Privacy 

Pursuant to articles 13 and 14 of EU Regulation 2016/679 (GDPR or Regulation), and in general in compliance with the principle of transparency provided for by said Regulations, Ninz S.p.A. (the Company) provides the following information regarding the processing of personal data. This is general information on the processing of data from suppliers, customers or other parties that have or are interested in having commercial relations with Ninz S.p.A.; detailed information on the specific purposes of the processing are available on the website.

1. DATA CONTROLLER
   The data controller (i.e. the party that determines the purposes and means of processing personal data) is NINZ S.p.A., with registered office in Ala (TN), Corso Trento 2/A, Tax ID 01566290225, PEC (certified e-mail) amministrazione@cert.ninz.it, tel. +39.0464.678300, fax +39.0464.679025. For specific contacts regarding the protection of personal data, including the exercise of the rights referred to in paragraph 8 below, kindly contact: privacy@ninz.it to address any requests.
2. PROCESSING PURPOSES
   The processing of personal data may have the following purposes:
   • follow up on your contact request;
   • stipulation of contracts and fulfilment of contractual obligations (the responsibility and in favour of the Controller), and therefore for purposes strictly related to the management of the contractual relationship with you, including formalities and administrative and accounting obligations (for example: acquisition of information preliminary to the conclusion of a contract, execution of operations based on the obligations arising from the contract concluded; for operational and management needs; for control over performance; for verification of tax and contributory regularity; for the management of litigation - contractual non-fulfilment; warnings; transactions; credit recovery; arbitration; judicial disputes, etc. -) (contractual purposes);
   • promotion and sale of products and services through e-mail newsletters (marketing purposes)
   • functionality of the Ninz S.p.A. website.
3. TYPE OF DATA PROCESSED
   The following categories of data may be processed:
   • surname, name, date and place of birth, residence and/or location;
   • tax ID and/or VAT;
   • telephone number/e-mail/PEC;
   • data relating to the regularity of fulfilment of remuneration and social security obligations;
   • browsing data on the website www.ninz.it.
4. LEGAL BASIS OF THE PROCESSING AND MANDATORY CONFERMENT
   There is no obligation to confer data in the pre-contractual phase, but failure to provide it will make it impossible to conclude the contract. In the context of the contractual relationship, the conferment of further data, or the updating of those already provided, may constitute a contractual or legal obligation.
   The legal basis of processing may consist in the fact that the processing is necessary for the execution of the contract in place with the party concerned or of the pre-contractual measures adopted upon request of the same or for the fulfilment of a legal obligation to which the Controller is subject. Otherwise, the legal basis of the processing will be the consent (or the lack of opposition in the particular case of promotion of products similar to those already purchased, using the e-mail address provided at the time of purchase).
5. COLLECTION, PROCESSING AND STORAGE METHODS
   The data are collected from the party concerned, i.e. the data that you provide us, as well as those resulting from public records (such as CCIAA) or obtained from the relevant authorities in relation to the necessary checks on the subject of contributory regularity, etc.
   Processing will be carried out:
   • by using manual and automated systems;
   • by parties or categories of parties authorized to carry out the related tasks;
   • using appropriate measures to guarantee the confidentiality of data and prevent access by unauthorized third parties.
   Your data will be kept for the entire duration of the contractual relationship, and, after the termination of the relationship - limited to the data necessary at that point - for the termination of the contractual obligations assumed and for the fulfilment of all the possible legal obligations and for the requirements of protection also connected to or arising from it.
   In other cases, the duration of processing will vary - without prejudice to the possibility of revocation of consent, with immediate cessation of processing, as specified in the following point 8) - and is indicated further in the specific information.
   There are no automated decision-making processes.
6. COMMUNICATION OF DATA
   All data collected and processed may be communicated, exclusively for the purposes specified above, to:
   1. all parties to which the right of access to such data is recognized by virtue of regulatory provisions;
   2. employees, collaborators, suppliers of the Controller, in the context of the related duties and/or contractual obligations related to the execution of the contractual relationship with you; the Controller's suppliers include, for example, banks and credit institutions, insurance companies, legal consultants, lawyers, tax consultants and accountants, credit recovery companies, companies that detect financial risks and that perform fraud prevention activities, companies responsible for meter reading, invoice printing and mailing companies, invoice delivery companies, etc.; if your contractual relationship with us involves contacts with our customers or third parties, your personal data - to the extent necessary for the performance of your service - may also be disclosed to said parties;
   3. where required by law, public authorities (including financial administration), social security institutions, etc.
7. PLACE OF DATA PROCESSING
   The activity takes place on the territory of the European Union, except for the management of sending the newsletter (if you have given consent for this purpose), for which the platform of the company MailChimp is used, which may involve the transfer of the related data in the United States of America; said transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular the decision of adequacy of the EU Commission 1250/2016 (Privacy Shield), for which no further consent is required, and the aforementioned company shall guarantee its adherence to Privacy Shield.
   Outside of this circumstance, there is no intention to transfer data outside the territory of the European Union or to an international organization.
8. RIGHTS OF THE PARTY CONCERNED
   We wish to remind you that the GDPR grants you the exercise of the following rights of:
   1. access to personal data (you will therefore be entitled to have free information about the personal data held by the Controller and related processing, and to obtain a copy in an accessible format);
   2. rectification of data (following your request, we will ensure the correction or integration of your data - non-expression of evaluation elements - incorrect or imprecise, even if they have become such as not updated);
   3. withdrawal of consent (if processing is by means of consent expressed by you, you can revoke consent at any time, without prejudice to the lawfulness of processing provided before revocation);
   4. deletion of data (right to be forgotten) (for example, data are no longer necessary for the purposes for which they were collected or processed, have been unlawfully processed, must be deleted to fulfil a legal obligation; you have revoked and there is no other legal basis for processing, you oppose to processing);
   5. processing limitation (in certain cases - confirmation of the accuracy of data, in the time necessary for verification, dispute of the lawfulness of processing with opposition to cancellation; need for use for your rights of defence, while they are no longer useful for the purposes of processing; if there is opposition to processing, while the necessary verifications are carried out - the data will be stored in such a way as to be able to be restored; however, in the meantime, they may not be consulted by the Controller if not in relation to the validity of your limitation request);
   6. opposition in whole or in part to processing for legitimate reasons (in certain circumstances, you may still oppose the processing of your data, in particular, if personal data are processed for direct marketing purposes, you have the right to oppose processing at any time, including profiling to the extent related to such direct marketing. If personal data are processed for scientific or historical research purposes or for statistical purposes, for reasons related to your particular situation, you have the right to oppose processing, unless processing is necessary for the performance of a task of public interest);
   7. data portability (if processing is based on consent or on a contract and is carried out by automated means, upon your request, you will receive personal data concerning you in a structured format, commonly used and readable by an automatic device and may send them to another Data Controller, without impediments by the Data Controller that provided them and, if technically feasible, you can request said sending to be made directly by the latter);
   8. proposition complaint to the supervisory authority (Guarantor for the protection of personal data - Privacy Guarantor).

For further information contact us:
Ninz S.p.A., Corso Trento 2/A, 38061 ALA (TN)
Tel. +39.0464.678300, Fax. +39.0464.679025, e-mail: privacy@ninz.it
DPO: Avv. Daniela Lamberti