In accordance with art. 13 and 14 of EU Regulation n. 2016/679 “GDPR”
NORT S.r.l. takes all its responsibilities under data protection legislation very seriously and respects the privacy of its customers.
1. DATA CONTROLLER AND CONTRACTING PARTIES
NORT S.r.l., with registered office in Italy – piazzale di Ponte Milvio – 1400135 Roma (RM) – and Fiscal Code and Vat Number 15431241007 – (hereinafter, “Controller and/or Processor”), as Data Controller/Processor, informs you, pursuant to art. 13 and art. 14 EU Regulation n. 2016/679 (hereinafter, “GDPR”), that your data will be processed for the management, conclusion and execution of service or any transactions, or nay communication of a commercial nature and for profiling activities, via this Website (the “Purpose”).
Your personal data will be stored in a format that allows your identification for the time strictly necessary for the purpose for which it is collected, and subsequently processed, in any case, within the limits of the law. In order to ensure that Your personal data is always accurate, up-to-date, complete and relevant, please report any changes to the following e-mail address: firstname.lastname@example.org
Your data may be disclosed to police forces or judicial authorities, for example in the context of Website anti-fraud services, in accordance with the law and where required. Your data will also be accessible to the Data Processors, as indicated in this section, and for the specific purposes indicated herein. Your personal data may not be transferred abroad to countries outside the European Union which do not ensure adequate levels of personal protection. If this is necessary for the achievement of the purposes, we assure You that the transfer of Your personal data to countries that do not belong to the European Union and that do not ensure adequate levels of protection, will only be performed after the conclusion of specific contracts between NORT S.r.l and said parties, containing adequate safeguard clauses for the protection of Your personal data, in compliance with applicable law and regulations.
- NORT S.r.l. as legal entity controlling data and as operator of the platform www.nortbeachwear.com and of all other activities connected and related with NORT S.r.l. WEB services.
- the user, the subscriber or the buyer of service(s) and of the related services, i.e. you and Your personal data being processed.
2. SUBJECT OF PROCESSING
When You purchase a service or an item, create an account with us, or enter into any other form of agreement with us, we will process Your personal data for that particular purpose. We may also process Your personal data if you have a query or similar that precedes Your decision to enter into an agreement with us. The purposes for which your personal data is specifically noted, on a case-by-case basis, is in the information text submitted on the page where the provision of personal data is requested.
The “Data Controller” will therefore processes all those personal data – such as name, surname, company name, address, telephone number, e-mail address, bank and payment references, etc. (hereinafter “personal data” or “data”) communicated by you at the time of the conclusion of the contract for the use of the platform / application (signed with the simple use of the website –www.nortbeachwear.it) or by filling in a contact form or by filling in the order form for purchase a product or for any other reason related with the purpose of promoting and carrying out its own services or contracts of the Data Controller itself and, for all other matters for the management – according to law – of the contract to which this information refers.
“Personal data” means the contents of Article 4 of EU Regulation no. 2016/679 (GDPR) which establishes as object of the treatment/process any information concerning an identified or identifiable person, considering identifiable the natural person who can be clearly recognized, directly or indirectly, with particular reference to an identifier which are the name, identification number, location data, an online identifier or one or more elements characteristic of its physical, physiological, genetic, psychic, economic, cultural or social identity.
3. PURPOSE OF PERSONAL DATA TREATMENT
Your personal data are therefore processed:
A) without the need to request further consent
other than what expressed by you with your voluntary filling in your data into our system or forms or any other voluntary providing of your data, [art. 24, letter a), b), c) of Privacy Code and according to art. 6, lett. b) and c) of GDPR], for the following Service Purposes:
- conclude contracts for the controller’s services for the benefit of the user and user of this application/website and/or in order to conclude any other contract entered into between the parties;
- fulfil the pre-contractual and contractual obligations deriving from existing relationships with the controller, such as hygiene and safety regulations, litigation management and / or the exercise of other rights of the controller, accounting or treasury management – financial services – Insurance services, etc;
- fulfil the obligations provided by law, regulations and Community legislation as well as provisions issued by authorities legitimated by the law, such as – for example – compliance with anti-money laundering requirements.
B) only with your specific and distinct consent
(articles 130 of the Privacy Code and article 7 of the GDPR), for the following “other purposes”:
marketing, communication and public relations activities and/or for the promotion of the image of a specific project of the Data Controller/Processor – i.e. NORT S.r.l., of its associates, subsidiaries and affiliates and/or of the product and/or services of the same and/or of partner companies, by:
- sending you e-mail, post and/or sms and / or by contacting you via telephone, newsletter and or other commercial communications and/or by sending you other advertising material on products or services offered by the Data Controller/Processor and/or for the detection of the degree of satisfaction on the quality of the services provided by the Data Controller/Processor;
- sending you e-mail, post and/or sms and/or by contacting you via telephone, newsletter and/or other commercial communications and/or by sending you other advertising material on products or services offered by the Data Controller/Processor and/or for the detection of the degree of satisfaction on the quality of the services provided by third parties who collaborate in various capacities with the Data Controller/Processor, such as – in a descriptive and non-exhaustive way – business or marketing partner, insurance companies and/or other companies with which the owner operates on the market.
4. PERSONAL DATA WE MIGHT COLLECT ABOUT YOU
We inform you that we might collect and process all, or part of, the information that You provide by filling in any forms on our websites. This includes information directed provided to our company, or provided at the time of registering to use our website, or provided subscribing to our service, purchasing products, requesting for additional services, or when You enter a competition or any promotion sponsored by us, or when posting material or sign-up for e-mail newsletters and even when You report a problem with our website. In all those circumstances we might collect information such as, for example, name, home and/or business address, email address, telephone number, demographic information such as age and/or other information that may identify You as an individual.
We process any other data You may provide to us in connection with our services and/or our website, and information which You submit to us either via our social media sites or our website, i.e. each time You contact us we may keep a record of that correspondence, and we might keep record of Your visits, including, but not limited to, traffic data, location data, weblogs and other communication data, so please read carefully our Cookies Policy.
5. PROCESSING METHODS
The processing of your personal data is carried out by means of the operations indicated in article No. 2 of the Privacy Code (GDPR) and precisely “processing” means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, i.e. any use or communication by transmission, diffusion or any other form of making available or of treatment by comparison or interconnection, or for any operation connected with the limitation, cancellation or destruction of Data.
6. DISCLOSURE OF DATA
Without the need for express consent (pursuant to art. 6 lett. b) and c) of GDPR), the Data Controller/Processor may communicate user data for the purposes referred to in art. 3A) to supervisory bodies, judicial authorities or to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is by law mandatory for the purposes and for the fulfilment of these purposes. These subjects will process data acquired by right, by virtue of the above obligations, in their capacity as independent Data Controllers/Processors. The same data may be communicated to other subjects (service providers or consultants) who work on behalf of the Data Controller and who are appointed by the same as Data Processors (e.g. web platform, email manager, IT consultants, legal or tax consultants etc.).
7. DATA TRANSFER
Personal data are stored on the company’s servers located in Italy and/or in any case within the European Union. In any case, it is understood that the Data Controller/Processor, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller/Processor ensures – since now – that the transfer of non-EU server will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.
8. DURATION OF TREATMENT
The Data Controller/processor guarantees You – according to Art. 17 of GDPR – that the retention of Your personal data will take place in paper and/or electronic/IT format and for the time strictly necessary to fulfill the purposes referred in point 3, and always and anyhow in full compliance with your privacy and current regulations.
Your personal data might be subject to different retention period depending upon different purposes of analysis, development, improvement and supply of the service, such as:
- for administration purpose, i.e. invoices, accounting records, tax records and transaction data will be kept for 10 years;
- for direct marketing and profiling purposes we will keep your data for a maximum period equal to what foreseen by the applicable legislation (respectively equal to 24 and 12 months);
- in the case of the exercise of the right to be forgotten through the request for explicit cancellation of personal data processed by the owner, we remind you that such data will be kept, in a protected form and with restricted access and only for purposes of ascertainment and repression of crimes, no more than 12 months from the date of the request and will subsequently be securely deleted, or anonymized, irreversibly;
- for the same purposes, the data relating to electronic traffic, excluding the contents of communications, will be kept for a period of no more than 6 years from the date of communication, pursuant to art. 24 of the Law n. 167/2017, which implemented the EU Directive 2017/541 on anti-terrorism;
- in case you do not exercise any active action (for example navigation, searches and/or any other way of using the service) on our site for a period of 24 months, you will be classified as an inactive user and your personal data will be deleted automatically.
9 - LINKS TO OTHER WEBSITES
If our website provides links to other websites is to facilitate the user in searching and browsing and to facilitate hypertext links on the Internet to other websites. The enabling of the links does not imply any recommendation or notification by NORT S.r.l. for accessing and browsing these websites, or any guarantee regarding their content, services or goods supplied and sold by them to Internet users.
10 - FAILURE TO PROVIDE PERSONAL DATA AND ITS CONSEQUENCES
The provision of Your personal data to NORT S.r.l. might be necessary to achieve the purposes and some of this data could be indispensable to fulfil obligations pursuant to laws or regulations or the provision of other services rendered on its website – www.nortbeachwear.com – and requested by You by using the website or purchasing a product(s).
Failure to provide certain data, identified with the character (*), could make it impossible to execute the purchase contract of service/products or to correctly fulfil the legal and regulatory obligations. Failure to provide data may therefore constitute, according to the circumstances, a legitimate and justified reason for not executing the contract for the purchase of products or for the provision of services.
I.e., the provision of data for the purposes referred to in art. 3.A) is mandatory if you intend to purchase NORT’s service(s) or product(s). In the absence of your consent will not be possible to execute the obligations referred to in the contract for the use of the service you signed and/or for the purchasing of products, of which this information is part of. Otherwise the provision of data for the purposes referred to in art. 3.B) is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, You will not be able to receive newsletters, commercial communications and advertising material relating to the services offered by the Data Controller/Processor.
Failure to give consent as indicated in art. 3.B) or the subsequent revocation will not affect the rights acquired through the stipulation of the contract or the right to receive the services referred to in art. 3.A).
11. SOCIAL NETWORKS
Our website provides You with social plug-ins from various social networks. If you choose to interact with us through a social network, Your activity on our website will also be made available to those social networks, such as Facebook, Instagram and Twitter.
We remind you that if You have logged in to one of these social network sites during Your visit to our website, the social network sites may add this information to Your profile, and if You are interacting with one of the social plug-ins this information will be transferred to the social network site, so if You do not want this data transfer we invite You to log out of Your social network site before entering our website.
Since we cannot prevent this data collection and social plug-in information transfer, we invite You to read carefully the privacy policies of Your social networks for detailed information about their collection and transfer of personal data, about Your rights, and about how You can achieve satisfactory privacy settings.
12. STORAGE AND SECURITY MEASURES
Our Company, as Data Controller/Processor, adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the Personal Data provided by You, fully acknowledging the protection provisions – by design and by default – defined by legislator through EU Regulation No. 2016/679 “GDPR”.
Except as otherwise provided for herein, Your personal data shall not be disclosed to third parties for purposes not permitted by law or without Your express consent.
If we have provided You with, or where You have chosen, a password that enables You to access certain parts of our website, You are responsible for ensuring this password remains confidential. We kindly ask You not to share Your password with anyone.
Although we do our best to protect your personal data, the transmission of information via Internet cannot be completely secure, for this reason we reiterate that any transmission of personal data is carried out by You at your own risk.
13. YOUR RIGHTS
We remind you that if You provide us with Your personal data, this is done on an entirely voluntary basis. If You choose not to provide the requested information, various customer benefits may not be available to You. In fact, in certain cases, only those who have submitted to us the required personal data are able to order products, use certain services and in other ways avail themselves of the activities of NORT S.r.l. and of offers available on our website.
In your capacity as an interested party, you have the rights referred to, in art. 7 Privacy Code and art. 15 GDPR, and precisely:
- the rights to obtain confirmation of the existence, or not, of personal data concerning You, even if not still registered or processed, and the right to obtain their communication in intelligible form;
- the rights to obtain information about a) the origin of personal data, b) the purposes and methods of the treatment, c) the logic applied in case of treatment carried out with the aid of electronic instruments, d) the identification details of the Data Controller/Processor, of the managers and of the representative appointed pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR, e) the subjects or categories of subjects to whom the personal data may be communicated, or who may become aware of them in their capacity as appointed representatives, managers and/or agents;
- the rights to, a) update and/or rectificate or, when there is interest, the right to obtain appropriate integration and/or modification of data; b) cancel or transform into anonymous form, or blocking of data processed in violation of the law, including data for which conservation is not necessary in relation to the purposes for which said data were collected or subsequently processed; c) certificate that the operations referred to in letters a) and b) have been brought to the attention of those to whom the data have been communicated or disseminated and this also as regards their content, except in the case in which this fulfilment occurs impossible or involves a use of means manifestly disproportionate to the protected right;
- the right to object, in whole or in part: a) for legitimate reasons, to the processing of personal data that concern You, although pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, through e-mail and / or with traditional marketing methods via telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication. Where applicable, it also has the rights referred to in articles 16-21 GDPR (rectification, oblivion, limitation of treatment, data portability, opposition), as well as the right of complaint to the Guarantor Authority.
If You wish to withdraw Your consent to receiving promotional information and offers in general, including by postal services, email, text message, telephone or any other electronic means, You may do so at any time in writing to NORT S.r.l. at email@example.com or by sending a request using our contact form. Should we have misgivings regarding Your identity, we may ask You to provide identification.
14. HOW TO EXERCISE YOUR RIGHTS
You can – at any time – exercise Your rights by:
- sending a specific communication to the Data Controller/Processor via:
- registered A / R addressed to the registered office of NORT S.r.l. – NORT S.r.l.– Piazzale di Ponte Milvio, 14 – 00135 Roma (RM) – ITALY ;
- certified mail to the address: firstname.lastname@example.org
- Complaints can be made in relation to the processing to the competent Authority:
- Data Protection Authority, Piazza di Monte Citorio no. 121 00186 ROME, Fax: (+39) 06.69677.3785, Telephone switchboard: (+39) 06.696771, E-mail: email@example.com.
15. SCOPE OF APPLICATION
All those who are subject to this Policy are defined herein as “users”.
The practices described in this Policy are subject to the laws applicable in the Territory in which we operate, i.e. the activities described in this Policy are carried out in a specific state or nation only if permitted pursuant to local laws and / or international regulations, as implemented in those areas.
16. CONTROLLER/PROCESSOR, MANAGERS AND AGENTS
The Data Controller is NORT S.r.l. with registered office in Piazzale di Ponte Milvio, 14 – 00135 Roma (RM) – ITALY. The updated list of Data Controller/Processors and appointees is kept – and therefore available for consultation by law – at the registered office of the Data Controller/Processor.
Last revision on 20th of June 2020