Information on the processing of personal data

The NDESIGN s.r.l. (hereinafter referred to as NDESIGN) with headquarters in viale Dei Flavi No. 15, 02100 Rieti (RI) - Italy, V.A.T./ F.C.: IT01165660570, registered register CCIAA Rieti at no. IT01165660570 on 14/06/2017, REA: RI-73023, soc. chap. € 10,000.00 fully paid, as legal entity Data Controller, informs you, pursuant to artt 13 and following Reg. EU n. 2016/679, that your data will be processed in the manner and for the following purposes:


The Owner treats personal identification data (for example, first name, last name, fiscal code, address, telephone, email - later, "personal data" or even "data") that you have communicated when requesting information and / or estimates or for the conclusion of contracts for the services of the owner or for the possible selection of Curriculum Vitae spontaneously sent regarding suitable candidates for collaborations, working relations, stages.
Moreover, the NDESIGN periodically performs back-up copies of website owned by third party figures; such copies are conequentially and strumentally related to the development workflow, and are stored on NAS QNAP with 256-bit AES cryptography, located inside our business offices in rooms unaccessible to extra-office personnel, in order to improve our clients business continuity. During these back-up copies operations, no one, not from NDESIGN nor from outside, reads or visualizes any data.
For any matter related to Cookies, please refer to the specific reading of the Cookie Policy published on our company's website.


Your data will be used for the following Service Purposes that do not require, your express consent:

  1. draw up estimates and plans in relation to the Holder's Services;
  2. conclude contracts for the Holder's Services;
  3. fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence;
  4. visualize curriculum vitae spontaneously sent, with the scope of selecting professional figures to start working relations, collaborations and / or stages;
  5. fulfill contractual obligations with third party subjects related to the provision of back-up services, with the scope of improving our clients online business continuity;
  6. fulfill the obligations established by the law, by a regulation, by the community legislation or by an order of the Authorities (as, for example, in the matter of anti-money laundering) or Supervisory Bodies;
  7. exercise the rights of the owner, for example, the right to defense in court.

The submission of data for the above purposes is required in order to use the data controller's services and it finds its legal basis of treatment in the management of contractual and precontractual relations, or in the management of legal obligations.


The processing of your personal data that you communicated to us when requesting information and / or estimations or the finalization of contracts, is carried out by means of the following operations: collection, registration, organization, storage, consultation, use, extraction, comparison, cancellation and destruction of data.
The data processing occurring during the execution of security back-up copies of websites owned by clients of the Data Controller, consist of a simple and mere conservation of data, which - in case of problems - will be restored online. Therefore, no subjects, not internal nor external relatively to the Data Controller, will ever visualize any information, since this is not useful nor necessary to the fullfilment of the back-up service.
In relation to the aforementioned purposes, the data you provide by telephone and / or telematically by completing the form prepared in the domain, may be processed either on paper or electronic and / or automated.


The Data Controller will process the personal data collected during contracts stipulation or the beginning of service relations with clients, for the time necessary to fulfill the aforementioned purposes and, in any case, for no more than the conservation periods of accounting records as established by specific laws.

Personal data collected and processed for estimates elaborations, offers or commercial proposals which did not finalize in a contractual relation or service relation with the interested party, will be kept for a period of time no longer than 12 months since the sending of the latest proposal or revision of the same.

Security back-up copies performed on websites on behalf of clients, will be kept for a period of time no longer than 12 months.

Curriculum Vitae will be kept for the strictly necessary time to complete selection procedures. CV received during periods of time when no selection procedure is open, will not be kept, i.e. they will be deleted on arrival.


Your data may be made accessible for the purposes referred to in art. II:

  • to employees and collaborators of the Owner in their capacity as persons in charge and / or any managers and / or system administrators;
  • to third party companies or other subjects (as an indication, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who may carry out outsourced activities on behalf of the Owner, in their capacity as managers external treatment.


Without the need for express consent (pursuant to Article 24, letter a), b), d) Condice Privacy and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. II to Supervisory Bodies (such as ISVASS), judicial authorities, as well as to those subjects to whom the communication is obligatory by law for the completion of the said purposes. These subjects will process the data in their capacity as independent data controllers.

Your information will not be disseminated.

The domain contains hypertext links that do not constitute communication to other domains. NDESIGN is not responsible for any privacy violations carried out against you by such external sites.

Your personal data are stored on electronic support at the NDESIGN headquarters located in Viale Dei Flavi n. 15, Rieti, as well as at hosting server providers located on European territory (Aruba S.p.A.). Personal data will not be tranferred to extra-UE countries.


As an interested party, we inform you that you have the rights referred to in art. 7 of the Privacy Code and art. 15 GDPR and, precisely, the rights to obtain: 

  1. the confirmation that personal data is being processed that concerns their communication in an intelligible form;
  2. the indication of: a) the purposes and methods of the processing; b) the origin of personal data; c) the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identification details of the Data Controller and of any Managers and of the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1 of the GDPR, the categories of personal data in question; e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents; f) the retention period of the personal data provided, or, the criteria used to determine this period; (g) the possible existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of this treatment (RIGHT OF ACCESS);
  3. the correction of inaccurate personal data concerning it without unjustified delay. Taking into account the purposes of the processing, it has the right to obtain the integration of incomplete personal data, also by providing an additional declaration (RIGHT OF RECTIFICATION);
  4. the deletion of personal data concerning them without unjustified delay if there is one of the following reasons: personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; there is no longer a legal basis for treatment; oppose the treatment; there is a legal obligation under the law of the Union or of the Member State to which the controller is subject. It is also entitled to obtain the attestation of the operations of rectification, updating, integration or cancellation, and have been made aware, even as regards their content, of those to whom the data have been communicated or disseminated, with the exception of in the event that such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right (RIGHT TO CANCELLATION);
  5. the limitation of processing when one of the following hypotheses occurs: a) contesting the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is illegal and does not want the deletion of personal data but requires that its use is limited; c) although the data controller no longer needs it for processing purposes, personal data are necessary for the assessment, exercise or defense of a right in court; d) object to the treatment pursuant to article 21, paragraph 1 of the GDPR, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party (RIGHT OF LIMITATION OF TREATMENT);
  6. the receipt, in a structured format, commonly used and readable by automatic device, the personal data concerning it and to transmit this data to another data controller without impediments if: a) the processing is based on consent or on a contract ; b) the treatment is carried out by automated means; c) is technically feasible (RIGHT TO DATA PORTABILITY);
  7. also has the right to oppose at any time, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent, for the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b), for direct marketing purposes through automated methods extends to the traditional ones and that, in any case, the possibility remains for the data subject to exercise the right of opposition even in part. Therefore you can decide to receive only communications using traditional methods, that is, only automated communication, or, nessuan of the two types of communication (OPPOSITION RIGHT);
  8. proposing a complaint to a supervisory authority, in particular in the Member State in which he is habitually resident, or of the place where the alleged violation has occurred (RIGHT TO PROPOSE A COMPLAINT).


To exercise your rights by sending:

  • a registered letter with return receipt to NDESIGN s.r.l., located in viale Dei Flavi n. 15, 02100 Rieti (RI), Italy;
  • an email to the email address

If you have questions or simply wish to have more information on the processing of your personal data, you can send an e-mail to
Before NDESIGN can provide or modify any information, you may need to verify your identity and answer a few questions. An answer will be provided as soon as possible and, in any case, no later than 30 days from receipt.


The Data Controller is NDESIGN s.r.l. with registered and operational office in viale Dei Flavi n. 15, 02100 Rieti (RI), Italy - V.A.T. / F.C.: IT01165660570.
The updated list of data processors is kept at the registered office of the Data Controller.