information on the processing of personal data
Pursuant to Article 13 of Regulation (EU) 2016/679, hereinafter referred to as the GDPR (General Data Protection Regulation), also considering Italian Legislative Decree 196/2003 amended by Legislative Decree 101/2018, we inform you about the following:
Data Controller
The Data Controller is: Rafael Muñoz Navarro
Tax code: 04837690280
Registered office: Take-Off Gewerbepark, 9 78579 Neuhausen ob Eck Germany
Tel. +49 7467 9106713
Email: info@nexormedical.com
Purposes of and legal basis for processing
Browsing data: The Data Controller will process certain personal data of users who interact with the computer systems and software procedures used to operate the site. In particular, browsing data that the computer systems automatically acquire during use of the site and that are not connected to any additional personal information, for example IP addresses, domain names and types of browsers, will be used to gather anonymous statistical information on the use of the site, the control needs for the usage of that site, and for ascertainment of responsibility in the event of potential cyber crimes.
Data provided voluntarily by the user. The personal data you provide will be processed exclusively for the following purposes:
a) conclusion and execution of the contract (registration, use of site services) and all related activities, including but not limited to billing, credit protection, protection of the rights and interests of the Data Controller, administrative, management, logistical/organisational and functional services for the execution of the contract;
b) fulfillment of obligations under the law, regulations, applicable legislation and other provisions issued by Authorities and Supervisory/Control Bodies provided for by the Law.
The legal bases for the processing of personal data for the aforementioned purposes a) and b) are: the execution of a contract and/or the adoption of a pre-contractual measure at the request of the Data Subject, and the fulfillment of one or more legal obligations or exercises of legitimate interest.
c) the performance of promotional/advertising activities by way of sending periodic newsletters or personalised advertising content. Only the processing of personal data for the purposes mentioned in letter c) above requires your express consent as per Article 7 of the GDPR. Said consent covers both the automated and traditional modes of communication described above.
For Data Subjects who are already customers of the Data Controller, the sending of information for the purposes referred to in (c) above may also be based on the legitimate interest of the Data Controller in accordance with Article 6(1)(f) and Recital No. 47 of the GDPR.
The Data Subject shall always have the right to object easily and free of charge, in whole or in part, to the processing of their data for the purposes referred to in c) above.
Methods of data processing
The processing of personal data is carried out by means of the operations specified in Article 4(2) of the GDPR, for the aforementioned purposes, whether in hard copy or in computer/telematic form, by means of electronic and/or automated tools, in compliance with current legislation, in particular on confidentiality and security, and in accordance with the principles of fairness, lawfulness and transparency and protection of the Client’s rights. The processing is carried out directly by the Data Controller’s organisation, its Managers pursuant to Article 28 and designated internal subjects.
Compulsory or voluntary nature of providing data and consequences of refusal to provide personal data
The data requested for the purposes referred to in the preceding point must be provided for the fulfilment of legal obligations and/or for the conclusion and execution of the contractual relationship you have requested, or for the exercise of the legitimate interest of the Data Controller. Therefore, your refusal, even partial, to provide such data would make it impossible for the Data Controller to establish and manage the relationship itself. The provision of personal data necessary for the purposes referred to in (c) above is voluntary, therefore your refusal to provide such data may result in the impossibility of establishing the activities described therein (marketing and promotional materials).
Communication and Dissemination
Your personal data may be disclosed, to the extent strictly relevant to the above obligations, tasks and purposes and in accordance with the relevant regulations, to the following categories of subjects:
- Subjects to whom such communication must be made in order to fulfil or require the fulfilment of specific contractual obligations or those provided for by laws, regulations and/or EU legislation;
- external natural and/or legal persons who provide services instrumental to the activities of the Data Controller for the above purposes (e.g. business partners, suppliers, consultants, companies, entities, professional firms). These individuals will act as data processors pursuant to Article 28 of the GDPR.
Personal data will not be disseminated in any way except with your explicit consent or request in writing.
Period of retention of personal data
Personal data will be retained for as long as necessary for the execution of the contract entered into with the Data Controller, after which the data will be retained for the purpose of fulfilling legal obligations and for the preservation of administrative documents in accordance with current legal provisions.
Transfer of data
Personal data are stored on servers located within the European Union. It is in any case understood that the Data Controller, should it become necessary, shall also be entitled to move the servers outside the EU. In such a case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission. In the event that the User uses online payment methods, they may be redirected to platforms managed by third parties (such as Multisafepay, Paypal, etc….) that operate as autonomous Data Controllers with any consequent obligation provided for by the GDPR and applicable regulations.
Minors
The Data Controller does not intentionally collect any personal information relating to minors.
Rights of the Data Subject
As a data subject, you have rights under the GDPR, namely the rights to:
- obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
- obtain an indication of: a) the origin of those personal data; b) the purposes and methods of their processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the Data Controller, managers and designated representative under Article 3(1) GDPR; e) the subjects or categories of persons to whom the personal data may be divulged or who may become aware of them as designated representative within the national territory, managers or agents;
- obtain: a) the updating, rectification or, where requested, the integration of data; b) the deletion, anonymisation or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been brought to the attention, as also related to their contents, of the entities to whom or which the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of call systems with the intervention of an operator, and/or by email and/or through traditional marketing methods by telephone and/or paper mail. Please note that each Data Subject has the right to object in whole or in part to data processing for marketing purposes. Therefore, the data subject may choose to receive only communications by traditional means or only automated communications, or neither type of communication. Where applicable, the data subject also has the rights set forth in Articles 16-21 of the GDPR (right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.
For the exercise of the above rights or for questions or information regarding the processing of your data and the security measures taken, any Data Subject may forward their requests to our company at the following address: info@nexormedical.com