Privacy disclaimer Information pursuant to and for the effects of Legislative Decree 30 June 2003, n. 196 of the art. 13, (Personal Data Protection Code) and EU Regulation 2016/679 on data protection (GDPR, General Data Protection Regulation UE 2016/679) Dear User, pursuant to art. 13 of the “Code regarding the protection of personal data” and of the Data Protection Regulation (GDPR, General Data Protection Regulation UE 2016/679), 4neXt S.r.l.s. Società Unipersonale (hereinafter also “4NEXT”) as data controller, provides you with information regarding the processing of personal data of Users who consult the websites:
SECTION I Who we are and what data we process (Article 13, paragraph 1 (a), Article 15 (b) GDPR) 4neXt, with registered offices at: Via A.Moro, 12 30030 Vigonovo Italy, acts as the Data Controller and can be reached at firstname.lastname@example.org and collects and/or receives information relating to you, such as:
|Category of data||Examples of types of data|
|Contact details||First name, last name, email address(es)|
|Internet traffic data||Logs, originating IP address|
4neXt does not require you to supply so-called “private” data, that is, according to the provisions of the GDPR (Art. 9), personal data that identifies race or ethnicity, political opinions, religion or philosophy, or any union affiliation, nor any genetic or biometric information used to uniquely identify a physical person, data associated with health or one’s sex life, or sexual orientation. SECTION II Why we need your data (Art. 13, paragraph 1 GDPR) The data is used by the Data Controller to fulfill the registration request and for the supply contract on the pre- selected Service and/or Product purchase, to manage and execute the contact requests forwarded by you, offer assistance, fulfill legal and regulatory obligations demanded of the Data Controller in accordance with the activities performed. In no case will 4neXt resell any of your personal information to third parties nor use it for any purpose not stated. In particular, your data will be processed for:
- a) registration and contact information, and/or informational materials
Your personal data is processed to implement preliminary actions and those following a registration request, to manage information and contact requests, and/or to send informational materials, as well as to satisfy any and all other obligations arising herewith. The legal basis for this processing is to provide the services relating to a request for registration, information and contact, and/or the sending of informational materials, and to comply with legal requirements.
- b) promotional activities on Services/Products that are similar to those you have purchased (Clause 47 GDPR)
The Data Controller, even without your explicit consent, may use the contact information you provided for direct sales of its own Services/Products, limited to those Services/Products that are similar to the ones included in the sale, unless you specifically refuse.
- c) digital security
The Data Controller, in line with the provisions of Clause 49 of the GDPR and through its providers (third parties and/or recipients), processes your personal data involving traffic only to the extent strictly necessary and proportional to guarantee security of the networks and the information. This means the capacity of a network or information system to block, at a given level of security, any unforeseen events or illegal or malicious acts that would compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. The Data Controller will immediately notify you if there is any risk of violation of your data, except for any obligations noted in the provisions of Art. 33 GDPR associated with notifications of personal data violations. The legal basis for this processing is to comply with legal requirements and the legitimate interests of the Data Controller in undertaking processing for the purpose of protecting corporate assets and the security of the 4neXt Group’s offices and systems.
- d) profiling
Your personal data may also be processed for profiling purposes (such as analyzing the transmitted data and the pre-selected Services/Products, suggesting advertising messages and/or business offers in line with user selections) exclusively when you have given explicit and informed consent. The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time (see Section III). Communication to third parties and categories of recipients (Article 13, paragraph 1 GDPR) Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the activities relating to the contract established, and to meet certain legal requirements, such as:
|Categories of recipients||Purposes|
|Third party providers||Performance of services (assistance, maintenance, delivery/shipping of products, performance of additional services, providers of networks and electronic communication services) associated with the requested service|
|Formally mandated subjects or those with recognized legal rights||Legal representatives, administrators, guardians, etc.|
* The Controller requires its own third party providers and Data Processors to adhere to security measures that are equal to those adopted for you by restricting the Data Processor’s scope of action to processing directly related to the requested service. SECTION III How we process your data (Article 32, GDPR) The Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of your personal data, and requires the same security measures from third party providers and the Processors. Where we process your data Your data is stored in hard copy, electronic and remote archives located in countries where the GDPR is applicable (EU countries). How long is your data stored? (Article 13, paragraph 2 (a) GDPR) Unless you explicitly express your own desire to remove it, your personal data will be stored until required for the due purposes for which it was collected. In particular, the data will be stored for the entire duration of your registration and in any case for no longer than a maximum period of 12 (twelve) months of inactivity, that is, within this time period, there have been no Services and/or Products purchased using this registration. It is also important to add that, should the user forward to 4neXt personal data that has not been requested or that is unnecessary for the purposes of performing the services requested, or for the performance of services strictly connected thereto, 4neXt cannot be considered controller of this data and will proceed to delete it as soon as possible. Regardless of your determination to remove the data, your personal information will be, in any case, stored according to the terms outlined in current law and/or national regulations, for the exclusive purpose of guaranteeing specific requirements, applicable to certain Services (for example, but not limited to, Certified Electronic Mail, Digital Signature, Digital Preservation – refer to the associated section). Furthermore, personal data will in any case be stored to comply with obligations (e.g. tax and accounting purposes) which may continue even after termination of the contract (Art. 2220 Civil Code); for these purposes, the Controller shall retain only the data necessary to complete these activities. For those cases where the rights arising from the contract and/or registration are used in the courts, your personal data, exclusively required for these purposes, shall be processed for the time necessary to complete them. What are your rights? (Articles 15 – 20 GDPR) You have the right to obtain the following from the Data Controller:
- a) confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients that have received or will receive your personal data, in particular if these recipients are in third party countries or are international organizations;
- when possible, the anticipated storage period of your personal data or, if not possible, the criteria used to determine this period;
- whether you have the right to ask the Data Controller to correct or delete your personal data or the limits on processing your personal data or to oppose the processing of the data;
- the right to lodge a complaint with a supervisory authority;
- in the event the data is not collected from you, all of the information available regarding its origin;
- whether there is an automated decision process, including profiling, and, at least in these cases, significant information on the logic used, as well as the importance and consequences to you for this processing.
- the suitable guarantees provided by the third party country (outside EU) or international organization to protect any transferred data
- b) the right to obtain a copy of the personal data processed, again given that this right does not affect the rights and freedoms of others; for extra copies requested by you, the Data Controller may assign a reasonable fee based on administrative costs.
- c) the right to edit any of your incorrect personal data from the Data Controller without unjustified delay
- d) the right to have your personal data deleted by the Data Controller without unjustified delay, if there are the reasons outlined in the GDPR, Article 17, including, for example, if the data is no longer needed for processing or if the data is considered illegal, and again, if there are no conditions outlined by law; and in any case, if the processing is not justified by another equally legitimate reason; e) the right to obtain limits on the processing from the Data Controller, in those cases outlined in Art. 18 of the GDPR, for example where you have disputed the correctness, for the period necessary for the Data Controller to verify the data’s accuracy. You must be notified, within an appropriate time, even when the suspension period has passed or the cause of limiting the processing has been eliminated, and therefore the limitation itself has been withdrawn;
- f) the right to obtain information from the Data Controller on the recipients who have received the requests for any corrections or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort.
- g) the right to receive your personal data in a structured format, commonly used and readable by automatic devices as well as the right to forward this data to another Data Controller without obstruction from the original Data Controller, in those cases outlined by Art. 20 of the GDPR, and the right to obtain direct forwarding of your personal data from one Data Controller to another, if technically feasible.