Pursuant to art. 13 of the European Regulation n. 679 of 2016 (the "Privacy Regulation"), as well as of Recommendation no. 2 of 2001 adopted pursuant to art. 29 of the Directive n. 95/46 / CE, SS CONSULTING SAS intends to inform all users and / or visitors of the site www.nlnm.shop (respectively the "Users" and the "Site"), regarding the use of personal data, log files and cookies collected through the site itself.
1. Data Controller, Data Processing Managers and Data Protection Manager
The owner of the processing of personal data is SS CONSULTING SAS (CF and P.IVA 03543071207), with registered office at Via di Corticella 181 / A, 40128 BOLOGNA, e-mail firstname.lastname@example.org, (hereinafter the "Owner" ).
The updated list of designated Data Processors may be provided upon request by interested parties and / or Users.
The company has not appointed a Data Protection Officer.
2. The personal data that is provided using the Site: for what purpose will they be processed.
The personal data requested and provided serve us to allow us to access the site www.nlnm.shop (hereinafter the "Site") and use the following services (the "Site Services"):
- consult the Catalog / products / services and the information pages;
- to be contacted;
The data is processed for the following purposes:
- carry out the technical management of the Site; (ALL)
- acquire the references of the site users by filling in a special form to satisfy requests for information / commercial contact (CONTACTS)
The processing of data for the aforementioned purposes will be carried out in compliance with the Privacy Code, the Privacy Regulation and all the specific sector regulations including the provisions of the "Rules of the Guarantor for loyalty programs" of February 24, 2005 and the "Lines guide on the processing of personal data for online profiling ”of 19 March 2015.
In compliance with the “Guidelines on promotional activity and the fight against spam” of 4 July 2013, we highlight that any consent given for sending commercial, promotional and marketing communications through automated tools will also extend to the traditional methods of contact .
The data provided will be processed mainly using IT tools under the authority of the Data Controller, by persons specifically appointed, authorized and trained in processing in accordance with Articles 28 and 29 of the Privacy Regulation. Please note that appropriate security measures are observed also pursuant to articles 5 and 32 of the Privacy Regulation to prevent the loss of data, illicit or incorrect use and unauthorized access.
3. Mandatory or optional nature of consent for the provision of data, the consequences of a possible refusal and the legal basis of the processing
It is specified that for the purposes referred to in points (i), (ii), (ii) of the previous art. 3, the provision of personal data is compulsory as in the absence of this it will not be possible to use the Services offered by the Site.
Please note that in any case and at any time, the Data Controller can be requested to delete the data by a simple communication to be sent, without particular formalities, to the addresses indicated in the previous art. 1.
With reference to the purposes referred to in points (i), (ii), (iii) of the previous art. 3, the legal basis of the processing is in fact the execution of the services provided through the Site and requested (pursuant to Article 6, paragraph 1, letter b of the Regulation); instead, with reference to the purposes referred to in points (iii) and (iv) of the previous art. 3, the legal basis of the processing is any freely expressed consent (pursuant to Article 6, paragraph 1, letter a of the Rules).
4. To whom and in what sphere we can transmit the data
The data may be communicated, within the EU, in full compliance with the provisions of the Privacy Code and the Privacy Regulation, to the following subjects:
(i) to the financial administration and / or other public authorities, where this is required by law or at their request;
(ii) to the structures, subjects and external companies of which the Data Controller uses for carrying out related activities, instrumental or consequent to the execution of the Website Services - including the cloud computing storage service - to the sending of the Newsletter and the Profiling Activity;
(iii) external consultants (for example, for the management of tax obligations), if not designated in writing. Data processors.
(iv) credit institutions for instrumental purposes for the possible purchase of goods / services where provided for in any part of the site.
The information automatically collected by the Site, referred to in paragraph 2, as well as some anonymous data relating to the number and type of interactions on activities linked to the purposes of loyalty in the strict sense, may also be transferred to cloud servers of Third Parties also located outside the EU , resulting in such processing necessary for the execution of the requested Website Services. The legal basis of this treatment is, therefore, the art. 49, paragraph 1, lett. b of the Privacy Regulation.
5. The rights
Please note that at any time you may exercise the rights set forth in articles 15, 16, 17, 18, 20 and 21 of the Privacy Regulation, by sending a written communication to the contact details of the Holder referred to in the previous art. 1 and, for the effect, obtain:
- confirmation of the existence or not of personal data indicating the relative origin, verifying its accuracy or requesting its updating, rectification, integration;
- access, rectification, deletion of data or limitation of processing;
- cancellation, transformation into anonymous form or blocking of data processed in violation of the law.
You may also object to the processing of personal data previously provided.
With reference to the Newsletter, we highlight the right to request the termination of the processing carried out through automated methods of contact extended also to the traditional ones. Furthermore, the possibility remains of exercising this right only in part, ie requiring the interruption, for example, of sending promotional communications made through one or some of the contact tools for which consent has been given.
6. Duration of Treatment
Without prejudice to legal obligations, personal data will be stored for a specified period, based on criteria based on the nature of the services provided.
It should be noted that the data stored for Profiling or Marketing purposes will be kept for a period not exceeding 12 and 24 months respectively from their registration.
7. Security measures
Through the Website the data is processed in compliance with the applicable law and using adequate security measures in compliance with the legislation in force also pursuant to the articles 5 and 32 of the Privacy Regulation.
In this regard, it is confirmed, among other things, the adoption of appropriate security measures aimed at preventing unauthorized access, theft, disclosure, modification or unauthorized destruction of the data processed.
The Owner reserves the right to make changes to this Privacy Statement. In this case, users will be promptly informed when they use the Site again.
This information was released in October 2018.
pursuant to Article 13 of EU Regulation 679/2016
1. Purposes and methods of processing.
The personal data of the interested party are processed within the normal activity of the Data Controller, for the pursuit of the following purposes:
- correct and complete execution of the obligations of the contractual relationship put in place (hereinafter, the "Contract");
- administrative and accounting requirements strictly connected to the Contract;
- fulfillment of specific obligations provided for by law, by a regulation or by EU legislation (for example, those provided for in the matter of "anti-money laundering");
- update of the interested party on promotional and marketing initiatives, also by sending advertising and / or promotional material (for example, newsletters), through automated tools and / or traditional methods of contact.
The processing of personal data takes place, under the authority of the Data Controller, by subjects specifically appointed, authorized and trained in processing pursuant to art. 29 of the Privacy Regulations, using manual, IT or telematic tools, with logic strictly related to the purposes and in any case in order to guarantee the confidentiality and security of personal data. The processing of personal data may also take place, on behalf of the Data Controller, by data processors specifically designated pursuant to art. 28 of the privacy regulation.
Personal data will be stored for a specific period based on criteria based on the nature and duration of the Contract and on the needs to protect the interests of the Interested Party.
2. Legal basis of the processing, nature of the provision and consequences of a possible refusal, consent of the interested party.
2.1) Purposes referred to in the previous paragraph 1, points 1., 2. and 3.
With reference to the purposes referred to in paragraph 1, points 1., 2. and 3., the provision of personal data is mandatory and is a necessary requirement for the execution of the Contract; in fact, the failure to provide data determines the impossibility of receiving the service object of the Contract itself and, therefore, the legal basis of the relative treatment is the correct execution and management of the Contract.
2.2) Purpose referred to in the previous paragraph 1, point 4.
With reference to the purposes referred to in paragraph 1, paragraph 4., provision is optional and failure to provide the relative consent only determines the impossibility of receiving updates on promotional and marketing initiatives, also by sending advertising material and / or promotional (for example, newsletters).
3. Subjects or categories of subjects to whom the personal data can be communicated and scope of communication.
In relation to the purposes of the processing indicated above, and within the limits strictly pertinent to the same, the personal data of the Data Subject will be or may be communicated to the following categories of subjects:
(i) to the tax authorities and other public authorities, where required by law or at their request;
(ii) credit institutions for payment orders or other financial activities instrumental to the execution of the Contract;
(iii) to the external structures and / or companies used by the Data Controller, in charge of carrying out related activities, instrumental or consequent to the execution of the Contract
(iv) to external consultants (for example, for the management of tax obligations), if not designated in writing Responsible for processing;
(v) to external parties that carry out control activities, such as independent auditors, board of auditors, supervisory body;
(vi) to factoring companies and / or specialized companies or law firms for debt collection and / or for the protection of their interests / rights;
The aforementioned subjects, to whom the personal data of the Data Subject will be or may be communicated (as they are not designated in writing as Data Processors), will process the personal data as Data Controllers in accordance with the Privacy Regulation, in full autonomy, being unrelated to the original processing performed by the Owner.
The updated list of the subjects indicated and of the Data Processors can be provided upon request by the interested party.
The data of the interested party will not be disseminated.
If this is necessary for the performance of the Contract, the personal data of the Interested Party may be transferred to countries belonging to the EU and / or to countries outside the EU, in full compliance with the provisions of the Privacy Regulation, the provisions and decisions of the Privacy Guarantor on the subject, as well as by the community legislation In particular, the Owner undertakes to comply with the provisions set forth, respectively, by Decisions 2001/497 / CE, 2004/915 / CE and 2010/87 / EU (depending on the case in question), which require the signing of CDs . "Standard contractual clauses" between legal entities involved in the processing of non-EU data.
4. Rights of the interested party.
Articles 15 and ss. of the privacy regulations give the interested party the right to obtain:
- confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form;
- the indication of the origin of the personal data, of the purposes and methods of the processing, of the logic applied in case of treatment carried out with the aid of electronic instruments, of the identification details of the holder;
- updating, rectification, integration, cancellation, transformation into anonymous form or blocking of data processed in violation of the law (including those for which conservation is not necessary in relation to the purposes for which the data are collected or subsequently processed). The attestation that these operations have been brought to the attention of those to whom the data have been communicated or disseminated (also as regards their content), except in the event that such fulfillment proves impossible or involves a manifestly disproportionate use of means with respect to the protected right.
The interested party also has the right:
- to revoke at any time the consent given for the processing of personal data, where envisaged (without prejudice to the lawfulness of the processing based on the consent given before the revocation);
- to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even though pertinent to the purpose of the collection;
- to object, in whole or in part to the processing of personal data concerning him for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication;
- to make a complaint to the Guarantor for the protection of personal data in the cases provided for by the Privacy Regulation;
- to the portability of personal data within the limits of art. 20 of the privacy regulations.
SS CONSULTING SAS
Via di Corticella, 18 / A
40128 - BOLOGNA
 According to the art. 4 of the privacy regulations, "personal data" means: "any information concerning an identified or identifiable natural person (" interested "); the identifiable natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social ".