PERSONAL DATA PROCESSING POLICY
ACCORDING TO ART. 13-14 OF THE GDPR
(GENERAL DATA PROTECTION REGULATION) 2016/679
The undersigned Company announces that for the management of the existing commercial relations with you in place, it is owning your “Personal” data pursuant to and for the purposes of the Code regarding the protection of personal data (Legislative Decree 196/2003) and subsequent amendments and of the EU Regulation 2016/679 (“GDPR”).
And therefore informs you that:
- CONTACTS OF THE HOLDER
The Data Controller personal data is NSI S.R.L. in the person of the pro tempore legal representative, with registered office in Brescia, Via Vittorio Emanuele II,1 who can be contacted by post at this same address or by email on the email address [email protected], or by PEC at the PEC address nsisocietasrluni[email protected] or by phone on the number +39 335 360404.
- PURPOSE OF THE PROCESSING
Your personal data are being processed:
without your expressed consent (art. 24 letters. a), b), c) Privacy Code and article. 6 letter b), e) GDPR), for the following Service Purposes:
– to conclude the contracts for the services of the Data Controller;
– to fulfill the pre-contractual, contractual, and tax obligations deriving from existing relationships with you;
– to fulfill the obligations established by law, by a regulation, by community legislation, or by an order of the Authority (such as in the field of anti-money laundering);
– to exercise the rights of the owner, for example, the right to defend in court;
- PROCESSING METHOD
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Your personal data are subjected to both paper and electronic processing.
Your data may be made accessible for the purposes referred to in art. 2. A) and 2. B):
- to previously authorized employees, collaborators, and agents of the Data Controller
- system administrators;
- to third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc..) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external managers of the treatment.
- companies operating in the transportation sector;
Data communication Without the need for expressed consent (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2. A) to Supervisory Bodies (such as IVASS), Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is required by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers.
Your information will not be disclosed.
- NATURE OF DATA CONFERENCE AND CONSEQUENCES OF REFUSAL TO RESPOND
The provision of data for the purposes referred to in art. 2. A) is mandatory. In their absence, we will not be able to guarantee the services of the art. 2. A).
The provision of data for the purposes referred to in art. 2. B) is optional.
You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications, and advertising material relating to the Services offered by the Data Controller. However, you will continue to be entitled to the services referred to in art. 2. A)
- STORAGE TIME
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for the Marketing Purposes.
- PLACE OF DATA PROCESSING
The data are currently processed and stored at the registered office in Brescia, Via Vittorio Emanuele II n1. They are also processed, on behalf of the undersigned, by professionals and / or companies appointed to carry out accounting-administrative and labor consultancy activities, as indicated above.
- RIGHTS OF THE INTERESTED PARTY
As the interested party, you have the opportunity to exercise all the rights recognized and guaranteed by art. 7 and ss. of the Privacy Code and the new provisions of the European General Regulation 679/16 (so-called GDPR), you will have in particular the right to obtain at any time:
- confirmation of the existence or not of the processing of personal data that concern you and, if so, to obtain access to personal data as well as to information on the categories of the personal data processed, on the recipients or categories of recipients to whom the personal data are or will be communicated, on the estimated storage period , on the existence of the right to request correction, cancellation or limitation of processing, on the right to lodge a complaint with a supervisory authority, on the existence of a decision-making process automated, including profiling;
- the immediate correction of inaccurate personal data and the integration of incomplete personal data;
- the immediate cancellation of personal data concerning you when consent is revoked, or are no longer necessary for the purposes for which they were collected or otherwise processed or the legal basis for the processing has ceased, have been unlawfully processed or this obligation is required by law or by judicial authorities;
- the limitation of the processing of personal data concerning you in case of a dispute on the accuracy of the same or the processing is unlawful or although the Company no longer needs it for the purposes of the processing, the personal data are still necessary for the assessment, exercise or the defense of a right in court;
- the personal data concerning you provided to the Company in a structured format, commonly used and readable by an automatic device and to transmit such data to another data controller without impediments by the Company, if the processing is carried out by automated means. If technically feasible, you also have the right to obtain the direct transmission (so-called “data portability”) of your personal data from the Company to another data controller;
- the removal of the consent provided for the processing of sensitive data.
In addition to the aforementioned rights, the Data Subject always has the right to lodge a complaint for any matter regarding the processing of their personal data before the Personal Data Protection Authority.
The rights mentioned above may be exercised by sending a written request or by e-mail to the Company using the contacts provided in point 1 of this information.
The company will take care to inform you if it intends to further process the data you have provided for any purpose other than that for which it was collected.
Brescia, 25 maggio 2018
The Processing Data Controller
European legislation on the protection of personal data (GDPR – General Data Protection Regulation, EU Reg. 2016/679).
The processing of your personal data (when requested) is carried out by NSI SRL on the basis of EU REGULATION 2016/679 GDPR.
Your privacy is a priority for us who constantly strive to protect it, in line with the values we pursue. We collect your personal information because it helps us to offer you a higher level of performance: they allow us to provide you with practical access to our products and services, to focus on the categories that interest you most and finally to keep you updated on our latest products, special offers, and events of possible utility.
In accordance with the commitment and care that NSI SRL dedicates to the protection of personal data, we inform you about the methods, purposes, and scope of communication and dissemination of your personal data and your rights, in accordance with Art. 13 of the GDPR.
1. Data controller and methods of treatment.
The Data Controller is NSI SRL with registered office at Via Vittorio Emanuele II, 1, 25122 Brescia, Italy to which the interested party may, at any time, contact for the exercise of the rights referred to in EU Regulation 2016/679 (so-called GDPR).
Personal data will be processed with automatic and/or manual procedures for the purposes specified above which, as mentioned, can be exclusive of a commercial, fiscal, administrative and information nature, in line with contractual requirements, with the fulfillment of all obligations. legal that derive from it and with the will to arrive at more effective management of commercial relations. In order to improve our service to you, the information you provide us will, therefore, be used to communicate news, offers, and promotions of your interest, unless you express your will to oppose this treatment.
2. Purpose and legal basis of the processing
NSI SRL processes the personal data of natural persons, legal persons, individual companies and / or freelancers (“Interested”) for the following purposes:
for the management, provision of the various services and for the relative assistance;
for the processing of statistical and market analyses;
for sending communications relating to services and initiatives proposed by the site operator;
for sending information relating to business-to-business and business-to-consumer services and any promotions and / or services presented on the site.
3. Persons authorized to process
The data are processed not only by NSI SRL and by all its collaborators, but also by external companies and partners committed to providing and guaranteeing the continuity of services and managing information systems. The subjects may also be partner companies or companies attributable to the group, as well as management companies of the marketing platforms and systems connected to the management of the information acquired. All those who can get in touch for shipping, accounting, financial, administrative and legal activities are authorized subjects.
4. Non-personal and aggregate technical navigation data collected
The computer systems for the use of this website acquire some data that cannot be properly defined as personal, whose transmission is however implicit in the use of internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. Among these data, IP addresses are the only data which, although not associated with directly identified interested parties, can by its very nature, through processing and association with data held by third parties, allow users to be identified. Where possible our company, as required by law, has prepared anonymization and masking in the collection of the IP address as specified below. However, the data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site, except for this possibility, at present the data of the web IP do not persist for more than 3 months.
5. Consent and type of data processed voluntarily provided by the user
The consent to the processing of data is freely and voluntarily provided by the user through the web forms through specific approval for the various purposes and recorded for verification by the authorities or for a request by the interested party. The interested party has the right to withdraw his consent at any time. Consent can also be requested in writing if particular actions require it, otherwise what is expressed in the IT methods described above applies. The data are those provided, also collected as an addition to previously collected data in order to keep them up to date.
6. Cookies and profiling and tracking data
For the extended information on the use of technical and profiling/tracking cookies for marketing purposes, please refer to the extended privacy at the following link https://www.nsimplant.it/privacy-policy/
7. Purpose of data processing
The data is collected for the purposes of providing the services, for the processing of requests received, for marketing communications or for any analyzes and for the transfer to authorized third parties. All the authorizations requested are diversified by type of purpose in the various collection modules, with a clear indication of the data processed and their purposes. Each type of data processing collected requires specific authorization based on the purpose expressed above. The authorization requests differ, in the collection phase, according to the different purposes of data processing as specified below:
A. Processing of mandatory data for the provision of the service. [obligatory]
This is a mandatory consent to allow us to provide the requested services. By processing, we can also mean the transfer of data to third-party companies for purposes of managing information and providing services in order to guarantee greater security and control over the data and activities covered by the services provided. It also includes communications about the various needs related to the provision of services such as sending deadlines, payments, invoices, technical and service communications, notices and information on the status of systems, sending service notes, data recovery in case of accidental loss, backup. The withdrawal of the authorization, although possible, prevents the possibility of further providing the service. The data can also be transferred to third parties residing outside the European Union in the condition provided for in article no. 27 paragraph 2 paragraph (a), in which the establishment of a DPO (Data Protection Officer) or representative of the treatment is not envisaged.
B. Treatment for marketing purposes. [optional]
It concerns an optional consent on marketing purposes related to products and/or services purchased or of interest. It provides for the authorization to send emails, SMS, and communications also via other IT and paper means of advertising. The data will be processed internally for communications by NSI SRL about the activities expressed above. The data could be transferred and/or provided to third-party companies or external interested parties both for the management of the communications themselves and for related marketing, investigation and/or survey activities, and for further purposes. Processing by third-party companies may concern activities aimed at helping the management of improvement analyzes on performances and conversions. At any time it is possible to withdraw or rectify the consent.
8. Methods and duration of data processing
The data are collected in full compliance with current legislation. In particular, the collection phase of the same takes place through encryption with SSL security certificate. The data are stored on cloud storage with backup and redundancy and kept for the period necessary for the provision of the related services and activities. The disks on which the data is stored are encrypted. The data processed may be periodically checked for correctness. In these cases, the interested party will receive communication of adjustment of his data present in our archives. Physical access to servers is protected with anti-intrusion systems and access control to data rooms. The data are also geographically replicated for greater protection from accidental cancellation due to natural disasters or physical thefts of the same. There is a register of the logs of the data and consents provided and of the authorizations granted during the insertion and management of data and information related to these authorizations. The aim is to quickly identify the activities related to the data management of the individual users concerned. The data is stored securely and any unauthorized access is limited to a minimum with the implementation of all the security activities required by the technology. In any case of access, the data subjects will be promptly informed and the data, in the case of accidental cancellations, immediately restored.
9. Rights of the interested party regarding the processing of data
The interested party can at any time request the correction, integration or total cancellation of the data. These requests can be made directly to the contact details on the website www.nsimplant.it. The interested party may also request the revocation of authorizations for the processing for different purposes. If the revocation concerns the mandatory purpose of data processing for the provision of services, the same can no longer be provided and can be suspended without refunds. It is possible to request, always in accordance with the provisions of the legislation, a copy of the data processed and the purposes of the processing. You can start a complaint at [email protected] or directly to the Guarantor of Personal Data or one of the supervisory authorities in the event of defaults that go against what is provided for by the GDPR legislation.
All data entered on the site through the forms, managed and processed for the purposes required for quotes, assistance, newsletters and in general contact, also sent by email on or domains of our company or attributable to it, or through third party systems and in any case sent to us, are processed in compliance with the legislation of the Privacy Guarantor of the EU regulation 2016/679 GDPR for the processing of personal data.