DATA CONTROLLER

The Data Controller is Namirial S.p.A. (hereinafter “Data Controller” or “Namirial”) with registered office in via Caduti sul Lavoro, 4 – 60019 Senigallia (AN), P.IVA IT02046570426.

The Data Protection Officer (DPO) can be reached at the following email address: dpo@namirial. com – (PEC) dpo.namirial@sicurezzapostale.it

Pursuant to the Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes how the personal data of users consulting Namirial websites are processed.

 

TYPES OF DATA COLLECTED

As part of the activities carried out by the user on the indicated websites, Namirial may process, depending on

Of the purposes, the following categories of personal data:

  • Biographical data (first name, last name, social security number, gender, date of birth, place of birth, nationality);
  • Copy of your ID;
  • Address data;
  • Contact information (telephone number and e-mail address);
  • Browsing data (cookies, usage data);

 

METHODS OF PROCESSING AND ACCESS TO DATA

Namirial processes personal data in accordance with the principles of the Regulations by virtue of its legitimate interests related to the type of activity carried out and the need to execute existing contracts or pre-contractual measures requested by the data subjects.

The processing is carried out using automated and/or manual computer and telematic tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of the data.

The data are processed for the time necessary to carry out the service requested by the User, or required by the purposes described in this document, and the User can always request the interruption of the Processing or the deletion of the data. The data are accessible only by appointees, adequately trained and informed about their duties and the activities allowed to them on the collected data, who work on behalf of Namirial and who are recipients of instructions and tasks given by the Owner.

 

PLACE OF DATA PROCESSING

Personal data is processed at the Controller’s premises, as well as in the servers that host the website. Personal data is stored in servers located in the EU and will not be transferred outside the EU under any circumstances. The Data Controller ensures that when using cloud providers established outside the European Economic Area, the processing of personal data by these recipients is carried out in accordance with the principles of the GDPR. Transfers are made by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards required by the GDPR.

 

PURPOSE OF PROCESSING THE COLLECTED DATA

We will process your personal data for the following purposes:

  1. Conclusion of contract or execution of pre-contractual measures: the legal basis for this purpose is Article 6(1) b of the GDPR – Contract;
  2. Management and response to requests for technical and commercial assistance, including online: the legal basis for this purpose is Article 6(1) b of the GDPR – Contract;
  3. Fulfilment of national or EU legal, regulatory obligations: the legal basis for this purpose is Art. 6(1) c of the GDPR – Legal Obligation;
  4. Sending emails with informational content about services similar to those already purchased: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller;
  5. Statistical, business and market analysis, carried out in an absolutely anonymous and aggregated form: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller;
  6. To improve the website by analyzing how visitors or Users navigate and/or use the website: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller;
  7. Judicial protection of Namirial rights: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller.

 

 

PROVISION OF DATA

The provision of the data referred to in points a), c) and g) is compulsory in order to allow the conclusion of the contract or for the provision of the requested services and performances. The provision of the data in the further points is optional: you may at any time ask the Data Controller to stop the processing activities without any consequences in the scope of the services provided to you.

 

SCOPE OF COMMUNICATION AND POSSIBLE DISSEMINATION

The data of clients and customers may be disclosed to public administrations or public service providers when submitting applications for participation in procedures for the selection of a contractor, for the purpose of awarding contracts or concessions for the provision of goods or services, in accordance with the provisions of the regulations on public procurement, for technical qualification purposes.

Please note that data related to the contract and service activity may be disclosed to third parties appointed as external data processors (the full list is available from the Controller), business consultants for administrative and accounting purposes, and legal advisors for possible litigation management.

The data may also be communicated to police bodies or judicial authorities for purposes of ascertaining or repressing crimes committed by users of telematic services, where necessary. We also inform you that the data may also be processed by third parties (such as companies controlled by and/or connected to Namirial S.p.A.) formally appointed by Namirial as external data processors or sub-processors.

The data, with the exclusion of those falling into particular categories of personal data, may be communicated to those (private individuals or public administration), including those outside the European Union, in their legitimate interest and availing themselves of a right expressly attributed to them by the specific regulations in force on the subject, requesting an ascertainment of the identity of the owner of the service provided by Namirial S.p.A. for investigative purposes or otherwise for the protection of its own legitimate interest.

The data are not disseminated, except for data from enterprises and companies for business reference purposes.

 

EXERCISE OF RIGHTS BY USERS

The User may exercise all rights under Articles 15-21 of the GDPR at any time and without unjustified restriction by contacting the Controller at dpo@namirial.com. Requests are filed free of charge and processed by the Holder within 30 days.

In particular, the User may:

  • Obtain confirmation that treatment is in progress (Art.15);
  • Obtain rectification of inaccurate or incomplete data (Art. 16);
  • Obtain deletion of data without undue delay (Art. 17);
  • Restrict processing to only part of personal data (Art. 18);
  • Receive copies of personal data held by the owner in a commonly used, machine-readable format; obtain unimpeded transfer to another Owner (Art. 20);
  • Object at any time to the processing of personal data. (Art. 21);

With regard to the purposes of processing that are based on consent, revoke it at any time.

 

CHANGES TO THIS PRIVACY POLICY

The Owner reserves the right to modify and update the following Privacy Policy as a result of any new provisions of national or European data protection laws.