Privacy notice regarding the processing of personal data pursuant to Art. 13 of Regulation EU n.679/2016 on the protection of natural persons with regard to the processing of personal data (GDPR)
1. DATA CONTROLLER
NUIZ S.r.l., with registered offices in Vicolo del Campanile 6, 33170 Pordenone, VAT n. 01873210932, as the Data Controller (hereinafter referred to as the “Data Controller” or “Company”) guarantees the utmost confidentiality in the processing of personal data belonging to Data Subjects, in accordance with the provisions of current legislation on the protection of personal data.
The Data Controller may be contacted for any matters concerning the processing of your personal data, at the following addresses:
- e-mail: firstname.lastname@example.org
- recorded delivery letter addressed to NUIZ S.r.l., Vicolo del Campanile 6, 33170 Pordenone – Italia.
Specific security measures are observed in order to prevent the loss of data, illegal or prohibited use and unauthorised access.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website, the filling in of information and contact request forms, registrations and/or newsletters involves the subsequent acquisition of the sender's address, which is required to reply to requests, as well as any other personal data entered for the requested service.
For all information concerning: the purposes of processing, processing methods and data retention times, please refer to the specific information provided in each case and read the information contained in this document.
2. PURPOSE OF PROCESSING AND LEGAL BASIS
Purpose and legal basis of processing the personal data provided by the user.
The personal data of the data subject will be processed for purposes strictly related to the purchase of a product. More specifically:
- for the management and execution of the contractual relationship and related obligations;
- for the fulfilment of obligations provided for by laws, regulations, EU legislation, as well as instructions prepared by authorities and supervisory bodies.
The legal basis of processing is identified in the establishment, execution and eventual termination of the purchase agreement stipulated between you and the Company, and in the obligations of the same agreement connected and/or deriving directly and/or indirectly from it. Hence, pursuant to Art. 6, section 1, letter b of the above-mentioned Regulations, your prior and specific consent is not required for processing.
Nature of the provision of data and consequences of refusal to respond.
The Data Controller processes personal data required for the purchase of the product i.e. name and surname, contact data such as e-mail address, mobile phone number and address of place of residence or domicile.
The provision of data is optional. Nevertheless, failure to provide the requested data may make it impossible to establish or continue, in whole or in part, the contractual relationship and to reply to requests for the provision of services.
Data processing methods and data retention period
Processing will be carried out by appropriate means to ensure the security and confidentiality of the data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the Regulation. Processing may also be carried out using automated tools designed to store, manage or transmit data.
The processing of your personal data is carried out by means of the operations specified in Art. 4, n. 2) of the Regulation, which you may refer to for any useful purpose.
Personal data, together with any information related to the order, will be kept for the time required to provide assistance and support in the event of the return of goods and/or for solving any problem related to the order, and, in general, for the management and execution of the contractual relationship and the related fulfilment of the obligations provided for by laws, regulations, EU regulations, as well as instructions prepared by authorities and supervisory bodies.
3. SCOPE OF KNOWLEDGE AND DATA COMMUNICATION
For the afore-mentioned purposes, your data may be made accessible to the following persons:
- The Data Controller’s staff authorised to process data in accordance with Article 29 of the Regulation;
- Third parties who perform outsourced activities on behalf of the Data Controller (for example: professional studios, consultants and/or external system administrators for the time strictly required for the optimal performance of such service). If necessary, they will process data in their capacity as Data Processors pursuant to Article 28 of the Regulation. They are suitably appointed by means of a specific deed of appointment, indicating the processing methods and security measures that they will have to adopt for the management and retention of the personal data for which the Company is the Data Controller.
Without your explicit consent (ex Art. 6, letters b) and c) of the Regulation), the Data Controller may communicate your data for the purposes referred to in Art. 1 to judicial authorities and to all other subjects to whom the communication is mandatory by law in order to fulfil the above-mentioned purposes. The complete list of persons to whom your personal data has been or may be communicated is at your disposal upon your request to be made to the e-mail address: email@example.com.
4. DATA TRANSFER ABROAD
The management and retention of personal data pertaining to the Data Controller and/or third-party companies assigned and duly appointed as Data Processors, will take place on servers, located within the European Union.
Data are not currently subject to transfer outside the European Union. In any case, it must be understood that the Data Controller, if necessary, will have the right to move the location of the servers within the European Union and/or to non-EU countries. In such cases, the Data Controller will ensure from then on that the transfer of Extra-EU data will take place in accordance with Articles 44 ff. of the Regulation and with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an appropriate level of protection.
5. RIGHTS OF THE DATA SUBJECT
The parties to whom the personal data refer may at any time exercise their rights under Articles 15 to 22 of the GDPR. More specifically:
The Data Subject may obtain, from the Data Controller, confirmation as to whether or not personal data concerning him/her exist, and in this case, access the following information:
- Purposes of data processing;
- Categories of personal data processed;
- Recipients or categories of recipients to whom personal data have been or will be disclosed, in particular if they are recipients from non-EU countries or international organisations;
- The intended period of retention of personal data or, if that is not available, the criteria used to determine that period;
- If the data are not collected from the data subject, all available information on their origin;
- The existence of an automated decision-making process and, in such cases, relevant information on the logic used and the importance and expected consequences of such processing for the Data Subject;
- The existence of adequate safeguards pursuant to Article 46 regarding transfer to non-EU countries or international organisations.
In addition, the Data Subject has the right to:
- Obtain the updating, amendment or integration of his/her data, cancellation, within the legal time limits, or requesting that they be made anonymous, the limitation of processing, and the right to oppose, in whole or in part, for legitimate reasons, the processing of his/her personal data;
- Obtain the portability of electronically processed data, provided on the basis of consent or agreement;
- Withdraw consent, where applicable, without prejudice to the lawfulness of the processing based on consent before withdrawal;
- Submit a complaint to a Control Authority (in this case, the Italian Data Protection Authority).
At any time, the Data Subject may exercise his/her rights in the following ways:
- by e-mail to firstname.lastname@example.org
- recorded delivery letter addressed to NUIZ S.r.l., Vicolo del Campanile 6, 33170 Pordenone – Italy.
The Data Controller will provide information on the action taken with regard to the request pursuant to Articles 15 to 22 without undue delay and, in any case, at the latest within one month of receipt of the request. This period may be extended by two months if required, taking into account the complexity and number of requests. The Data Controller will inform the Data Subject of this extension, and of the reasons for the delay, within one month of receipt of the request.
6. AMENDMENTS TO THIS DOCUMENT
This document may be subject to changes. We therefore recommend that you check this document regularly and refer to the latest version.
Current version: 8 July 2020.