Home - Privacy policy on data processing

Art. 13 GDPR (European Regulation 2016/679)

This privacy policy relates to the personal data (acquired and processed by the data controller) of users visiting the website www.nord-composites.it. The privacy policy does not cover websites that users may visit by clicking on a link on this website. As far as the use of cookies is concerned, we invite you to read the specific cookies policy at this link.

1. Data Controller – about us.

The data controller is Nord Composites Italy Srl, with registered office in Monfalcone (GO), via Timavo 61. Contact details: privacy@nord-composites.it, +39 0481 490411.

2. What data we process – purpose.

a) browsing data. The computer systems and software used to operate this website automatically collect some personal data, whose transmission is implied by the use of Internet communication protocols. This data is associated with as many users, who are not directly identifiable, but who could be identified through special processing and cross-referencing with other data. Such data includes, by way of example: IP addresses, the domain names of the devices used by the Users, the URI (Uniform Resource Identifier) addresses of the resources requested, the time and method of the request, the response given by the server and the size of the file offered in response, as well as other parameters relating to the Users’ operating system.

Browsing data is collected, in aggregate and anonymous form, in order to verify the proper operation and security of the website, to acquire browsing statistics or to investigate any computer crimes committed on the website.

b) data provided by the User. This is the personal data directly provided by Users of the website, by filling in the contact form, or through the registration process. In the first case, this data is: first name, surname, contact information (email address, telephone number), as well as information contained in any text entered in the appropriate field. In the second case, it is: first name, surname, contact information (email address, telephone number) and the password chosen to log in. Browsing and session data relating to login and subsequent browsing is also processed.

This data is entered voluntarily by the user who fills in the contact form or who completes the registration process and, subsequently, accesses the client portal and is acquired and processed exclusively for the purpose of responding to the request sent to us or to allow the User, by creating a profile, to access the functions (viewing and/or downloading catalogues and information brochures) offered in the client portal.

The responsibility for the correctness of the data entered lies with the User, who, by filling in the contact form or by signing up on the website, confirms to be of legal age.

3. Lawful basis.

Browsing data is acquired during the normal use of the website, according to the automated methods described above, which make its acquisition necessary to allow the data subject to access the website. The lawful basis for processing the data is provided by Article 6(1)(b) of the GDPR (requirement to execute a contract between the parties).

The collection and subsequent processing of browsing data for statistical or verification purposes is a requirement of the data controller; such processing is carried out anonymously, i.e. without identifying the data subject. The lawful basis for processing the data is provided by Article 6(1)(f) of the GDPR (legitimate interest of the data controller).

The data entered in the contact form or the data entered when completing the registration process are essential for us to be able to respond to the user’s request. It is provided by the data subject, who enters it voluntarily. The lawful basis for processing the data is therefore provided by Article 6(1)(b) of the GDPR (requirement to execute a contract between the parties). Failure to provide the data prevents Nord Composites Italy Srl from contacting the User, providing him/her with the requested response and allowing him/her to access the functions available in the client portal.

Finally, the data may be used to protect the data controller’s rights in or out of court, to verify the proper operation of the site, or to prevent and combat cyber fraud/attacks. The lawful basis for processing the data is provided by Article 6(1)(f) of the GDPR (legitimate interest of the data controller).

4. Processing methods.

The data is processed solely by electronic and computerised means, stored on computer media and sent over the Internet. The data processing is carried out at the registered office of Nord Composites Italy Srl, as indicated above, as well as at the registered office of the suppliers of the website management and hosting service, both located in European territory.

In any case, processing is carried out in compliance with the principles indicated in the GDPR, such as minimisation (only data that are strictly necessary are processed), relevance, correctness and transparency, as well as adopting appropriate security measures to guarantee data protection.

There is no automated decision-making process.

5. Scope of data communication.

The data collected in this way are known and processed exclusively by the competent staff of Nord Composites Italy Srl. The staff of Nord Composites Italia Srl who thus acquire and/or process personal data have previously been trained in compliance with the data protection regulations and have been given the appropriate authorisation.

The data may also be made available to external entities, who act as data processors (and thus receive express delegation from the Data Controller) or as independent data controllers. These are: entities that provide maintenance services for the Website and computer systems; entities that provide e-mail services; entities that provide management and maintenance services for the Data Controller’s databases; system administrators. The data may be disclosed to consultants/collaborators where such disclosure is necessary to respond to requests made by the user through the contact form. Where required, the data may be provided to the Public Authority.

6. Retention periods.

Browsing data is retained for 30 days, after which it is deleted.

The data collected through the contact form is retained and managed for the time necessary to provide the service requested by the User. Subsequently, it is archived in a specific folder and deleted 6 months after the user has been provided with a response.

Data relating to the User’s registration and activity on the client portal of the website is retained as long as the User continues to use the site. It is deleted 12 months after the last access to the client portal (login). However, the User has the right to request cancellation at any time.

7. Rights of the Data Subject.

In relation to the personal data processed by Nord Composites Italy Srl, the data subject has rights expressly recognised by the applicable legislation. In particular, where applicable, the user may:
a) access their personal data held by the data controller;
b) obtain the rectification, updating, integration and deletion of their personal data;
c) request the limitation of processing;
d) object to the processing;
e) obtain data portability;
f) lodge a complaint with the supervisory authority (Data Protection Authority).

To exercise these rights, the data subject can send an email to the following address dpo@nord-composites.it. Any refusal by the user to allow the processing to continue shall not affect the lawfulness of the processing previously carried out in accordance with the aforementioned lawful basis.