INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to art. 13 and 14 of EU Regulation no. 2016/679 “GDPR”
NORT S.r.l. takes its responsibilities under data protection legislation very seriously and respects the privacy of its customers.
This Policy (together with our Terms and Conditions of Use and any other documents referred to in it) sets out how we will use any personal data you provide to us via our website – www.nortbeachwear.com
1. DATA CONTROLLER AND CONTRACTING PARTIES
S.r.l. with headquarters in Rome, Piazzale di Ponte Milvio at number 14 - registered in the Company Register of Rome with the Fiscal Code and VAT number. n. 15431241007 (hereinafter, “Owner”), as data controller, informs you, pursuant to art. 13 and 14 of EU Regulation no. 2016/679 (hereinafter, "GDPR"), that your data will be processed for the management, conclusion and execution of services and/or sales transactions and for the management of communications of a commercial nature and for profiling activities via of this website (the “Purpose”) in the manner and for the specific purposes as indicated below.
Your personal data will be stored in a format that allows your identification for the time strictly necessary for the purpose for which they are collected, and subsequently processed, and in any case within the limits of the law. In order to ensure that your personal data is always accurate, up-to-date, complete and relevant, please report any changes to the following email address: firstname.lastname@example.org
Your data may be disclosed to the police or judicial authorities, for example in the context of the website's anti-fraud services, in accordance with legal indications and only if strictly necessary. Your data will also be accessible to the data controllers, in compliance with what is indicated in this information and for the specific purposes indicated therein. Your personal data cannot be transferred abroad to countries outside the European Union which do not guarantee adequate levels of personal protection. If this is necessary to achieve the purposes for which such data were provided, we assure you that the transfer of such personal data to countries that do not belong to the European Union and which do not impose the same levels of protection by law, will be carried out only after the conclusion of specific contracts between NORT S.r.l. and said parties, containing adequate safeguard clauses for the protection of the user's personal data, in compliance with the applicable law and regulations.
- the data controller or NORT S.r.l. as owner and operator of the website www.nortbeachwear.com and other WEB services connected and related to the activity of NORT S.r.l.;
- the user/visitor of the site and/or the user of any related services, or you and your personal data, object of the processing.
2. OBJECT OF THE TREATMENT
When you purchase a service, create an account or enter into any other form of agreement with us, we will process your personal data in relation to that particular purpose. We may also need to process your personal data if you interact with us, for example by asking us a question and/or through any other request for information that occurs before entering into any agreement with us. The processing purposes for which your personal data are used are specifically indicated, case by case, in the text of each page on which the provision of said personal data is requested.
The "Data Controller" will therefore process all personal data - such as name, surname, company name, address, telephone number, e-mail address, bank and payment details, etc. (Hereinafter "personal data" or "data") communicated by you voluntarily at the time of the conclusion of a contract for the use of the platform / application services (contract which can in certain cases also be activated with the simple use of the website ) or activated by filling out a contact form, subscribing to the newsletter, or by filling out the order form for the purchase of a service/product or for any other reason related to the purpose of activating services, advertised and/or proposed through the website, legitimately pursued by the Owner himself and, for any other matter relating to the management - in accordance with the law - of the contract to which such information refers and for which it was voluntarily provided.
"Personal data" means what is reported in article 4 of EU Regulation no. 2016/679 (GDPR) which establishes as the object of the processing any information concerning an identified or identifiable natural person ("interested party"), considering identifiable the natural person who can be clearly recognised, directly or indirectly, with particular reference to an identifier such as the name, an identification number , location data, an online identifier or one or more characteristic elements of your physical, physiological, genetic, mental, economic, cultural or social identity.
3. PURPOSE OF THE PROCESSING
Your personal data are therefore processed:
A) without the need to ask for further consent,
or that expressed by you with the voluntary insertion of your data into our system and/or any other voluntary sending pursuant to theart. 6 lett. b) e c) GDPR), for the following Service Purposes:
- conclude contracts for the Owner's services for the benefit of the user and user of this application / website and/or for the purpose of concluding any other contract stipulated between the parties;
- fulfill pre-contractual and contractual obligations deriving from existing relationships with the owner, such as workplace hygiene and safety, management of litigation and/or the exercise of other rights of the owner of defense in court, accounting or treasury management - financial services - Insurance services;
- fulfill the obligations established by law, regulations and community legislation as well as by provisions issued by authorities legitimized to do so by law and by supervisory and control bodies, such as - for example - anti-money laundering obligations.
B) only with your specific and distinct consent (articles 130 of the Privacy Code and article 7 of the GDPR)
for the following "other purposes": marketing, communication and public relations activities and/or for the promotion of the image of a specific project of the company NORT S.r.l., its affiliates, subsidiaries and associated companies and/or of the product and /or the services of the same and/or partner companies, namely:
- by sending you e-mail, post and/or text message and/or contacting you via telephone, newsletter and/or other commercial communications and/or sending you other advertising material on products or services offered by the Owner and/or for measuring the level of satisfaction with quality of the services provided by the Owner;
- by sending you e-mail, post and/or text message and/or contacting you via telephone, newsletter and/or other commercial communications and/or sending you other advertising material on products or services offered by the Owner and/or for measuring the level of satisfaction with quality of services provided by third parties who collaborate in various capacities with the Owner, such as - in a descriptive and non-exhaustive way - business or marketing partners, insurance companies and/or other companies with which the Owner operates on the market.
4. PERSONAL DATA WE MAY COLLECT ABOUT YOU
We inform you that we may collect and process all, or part of the information you – as a user of our services and/or purchaser of our products – voluntarily provide by filling in any form on our website, or any information provided at the time of registration, or to subscribe to one of our services or to purchase products directly in the company and/or on the website, and/or to participate in a competition or promotion, or to subscribe to a newsletter or at the time of reporting of a problem with our website. In all these circumstances we may collect information such as, for example, name, residential and/or business address, e-mail address, telephone number, demographic information such as age and/or other information that may allow us to identify you as an individual.
We therefore remind you that we process any other data you provide to us in relation to the performance of the services we provide, both directly and through our website, as well as information that you may send us via social media, or that every time you come into contact with us we may keep a record of such correspondence and we may keep track of your visits, including, but not limited to, traffic data, location data, blogs and other commercial data, so we ask you to carefully read the our Cookies Policy.
5. TREATMENT METHODS
The processing of your personal data is carried out by means of the operations indicated in Article 2 GDPR and precisely with "processing" we mean any operation or set of operations carried out, with or without the aid of automated processes, and applied to personal data or to sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, or any use or communication by transmission, dissemination or any other form of making available or processing by comparison or interconnection, or for any operation related to the limitation, cancellation or destruction of data.
6. DATA COMMUNICATION
Without the need for express consent (pursuant to art. 6 letter b) and c) of the GDPR), the Data Controller may communicate your user data for the purposes referred to in the art. 3A) to supervisory bodies and judicial authorities, or to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the purposes and for the fulfillment of said purposes. These subjects will then process this data acquired by virtue of the above obligations, in their capacity as independent data controllers. The same data may be communicated to other subjects (service providers or consultants) who operate on behalf of the Data Controller and who are appointed by the same as Data Controllers (e.g. web platform, email manager, IT consultants, legal or tax consultants etc.).
7. DATA TRANSFER
Personal data is stored on the Data Controller's servers, located in Italy and/or in any case within the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
8. DURATION OF TREATMENT
The data owner guarantees you - in compliance with the art. 17 of the GDPR - that personal data will be stored in paper and/or electronic/IT format and for the time strictly necessary to achieve the purposes referred to in point 3, and always and in any case in full compliance with your privacy and current regulations .
For different purposes of analysis, development, improvement, provision of the service, personal data may be subject to different retention periods, such as:
- for administrative purposes, i.e. invoices, accounting records, tax records and transaction data will be retained for 10 years;
- for direct marketing and profiling purposes, the data will be stored for a maximum period equal to that required by applicable law (24 and 12 months respectively).
- in case of exercise of the right to be forgotten through the request for explicit cancellation of the personal data processed, please note that such data will be stored, in a protected form and with limited access and only for the purposes of ascertaining and repression of crimes, no later than 12 months from the date of the request and will subsequently be securely deleted or made anonymous, irreversibly;
- for the same purposes, data relating to electronic traffic, excluding the contents of communications, will be retained for a period not exceeding 6 years from the date of communication, pursuant to art. 24 of Law no. 167/2017, which implemented EU Directive 2017/541 on anti-terrorism;
- in case the user does not exercise any active action (for example browsing, searches and/or any other way of using the service) on our site for a period of 24 months, he will be classified as an inactive user and the personal data will be automatically deleted.
9. LINKS TO OTHER WEBSITES
If our website provides links to other websites, it does so for the sole and exclusive purpose of facilitating the user in research and navigation and to facilitate hypertext links to other websites. Enabling the links does not imply any recommendation or notification by NORT S.r.l.. for accessing and browsing these websites or any guarantee relating to their content, services or goods supplied by them and sold to Internet users.
10. FAILURE TO PROVIDE PERSONAL DATA AND CONSEQUENCES
The provision of your personal data to NORT S.r.l. may be necessary to achieve the purposes of the relationship between the parties and some of these data may be essential to fulfill the obligations established by law or regulations and requested by the user using the website or by purchasing services and/or product(s) of NORT S.r.l., also through our website.
Failure to provide certain data, identified with the character (*), could make it impossible to execute the contract for the purchase of services and/or products or the impossibility of correctly fulfilling legal obligations. Failure to provide data may therefore constitute, depending on the circumstances, a legitimate and justified reason for the failure to execute the contract for the purchase of products or for the provision of services.
That is, the provision of data for the purposes referred to in the art. 3.A) is mandatory if you intend to proceed with the purchase of a service and/or a product of NORT S.r.l.. In the absence of your consent it will not be possible to execute the obligations set out in the contract for use of the service signed by you and /or of the purchase, of which this information constitutes an integral part. The provision of data for the purposes referred to in art. 3.B) is also optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the services offered by the Data Controller.
Failure to provide consent as indicated in the art. 3.B) or subsequent revocation will not affect the rights acquired through the stipulation of the contract and the right to receive the services referred to in the art. 3.A).
11. SOCIAL NETWORKS
Our website offers social plugins from various social networks. If you choose to interact with us through a social network, your activity on our website will also be made available to social networks, such as Facebook, Instagram and Twitter.
Please note that if you are logged in to one of these social networking sites during your visit to our website, the social networking sites may add this information to your profile, and that, if you are interacting with one of the plug- in social networks, this information will be transferred to the social network site, so if you do not wish to allow this transfer of data we invite you to log out of your social network site before accessing our website.
Since we cannot prevent the collection of this data and the transfer of information on social plug-ins, we invite you to carefully read the privacy policies of your social networks to obtain detailed information about their methods of collecting and transferring personal data, about Your user rights and how you can set up/obtain satisfactory management of your privacy.
12. STORAGE AND IHL SECURITY MEASURES
Our company, as data controller, adopts all the most appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of the Personal Data provided by the interested party, fully implementing the protection indications - by design and by default – defined by the legislator through EU Regulation no. 2016/679 “GDPR”.
Except as otherwise provided herein, your personal data will not be disclosed to third parties for purposes not permitted by law or without your explicit consent.
If we have given you, or where you have chosen, a password which enables you to access certain parts of our website, please note that you are responsible for ensuring that this password remains confidential, so please do not share your password with any other person.
Although we do our best to protect your personal data, the transmission of information via the Internet cannot be completely secure, for this reason we reiterate that any transmission of personal data is carried out by you at your own risk.
13. RIGHTS OF THE INTERESTED PARTY
We remind you that if you have provided us with your personal data, you have done so on a completely voluntary basis. Furthermore, if you choose not to provide the requested information, it may not be possible to guarantee you certain customer benefits/services. In fact, in some cases, only those who have sent us the requested personal data are able to order products, use certain services and, in other ways, make use of the activities of NORT S.r.l. and the offers available on our website.
In your capacity as an interested party, you have the rights referred to in the articles. 15 et seq. of the GDPR and precisely:
- the right to obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, ed the right to obtain their communication in an intelligible form;
- the right to obtain information about a) the origin of personal data, b) the purposes and treatment methods, c) the applied logic in case of processing carried out with the aid of electronic instruments, d) the identification details of the owner, managers and designated representative pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR, e) the subjects or categories of subjects to whom the personal data may be communicated, or who may become aware of it in their capacity as designated representatives, managers and/or appointees in various capacities.
- the right to obtain: a) updating and/or rectification or, when there is interest, the appropriate integration and/or modification of the data; b) the cancellation, transformation into anonymous form or blocking of the data processed in violation of the law, including data for which conservation is not necessary in relation to the purposes for which such data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention of those to whom the data were communicated or disseminated, and this also with regard to their content, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
- the right to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via e-mail and/or with traditional marketing methods via telephone and/or paper mail. Please note that the interested party's right of opposition, set out in the previous point b), for direct marketing purposes using automated methods, extends to traditional ones and that in any case the possibility for the interested party to exercise the right of opposition also remains only partially. Therefore, the interested party can decide to receive only communications via traditional methods or only automated communications or neither of the two types of communication. Where applicable, he also has the rights referred to in the articles. 16-21 GDPR (rectification, oblivion, limitation of processing, data portability, opposition), as well as the right to complain to the Guarantor Authority.
14. HOW TO EXERCISE RIGHTS
You may – at any time – exercise your rights by sending a specific communication via:
1. by sending a specific communication to the Data Controller / Processor via:
- Registered A/R addressed to the registered office of NORT S.r.l. based in Rome, Piazzale di Ponte Milvio at number 14 – certified mail to the address (PEC) – email@example.com
2. by sending a complaint in relation to the processing to the competent authority at:
- Data Protection Authority, Piazza Venezia n. 11 – 00187 Rome, Fax: (+39) 06.69677.3785, Telephone switchboard: (+39) 06.696771, E-mail:firstname.lastname@example.org
15. SCOPE OF APPLICATION
All persons subject to this Policy are hereby referred to as “users”.
The practices described in this Policy are subject to the laws applicable in the places in which we operate, that is, the activities described in this Policy are carried out in a particular state or country only if permitted under local laws and/or international regulations as implemented in those areas.
16. RESPONSIBLE AND AUTHORIZED
The updated list of data controllers and authorized persons is kept - and therefore available for consultation in accordance with the law - at the registered office of the Data Controller.
Your continued use of our website following the posting of any such changes will be deemed to constitute acceptance by you of such changes. Under certain circumstances, we may also choose to notify you of such changes via email or by posting a notice on the front page of our website.
Last modified May 20, 2020