The NDESIGN s.r.l. (hereinafter referred to as NDESIGN) with headquarters in via L. Cipriani No. 251, 02100 Rieti (RI) - Italy, V.A.T./ F.C.: IT01165660570, registered register CCIAA Rieti at no. IT01165660570 on 14/06/2017, REA: RI-73023, soc. chap. € 10,000.00 fully paid, as legal entity Data Controller, informs you, pursuant to artt 13 and following Reg. EU n. 2016/679, that your data will be processed in the manner and for the following purposes:
1. OBJECT OF TREATMENT
The Data Controller processes the following types of personal data:
- personal identification data (for example: name, surname, CF, address, telephone, email - hereinafter, "personal data" or even "data") communicated by you when requesting information and / or quotes, for the conclusion of contracts for the Data Controller Services or for the possible selection of spontaneously sent CVs;
- data acquired by the IT systems used to operate the ndesign.it site, acquired during their normal operation, the transmission of which is implicit in the use of Internet communication protocols and which is not collected to be associated with identified interested parties but which, by their very nature, they could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. For any access to the site, therefore, regardless of the presence of a cookie, the following information is recorded: type of browser (e.g. Internet Explorer, Mozilla Firefox, Google Chrome), operating system (e.g. Windows, iOS), the host and the visitor's URL of origin, in addition to the data on the requested page. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site
- periodic backup data of websites consequently and instrumentally to the development of web platforms on behalf of third parties, in order to promote the online business continuity of its customers. In making the aforementioned copies, no person, neither internal nor external to the NDESIGN, ever enters the vision of any data collected by individual websites.
2. PURPOSE AND LEGAL BASIS OF THE TREATMENT
Your data will be used for the following Service Purposes that do not require, your express consent:
- draw up estimates and plans in relation to the Holder's Services;
- conclude contracts for the Holder's Services;
- fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence;
- visualize curriculum vitae spontaneously sent, with the scope of selecting professional figures to start working relations, collaborations and / or stages;
- fulfill contractual obligations with third party subjects related to the provision of back-up services, with the scope of improving our clients online business continuity;
- fulfill the obligations established by the law, by a regulation, by the community legislation or by an order of the Authorities (as, for example, in the matter of anti-money laundering) or Supervisory Bodies;
- exercise the rights of the owner, for example, the right to defense in court.
The submission of data for the above purposes is required in order to use the data controller's services and it finds its legal basis of treatment in the management of contractual and precontractual relations, or in the management of legal obligations.
3. PROCESSING METHOD
The processing of your personal data that you communicated to us when requesting information and / or estimations or the finalization of contracts, is carried out by means of the following operations: collection, registration, organization, storage, consultation, use, extraction, comparison, cancellation and destruction of data.
The processing of data on the occasion of the execution of security backup services of the websites of the owner's customers, consists, instead, in the mere conservation, on QNAP NAS with AES 256-bit coding placed inside the corporate offices on premises. not accessible to external subjects, for the purpose of a possible restoration of the service in case of problems. No subject, therefore, internal or external to the Data Controller, never enters into their vision as it is not useful or necessary for the purpose of performing the service.
In relation to the indicated purposes, the data you provide by means of paper and / or by telephone and / or telematically (also by completing the form prepared in the domain www.ndesign.it), will be subject to both paper and electronic processing and / or automated. The data will always be processed in such a way as to guarantee its logical and physical security and confidentiality.
4. DATA STORAGE TIME
The Data Controller will process the personal data collected on the occasion of the stipulation of contracts or the start of service relationships with customers, for the time necessary to fulfill the related purposes and, in any case, for a time not exceeding the times connected to the legal obligations of keeping of accounting records (currently established in 10 years).
The personal data collected and processed for the purpose of drawing up estimates, offers or commercial proposals that have not led to the establishment of a contractual or service relationship, will be kept for a maximum period of 12 months from the sending of the last proposal or revision of the 'offer.
The individual security backups performed, on the basis of contractual relationships, on the websites of client companies, are kept for no. max 12 months.
The Curriculum Vitae are kept only for the time strictly necessary to carry out any selection procedures. CVs spontaneously received in periods in which selection procedures are not open, will not be viewed and / or archived and / or stored in any way but deleted immediately after their arrival.
The data acquired by the IT systems responsible for the operation of the ndesign.it site, necessary for the use of the web services, are deleted within a maximum of 12 months.
5. DATA ACCESS
Your data may be made accessible for the purposes referred to in art. II:
- to employees and collaborators of the Owner in their capacity as persons in charge and / or any managers and / or system administrators;
- to third party companies or other subjects (as an indication, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who may carry out outsourced activities on behalf of the Owner, in their capacity as managers external treatment.
6. COMMUNICATION OF DATA AND DATA TRANSFER
Your information will not be disseminated. Without the need for express consent (pursuant to Article 24, letter a), b), d) Condice Privacy and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. II to Supervisory Bodies (such as ISVASS), judicial authorities, as well as to those subjects to whom the communication is obligatory by law for the completion of the said purposes. These subjects will process the data in their capacity as independent data controllers.
The www.ndesign.it domain contains hypertext links that do not constitute communication to other domains. NDESIGN is not responsible for any privacy violations carried out against you by such external sites.
Your personal data are stored on electronic support at the NDESIGN headquarters located in via L. Cipriani No. 251, Rieti, as well as at hosting server providers located on European territory (Aruba S.p.A.). Personal data will not be tranferred to extra-UE countries.
7. RIGHTS OF THE INTERESTED PARTY
As an interested party, we inform you that you have the rights referred to in art. 7 of the Privacy Code and art. 15 GDPR and, precisely, the rights to obtain:
- the confirmation that personal data is being processed that concerns their communication in an intelligible form;
- the indication of: a) the purposes and methods of the processing; b) the origin of personal data; c) the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identification details of the Data Controller and of any Managers and of the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1 of the GDPR, the categories of personal data in question; e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents; f) the retention period of the personal data provided, or, the criteria used to determine this period; (g) the possible existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of this treatment (RIGHT OF ACCESS);
- the correction of inaccurate personal data concerning it without unjustified delay. Taking into account the purposes of the processing, it has the right to obtain the integration of incomplete personal data, also by providing an additional declaration (RIGHT OF RECTIFICATION);
- the deletion of personal data concerning them without unjustified delay if there is one of the following reasons: personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; there is no longer a legal basis for treatment; oppose the treatment; there is a legal obligation under the law of the Union or of the Member State to which the controller is subject. It is also entitled to obtain the attestation of the operations of rectification, updating, integration or cancellation, and have been made aware, even as regards their content, of those to whom the data have been communicated or disseminated, with the exception of in the event that such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right (RIGHT TO CANCELLATION);
- the limitation of processing when one of the following hypotheses occurs: a) contesting the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is illegal and does not want the deletion of personal data but requires that its use is limited; c) although the data controller no longer needs it for processing purposes, personal data are necessary for the assessment, exercise or defense of a right in court; d) object to the treatment pursuant to article 21, paragraph 1 of the GDPR, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party (RIGHT OF LIMITATION OF TREATMENT);
- the receipt, in a structured format, commonly used and readable by automatic device, the personal data concerning it and to transmit this data to another data controller without impediments if: a) the processing is based on consent or on a contract ; b) the treatment is carried out by automated means; c) is technically feasible (RIGHT TO DATA PORTABILITY);
- also has the right to oppose at any time, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent, for the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b), for direct marketing purposes through automated methods extends to the traditional ones and that, in any case, the possibility remains for the data subject to exercise the right of opposition even in part. Therefore you can decide to receive only communications using traditional methods, that is, only automated communication, or, nessuan of the two types of communication (OPPOSITION RIGHT);
- proposing a complaint to a supervisory authority, in particular in the Member State in which he is habitually resident, or of the place where the alleged violation has occurred (RIGHT TO PROPOSE A COMPLAINT).
8. RULES OF EXERCISE OF RIGHTS
To exercise your rights by sending:
- a registered letter with return receipt to NDESIGN s.r.l., located in via L. Cipriani No. 251, 02100 Rieti (RI), Italy;
- an email to the email address email@example.com.
If you have questions or simply wish to have more information on the processing of your personal data, you can send an e-mail to firstname.lastname@example.org.
Before NDESIGN can provide or modify any information, you may need to verify your identity and answer a few questions. An answer will be provided as soon as possible and, in any case, no later than 30 days from receipt.
9. HOLDER and RESPONSIBLE
The Data Controller is NDESIGN s.r.l. with registered and operational office in via L. Cipriani No. 251, 02100 Rieti (RI), Italy - V.A.T. / F.C.: IT01165660570.
The updated list of data processors is kept at the registered office of the Data Controller.