PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA [Art. 13 and 14 Reg. (EU) 2016/679]
Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
In compliance with the principle of transparency laid down by Regulation (EU) No. 2016/679 (hereinafter “Regulation”), we wish to inform you, as the data subject, that the processing of your personal data is carried out in accordance with the conditions set out below.
1. Data Controller and Contact Details
Pursuant to Art. 4 of the Regulation, the Data Controller is NICOLLI S.r.l., with registered office at Via del Progresso, 26 – 36064 Colceresa (VI), reachable at the following contacts: Telephone: +39 0424 411112 Email: nicolli@nicolli.it
2. Categories of Data, Purposes and Nature of Processing
Navigation Data
The IT systems and software procedures supporting the operation of the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. These are information not collected to be associated with identified data subjects, but which may, by their very nature, through processing and associations with data held by third parties, allow users to be identified. This category includes IP addresses or domain names of the computers used by users connecting to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numeric code indicating the status of the server’s response (success, error, etc.) and other parameters relating to the user’s operating system and IT environment.
These data are used in order to:
- derive anonymous statistical information on the use of the site;
- manage monitoring needs of how the site is used, identify anomalies and/or abuses;
- ascertain responsibility in case of hypothetical computer crimes against the site or third parties.
This processing is based on the legitimate interest of the Data Controller to make the site’s functionalities available following user access, as well as to prevent and/or detect any fraudulent activities committed through the Site and to protect itself in legal proceedings (Art. 6(1)(f) of the Regulation).
Data Provided by the User
Collection of personal data from users may occur voluntarily by filling in the forms available on the site. This involves the collection, by the Data Controller, of the sender’s email address—which is necessary to reply to requests—as well as any other personal data requested or voluntarily provided in the communication.
The personal data collected in this way will be used by the Data Controller solely in order to provide the information and/or services requested through the website and any subsequent related communications. For this purpose, common personal data such as name, address, email address and telephone number are processed.
Customer and Supplier Data
The personal data processed will be those you provided, in writing or verbally, for the following purposes: a) to perform pre-contractual and contractual obligations with consequent inclusion in the company databases used for contract management and monitoring; b) to comply with national or Union legal obligations (including fiscal and accounting requirements); c) to pursue the legitimate interest of the Data Controller or third parties.
With regard to purpose (a), processing may be carried out without your consent as it is necessary for the performance of a contract to which you are party or for pre-contractual measures taken at your request.
With regard to purpose (b), processing may be carried out without your consent as it is necessary to comply with a legal obligation.
With regard to purpose (c), processing may be carried out without your consent as it is necessary for the pursuit of the legitimate interest of the Data Controller or third parties, provided that such interest does not override your rights and fundamental freedoms.
Providing such data is optional, but refusal will make it impossible for the Data Controller to provide the requested service.
3. Recipients of Personal Data
Your data may be made accessible to persons (employees and collaborators) expressly authorized and trained by the Data Controller. The personal data collected may be communicated, within the strictly relevant limits for the purposes and tasks indicated above, to:
- third parties (natural or legal persons) specifically authorized or appointed as Data Processors, or, where applicable, as autonomous Data Controllers, providing assistance and consultancy to the Data Controller and/or performing services connected to the execution of the stated purposes;
- parties to whom communication is required by current legislation (public authorities, supervisory bodies, judicial authorities);
- credit institutions and insurance companies.
The Data Controller undertakes to entrust data exclusively to entities that, by virtue of their technological profile, experience, capacity and reliability, provide adequate guarantees for full compliance with the Regulation, with particular regard to data security and respect for the data subject’s fundamental rights and freedoms.
The list of Data Processors of the data you have provided will be made available upon request to the Data Controller. Your personal data will not be disclosed or transferred to countries outside the European Economic Area.
4. Data Retention Period
All data will be retained for the time necessary to fulfill any obligations, including fiscal or accounting obligations, connected or arising from the specific service requested, in accordance with Art. 5(1)(e) of the Regulation.
5. Methods of Data Processing
The processing of your personal data will be carried out in accordance with the principles of lawfulness, fairness and transparency, safeguarding your confidentiality and rights. The Data Controller also undertakes to process your data in compliance with the principle of data minimization, acquiring and processing only the data necessary for the declared purposes. Such data will be stored on IT systems, on paper and on any other suitable medium, in compliance with the Regulation, so as to ensure an adequate level of security appropriate to the risk of processing (Art. 32 of the Regulation).
6. Rights of the Data Subject
You are informed that you have the right to request from the Data Controller: access to your data (Art. 15), rectification of data (Art. 16), erasure of data (Art. 17), restriction of processing (Art. 18). You also have the right to object to data processing (Art. 21) and to data portability (Art. 20).
You have the right to lodge a complaint with a supervisory authority if you believe your data has been processed in violation of applicable law, and the right to withdraw any consent given at any time, without affecting the lawfulness of processing carried out before withdrawal. You may exercise your rights at any time by contacting the Data Controller or by sending an email to the contacts indicated in section 1.