www.nembulamilano.com

Articles. 13 e ss. General Data Protection Regulation n. 2016/679 (“GDPR”)

Introduction

Dear User, when you access and browse this website (hereinafter 'Site') some of your personal data is acquired, stored and managed (in technical terms 'treated'), through the device you are using, also by analyzing and saving your IP address, navigation data, “cookies” and other online identifiers such as “pixels”. In light of these processing activities, in compliance with the applicable legislation which provides for protection obligations, confidentiality and security of your data, Reveal it clarifies below the purposes and means processed in its capacity as Data Controller.

Data controller

The personal data processing operations carried out following access to and interaction with the Site will be carried out, as Data Controller, and Reveal it, based in Via Darwin,19/1 Seventh Milanese (MI), 20019, P. IVA 12154940154, who can be contacted at the following addresses:

  • writing an email to info@nembula.com;
  • by ordinary mail to the address of the registered office;

Categories of data processed

The categories of data processed are as follows:

  • information relating to user browsing on the Site, including the so-called. online identifiers and data relating to the devices used;
  • personal identification and contact data such as name, surname, e-mail address and telephone number in case of use of the site's features;
  • personal data necessary for the management of payment methods and systems;
  • additional data in case of implementation of new features.

Purpose, legal bases and storage time

PurposeLegal basisStorage time
Offer of navigation features of the Site, including access to its pages and access to content, courses and webinarsThe processing is necessary for the performance of pre-contractual and contractual activitiesOnly for the period necessary to stay on the Site, and in any case for a maximum of 24 months.
Response to contact requests or information sent by the userExercise of the legitimate interest of the Data Controller, aimed at maintaining relations with users of the SiteFor up to 10 years from the interaction with the data subject.
Registration, access and use by the user of the eCommerce shop, including subsequent product management and delivery activities, returns and refundsThe processing is necessary for the performance of pre-contractual and contractual activitiesFor up to 10 years after the user's deletion from the eCommerce
Management of tax documentation relating to purchases through the eCommerce shopThe treatment is necessary to fulfill legal obligations (in particular, accounting and tax)For up to 10 years after its purchase.
Analysis of usage statistics and improvement of the Website's featuresUser Consent, except - in some limited cases - exercise of the legitimate interest of the Data Controller, aimed at improving its products and servicesUntil the longest retained user ID expires, except requests for cancellation or anonymization.
Management of spontaneous contacts by users of the Site with sending of Curriculum VitaeThe processing is necessary for the performance of pre-contractual and contractual activitiesFor a maximum period of 12 months from the end of any selection process, except for further conservation needs.
User subscription to the newsletter and subsequent management of related communicationsUser ConsentFor a maximum period of 24 months from the user's registration, unless extended or canceled.
Analysis of the user's tastes and consumption habits, aimed at offering promotions and personalized servicesUser ConsentFor a maximum period of 12 months from the acquisition of consent, unless extended or canceled.

Learn more about how we process data

If the interested party would like more information about the balance between the legitimate interests pursued by the Data Controller and the fundamental rights and freedoms of the natural person, you can contact them at the addresses indicated, having the right to receive a response as soon as possible and in any case within the time required by law.

In the event of a dispute with the user or with third parties, or control by the competent Authorities, storage may be extended until the expiry of the last applicable limitation period.

The data will not be disclosed in any way, except for the express and prior consent given by the interested party and within the limits of the provisions of the law.

Consequences of failure to provide data

The provision of personal data indicated as mandatory it is necessary to pursue the related purposes: not providing such data makes it impossible to proceed with the related treatment.

The provision of other personal data is optional: not providing such additional data may result in the total or partial impossibility of accessing certain functions or characteristics of the Site.

Automated decision-making processes

There is no processing of personal data through automated decision-making processes in accordance with current legislation, and in particular pursuant to art. 22, paragraphs 1 e 4, del GDPR.

In any case, any automated processing will not result in a legal effect for the interested party that concerns him or that significantly affects his person, except for the acquisition of a specific informed consent and in any case in compliance with the limits of the law.

Categories of subjects who process personal data

Within the limits of the obligations, of the tasks or purposes indicated above, personal data may be processed, made available and/or communicated a:

  • employees and/or collaborators of the Data Controller;
  • third parties appointed as Managers (in particular, suppliers of goods or services), including their employees and/or collaborators;
  • Judicial authorities, administrative and/or public safety, in compliance with regulatory provisions.

The complete list of Managers and other third parties can be requested from the Owner at any time, to the references indicated.

Transfer of personal data outside the European Economic Area

Personal data may be transferred to countries outside the European Economic Area only for technical needs, in any case towards subjects established in countries recognized as "adequate" by the European Commission or which have stipulated specific Standard Contractual Conditions in the text approved by the European Commission.

Rights of the interested party

The interested party can, at any time, exercise the rights provided by the European Regulation n. 2016/679. In particular, the interested party has the right:

  • to access your personal data;
  • to obtain the rectification or cancellation of the same or the limitation of the treatment that concern him;
  • to oppose the treatment;
  • to achieve data portability;
  • to withdraw consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal;
  • to lodge a complaint with the supervisory authority: for Italy, the supervisory authority is the Guarantor Authority for the protection of personal data based in Rome (www.gpdp.it).

The exercise of the aforementioned rights may take place by sending a request to the Data Controller's contact details, as indicated above, and in particular to the e-mail address indicated