Art. 28 GDPR. If processors or servers are located outside the EEA, we adopt appropriate safeguards (e.g. Standard Contractual Clauses) as required by Chapter V GDPR.

6. Retention

We retain data for the time necessary to fulfil the purposes above and legal obligations (e.g. accounting records). Account and commercial data are kept according to statutory limitation periods and business needs, then deleted or anonymised where possible.

7. Your rights

Under GDPR you may request: access, rectification, erasure, restriction, portability (where applicable), objection to processing based on legitimate interest, and withdrawal of consent for marketing. You may lodge a complaint with the Italian Data Protection Authority (Garante privacy) or your local EU supervisory authority.

8. Cookies and similar technologies

We use cookies or similar tools where necessary for the operation of the Portal (technical cookies) and, if configured, for analytics or preferences. Further details on types, duration and how to manage preferences can be provided in a dedicated cookie notice or settings area aligned with the ePrivacy Directive and national guidelines.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration, in line with Art. 32 GDPR.

This notice does not replace legal advice. For specific processing (payroll, special categories of data, etc.) additional information may be required.