Our Policy and Notice on personal data protection

Our commitment to the protection of personal data

Data protection Notice pursuant to Legislative Decree of 30 June 2003, No. 196 and EU Regulation No. 2016/679 (GDPR) on the protection of personal data, as subsequently amended.


Dear Consumer, on this page you will find any information concerning the processing of your personal data through this website. The confidentiality, the protection and the security of processed data are of the utmost importance: accordingly, our company pays the greatest attention to the protection of your personal data.

The security of data and the respect of the rights of data subjects are at the core of our relation of fiduciary cooperation with our customers, partners and employees and, more generally, with anyone establishing a contact with our company.

Therefore, when we collect, process and store personal data, we respect all legal requirements, including the provisions of the EU Regulation on the protection of data (EU Regulation on the protection of Personal Data 2016/679 “GDPR”), and any other relevant applicable law on data protection.

The principles and measures to protect rights and freedoms of natural persons who establish a contact with our company, with regard to the processing of their personal data are the following.

We inform you that the present website respects and ensures the confidentiality of visitors and users, by deploying any possible and proportionate effort in order not to violate the rights of the users.

The present privacy policy shall apply exclusively to online activities of the present website and to the relevant emails, and it shall apply to visitors/users of the website. It shall not apply to data collected by channels other than the present website. The aim of the privacy notice is to ensure the utmost transparency with regard to information, which are collected by the website, and how such information are used.


THE CONTROLLER

The Controller of the data processed by the insertion into the format and the transmission of your personal data is NALESSO S.R.L., having its registered office in via Sant’Antonio n.6, 35030 Rubano (PD).


LEGAL GROUND OF THE PROCESSING

The present website processes the personal data in compliance with legal obligations and your consent.


PURPOSES OF THE PROCESSING

The data processing is carried out for communications which are necessary to perform the service, to manage your request,


Browsing the website, data collected and purposes of the processing.

By using or consulting the present website, visitors and users explicitly approve the present privacy notice and give their consent to processing their personal data with regard to the modalities and purposes described hereinafter, while consent shall be requested explicitly for those activities which require it in the website of Nalesso S.r.l, you can find a link to send an email.

When you fill in the form within the “newsletter” section and you give your consent, you send us your email address.

The transmission of data is voluntary, the User may not transmit them, and he or she may subsequently withdraw his or her consent already given. However, the transmission of personal data is necessary to perform the service, which consists in the possibility to be informed on ongoing promotions.

Moreover, when you access our website, we automatically receive the IP address of your computer, which gives us information that help us to know your browser and your operating system.

This means that, when browsing our website, the data are collected by the use of log files, in which information collected by automated means during the visits of the users is stored.

The information collected may be the following:

- IP address;

- type of browser and parameters of the device used to access the website;

- name of the internet service provider (ISP);

- date and time of the visit;

- webpage of the provenance of the visitor (referral) and exit page;

- possible click number;

- operations carried out in the website;


PROCESSING MODALITIES

The processing of your personal data is carried out by the operations laid down in Art. 4, No. 2 GDPR and precisely: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction of data.

Your personal data are subject to both paper-based and electronic and/or automated processing.


TIME OF THE PROCESSING AND STORAGE:

The received data are processed exclusively to perform the requested service and until the possible withdrawal of the consent. Upon the termination of the service, absent any withdrawal of the consent, [the data] shall be stored for 10 years or for the different time required by laws or regulations in force.


CONSENT

When you provide us with your personal information, you give your consent to the processing thereof only with the aim of being contacted to be informed on the commercial offers of the Controller. We shall ask you to declare that you have read the present notice and that you are older than 16 years old.

If, after giving your consent, you change your mind, you may withdraw such consent at any time by contacting the Controller by email at privacy@nalessosrl.it


COMMUNICATIONS

We may transmit your personal information, if the law requires us to do so, your requests will be forwarded to authorized persons, directed by the Controller, to external processors expressly entrusted with, who shall act on behalf of the Controller, to System Administrators

The data may be processed by third parties authorized by the Controller, by the System Administrator, by the computer technician, by the email Provider.

The data shall not be disseminated.

The entered data will be communicated to the Data Controller by e-mail. The Company uses a Microsoft e-mail provider that stores and processes data in the user's geographical area, in the United States and in any other country in which Microsoft, its affiliates, subsidiaries or service providers are based. Microsoft manages the main data centers in the following countries: Australia, Austria, Brazil, Canada, Chile, Korea, Finland, France, Germany, Japan, Hong Kong, India, Ireland, Luxembourg, Malaysia, Netherlands, United Kingdom, Singapore, States United and South Africa. Typically, the main storage location is in the customer's geographic area or in the United States, often with a backup in a data center in another geographic area. Storage locations are chosen to work efficiently, to improve performance and to create redundancy in order to protect data in the event of service interruption or another problem. Microsoft implements the necessary measures to ensure that the data collected pursuant to this privacy statement is processed in accordance with the provisions of this information and the legal requirements in force, wherever the data is located.


SERVICES PROVIDED FOR BY THIRD PARTIES

Once you leave our website and if you are referred to a website or to an application of third parties, you are no longer subject to our Privacy Policy.


COOKIES

The visited pages visited can send to his terminal (usually to the browser) cookies, small text strings that memorize the passage. Cookies can be used for different purposes: session monitoring, storing specific information, etc.


Technical and analytical cookies: We use technical and analytical cookies anonymously with Google. For all details relating to the cookies used by Nalesso SRL, please refer to the specific Extended Cookies Notice


Disabling cookies

The choices of cookies are connected to the browser and can be disabled directly by the browser. Keep in mind that disabling cookies may prevent the correct use of some functions of the site itself.

Instructions for disabling cookies can be found on the following web pages:

Mozilla Firefox - Microsoft Internet Explorer - Microsoft Edge - Google Chrome - Opera - Apple Safari.


RIGHTS OF THE DATA SUBJECT

Under EU Regulation 2016/679 (GDPR) and national laws, the User may exercise the following rights, subject to the modalities and the limits provided for by laws in force:

- to ask for the confirmation that personal data concerning him or her do exist (right of access);

- to know the source thereof and to obtain a communication thereof in an intelligible form;

- to obtain information concerning the logic, the modalities and the purposes of the processing;

- to request the update, the rectification, the restriction, the completion, the erasure, the transformation in an anonymous form, the block if there is any legal violation, of data, including those no longer necessary to fulfill purposes for which they were collected;

- in cases where the processing is based on consent, to receive – by only paying the cost of the device – your data given to the Controller, in a structured and machine-readable form and in a format commonly used by an electronic device;

- the right to lodge a complaint with the Supervisory Body (“Garante Privacy” – link);

- in addition, to exercise any right conferred by legal provisions in force.


The requests have to be made to the following email address: privacy@nalessosrl.it


AMENDMENT TO THIS DATA PROTECTION NOTICE

We reserve the right to amend this privacy policy at any time. Amendments and clarifications shall enter into force immediately after their publication in the website. If we amend this privacy policy, we shall inform you herein about the update so that you understand what information we collect, how we use them and, if needed, under which circumstances we use or disseminate them.


Last update: 10 April 2019.