N&B s.r.l. Società Benefit Natural is Better company (hereinafter, “Owner”) headquartered in Martano (LE), Via N. Bellisario Z.A. VAT n° 03749670752, owner of personal data processing according to articles 4 and 28 of the Legislative Decree 30 June 2003, n. 196 (Privacy Code), wishes to guarantee a transparent personal data and privacy process, for its customers and suppliers, for website users and for each individual (hereinafter “interested” or “user”). Personal data and information to be processed by the Company will be treated in accordance to the terms of the EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2016/679 of April 27th, 2016 concerning to the protection of individuals in regards to the processing of personal data, as well as the free circulation of such data. For this reason, the Owner publishes this policy with the sole purpose of informing the end users on aspects indicated below:
- Owner (data controller)
- Subject of data processing
- Legal basis of the processing
- Purpose of the processing
- Data communication and diffusion
- Place of data processing
- Duration of processing
- Rights of the user
1 Data controller
Data controller is:
N&B S.r.l. Società Benefit
Via N. Bellisario Z.A.
73025 Martano (LE)
Contact mail : email@example.com – PEC: firstname.lastname@example.org
2 Subject od data processing
As a general rule, the end user may use the websites managed by the Data Controller when looking for information, without providing personal information or informing the Data Controller about his personal identity.
Processed personal data can be divided in 2 types:
2.1.1 Mandatory data: personal information. The Owner may collect personal information in order to directly communicate with the end user inreply to his questions andrequests.
Should the end user had to place products order, requests for technical material or any products supplies, in order to perform such required services and to answer all regulatory fulfillment the Owner may need to elaborate or use the end user personal information, collecting them verbally, through Web or e mail forms.
2.1.2 Optional data: commercial information, contact data, e-mail addresses and social or web pages.
They facilitate the exchange of commercial information between the Owner and the interested party. These data can be supplied at the end user discretion upon explicit consent.
2.1.3 Technical data: the Owner may collect technical information, such as end user’s IP address, in order to validate all requests for consent to data processing.
3 Legal basis for the processing
The data processing by the Data Controller, according to the GDPR regulations, is based on a few legal bases. The activities of the Data Controller are primarily governed by the below:
- The need to fulfill contract obligations is applicable in the case of products and services provided in compliance with the agreements signed with the user.
- Consent, if required for legal purposes
- Cconformity to legal obligations, such as defining requirements for communications or electronic invoicing.
4 Purpose of the processing
Data will be processed to allow the activities related to the establishment and management of the requested service to the Owner. Commercial information will be only sent if expressly authorized by proper consent.
Data will be processed lawfully, fairly and with the utmost confidentiality, in compliance with the security measures as provided by Law and GDPR.
Personal information, directly provided by the interested party and/or collected by filling in electronic or paper forms (order forms, events and fairs registration forms, etc.), are treated for the following purposes:
a. fa. providing the services requested by the user or available on sites managed by the Data Controller, as well as the contract conclusion;
b. managing, accounting and tax purposes in relation to service contracts;
c. sending commercial and technical information, with explicit consent only, such as quotes, technical or functional datasheets, commercial offers by e-mail, fax, letters, social contacts, text messages;
d. business contacts by the Owner and partner companies (phone, direct e-mail, etc.);
e. gifts, representative material offered or promoted from Owner through authorized agents/resellers/partners.
The provision of mandatory data for the intended purpose is necessary to complete the service/request or supply. Any refusal shall mean the contract agreement between the parties cannot be done or kept.
The consent to data processing for particular purposes is optional, but it is necessary and mandatory in order to take advantage of commercial information about the products and services offered by the Owner. Any quotes and offers requested before the establishment of a contract relationship between the parties may not be provided without the express consent of the user. Please note that the e-mail address provided by the user may be exported to a CRM for the purpose of sending newsletters, in accordance withart.130, paragraph 4, Privacy Code.
5 Data communication and diffusion
The mandatory data related to the user may be disclosed to commercial consultants for managing and accounting purposes, to lawyers for litigation management purposes, and to bankers for their normal activity of collecting due amounts.
The data are not diffused, except those of companies with the aim of commercial reference, and in case of legitimated request by locallaw authority and in other cases specified by law.
6 Place of processing
Collected data are processed at Owner’s headquarters, or at Web Hosting servers located within the European Union. The web hosting itself, responsible for the data processing on behalf of the Owner, legally resides in the European Economic Area and acts in accordance with European Laws.
7 Duration of the treatment
All mandatory data for contract and accounts purposes are kept for the needed time in order to manage the business and its accounting and, in any case not later than 10 years after the end of the business.
The data of those who don’t establish a commercial relationship with the Owner, despite having had a previous contact with company’s representatives, will be deleted or treated anonymously within a maximum period of 60 days, unless the users’ informed consent has been anyway expressly obtained in light of a subsequent commercial promotion or market research.
8 Rights of The user
In accordance with the European Regulation 679/2016 (GDPR) and with Owner’s Country legislation, the user may claim the following rights in accordance with specs and limits imposed by the local Law:
A. The user has the right to obtain confirmation of the existence of personal data concerning him, even if not yet registered, and their communication in an intelligible form (access right).
B. The user has the right:
- to obtain indication of the origin of recorded data;
- to have information on the logic, methods and purposes of the processing;
- to know the logic applied in case of organized treatment with the help of electronic tools;
- to know the identification data of the owner, the managers and eventual representatives; the subjects whom his personal data can be communicated to or who could know them as responsible for their management.
C. The user has the right to obtain:
- the data update, rectification or integration;
- deletion, transformation or blocking of data processed in breach of the law, including those which retention is not needed in relation to the purposes for which they have been collected or subsequently processed;
- proof that the operations referred to the above points have been revealed even to those whom data have been disclosed or diffused, except if such fulfillment is impossible or involves the use of manifestly disproportionate means to the protected right.
D. The user has the right to object, in total or partially:
- for legitimate reasons related to personal data processing, although relevant to the purpose of their collection;
Also according to GDPR’s art. 15 and subsequent, the user has the right to request access, correction or deletion ofhis personal dataat any time. He can claim the limitation of treatment in the exceptions stated at GDPR’s art. 18, and he can also claim such data in a structured, common use format and readable by automatic device, in those cases stated at GDPR’s art. 20. At any time, the user can revoke ex GDPR’s art. 7 the given consent, and complain to the relevant Authority ex GDPR’sart.77 if he considers that the processing of his data is contrary to the legislation.
The user can present a request of opposition to the processing of his personal data ex GDPR’sart. 21, in which heprovides evidence of the reasons that justify such opposition: the Owner reserves the right to evaluate the request, which would not be accepted in presence of legitimated reasons for data treatment overriding the user’s interests, rights and freedoms.
The user shall claim his rights to the Ownerthrough a registered mail oraCertified e-Mail.