Privacy Policy
pursuant to and for the purposes of art. 13 of Regulation (EU) 679/2016
Privacy Policy
Premise
This page describes the management methods of this site with reference to the processing of personal data of users who consult it and who use the related services offered by it, in compliance with art. 13 Legislative Decree 6/30/2003 n. 196 and of the art. 13 EU Regulation no. 2016/679 (for brevity Regulation).
This information can be consulted by selecting the appropriate link at the bottom of all pages of the site. By processing of personal data we mean any operation or set of operations performed with or without the aid of automated processes and applied to personal data, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, pseudonymisation, cancellation or destruction.
Users who wish to send data via the site are advised to carefully read the content of this privacy policy before providing their respective personal data.
General informations
Consultation of the site can take place as a simple visitor or as a registered user. To proceed with the registration, the user must complete the registration procedure referred to in the conditions of use which can be consulted on the site. The procedure for registering on the site necessarily involves entering the user's personal data, which will be treated in compliance with this privacy policy and the regulations referred to therein.
In particular, data processing will be carried out in compliance with the principles of lawfulness, correctness, transparency, accuracy, integrity and confidentiality pursuant to article 5 of the Regulation, guaranteeing the protection of the user's rights provided for by articles 12-22 of the same Regulation.
In the event of disagreement by the user with respect to the content of this privacy policy, the same is invited not to proceed with the procedure for registering his data on this site.
Data Controller and Data Processor
The Data Controller is Nexus Emilia Romgna
The updated list of managers and persons in charge of processing is kept at the registered office of the Data Controller.
The Data Controller and Data Processor is responsible for adopting decisions regarding the purposes and methods of data processing, as well as regarding the adequate technical and organizational measures to adopt pursuant to Article 32 of the Regulation, to ensure that the processing of the data is carried out in compliance with the provisions of the latter.
Purpose of the treatment
User data is collected and used exclusively for the purposes summarized below:
1. creation and activation of an account on the site;
2. conclude the contracts for the services of the Data Controller;
3. operation and access to the services provided by the Owner and reserved for the registered user;
4. registration on the site for the use of the relative services;
5. sending to the e-mail address provided by the user discount coupons or promotions which can be used by the same when sending the purchase order for the selected products;
6. sending, via the e-mail address provided by the user, the answers to the questions and/or requests for clarification formulated by the user himself, regarding any products marketed and the services offered by the site;
7. processing of anonymous statistics
Only with your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Marketing Purposes:
1. send you by e-mail, mail and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and detection of the degree of satisfaction with the quality of the services;
2. send you commercial and/or promotional communications from third parties (for example, business partners, insurance companies, etc.) via e-mail, post and/or sms and/or telephone contacts.
Types of data processed
The Owner collects, manages and stores the identification, personal and sensitive data of the User, who, by freely providing his data, declares his willingness to become a Registered User following the completion of the registration process provided on the site.
Data relating to the User
The identification and personal data of the user are collected exclusively for the purposes described above. In addition to personal data (by way of example, name, surname, e-mail address), the processing of data may also concern sensitive data.
Sensitive data
When registering, the user may provide data of a sensitive nature such as information suitable for revealing his racial and ethnic origin.
Data provided voluntarily by the user electronically
The data that the user should spontaneously communicate to the Data Controller using the e-mail address er_nexus@er.cgil.it will be processed in compliance with the principles of correctness, lawfulness, transparency and adequacy with which the treatment must comply, in order to guarantee the protection of privacy and user rights. These data are used for the sole purpose of performing the service and/or provision requested by the user and may be disclosed to third parties only if this is strictly necessary for the execution of the user's request.
Data communication
The user's personal data may be communicated to specific subjects, appointed by the Data Controller to supply services instrumental or necessary for the execution of the obligations connected with registering on the site and making online purchases, within the limits and in accordance with the instructions given.
In particular, the data may be communicated to:
1. persons, companies or professional studios, which provide – by way of example – assistance, consultancy or collaboration to the Data Controller in accounting, administrative, legal, tax and financial matters;
2. third parties (couriers, shippers) in charge of packing, shipping and/or delivering the products ordered by the registered user;
3. all those subjects (including public authorities) who have access to personal data by virtue of regulatory or administrative provisions.
Methods of treatment
The user's data will be stored both on IT media and, where necessary, on paper media in compliance with the provisions contained in the Regulation: they will be processed through registration, consultation, communication, conservation, cancellation, rectification, updating operations, carried out mainly with the help of electronic tools, ensuring the use of adequate measures to guarantee the security of the data processed and the confidentiality of the same.
Following periodic checks, the Data Controller will verify the strict relevance and non-excess of the data
collected with respect to the obligations and purposes of the processing.
The user will be held responsible for the truthfulness of the data; it is therefore up to the user to verify the correctness of the data concerning him and, if necessary, proceed with the rectification, updating or, in any case, modification of the data during processing.
The user's data is stored and processed for the time necessary to perform the services requested by the same in compliance with the purposes listed above in this information, in compliance with civil, fiscal and tax obligations.
In the event of cancellation or disabling of the user's account, the user's data will be kept exclusively for the times necessary and required to fulfill specific legal obligations on the conservation of accounting and tax documents.
User rights
The subjects to whom the processed personal and identification data refer enjoy the rights provided by the Regulations which are summarized below:
ask the Data Controller for access to personal data concerning him;
obtain the indication of the origin of the data, of the purposes of the treatment, of the logic applied in case of treatment carried out with the aid of electronic instruments, of the identification details of the owner, of the persons in charge of the treatment and of the designated representative;
obtain the indication of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as designated representatives in the territory of the state, managers or agents;
obtain updating, rectification or, when interested, integration of data;
the cancellation, transformation into anonymous form or pseudonymisation or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were collected or subsequently processed;
propose a complaint to the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority on garanteprivacy.it;
object in whole or in part for legitimate reasons to the processing of data concerning him, even if pertinent to the purpose of the collection.
– via registered mail with return receipt Nexus Emilia Romgna in Via Marconi 69, 40122 Bologna (Italy);
– by email to the address er_nexus@er.cgil.it
Security measures
The Data Controller adopts security measures, in compliance with the provisions of the Regulation, suitable for the purpose of minimizing the risks of destruction or loss - even accidental - of data, unauthorized access or treatment not permitted or not compliant with the purposes of collection indicated in this Privacy Policy.
Data Breach
In the event of an IT incident involving the violation of the processed data, the Data Controller pursuant to article 33 of the Regulation is responsible for communicating and notifying the fact to the Guarantor within 72 hours from the moment in which he became aware of it and to his address of e-mail by following the instructions available on the site https://web.garanteprivacy.it/rgt/NotificaTelematica.php