Privacy disclosure provided pursuant to Article 13 of EU Regulation 2016/679 on the protection of personal data.
Nyky S.r.l (hereinafter, "Nyky" or the "Data Controller"), as the data controller, and in consideration of the importance it gives to the protection and security of personal data, communicates that pursuant to Art. 13 of EU Regulation no. 2016/679 (hereinafter, the "GDPR"), your data will be processed in the manner and for the purposes listed below.
1 Identity and contact details of the Data Controller and Data Processor
The Data Controller is Nyky S.r.l., with registered office at Via Delle Industrie, 7 - 31057 Silea (TV) - Italy (hereinafter, the "Data Controller"), in the person of its legal representative pro tempore.
The Data Processor is Eurostep Commerce S.r.l., domiciled for the purposes herein at its registered office at Via Feltrina Sud, 192, 31044 Montebelluna (TV), VAT No. 03896260241, email address firstname.lastname@example.org (hereinafter, the "Data Processor").
2 Processing purpose
The Data Controller processes personal data (such as name, surname, company name, address, telephone number, e-mail address, bank and payment details - hereinafter, the "data") that you have communicated while signing the contract and for all other services that you may request from the Data Controller. Data belonging to special categories pursuant to Art. 9 of the GDPR will not be processed, with the exception of those you wish to willingly provide to provide while knowing that they are not necessary for the performance of the services requested.
3 Purposes of processing
Your personal data are processed:
A) without your express consent (Article 24(a), (b), (c) of the Privacy Code and Art. 6(b), (e) of the GDPR) for the following Service Purposes:
- perform the services requested by you to provide services such as digital commerce, integrated marketing, worldwide operations, omni-channel customer experience;
- fulfil the obligations established by law (administrative, accounting, fiscal and tax matters), by a regulation, EU legislation or by an order of the Authority;
- exercise the rights of the Data Controller, such as the right to defence in court;
B) Only subject to your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Marketing Purposes:
- send you newsletters, commercial communications and/or advertising material on services and special offers via e-mail, post and/or sms and/or telephone contact;
- carry out profiling of the data you have provided, in order to identify specific commercial offers suited to your profile.
4 Processing methods
Your personal data is processed by means of the operations indicated in Art. 4(2) of the GDPR, specifically the collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are processed by electronic and paper-based means. The data will be handled, processed and stored on our computer systems. The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes, and for no more than 10 years from the termination of the relationship for administrative purposes, and for no more than 1 year from the collection of data for Marketing Purposes.
5 Data access
Your data may be made accessible as follows for the purposes referred to in Art. 3(A) and 3(B):
- to employees and collaborators of the Data Controller in their capacity as persons in charge and/or system administrators;
- to third-party companies or other subjects (such as credit institutes, professional firms, insurance consultants, etc.) who are outsourcers of the Data Controller, in their capacity as external data controllers.
6 Data communication
Without the need for express consent and Art. 6(b) and (c) of the GDPR), the Data Controller may communicate your data for the purposes referred to in Art. 3(A) to the judicial authorities in the event that they explicitly request such, as well as to persons to whom communication is mandatory by law for the accomplishment of the stated purposes. These subjects will process data in their capacity as independent data controllers. Personal data will not be disseminated.
7 Data transfer
Personal data is stored in our computer system, and servers both in Italy and other European countries will be used to store the data. It is understood that the Data Controller, where necessary, will have the right to move the servers to server farms outside of the EU. The Data Controller hereby ensures that the data will be transferred in accordance with applicable legal provisions, subject to the stipulation of standard contractual clauses provided for by the European Commission.
8 Nature of the provision of data and consequences of their refusal
The provision of data for the purposes referred to in Art. 3(A) is mandatory. In their absence, we cannot guarantee the services in Art. 2(A).
9 Rights of data subjects
As the data subject, you have the rights set forth in Art. 15 of GDPR, specifically:
i. to obtain confirmation as to whether personal data regarding you exists or not, including data not yet registered, and to ask for a copy of such data in an intelligible form;
ii. to obtain an indication of a) the origin of personal data; b) of the purposes and methods of the processing activities; c) of the logic applied for processing activities carried out with the aid of electronic instruments; d) of the identification details of the data controller, the data processors and the designated representative pursuant to Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph 1, of the GDPR; e) of the subjects or categories of subjects to whom personal data may be communicated or who may become aware of such data as a delegated representative in the territory of the State, data processors or appointed persons;
iii. obtain: a) the updating, correction or, if applicable, the integration of data; b) the deletion, transformation into anonymous format or blocking of data processed against the law, including data which it is not necessary to store in relation to the purposes for which it was collected or subsequently processed; (c) certification that the operations as per points (a) and (b) above were brought to the knowledge, also in terms of content, of those to whom the data was communicated or disclosed, unless this is impossible or implies the use of means clearly disproportionate with the protected right;
iv. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of their collection; b) to the processing of personal data concerning you for the purpose of sending advertising material. Please note that the right of opposition of the data subject as per point (b) above as concerns direct marketing purposes through automated methods extends to traditional methods, and the possibility remains for the data subject to only partially exercise the right of opposition. Therefore, the data subject may decide to only receive communications through traditional methods, only automated communications, or neither of the two.
Where applicable, the data subject also has the rights referred to in Articles 16-21 of the GDPR (Right of rectification, right to be forgotten, right of limitation of processing, right to data portability, right of opposition), as well as the right to lodge a complaint with the Guarantor Authority. It should also be noted that it is your duty to promptly communicate the update of your data by e-mail and/or registered mail, attested by an acknowledgment of receipt.
10 How to exercise your rights
You can exercise your rights at any time by sending the form available at this link:
- By registered mail, attested by an acknowledgment of receipt, to: Nyky S.r.l, with registered office atVia Delle Industrie, 7 - 31057 Silea (TV) - Italy
- certified email to email@example.com.