pursuant to art. 13 of EU Regulation n. 679/2016 (“Regulation” or “GDPR”) and in compliance with the principles contained therein
Namirial S.p.A. proceeds with the processing of data in compliance with the provisions of European Regulation 2016/679 on the protection of fixed persons about the processing of personal data and on the free movement of such data (hereinafter “EU Regulation 2016/679”).
According to Article 13 of the aforementioned Regulation below is information regarding the identification of the data controller and the data processor on the subject of the processing of personal data concerning contracts and the provision of services.
The Data Controller is Namirial S.p.A. (hereinafter referred to as the “Data Controller” or “Namirial”) with registered office in via Caduti sul Lavoro, 4 – 60019 Senigallia (AN), VAT n. IT02046570426. The Data Protection Officer (DPO) can be contacted through the following email address: firstname.lastname@example.org – (PEC) email@example.com
The use of the Platform is restricted to users registered to it for purposes of remote document signing. With reference to these purposes, the Data Controller is the user who uses the Platform, while Namirial acts as the Data Processor.
Categories of data
As part of the activities carried out by the user on the websites indicated, Namirial may process the following categories of personal data, depending on the purpose:
- Personal data (name, surname, nationality);
- Contact information (phone number and email);
- Address data.
Purpose of processing and legal basis of processing personal data
We will process your personal data for the following purposes:
- Creating the user profile: the legal basis for this purpose is Art. 6(1) b of the GDPR – Contract;
- Management and response to requests for commercial assistance, including online: the legal basis for this purpose is art. 6(1) b of the GDPR – Contract;
- Fulfillment of legal obligations, national or community regulations: the legal basis for this purpose is art. 6(1) c of the GDPR – Legal obligation;
- Sending communications with informative content about services similar to those already purchased: the legal basis for this purpose is art. 6(1) f of the GDPR – Legitimate interest of the Data Controller;
- Statistical, business and market analysis, carried out in absolutely anonymous and aggregate form: the legal basis for this purpose is art. 6(1) f of the GDPR – Legitimate interest of the Data Controller;
- Judicial protection of Namirial rights: the legal basis for this purpose is Article 6(1) f of the GDPR – Legitimate interest of the Data Controller.
Conferment of data
The conferment of the data referred to in points a), c), f) are compulsory in order to allow the conclusion of the contract or for the provision of services requested. The conferment of the data referred to in further points is optional: you may at any time ask the Data Controller to stop the processing activities without any consequences in the services provided to you.
Method of processing and access to data
Namirial processes personal data in compliance with the principles of the Regulation in virtue of its own legitimate interests linked to the type of activity carried out and the need to execute existing contracts or pre-contractual measures requested by the interested parties.
The treatment is carried out by means of automated and/or manual computer and telematic tools that guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of data.
The data are processed for the time necessary to carry out the service requested by the User, or required by the purposes described in this document, and the User may always request the interruption of the Processing or the cancellation of the data. The data can only be accessed by those in charge, who are adequately trained and informed about their duties and the activities permitted on the data collected, who work on behalf of Namirial and who are recipients of instructions and tasks given by the Data Controller.
We would like to inform you that the data relating to the contract and the service activity may be communicated to third parties appointed as external data processors (the complete list is available to the Data Controller), business consultants for administrative and accounting purposes, as well as legal consultants for the possible management of disputes.
The data may also be communicated to the police or judicial authorities for purposes of investigation or prosecution of crimes committed by users of telematic services, where necessary.
Data processing location
Personal data are processed at the headquarters of the Data Controller, as well as in the servers that host the service. Personal data are stored in servers located in the EU territory and will not be transferred outside of it under any circumstances. The Data Controller guarantees that when using cloud providers established outside the European Economic Area, the processing of personal data by these recipients is carried out in accordance with the principles of the GDPR. Transfers are made by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards provided by the GDPR.
Namirial S.p.A. will keep the data of the interested parties in a form that permits identification of the same for a period of time not exceeding the achievement of the purposes for which the data were collected. In any case, the user profile will be deactivated and all personal data will be deleted in case of non-use of the offered services for a period of 18 (eighteen) months. The data strictly necessary for fiscal and accounting fulfilments, once the purpose for which they were collected is no longer valid, will be kept for a period of 10 (ten) years as required by italian law.
Data for marketing purposes will be kept until consent is revoked.
Once these periods have elapsed, Namirial S.p.A. will cancel the data of the interested parties.
Data Subjects rights
The User may exercise all the rights provided for by Articles 15-21 of EU Reg. no. 679/2016, at any time and without unjustified limitations, by contacting the Data Controller at firstname.lastname@example.org.
Requests shall be filed free of charge and processed by the Controller within 30 days.
Specifically, the User can:
- Obtain from the controller confirmation as to whether or not personal data are being processed (Art.15);
- Obtain from the controller the rectification of inaccurate personal data (Art. 16);
- Obtain from the controller the erasure of personal data (Art. 17);
- Obtain from the controller restriction of processing (Art. 18);
- Have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20);
- Have the right to object (Art. 21);