Data Protection Statement
in accordance with EU regulation n. 679/2016
Information about our Data Protection Policy
Dear Data subject,
Our company takes your personal data seriously and guarantees to protect data we collect from any risk of
This policy statement, in accordance with guidelines published in EU regulation 679/2016, (hereinafter refered to
as 'the GDPR') describes the type of data and scope for which it is collected and processed.
Who we are
NOME uses and is responsible for certain personal information about you.
Any questions regarding protection of your data should be directed to the following email address: MAIL.
Per article 37, a data protection officer must be assigned where:
- there is a public entity or authority, with the exception of judiciary authorities;
- the processing of personal data is widescale;
- there is processing of sensitive personal data in specific categories or personal data pertaining to
criminal charges or crimes.
It may be useful to assign a DPO where data is frequently processed. Italian compliance officials encourage a
The Company nominates Mr/Mrs/Ms NOME as DPO officer and may be contacted at any time by email at
General data collection
We collect the following data:
- Navigation data
Data pertaining to data subject navigation on our website, such as IP
address, browser type and version, log, etc.
- Personal data
Personal data such as name, address, telephone, email address, etc.
- Information provided by the data subject
Our website may contain contact forms where
the data subject requests contact or assistance. We request you refrain from entering any sensitive personal
data listed in article 9 of the EU regulation.
- Financial data
Financial data relates exclusively to transaction information inserted
by the data subject. The company processes data received from digital transaction firms and from credit card
management institutions for the sole purpose of requesting information on the status of payment
(accepted/denied). All other information regarding any accounts, prepaid, credit or debit cards are retained
by the institutions managing those services.
- Sensitive personal data for fiscal incentives
If the data subject benefits from fiscal
incentives on the purchase of special needs IT services (per DL 669/1996 converted to law on February 28,
1997), the company may process data categorized in article 9 of the EU regulation as pertaining to the data
subject’s health in order to evaluate conformity with subsistence requirements for reductions to 4%
The company refrains from requesting sensitive personal data listed in GDPR article 9 concerning racial or ethnic
origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric
data for the purpose of uniquely identifying a physical person, data concerning health or data concerning the
data subject's sexual orientation.
Transferring personal data outside of the EU
No personal data will be transferred outside of the EU by us.
I Suoi dati potranno inoltre essere trattati da fornitori di servizi informatici, nella loro qualità di
Responsabili del trattamento operanti al di fuori dell’Unione Europea. L’azienda nel rispetto della normativa
sul trasferimento di dati in un Paese extraeuropeo, si impegna a stipulare, se necessario, accordi che
garantiscano un livello di protezione adeguato e/o a sottoscrivere le clausole contrattuali tipo di cui
all'allegato alla decisione della Commissione Europea del 5 febbraio 2010, n. 2010/87/UE
Data provided by the data subject enables the company to offer content and services chosen and/or purchased, to
manage and process requests for information, provide assistance and comply with laws the company is subject to.
Under no circumstances will the company sell personal data to third parties or use it for any unnamed scope.
Personal data is processed for:
- Online registration and requests for information and/or to be contacted
is used to register data subject, give data subject requested information and/or brochures and for any other
- Contract data management
Personal data may be used to initiate purchases of products
or services, process an order, erogate a service, production, or shipping of a purchased product, invoicing
and payment processing, complaints and/or customer service claims, and any other such obligation deriving
from the contract.
- Security of personal data
As outlined in article 49 del GDPR the company processes
data subject's personal data across suppliers (third parties or partners), insofar as is strictly and
proportionately necessary to guarantee network and information security. The company will promptly inform
data subject when a data violation occurs as outlined in article 33 of the GDPR concerning notification of a
personal data breach.
f data subject gives consent, we use personal data to analyze or predict
personal aspects marketing purposes per data subject's personal preferences to fit their profile and needs.
- Promotional activity for Services/Products similar to those purchased by data
Even without specific consent from the data subject, the company can process data
provided by the data subject for direct sales of products/services similar to those purchased, unless data
subject specifically revokes such consent.
- Attività di promozione commerciale su Servizi/Prodotti differenti rispetto a quelli acquistati
Data subject personal data may be processed for promotional campaigns,
for market research on a Service/Product that the company offers only where the data subject has given
Processing methods may be automated through:
- telephone contact
- Athe data subject has not revoked consent for personal data usage;
- the data subject is not listed in the Do Not Call registry (D.P.R. n. 178/2010) in the case of
Lawfulness of processing
- Registration and contact and/or information request
Processing shall be lawful whereby
the data subject has given consent to the processing of personal data for registration, request for
information, contact, and/or brochures and where processing is necessary for compliance with a legal
- Performance of a contract
Processing shall be lawful whereby it is necessary for the
performance of a contract and in compliance with a legal obligation.
- Systems security
Processing shall be lawful where it is in compliance with legal
obligations provided for in article 32 of the GDPR, and to protect the vital interests of company assets and
Processing shall be lawful where data subject consent for profiling is given
specifically as outlined in article 6 of the GDPR, and which may be revoked by the data subject at any time.
- Promotional activity for Services/Products similar to those purchased by data
Processing personal data for Promotional activity for Services/Products similar to
those purchased by data subject shall be lawful where data subject consent is specifically given as outlined
in article 6 of the GDPR.
- Promotional activity for Services/Products different from those purchased by data
Processing shall be lawful where data subject consent for personal data usage is
given prior to processing and which may be revoked by the data subject at any time.
Personal data is processed in accordance with principles pertaining to privacy, fairness, necessity, pertinence,
lawfulness, and transparency imposed upon in the GDPR for the amount of time necessary to exercise the scope for
which data is collected and in any case, not longer than 10 years from initial collection for the Service or, in
the case of a Service/product purchase, the amount of time necessary for completing the purchase.
To analyze data subject shopping behavior where consent is given, purchase history will not exceed 24 months.
Personal data may be processed manually as well as with dedicated software and will be subject to decision-based
Data subject rights
Right of access by the data subject are outlined in article 15 of the GDPR and at any time, the data subject may:
- receive confirmation whether personal data is being processed and access information regarding the purposes
of processing or disclosure recipients, and access that information;
- update, modify, and/or correct personal data;
- request erasure, pseudonymisation, blockage for unlawful violation or restriction;
- oppose processing for legitimate reasons, including profiling;
- oppose personal data processing for the scope of sales or advertising or market research or any commercial
- revoke consent, where given, without prejudice for lawful processing based on prior consent;
- receive a copy of personal data and request they be transferred to another environment.
In the event there is a violation of data subject rights, in accordance with art. 77 of the GDPR the data subject
may contact the supervisory controller or file for judicial remedy pursuant to article 78.