PRIVACY DISCLAIMER

PURSUANT TO EU REGULATION 679/2016

In compliance with EU regulation 679/2016, this site respects and protects the confidentiality of visitors and users, putting in place every possible and proportionate effort not to infringe its rights. This Privacy Policy applies exclusively to the online activities of this site and is valid for visitors / users of the site. It does not apply to information collected through channels other than this website. In compliance with the obligations deriving from national and Community legislation on the protection of personal data, this site respects and protects the privacy of visitors and users.

1) OWNER, RESPONSIBLE AND IN CHARGE OF THE TREATMENT

Following consultation, navigation or use of this site, data relating to identified or identifiable natural or legal persons may be processed. The data controller is NovaPro, who can be contacted through the contact section of this website.

The data controller is responsible for the maintenance of the technological part of the site and which, for this purpose, may become aware of the data. As per the contract stipulated between the owner and the manager, the latter undertakes not to disclose in any way and for any reason the data processed by the owner's site.

Data processors are: other subjects or categories of subjects who, within the scope of the purposes described in this statement, may become aware of the data or to whom they may be communicated are, as involved in the organization of the site and in the management of the activity, appointed by the data controller or by the data processor, external subjects, also appointed, if necessary, Data Processors by the Data Controller.

The data may also possibly be communicated to public bodies, police forces or other public and private subjects, but only if indispensable for the purpose of fulfilling legal obligations, regulations or community legislation.

Users are invited to avoid the insertion of sensitive data (i.e. data suitable to reveal racial and ethnic origin, religious, philosophical or other convictions, political opinions, membership of parties, unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable to reveal the state of health and sexual life) and judicial superfluous since this could lead to the destruction of the message.

2) PLACE AND METHOD OF DATA PROCESSING

The treatments connected to the web service of this site take place at the aforementioned office and are handled by the Data Controller, by the Data Processors and by the authorized processors appointed by them, at their offices. Eventually, another place of treatment may be elected, also that of the hosting service provider, for the need of site maintenance.

The data will be treated confidentially, through automated tools, and will in no way be disclosed to unauthorized third parties, will also not be communicated, disseminated or transferred abroad, or to third countries (outside the EU).

3) PURPOSE AND LEGAL BASIS OF THE PROCESSING, TIMES OF STORAGE OF PERSONAL DATA COLLECTED AT THE INTERESTED PARTY

The collection of personal data collected from the interested party takes place in an "explicit" way, that is, after reading this information, the interested party must accept it by voluntarily ticking the check-box relating to the wording that confirms the reading and acceptance of the same, before giving your personal data and allowing their treatment.

Failure to check the check-box implies or may make it impossible for the Data Controller to receive and process data, with the consequent impossibility of providing the services requested by the interested party during navigation, registration and any other action on the site may involve the need to process personal data, which remain user identification data necessary for the proper functioning of the site and in order to take advantage of the services provided by the platform and as identified and listed below.

Unless otherwise specified, personal data will be processed by the Data Controller, Manager and Persons in charge of the treatment, regularly authorized unless otherwise specified.

Such data may be necessary for the interested party to take advantage of certain features and services made available by the site, for the following purposes:

  • Registration on the site and provision of addresses and / or company / company data

    - Purpose and legal basis of the processing: the identification data required to create an account is required to take advantage of the possibility of purchasing goods or services on the site, or name, surname, full address, email address, telephone number, possibly name of the company and VAT number, if the customer is classified as a company. The sending of the request is subject to the specific, free and informed consent (reference Art. 6 GDPR) documented through a special check-box to be checked (reference Art.7 GDPR). After registration, it is possible to receive emails regarding information on the activity voluntarily concluded by the interested party (for example, after the purchase of a product, the status of an order can be notified as being processed, shipped, etc.).

    - Data retention period: The data is stored until the request for cancellation of the interested party, unless there are particular legal and fiscal keeping obligations. The password for the account has the same retention period, but is encrypted. Scope of communication: the data are processed by the owner, manager and persons in charge of the treatment regularly authorized. The name, surname, addresses, email address and telephone number may be transferred to mail and / or courier services for the delivery of the interested party's purchase orders. These services may also send communications to interested parties regarding the delivery status.

    - Conferment: the provision of data relating to the mandatory fields is necessary in order to take advantage of the services offered by the site.
  • Newsletter subscription during registration

    - Purpose and legal basis of the processing: membership of the newsletter is required during the registration phase in order to send the newsletter, by providing the email address. Registration is subject to acceptance of specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a), documented through a special check-box to be checked (reference Art.7 GDPR) during registration, for the receipt of news, commercial offers or any other information (indicated individually), subject to voluntary acceptance by the user through double confirmation. This service is provided in full compliance with art. 68 Legislative Decree n. 206/2005 and subsequent updates, as well as art. 130 of Legislative Decree n. 196/2003 and the regulatory provisions relating to distance contracts.

    - Data retention period: The data is stored until the eventual "unsubscription", freely executable by the interested party at any time through the link contained at the bottom of each message sent, or with an explicit request from the interested party.

    - Conferment: Failure to provide acceptance and consent will make it impossible to obtain the newsletter service when registering. The interested parties can at any time exercise their rights in relation to this service, recognized by the legislation on the protection of personal data, expressly referred to in No. 8) of this information and in the manner provided therein.
  • Newsletter subscription through dedicated widget

    - Purpose and legal basis of the treatment: through the dedicated widget, only the email address is requested, for the sole purpose of sending the newsletter. Registration is subject to acceptance of specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a), documented through a special check-box to be ticked (reference Art.7 GDPR), for receiving news , commercial offers or any other information (indicated individually), subject to voluntary acceptance by the user via double confirmation.

    - Data retention period: The data is stored until the eventual "unsubscription", freely executable by the interested party at any time through the link contained at the bottom of each message sent, or with an explicit request from the interested party.

    - Conferment: Failure to provide the email address and consent will make it impossible to obtain the newsletter service. The interested parties can at any time exercise their rights in relation to this service, recognized by the legislation on the protection of personal data, expressly referred to in No. 8) of this information and in the manner provided therein.
  • Sending comments regarding an article

    - Purpose and legal basis of the treatment: the name and email address are requested, in order to leave a comment to an article.

    - Data retention period: the data are kept until the request for cancellation of the account of the interested party or of the individual or of all comments.

    - Scope of communication: the data are processed by the owner, manager and data processors regularly authorized. The name and / or email address of the author of the comment may be mentioned in the comment itself.

    - Conferment: failure to provide the mandatory data when sending the comment makes it impossible to comment.
  • Sending messages via contact form or quick contact form

    - Purpose and legal basis of the processing: The identification and contact data necessary to be able to respond promptly to requests sent by the interested party, such as email address and possibly order reference, are requested. The sending of the request is subject to specific, free and informed consent (GDPR-Art.6, paragraph1, letter a) documented through a special check-box (GDPR-Art.7, paragraph1).

    - Data retention period: The data are kept for times compatible with the purpose of the collection and are not saved on a database, but used to provide an answer to the request of the interested party.

    - Conferment: The provision of data referred to the mandatory fields is necessary in order to obtain a response, while the optional fields are aimed at providing useful elements to interpret the request.
  • Sending messages via the "work with us" form and the like, for sending CVs

    - Purpose and legal basis of the processing: The identification, contact details and curriculum vitae required to respond promptly to the application are requested. The sending of the request is subject to specific, free and informed consent (GDPR-Art.6, paragraph1, letter a) documented through a special check-box (GDPR-Art.7, paragraph1).

    - Data retention period: The data are stored for times compatible with the purpose of the collection, or to comply with the analysis of the application and used to provide answers to the request of the interested party. Any curriculum without the authorization to process the data will be immediately deleted, with all the attached data.

    - Conferment: The provision of data relating to the mandatory fields is necessary in order to send an application, while the optional fields are aimed at providing useful elements to interpret the request.
  • Reservation form

    - Purpose and legal basis of the processing: the identification data required to create a reservation is required to take advantage of the possibility to book a service on the site, by way of example but not limited to name, surname, addresses, email addresses, telephone. The sending of the request is subject to specific, free and informed consent (Art. 6 GDPR, paragraph 1, letter a) documented through a special check-box to be checked (GDPR-Art.7, paragraph 1). After the booking request, it is possible to receive emails regarding information on the activity voluntarily concluded by the interested party (for example, after the booking, the status of the booking can be notified).

    - Data retention period: The data is stored until the request for cancellation of the interested party, unless there are particular legal and fiscal keeping obligations.

    - Conferment: the provision of data relating to the mandatory fields is necessary in order to take advantage of the services offered by the site.
  • Live Chat

    - Purpose and legal basis of the treatment: it is a tool, managed by third parties, for fast and synchronous contact with a company operator for user support service. Some identification data such as customer name and email may be required to start a chat. In the event that the chat is offline due to the absence of operators, the name and email data will be required to fill out a form that will send an email to the company address, similar to the simple contact form. It is possible that, even if the Users do not use the service, the same collects Usage Data relating to the pages in which it is installed. Additionally, live chat conversations may be recorded. The sending of the request is subject to specific, free and informed consent (GDPR-Art.6, paragraph1, letter a) documented through a special check-box (GDPR-Art.7, paragraph1).

    - Data retention period: The data are kept for times compatible with the purpose of the collection and are not saved on a database, but used to provide an answer to the request of the interested party.

    - Conferment: The provision of data referring to the mandatory fields is necessary to start being able to obtain a response, while the optional fields are aimed at providing useful elements to interpret the request.
  • Feedback and reviews

    - Purpose and legal basis of the treatment: This service allows the user to release a review and / or feedback regarding a product / service. You can only leave a review if you are logged in on the platform. No personal data is requested which has not already been processed for registration on the platform. All users will be able to view the name and first letter of the surname of the author of the review (the author will therefore not be identifiable).

    - Data retention period: The data is kept until the possible cancellation of the feedback / review or until the request for cancellation of the interested party.

    - Conferment: The form for the release of the feedback / review may be non-fillable if the user is not registered (having already given consent to the processing of data) and / or if he has not performed certain actions foreseen for the release of the feedback / review (e.g. it is possible to review a product only after purchasing it).
  • Data voluntarily provided by the user

    - The optional, explicit and voluntary sending of e-mail and / or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. If the sender sends his CV to submit his professional application, he remains solely responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without the authorization to process the data will be immediately canceled.
4) PURPOSE AND LEGAL BASIS OF THE PROCESSING, RETENTION TIME OF PERSONAL DATA NOT OBTAINED FROM THE INTERESTED PARTY

Personal identification data will be processed exclusively by the owner, manager and data processors duly authorized unless otherwise specified. Such data may be necessary for the interested party to take advantage of certain features and services made available by the site, for the following purposes:

  • Access log

    - Purpose and legal basis of the treatment: the access logs are used to keep track of the inputs on the site, for control and security operations. IP addresses and access times are saved. These data are not directly related to an identified or identifiable person, due to the widespread use of dynamic IP.

    - Data retention period: the logs are kept for 10 years or until canceled on any request or need, which can take place before the established time. Scope of communication: the data are processed by the owner, manager and persons in charge of the treatment regularly authorized. Only in the event of an investigation will they be made available to the competent authorities.

    - Conferment: The data are not provided by the interested party but automatically acquired by the technological systems of the site. Navigation data
  • Navigation data

    During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could - through processing and association with data held by third parties - allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ‚Äč‚Äčnotation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. Visiting the site automatically collects the following information: Hostname of the user. The hostname or Internet Protocol address of the user requesting access to the site. HTTP header, and the "user agent" string which includes: the type and version of browser used and the operating system with which the browser works. System date. The date and time of the user's visit. Complete request. The exact request made by the user. Content length. The consistency, in bytes, of each document sent to the user. Method. The request mode used. Universal Resource Identifier (URI). The location of resources on the server. The URI Request string, that is, everything that is after the question mark in the URI. Type of device used for consulting the site. Protocol. The transmission protocol and the version used.

    - Purpose and legal basis of the processing: These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site (legitimate interests of the owner).

    - Data retention period: The data are normally kept for short periods of time, i.e. from a single session up to 2 years from the visit of the page, with the exception of any extensions connected to investigation activities.

    - Scope of communication: the data are processed by the owner, manager and data processors regularly authorized. Only in the event of an investigation will they be made available to the competent authorities.

    - Conferment: The data are not provided by the interested party but automatically acquired by the technological systems of the site.
5) PRIVACY REGARDING COOKIES

Cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored and then retransmitted to the same sites on the next visit by the same user.

  • Cookies that do not identify the user
    For these cookies, of a technical nature, consent is not provided, but only the dedicated information, as they do not identify the user or make it identifiable, and are necessary for the correct use of the site.
  • First-party navigation or session cookies: hey guarantee normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas): our site uses non-persistent technical cookies for the sole purpose of improve your browsing experience and allow faster access later.
  • Functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided.
  • Analytical cookies, assimilated to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site.
  • Cookies that can identify the user
    For these cookies, the user's consent is required, who can choose to disable them with the appropriate "Disable Cookies" button in the short information notice of the Cookies or through the configuration of your browser in use (see the information extended on Cookies on this site). They are mostly third-party cookies, created, installed and readable by a site other than the one the user is visiting, and whose data are stored by the third party and for which the cookies and data processing policy of the third. The duration of these cookies ranges from a single session to two years from visiting the page. Users can check which third-party cookies are, and possibly disable them, by visiting the link relating to the extended information on cookies. We remind you that disabling or blocking some or all cookies can compromise the complete use of the site or, more generally, its consultation.
6) DATA SECURITY MEASURES

Specific security measures are observed to prevent data loss (through the use of backups), illicit or incorrect use and unauthorized access (through the use of passwords). The site also has an Https / SSL security certificate. The physical server, on which the personal data resides, is located in Frankfurt (Germany), protected by a double UPS system, an uninterruptible power supply motor for prolonged blackouts, temperature and humidity monitoring, distributed extinguishing system, 24-hour surveillance 24 and 365 days a year, registered and controlled access. Where it has been provided to the data subject or the data subject has chosen a password to access certain parts of our website, the data subject is directly responsible for keeping this password confidential, forcing himself not to share it with anyone.

7) NOTIFICATION OF PERSONAL DATA BREACHES (Reference Articles 33 and 34 GDPR)

Pursuant to art. 33 GDPR The Data Controller or the Data Processor will notify the Supervisory Authority of any violations of personal data of which they become aware and if from this violation risks for the rights and freedoms of the interested parties derive, within 72 hours and in any case without unjustified delay. Pursuant to art. 34 GDPR if the breach of data security presents a high risk for the rights and freedoms of natural persons, the Data Controller shall notify the person concerned of the violation, without justified delay, except for the cases referred to in paragraph 3 of the art. 34 GDPR.

8) RIGHTS OF THE INTERESTED PARTIES
Right to withdraw consent (reference Art.7 GDPR)

The interested party has the right to revoke the consent previously granted, considering that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation. In the event of a request for revocation, the data of the interested party will be deleted, except for the need to continue processing (for a different legal basis or for example tax obligations).

Right to access the data of the interested party (reference Art. 15 GDPR)

The interested party can independently view their personal data from the panel dedicated to him, if registered. Furthermore, the interested party has the right to obtain confirmation from the data controller that personal data concerning him or her is being processed and in this case, to obtain access to their data. If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees relating to the transfer.

Right of rectification (reference Art. 16 GDPR)

The interested party can independently edit their personal data from the panel dedicated to him, if registered. Furthermore, the interested party has the right to obtain from the data controller the correction of his / her personal data which is not exact without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Right of cancellation or right to be forgotten (Reference Art. 17 GDPR)

The interested party has the right to obtain from the data controller the cancellation of their personal data without undue delay. The owner will delete these personal data, upon request, without undue delay. If the data controller has made public the personal data, he is obliged to delete them, taking into account the available technology and implementation costs, adopting reasonable measures to inform the other data controllers that they are processing the personal data of the interested party, of the request for the latter to delete any link, copy or reproduction of his personal data.

It is underlined that the right of cancellation may not apply in case the treatment is necessary for:

  • the exercise of the right to freedom of expression and information;
  • the fulfillment of a legal obligation
  • reasons of public interest in the public health sector
  • purposes of archiving in the public interest, scientific, historical or statistical research
  • the assessment, exercise or defense of a right in court
Right to limit the processing (reference Art. 18 GDPR)

With the right to limit the processing, the interested party can request the limitation of use of their data, excluding the conservation of the same. This limitation can be exercised not only in case of violation of the conditions of lawfulness of the treatment, but also if the interested party appeals to the right of rectification (pending the latter) or opposes the processing of his data (pending evaluation by the holder of this opposition).

Notification obligation (reference Art. 19 GDPR)

The data controller will communicate to each of the recipients to whom the personal data have been transmitted, any corrections, cancellation or limitations of the processing requested by the interested party, provided that this does not prove impossible or involves a disproportionate effort. The data controller, if requested, will communicate to the interested party the recipients of his personal data to whom he must transmit his will to exercise the right.

Right to data portability (reference Art. 20 GDPR)

The interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the data concerning him and provided by him to the data controller, without impediments, provided that they do not damage the rights and freedoms of others and if they are processed in an automated format (paper archives are excluded). Portability does not involve the deletion of data.

Right to object (reference Art. 21 GDPR)

The interested party has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him, including profiling. In this case, the owner will refrain from further processing the personal data of the interested party who has made use of the right of opposition, unless he demonstrates the existence of legitimate and mandatory reasons for proceeding with the processing that prevail over the interests, rights and freedom of the interested party or for the assessment, exercise or defense of a right in court. Means of Complaint and Appeal before the competent Administrative and Judicial Authorities. The interested party, if he believes that the processing of data concerning him has not respected, in any capacity, the provisions prescribed by Legislative Decree n. 196/2003 and EU Reg. No. 679/2016, or believes that the rights it enjoys based on the aforementioned provisions of the law have been violated, can promote a complaint before the Control Authority and / or promote an appeal before the competent judicial bodies, pursuant to art. 77, 78 and 79 (GDPR), as well as the right to obtain compensation for any damages pursuant to art. 82 (GDPR).

9) METHOD OF EXERCISE OF RIGHTS

The interested party who wants to take advantage of the data access rights and the right of rectification can freely and at any time access their user area to view and rectify the data they have released and which are processed by the site independently. The interested party may also request the exercise of the foregoing and all other rights by communicating it to the Data Controller at the addresses indicated in the contact section of this site. The deadline for replying to the interested party is, for all rights (including the right of access), 1 month, extendable up to 3 months in cases of particular complexity (pursuant to art. 12 GDPR). The Data Controller or the Data Processor will in any case give feedback to the interested party within 1 month of the request, even in case of refusal. The exercise of rights is, in principle, free of charge for the interested party, but there may be exceptions. It is up to the owner to evaluate the complexity of the feedback to the interested party and to establish the amount of any contribution to be asked from the interested party, but only if it is a question of manifestly unfounded or excessive requests, in particular for their repetitive nature; if multiple "copies" of personal data are requested in the case of the right of access, the owner could take into account the administrative costs incurred. The owner has the right to request information necessary to identify the interested party, and the latter has the duty to provide it, in an appropriate manner. The response to the interested party, unless otherwise indicated by the interested party, will normally take place in writing, in an electronic format of common use. Feedback can be given orally if the interested party so requests.

10) MINORS

The consent of minors is valid from 16 years; before this age the consent of the parents or whoever takes their place must be collected. Updating of the Privacy Policy It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence, therefore the interested party is invited to periodically consult this policy. This page is visible through the link at the bottom of all the pages of the Site pursuant to art. 122 second paragraph of Legislative Decree 196/2003 and following the simplified procedures for the information and the acquisition of consent for the use of cookies published in the Official Gazette No. 126 of June 3, 2014 and its register of measures No. 229 of May 8, 2014.

11) GOOGLE API SERVICES USER DATA POLICY

NovaPro's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

UPDATES

This Privacy Notice is updated on 01 March 2020