1. Personal data controller and personal data processor
1.1. The Data Controller, Nectaware S.r.L., which has its legal headquarters at Via Arenula 16, 00198, Rome, VAT no. 13280841001, tax no. 13280841001 (hereafter referred to as “Nectaware” or the “Controller”) will process the personal data you provided through the www.Nectaware.com website (hereafter the “Website”) in compliance with applicable current privacy and personal data protection legislation, and this privacy policy.
1.2. When you subscribe to the various services or to gain access to the aforementioned, you will be given the names of any further Data Controllers or Data Processors.
2. Data Protection Officer (DPO)
2.1. The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email address dpoNectaware@Nectaware.com.
3. Purpose and Method of procession
3.1. Nectaware will process the personal information you provide us or which has been legitimately collected by the Controller (“Personal Data”). The following Personal Data in particular will be processed:
3.1.1. Contact information: name, surname, email address, telephone number and content of the message sent by you and other Personal Data that you may have provided during the communication. We will process this Personal Data in the case in which you make enquiries, request information or send us communications of any type. You send us this Personal Data at the moment in which you contact us. The processing of this Personal Data is necessary for us to provide a response to the communications received from you or to the requests that you have made. The provision of any further Personal Data by you is completely voluntary.
3.1.2. Navigation data: the IT and electronic communications systems and software procedures put in place to allow the Website to function, will, in the course of their normal work, collect certain data (e.g. access date and time, pages visited, name of the Internet Service Provider and Internet Protocol (IP) address you use to access the internet, the internet address from which you connect to our Website, etc.), the transmission of which is implicit in the use of web communications protocols or is pertinent to effective management or optimisation of the data or email sending system.
3.2. In the context of this privacy policy, Personal Data processing refers to any operation or group of operations carried out using automated processes and applied to Personal Data, such as collection, recording, organisation, structuring, conservation,adaptation or modification, extraction, consultation, use, communication through transmission, dissemination or any other available means, comparison or interconnection, restriction, erasure or destruction.
3.3. Please be informed that this Personal Data will be processed manually and/or using IT or electronic support.
4. Purposes and legal bases of processing
4.1. Nectaware will process your Personal Data for very specific purposes and only if there is a specific legal basis provided for under applicable personal data protection and privacy legislation. Specifically, Nectaware will process your Personal Data only when one or more of the following legal requirements has been met:
- you have freely given your specific, informed, unambiguous and affirmative consent to the processing of said data;
- the processing is necessary to the performance of a contract to which you are a party or to take pre-contractual measures at your request;
- for the purposes of the pursuit of Nectaware’s legitimate interests;
- Nectaware has a legal obligation to process said Personal Data.
4.2. The following table lists the purposes for which your Personal Data can be processed by the Controller and the legal bases for said processing.
| Purpose of Processing | Legal basis |
|---|---|
| To allow you to use all of the Website’s functionalities | Performance of a contract |
| To check that the Website is functioning correctly | Performance of a contract |
| To establish responsibility in the case of cyber crime that has caused damage to the Website; the detection, prevention, mitigation or verification of fraudulent or illegal activities relating to the services provided on the Website; the performance of security controls required under law | Legitimate interest |
| To respond to a query or a request from the Data Subject | Implementation of pre-contractual measures adopted at the request of the Data Subject |
4.3. The provision of your Personal Data is necessary in all instances in which processing is a legal requirement or necessary to the performance of a contract to which you are a party or to the implementation of pre-contractual measures adopted at your request. Any refusal on your behalf may make it impossible for Nectaware to perform the task for which your Personal Data has been collected.
4.4. The provision of your Personal Data, however, is voluntary for any further purposes and failure to give your consent in such cases will have no effect on the completion of the contract. The obligatory or optional nature of the provision of data will be specified at the moment of its collection.
5. Personal Data Recipients
5.1. Your Personal Data may be made accessible for the abovementioned purposes, to:
- a) employees and staff of the Controller who, for that purpose, have been tasked with data processing, or to Nectaware Group companies in the European Union for the implementation of organisational, administrative, financial and accounting activities.
- b) to third party companies or other subjects to which the Controller outsources work required to allow the Website to function, in their role as external data processors.
6. Transfer of Personal Data
6.1. Your Personal Data will be processed within the European Union and stored on servers located within the European Union. The same data may be processed in countries outside the European Union, provided that an adequate level of protection is guaranteed, recognized by a specific adequacy decision of the European Commission. Any transfers of Personal Data to non-EU countries, in the absence of a European Commission adequacy decision, will only be possible if Data Controllers and Data Processors involved provide adequate guarantees of contractual nature, including Binding Corporate Rules and Standard Contractual Clauses. The transfer of your Personal Data to third countries outside the European Union, in the absence of an adequacy decision or otherappropriate measures as described above, will be made only if you have explicitly consented to it or in the cases provided for by the GDPR and will be processed in your interest. In these cases, we inform you that, although the Nectaware Group adopts operating instructions common to all the countries in which it operates, the transfer of your Personal Data may be exposed to risks related to the peculiarities of local legislation regarding the processing of Personal Data.
7. Period for which your data will be held
7.1. Personal Data processed for the purposes described above will be held in compliance with the principles of proportionality and necessity, and, in all cases, until the purposes of the processing have been completed.
8. Rights of the data subject
8.1. Under articles 15 – 21 of EU Regulation 2016/679 (GDPR), you have the right in relation to the Personal Data you provide
- a) To access and request a copy;
- b) To request rectification;
- c) To request erasure;
- d) To obtain restriction of data processing;e) To object to the processing;
- f) To receive in a commonly-used structured form readable on an automatic device and to transmit without impediment said data to another Data Controller in the case that this is technically feasible.
8.2. Please be informed that you have the right to object at any time to the processing of Personal Data relating to you that is carried out in the pursuit of Nectaware’s legitimate interests.
8.3. When you object to the processing of your Personal Data as per article 8.2, the Controller will refrain from further processing your Personal Data, except where convincing legitimate reasons for continuing with the processing have been established or for the verification, exercising or defence of a right in a court of law.
8.4. To exercise your rights and withdraw your consent, please write to this email address: info@nectaware.com
8.5. For further information relating to your Personal Data, you can contact Nectaware’s Personal Data Protection Officer at this email address m.carrellipalombi@nectaware.com. It is essential to insert the following subject line “Privacy” also.
8.6. Please note that you have the right to make a complaint to the relevant Personal Data protection authority.
8.7. If you are making your complaint to the Personal Data Protection Authority, you may do so in one of the following ways:
- a) By registered, return-receipt post, addressing your letter to: Garante per la Protezione dei Dati Personali, Piazza di Monte Citorio 121, 00186, Rome, ITALY;
- b) By e-mail: garante@gpdp.it or protocollo@pec.gpdp.it;
- c) By fax to: +39 06/696773785