Privacy Policy

Through this privacy policy drafted pursuant to Art.13 European Reg. No. 679/2016 (“Regulations” or “GDPR”) and in compliance with the principles contained therein, Namirial S.p.A. intends to inform each user (“the User”) of the processing of personal data collected through its websites and platforms.

DATA CONTROLLER

The Data Controller is Namirial S.p.A. (hereinafter “Data Controller” or “Namirial”) with registered office in via Caduti sul Lavoro, 4 – 60019 Senigallia (AN), P.IVA IT02046570426.

The Data Protection Officer (DPO) can be reached at the following email address: dpo@namirial. com – (PEC) dpo.namirial@sicurezzapostale.it

TYPES OF DATA COLLECTED

As part of the activities carried out by the User on on websites and/or platforms of the Data Controller, Namirial may process the following categories of personal data, depending on the purposes:

  • Biographical data (first name, last name, social security number, gender, date of birth, place of birth, nationality);
  • Details and copy of your ID;
  • Address data (residence and/or domicile);
  • Contact information (telephone number and e-mail address);
  • Browsing data (IP, connection data, domain names, and other parameters related to the operating system and browser you use);
  • Additional data voluntarily provided by the User.

METHODS OF PROCESSING AND ACCESS TO DATA

Namirial processes personal data in accordance with the principles of the Regulations by virtue of its legitimate interests related to the type of activity carried out and the need to execute existing contracts or pre-contractual measures requested by the data subjects.

The processing is carried out using automated and/or manual computer and telematic tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of the data.

The data are processed for the time necessary to carry out the service requested by the User, or required by the purposes described in this document, and the User can always request the interruption of the Processing or the deletion of the data. The data are accessible only by appointees, adequately trained and informed about their duties and the activities allowed to them on the collected data, who work on behalf of Namirial and who are recipients of instructions and tasks given by the Data Controller.

PLACE OF DATA PROCESSING

Personal data is processed at the Controller’s premises, as well as in the servers that host the website. Personal data is stored in servers located in the EU and will not be transferred outside the EU under any circumstances. The Data Controller ensures that when using cloud providers established outside the European Economic Area, the processing of personal data by these recipients is carried out in accordance with the principles of the GDPR. Transfers are made by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards required by the GDPR.

PURPOSE OF PROCESSING THE COLLECTED DATA

We will process your personal data for the following purposes:

  1. Conclusion of contract or execution of pre-contractual measures: the legal basis for this purpose is Article 6(1) b of the GDPR – Contract;
  2. Management and response to requests for technical and commercial assistance, including online: the legal basis for this purpose is Article 6(1) b of the GDPR – Contract;
  3. Fulfilment of national or EU legal, regulatory obligations: the legal basis for this purpose is Art. 6(1) c of the GDPR – Legal Obligation;
  4. Sending emails with informational content about services similar to those already purchased: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller;
  5. Statistical, business and market analysis, carried out in an absolutely anonymous and aggregated form: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller;
  6. To improve the website by analyzing how visitors or Users navigate and/or use the website: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller;
  7. Judicial protection of Namirial rights: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller;

And for the following purposes only if you have expressly given consent:

8 Promotional and marketing activities of the Data Controller: the legal basis for this purpose is Article 6(1)(a) of the GDPR – Consent.

SCOPE OF COMMUNICATION AND POSSIBLE DISSEMINATION

The data of Clients and Users may be disclosed to public administrations or public service providers when submitting applications for participation in procedures for the selection of a contractor, for the purpose of awarding contracts or concessions for the provision of goods or services, in accordance with the provisions of the regulations on public procurement, for technical qualification purposes.

Please note that data related to the contract and service activity may be disclosed to third parties appointed as external data processors (the full list is available from the Controller), business consultants for administrative and accounting purposes, and legal advisors for possible litigation management.

The data may also be communicated to police bodies or judicial authorities for purposes of ascertaining or repressing crimes committed by users of telematic services, where necessary. We also inform you that the data may also be processed within the limits of the purposes described in this privacy notice by third parties (such as companies controlled by and/or connected to Namirial S.p.A.) formally appointed by Namirial as external data processors or sub-processors.

The data may be communicated to those (private individuals or public administration), including those outside the European Union, in their legitimate interest and availing themselves of a right expressly attributed to them by the specific regulations in force on the subject, requesting an ascertainment of the identity of the Data Controller of the service provided by Namirial S.p.A. for investigative purposes or otherwise for the protection of its own legitimate interest.

The data are not disseminated, except for data from enterprises and companies for business reference purposes.

STORAGE AND DELETION OF PERSONAL DATA

Namirial will store the data of the data subjects in a form that allows their identification for no longer than necessary to achieve the purposes for which the data were collected. In any case, the user profile will be deactivated, and all personal data will be deleted in the event of non-use of the services offered for a period of 18 (eighteen) months.

Data strictly necessary for fiscal and accounting obligations, once the purpose for which they were collected has ceased, will be stored for a period of 10 (ten) years, as required by relevant regulations.

Data acquired through the use of the signature verification service (available at https://www.verificafirma.it) will be processed exclusively to achieve the purposes for which they were collected and will not be stored.

Data collected for marketing purposes will be retained until the consent is revoked by the data subject.

After these periods, Namirial will proceed with the deletion of the data of the data subjects.

EXERCISE OF RIGHTS BY USERS

The User may exercise all rights under Articles 15-21 of the GDPR at any time and without unjustified restriction by contacting the Controller at dpo@namirial.com.

Requests are filed free of charge and processed by the Controller within 30 days.In particular, the data subject may:

  • Obtain confirmation that treatment is in progress (Art.15);
  • Obtain rectification of inaccurate or incomplete data (Art. 16);
  • Obtain deletion of data without undue delay (Art. 17);
  • Restrict processing to only part of personal data (Art. 18);
  • Receive copies of personal data held by the Data Controller in a commonly used, machine-readable format; obtain unimpeded transfer to another Data Controller (Art. 20);
  • Object at any time to the processing of personal data. (Art. 21);

With regard to the purposes of processing that are based on consent, revoke it at any time. The data subject also has the right, pursuant to Article 77 of Regulation (EU) 2016/679, to lodge a complaint with the Data Protection Authority.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to modify and update the following Privacy Policy as a result of any new provisions of national or European data protection laws.

Last update: 19/09/2024