According to the above Regulation, the processing of data will be based on principles of correctness, lawfulness, transparency and the protection of your privacy and your rights.
NEIADE SRL asu, registered office Viale Romagna 46 (20133) Milan, (VAT Reg. no. and Tax Number 04334700962) in its capacity as Data Controller, informs you that pursuant to articles 13 and 14 of GDPR 2016/679, that your data will be processed in the following ways and for the following purposes.
1. Object of the processing
The Data Controller processes the personal, identifying and not sensitive data (in particular first name, surname, tax number, VAT Reg. no., email, telephone number, address – hereinafter “personal data” or “data”) generated by access to the Internet sites owned by the Data Controller (www.neiade.com, www.corsarodeinavigli.com, www.spaziotheca.com); as well as those communicated voluntarily by the client on the forms for purchase, booking, request for information and registration for the newsletter, in this last case through filling in the relevant form both on the websites previously mentioned and on the pages of the social networks related to the Data Controller.
2.Purposes of the processing
The personal data (postcode, city, tax number, surname, date of birth, email, picture, address, country, name, fax number, telephone number, VAT registration no. password, profession, province, company name, place of work, Social Security number (SSN), state, username, Cookies and data used) will be processed:
- To be able to manage the registration on the sites owned by the Data Controller;
- To comply with the pre-contractual, contractual and tax obligations (VAT tax register etc.) deriving from the existing relations;
- To provide the services contemplated and requested;
- To be able to manage the documents which must be drawn up to comply with the contract/order signed;
- To allow Neiade and its commercial partners to send the newsletter and/or mailing lists for communications including of a commercial and promotional nature on activities, events and services;
- To comply with the obligations required by law, by a regulation, by Community law or by an order from the Public Authorities;
- To exercise the rights of the Data Controller, for example the right of defence in court and/or to ascertain liability in cases of hypothetical IT offences;
- For the collection – in aggregate and anonymous form – and analysis, including behavioural, on the use of the websites owned by the Data Controller in order to improve the quality of the offer and to manage any requirements of control on the ways the same sites are used;
- In the case of a curriculum vitae being sent, exclusively for the purposes of the selection of personnel or external collaborators.
3. Methods of processing
The personal data are processed using the operations shown in article 4 of GDPR 2016/679 and specifically: collection, registration, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blockage, communication, erasure and destruction of the data. Therefore the personal data are subjected to processing both on paper and electronically and/or automated processing.
4. Access to data
The data may be made accessible for the purposes as per article 2
- To employees and collaborators of Neiade srl of which the Data Controller is part, in their capacity as internal or external data processors and/or managers (such as consultancy companies, professional firms, commercial partners) and /or system administrators.
5. Communication of the data
Without explicit consent (art. 6, letters b) and c) GDPR), the Data Controller may nevertheless communicate the data for the purposes as per article 2 to Supervisory bodies, judicial authorities as well as to all the other subjects to which the communication is compulsory by law for the fulfilment of the aforementioned purposes. Your data will not be disclosed.
6. Trasfer of data
The management and the storage of personal data will take place at the registered office of the Data Controller’s company and/or of the Data Manager. The data will not be the object of transfer outside the European Union. However, it remains agreed that the Data Controller, if it were to become necessary, will have the power to move the location of the server if this were necessary. In this case, the Data Controller assures as of now that the transfer of the data will take place in conformity with the provisions of law.
7. Nature of the conferment of the data and consequences of the refusal to reply
Conferring the data is optional for the purposes as per point 2, letter e); it is compulsory for all the other purposes and partial or inexact conferment or failure to provide the data may have, as a consequence, the impossibility of making the registration, the registrations for the various courses, receiving the various communications and updates, and fulfilling the contractual obligations as laid down by the contract entered into.
8. Rights of the data subject
The data subject is recognized as having the rights as per art. 15 GDPR and specifically the rights to:
- Obtain the confirmation of the existence or not of personal data, even though not yet registered and their communication in intelligible form;
- Obtain the following information:
- The origin of the personal data;
- The purposes and methods of processing;
- The logic applied in the case of processing carried out using electronic instruments;
- The identifying details of the Data Controller;
- The subjects or categories of subjects to whom the personal data may be communicated or who may learn of them in their capacity as data managers or processors
- The update, the rectification or, when necessary, the completion of the data;
- The cancellation, the transformation into anonymous form or the block of the data processed in violation of the law, including the data of which storage is not necessary in relation to the purposes for which the data have been collected or subsequently processed;
- The certification that the operations as per letters a) and b) have been brought to the knowledge, including as far as their content is concerned, of those to whom the data have been communicated or disclosed, except the case in which this is impossible or entails use of means that is clearly disproportionate to the right protected;
4. Oppose, in all or in part:
- For legitimate reasons the processing of personal data, if it is not pertinent to the purpose of the collection;
- The processing of personal data, for the purposes of sending advertising material through the use of automated calling systems without the intervention of an operator by email and/or by traditional marketing methods by phone and/or paper mail. Please note that the right of opposition by the data subject shown in point b) above, for the purposes of direct marketing through automated means is also extended to traditional means and that the possibility remains for the data subject to exercise the right of opposition even only in part. Therefore, the data subject can decide to receive only communications through traditional means or only automated communications or neither of the two types of communication.
- Where applicable, the data subjects have the rights as per articles 16-21 of GDPR (Right of rectification, right of erasure, right to restriction of processing, right to portability of the data, right of opposition), as well as the right of filing a complaint with the Supervisory Authorities.
9. Methods of exercising the rights
You can at any time whatsoever exercise the rights as per article 8, sending the relative request and copy of a currently valid identity document by:
- registered letter with advice of receipt to Neiade s.r.l., Viale Romagna 46, (20133) Milan;
- email to the address firstname.lastname@example.org.
10. Period of validity of the processing
The personal data are stored for the whole period of the relations with Neiade s.r.l. and, in the case of revocation and/or other type of termination of the relations, the Data Controller will process the personal data for the time necessary to comply with the purposes as above and in any case for not more than 10 years from the termination of the relations, in the respect of the current rules and obligations of law.
11. Data Controllers, Manager and Processors
The Data Controller is Neiade s.r.l.
The updated list of the data managers and data processors is kept at the registered office of the Data Controller.
Our website contains cookies
Cookies, as you know, are fragments of information created by a server and stored on the hard disk of the computer or other devices (smartphones, tablets, netbooks, etc.) that are useful to improve the experience of browsing the website and provide a better service to the user. It stores your browsing data on the website and retransmits it to you the next time you access it, enabling you, for example, to return to the page you last visited.
Cookies can be permanently stored on your computer or device and have a variable duration (so-called persistent cookies), but they can also disappear when you close your browser or have a limited duration (so-called session cookies).
They can be installed by the Website you are visiting (so-called first party cookies) or be installed by other websites (so-called third party cookies).
Which cookies do we use?
Browsing and functionality cookies: We use first part session and persistent cookies on the Website to enable you to browse safely and efficiently, also in order to improve the service.
Analytical Cookies: We use Google Analytics platform cookies on the Website to collect information regarding how users use the Website (number of visitors, pages visited, time spent on the Website, etc.).
Profiling cookies: Third-party cookies are used on the Website to send advertising messages in line with the user’s preferences.
Social Cookies: We use third-party cookies on the Website to enable users to interact with social networks (Facebook, Twitter, …) and particularly to share content on the Website through those social networks.
We are committed to protecting the personal data of our users. We take appropriate technical and organizational measures to protect the confidentiality of the user’s personal data.
We may from time to time make changes to this Policy to adapt it to future changes in the Website or in existing legislation. Whenever we make substantial changes to this Policy, we will provide the user with a clearly visible notice, depending on the circumstances, for example by displaying it on the website or by sending you an email.