INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR DATA

Pursuant to articles 13 and 14 of EU Regulation 2016/679 (General Data Protection Regulation)

***

We inform you that pursuant to art. 16 of the TFEU and of the art. 8 of the Charter of Fundamental Rights of the European Union, every person has the right to the protection of personal data concerning him, regardless of nationality or residence. For "personal data" yes means any information, or any linguistic term, graphic symbol, image, video format, audio format, frame, description, etc., concerning an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social (See art. 4, n.1, R.UE. 679/2016). The data must be processed in accordance with the principle of loyalty, for specific purposes and on the basis of the consent of the data subject or other legitimate basis provided by law._cc781905-5cde-3194-bb3b- 136bad5cf58d_ "Processing" means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction (See art. 4, n.2, R.UE. 679/2016).

OWNER OF THE TREATMENT

Article 13, paragraph 1, letter a

In accordance with the provisions of EU Regulation 2016/679, "Data Controller" means the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing of personal data; when the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria applicable to his designation may be established by Union or Member State law (see Article 4, n.7, EU R. 679/2016). The data controller concerning you is Conceria NCL Srl – Località Carpisano – Industrial Zone – 83029 Solofra (AV), PI and CF 01902230646

which releases you the information relating to the treatments that will be carried out, analytically described below, in relation to your personal data or those of the person for whom you exercise legal representation, as well as the rights that you may exercise at any time._cc781905-5cde- 3194-bb3b-136bad5cf58d_ your data will be treated according to the principles of lawfulness, correctness, transparency, security and confidentiality. The treatment will be carried out in an automated and manual form, where necessary, in compliance with the provisions of art. 32 of the GDPR 2016/679, by persons specifically appointed and in compliance with the provisions of art. 29 GDPR 2016/679.

DATA PROCESSING LIFE CYCLE AND DATA CONSERVATION PERIOD

(Article 13, paragraph 2, letter a)

The data is provided directly by the interested parties by filling in information collection forms or by supplying deeds and documents, in electronic and/or paper format, suitable for data collection.

The data is kept for the period established by current regulations and as long as the commercial relationship between the companies or the relationship with the registered subject lasts.

PERSONAL DATA PROCESSED

Navigation data: The computer systems and software procedures used to operate this web platform acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the Platform, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used to obtain statistical information on the use of the Platform and to check its correct functioning and are deleted immediately after their processing, in accordance with the applicable legislation. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Platform only to the extent permitted by applicable law.
Cookies and other tracking technologies: Based on your prior consent, when required by applicable legislation, the Platform uses cookies and other tracking technologies to provide you with certain services and features, improve your experience on the Platform and for marketing and profiling purposes ; for more information visit our Cookie Policy.
Identification data, contact data and other personal information: The optional sending of messages to the contact details of the Tannery NCL Srl indicated on the Platform and in the Privacy Policy entails the subsequent acquisition of the sender's contact details (e.g. email address), which are processed by the aforementioned company only to the extent necessary to respond to requests received, as well as any other personal data included in the message. If you collect, process and communicate personal information relating to third parties to us, you will have to do so in compliance with the provisions of the Privacy Policy and the GDPR and, therefore, you will have to give them prior information on the purposes and methods of processing and, if necessary, you will have to collect their free and express consent (where required by law) before carrying out the processing and communicating this information to us.

SPECIFIC PURPOSES OF THE PROCESSING OF PERSONAL DATA

(Article 13, paragraph 1, letter c)

The personal data provided by you, possibly and spontaneously, will be processed exclusively for the purposes strictly connected to the request made by you.

They will not be disclosed to third parties or transferred to servers outside the EU.

HOW YOUR DATA IS TREATED

Your personal data may be processed with automated and/or paper tools.

The security of your personal data is important to us. We adopt - and we expect our service providers to adopt - adequate technical and organizational security measures to prevent the loss or destruction, even accidental, of data, illicit or incorrect use and unauthorized access to data, in compliance with the applicable legislation. Furthermore, the computer systems are configured in such a way that personal and identification data are used only when necessary to achieve the specific processing purposes pursued from time to time.

We implement multiple security technologies and procedures to protect personal data from the risks described above.

However, please note that electronic transmissions or storage of information is not 100% secure. Therefore, despite the security measures we have put in place to protect your personal data, we cannot guarantee that data loss, misuse or alteration will never happen.

We do not use automated individual decision-making processes that would produce legal effects on you or, similarly, significantly affect your person.

DATA PROCESSING LIFE CYCLE AND DATA CONSERVATION PERIOD

(Article 13, paragraph 2, letter a)

The data is kept for the period established by current regulations and as long as the commercial relationship between the companies or the relationship with the registered subject lasts.

Personal data is kept according to our internal data retention policies, for the time necessary to provide the requested information, material or services, in compliance with any applicable legal or regulatory obligations. In particular, data relating to contractual relationships/provision of services are kept for a general period of 10 years from the moment of initial collection, except in the circumstances in which the applicable national legislation provides for different retention requirements.

In the event of sending communications or requests, we process your personal data for the time necessary to respond to you and to fulfill the request.

As regards any personal data contained in the Platform Accounts, these will be kept as long as the Account is active and in use, to the extent strictly necessary to provide the user with the services. After the closure of the Account we will keep your data, if this is necessary, in order to comply with the obligations imposed by laws or regulations, to protect our rights, to prevent fraud or to apply this Policy.

In case of subscription to our newsletter, we process your personal data until your possible request for revocation or opposition to the treatment. You can exercise your rights, including the right to have your data deleted, at any time. More information is given in section 8 below.

The data relating to payments for the purchase of Platform services will be kept until the payment is certified and the related administrative and accounting formalities have been completed following the expiry of the terms applicable for disputing the payment.

For information on the retention times of personal data collected through cookies and other tracking technologies, you can consult our Cookie Policy.

TO WHOM YOUR DATA IS COMMUNICATED OR TRANSFERRED

Your personal data is accessible to our duly authorized personnel (e.g., personnel from Customer Service, IT, Administration, etc.) on the basis of their respective work needs.

Your data will also be accessible to our suppliers of technical and organizational services functional to the processing purposes indicated above, such as for example independent collaborators, also in associated form, suppliers of technical assistance services for the Platform, document archiving services and data. We provide these subjects only with the data necessary to perform the agreed services and they act as our data processors pursuant to art. 28 of the GDPR, on the basis of our instructions and according to the provisions of the contracts signed with us.

We can communicate your personal data to authorities, public bodies and any other legitimate recipient in accordance with the law. In this case, the recipients will act as independent data controllers according to their respective institutional purposes.

In the event of a reorganisation, acquisition or sale of our company or parts of it, we will communicate your personal data to the third parties involved in the procedure, in accordance with the applicable legislation, including the relevant consultants. Any third party who, within the context of this procedure, is the recipient of your personal data may only use them within the limits established by this Privacy Policy and by the applicable legislation.

Some recipients of your data, such as some technical service providers who act as data controllers pursuant to art. 28 of the RGPD on the basis of our instructions and according to the provisions of the contracts signed with us, they could be located outside the European Economic Area, in third countries which, pursuant to the RGPD and the European Commission, do not guarantee a level of protection of personal data adequate. We take all necessary measures to ensure that the transfer of data to third countries takes place in compliance with the applicable data protection legislation and in compliance with Chapter V of the GDPR. In particular, the transfer generally takes place using the standard contractual clauses adopted by the European Commission in accordance with article 46, paragraph 2, of the RGPD, respecting the applicable provisions of use. You can contact us at any time at the addresses indicated in point 2 above to receive more information.

WHAT ARE YOUR RIGHTS I AND HOW CAN YOU EXERCISE THEM

Right of access pursuant to art. 15
Right of access to your personal data: you can confirm whether or not your personal data is being processed and, if so, obtain access to your personal data and information about their processing. If you wish, a copy of your personal data will be provided to you;
Right of rectification pursuant to art. 16
Right to rectification of your personal data: you can obtain the correction, modification or updating of any inaccurate or no longer correct information, as well as obtain the integration of incomplete personal data, also by providing a supplementary declaration;
Right to cancellation pursuant to art. 17
Right to erasure of your personal data (right to be forgotten) when your personal data, in particular, are no longer necessary with respect to the purposes for which they were collected or processed, or have been processed unlawfully, or must be erased to comply to a legal obligation, or, finally, you have opposed their treatment (see below "right of opposition") and there is no overriding legitimate reason that allows Conceria CNL Srl to proceed with the processing of your personal data in any case. Once your request has been received and examined, if legitimate, your personal data will be deleted;
Right to limit processing pursuant to art. 18
Right to limit the processing of your personal data: you can request that the processing of your data be limited, i.e. that your personal data be kept, but not used (subject to any requests you may have and the exceptions provided by law):
- When you dispute the accuracy of your personal data for the period necessary for the company to verify the accuracy of such data;
- When the treatment is unlawful, but you oppose the cancellation of your data;
- When, although your data are no longer needed by the company for processing purposes, you need them for the assessment, exercise or defense of your right in court;
- When you object to the processing, pending verification of the possible prevalence of legitimate reasons for the company to continue processing the data;
Right to data portability pursuant to art. 20
Right to data portability: you can request to receive data that is processed based on your consent or on the basis of a contract entered into with you, in a structured and machine-readable format. If you wish, where not excessive and technically possible, we will be able to transfer your data directly to a third party indicated by you upon your request.
Right to object pursuant to art. 21
Right to object: you can object to the processing of your personal data carried out on the basis of a legitimate interest at any time, explaining the reasons justifying your request. Without prejudice to the presence of impediments to the acceptance of the same as required by law, we will cease the treatment to which you have opposed.

WITHDRAWAL OF CONSENT

Article 13, paragraph 2, letter d

We also inform you that you have the right to revoke, at any time, the consent relating to the aforementioned purposes, with the same ease with which it was granted. Requests for the exercise of the withdrawal of consent should be addressed to:

email: info@ncleather.it
Fax: + 39 0825 534608
telephone: +39 0825 534607
mail: Conceria NCL Srl – Location Carpisano – Industrial Zone – 83029 Solofra (AV)

The treatments carried out before the aforementioned revocation will remain unchanged.

***

CHANGES TO THIS PRIVACY POLICY

We may at any time update and modify all or part of this Privacy Policy. The version published on the Platform is the version currently in effect. In the event of changes to the text of the Privacy Policy, we will inform you of these changes with a specific banner, link or pop-up on the home page of the Platform or through a dedicated email. If required by applicable law, we will ask for your prior consent to the changes made.