Try freeSign in
ENG
ITAESP

Privacy​ Policy

The company NextAI Srl in the person of its full legal representative, VAT no. 02717930743, with registered office in viale Francia snc – 72019 San Vito dei Normanni (BR), pec address: nextai.srl@pec.it (hereinafter, the “Data Controller”), in its capacity as Data Controller of personal data pursuant to Article 1 of Legislative Decree no. 196 of 30 June 2003 – Privacy Code (hereinafter, the “Code”) and of Articles 4, no. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter, the “Regulation”) informs, pursuant to Article 13 of the Regulation, that it will process personal data referring to customers.

Preamble:

According to the European Data Protection Regulation, legal persons cannot be considered data subjects and therefore the European Regulation does not apply. However, if personal data relating to a natural person is included in the context of the collection of company data, this person is to be regarded as a data subject within the meaning of the aforementioned regulation.

1. Object of the processing (what data we process)

The data processed are: first name and surname of the legal representative, date of birth, tax code, registered office, tax/VAT code, email, telephone, pec and/or recipient code,

2. Finalità del trattamento e base giuridica

Processing will be carried out by digital and analogue means. The data will not be subject to public dissemination.
It is specified that the email indicated by the data subject will be exported to a CRM for sending newsletters for commercial purposes, pursuant to art. 130 paragraph 4 Privacy Code.
The data will be processed lawfully, fairly and with the utmost confidentiality, in compliance with the appropriate security measures as provided for by the Code and the Regulations.

3. Treatment modalities

The Data Controller shall process personal data for the time necessary to fulfil the above purposes and in any case for: no longer than 10 years from the conclusion of the contract and/or the occurrence of any act interrupting the statute of limitations. For newsletter purposes, the data will be deleted 5 years after the last commercial information has been sent.

4. Data Communication

The Data Controller may communicate the data for the purposes set out in Art. 2 to parties to whom communication is required by law in order to fulfil legal obligations. The data may also be communicated to parties who perform tasks on behalf of the data controller, appointed as data processors pursuant to Art. 28.
The data may be communicated to any intermediaries in the proposed service who may process the data as autonomous data controllers pursuant to Art. 14.

5. Data Storage and Transfer

The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or of third party companies appointed and duly appointed as Data Processors. The data may be subject to transfer outside the European Union; in this case, the Data Controller undertakes as of now to use appropriate transfer guarantees, stipulating, where applicable, the standard contractual clauses approved by the European Commission.

6. Rights of the data subject

The customer, in his capacity as data subject, has the rights set out in Article 15 of the Regulation, namely

  1. The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet recorded, and its communication in intelligible form.
  2. The data subject has the right to be informed of
  3. (a) the origin of the personal data
  4. b) the purposes and methods of processing
  5. c) the logic applied in the event of processing carried out with the aid of electronic instruments
  6. d) the identity of the data controller, data processors and representative
  7. e) the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
  8. The data subject has the right to obtain
  9. a) the updating, rectification or, where interested therein, integration of the data;
  10. b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
  11. c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  12. The data subject has the right to object, in whole or in part;
  13. a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
  14. b) to the processing of personal data concerning him/her for purposes not covered by Art. 2.

Also in accordance with Articles 15 et seq. of the GDPR, the user has the right to request at any time, access to his personal data, rectification or deletion thereof, restriction of processing in the cases provided for by Article 18 of the GDPR, obtain in a structured, commonly used and machine-readable format the data concerning him, in the cases provided for by Article 20 of the GDPR. At any time, the user may revoke pursuant to Article 7 of the GDPR the consent given; lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if he or she considers that the processing of his or her data is contrary to the legislation in force.

The user may make a request to object to the processing of his or her personal data pursuant to Article 21 of the GDPR, in which he or she must give evidence of the reasons justifying the objection: the Data Controller reserves the right to assess the request, which would not be accepted if there were compelling legitimate grounds for processing that override the user’s interests, rights and freedoms.

The interested party may at any time exercise the rights referred to in the preceding article by sending

– a registered letter with return receipt to: NextAi Srl viale Francia snc – 72019 San Vito dei Normanni (BR),

– an e-mail to the PEC address: nextai.srl@pec.it