A PROCESSING NOTICE IN ACCORDANCE WITH EU REGULATION 679/2016
Nemesis Srl, with registered offices at Via Giuseppe Mengoni no. 4, 20121 Milan and business premises at Corso Mazzini, 84/5 31044 Montebelluna (TV), VAT no. 04612670267, (hereinafter the "Data Controller"), as data controller, informs you in accordance with art. 13 of the Legislative Decree. no. 196 of 30.6.2003 (hereinafter the "Privacy Code") and art. 13 of EU Regulation no. 2016/679 (hereinafter the "GDPR"), that your data will be processed in the following ways and for the following purposes:
PURPOSE OF TREATMENT
The Data Controller processes your personal identifying data (for example name, surname, company name, address, telephone, e-mail, banking and payment information - hereinafter "data") provided by you when signing the contract and for any other services you may have requested from the Data Controller. We will not process data regarding health or criminal activity, except for any data you wish provide to us spontaneously, aware that these types of data are not necessary for the performance of the services requested from us.
PURPOSE OF THE TREATMENT
Your personal data will be processed:
A) without your express consent (art. 24 letter a), b), c) Privacy Code and art. 6 letter b), e) GDPR), for the following Service Purposes:
- performing the services you have requested from the Data Controller for the provision of services such as: digital commerce, integrated marketing, world-wide operations, omnichannel customer experience;
- complying with obligations under the law (administrative, accounting, tax and fiscal), regulations, EU legislation or the orders of an authority;
- exercising the Data Controller’s rights, such as the right to defence in court;
B) Only with your specific and separate consent (articles 23 and 130 Privacy Code and article 7 GDPR), for the following Marketing Purposes:
- sending you by e-mail, mail and/or text messages and/or telephone, newsletters, commercial communications and/or advertising material services and special offers.
The processing of your personal data is carried out through the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) of the GDPR, and precisely: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data will be processed in both printed and electronic form. The data will be handled, processed and stored within our computer systems. The Data Controller will process our personal data for the time necessary to fulfil the above-mentioned purposes, and in all cases for no longer than 10 years from the termination of the relationship for administrative service purposes and for no longer than 1 year from the collection of data for Marketing Purposes.
Your data may be made accessible for the purposes set out in art. 2.A) and 2.B):
- to employees and collaborators of the Data Controller in their capacity as internal data processors and/or system administrators;
- to third party companies or other parties (by way of example, credit institutions, professional firms, insurance consultants, etc.) to which the Data Controller has outsourced services, in their capacity as external data processors.
Without the need for express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may disclose your data for the purposes set forth in art. 2.A) to Judicial authorities if they make an explicit request, as well as to any parties to whom the data must obligatorily be provided under the law in order to fulfil these purposes. These parties will process the data in their capacity as independent data controllers. Your data will not be disseminated.
Personal data will be stored in our computer system, and the servers used to store data reside both in Italy and in other European countries. In any case, it is understood that the Data Controller will be entitled to move the servers to server farms resident in non-EU territory if necessary. In this case, the Data Controller hereby guarantees from the data will be transferred in accordance with the applicable provisions of the law, subject to the stipulation of standard contractual clauses required by the European Commission.
NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF REFUSAL TO RESPOND
The providing of data for the purposes referred to in art. 2.A) is mandatory. In its absence, we will not be able to guarantee you the Services under art. 2.A).
DATA SUBJECT’S RIGHTS
As data subject, you have the rights identified in art. 7 of the Privacy Code and art. 15 of the GDPR, and precisely the right to:
i. obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and to be provided with this data in an intelligible form;
ii. obtain identification of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) the identity of the Data Controller, data processor and designated representative appointed under art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1 of the GDPR; e) the parties or categories of parties to whom the personal data may be disclosed, or who may become aware of the data as designated representatives in the territory of the State, data processors or persons in charge of the processing;
iii. obtain: a) updating, rectification or, when there is an interest in doing so, integration of your data; b) erasure, transformation into anonymous form or freezing of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been reported, with their content, to all entities to which the data have been disclosed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
iv. oppose, in whole or in part: a) the processing of personal data concerning you, even if pertinent to the purpose of collection, in the presence of legitimate reasons; b) the processing of personal data concerning you for the purpose of sending advertising material. It should be noted that the data subject’s right of opposition, set forth in point b) above, to use of his or her data for direct marketing purposes by automated means is also extended to traditional marketing methods, and that in any case the data subject may exercise the right of objection even only in part. The data subject may therefore decide to receive only communications by traditional means, only by automated means, or neither.
Where applicable, the data subject also has the rights identified in Articles 16-21 of the GDPR (Right of rectification, right to oblivion, right to limitation of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority. Please also note that it will be your duty to promptly inform us of any changes to your data by e-mail and / or registered mail with return receipt.
HOW TO EXERCISE YOUR RIGHTS
You may exercise your rights at any time by sending:
- a registered letter with return receipt to: Nemesis Srl, Corso Mazzini 84/5 - 31044 Montebelluna (TV) ITALY
- an e-mail to: email@example.com
Please note that for the protection of its rights, Nemesis Srl has appointed a Data Protection Manager, Dott. Gianfranco Sovernigo who can be contacted at the email address firstname.lastname@example.org.
DATA CONTROLLER, DATA PROCESSOR AND PERSONS IN CHARGE OF THE PROCESSING
The Data Controller is Nemesis Srl, with registered offices at Via Giuseppe Mengoni n.4, 20121 Milan and business premises at Corso Mazzini, 84/5 31044 Montebelluna (TV). An updated list of data processors and persons in charge of the processing is kept at the registered offices of the Data Controller.