Privacy policy for users of the site Privacy policy for users of the site

Privacy policy for users of the site

PRIVACY POLICY FOR USERS OF THE SITE

Please read carefully this Privacy Policy (hereinafter, “Privacy Policy”), which is intended for the users of the website www.nordica.com (hereinafter, the “Site”), in accordance with Article 13 of the General Data Protection Regulation No. 2016/679 (hereinafter, also “GDPR”), in which we provide you with all the information regarding the processing of your personal data (hereinafter, also, “Data”) and its use.

Please note this Privacy Policy is applied only to the processing of Data carried out on the Site and not also to processing carried out on different and additional websites, although accessible through links within the Site itself.

1. Data controller and contact information

The data controller is Tecnica Group S.p.A., via Fante d’Italia, 56 – 31040, Giavera del Montello (TV), Italy, C.F. e P.IVA 00195810262 (hereinafter referred to as “Data Controller” or “Company”).

E-mail address: [email protected] 

2. Contact information of Data Protection Officer (DPO)

It is possible to contact the Data Protection Officer (DPO) by writing to [email protected] 

3. Types of Data Processed

3.1 Navigation Data

We collect the following Data through the services you use.

Technical Data

This category of Data includes the IP addresses or domain names of the computers used by the users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These Data are used only for statistical information (so they are anonymous), to check the proper functioning of the Site, and are deleted immediately after processing. The Data could be used to prove responsibility in case of hypothetical computer crimes against the Site. Save this eventuality, Web Contact Data do not persist for more than 7 days.

Cookie

The Site collects Data using cookies or similar technologies. For more information, please visit the Site's “Cookie Policy”.

3.2 Data provided intentionally by the user

The Site offers to the users the opportunity to provide personal Data through, for example, filling out the contact forms and newsletter subscription, on the site.

4. Services provided by the Site

You can find below the description of the services offered by the Site. For each services are indicated: the purposes for which Data are processed, the legal basis for such processing, and the retention periods for the processed Data.

4.1 Contact sections

Within the Site there are contact sections, such as “Chat” and “Email us”. These sections allow the user to submit his/her requests for information to the Company regarding: technical difficulties, product guarantees, where to find the Company's products in shops, collaborations and commercial proposals, support in product selection. In order to provide this service, the user is necessarily required to provide the following personal data: first name, last name, gender, postal code, state, language and e-mail address. While it is left to the user to provide further personal data, including: date of birth and address.

Purposes of processing: provide reply to requests for information made by the user.

Legal basis for processing: Art. 6(1)(b) of the GDPR, “performance of a contract to which the data subject is party or performance of pre-contractual measures taken at the request of the data subject”.

Retention period: personal data will be retained for a period not exceeding 7 years from the time they are provided.

5. Additional purposes of processing

As part of the processing of personal data carried out by the Site, the Data Controller pursues the following additional specific purposes:

5.1 Fulfillment of legal obligations

The Data Controller, where necessary, processes the personal data of data subjects, collected through the Site, in order to ensure compliance with legal obligations, regulations and EU standards to which it is subject.

Legal basis for processing: art. 6(1)(c) GDPR, “processing is necessary for compliance with a legal obligation to which the controller is subject”.

Retention period: personal data will be retained for the period strictly necessary to enable the Controller to fulfill the legal obligations to which the Controller is subject.

5.2 Establishment, exercise and defense of rights in court

The Data Controller, where necessary, processes the personal data of data subjects, collected through the Site, in order to establish, exercise or defend its own right in court or whenever the judicial authorities exercise their jurisdictional functions.

Legal basis for processing: art. 6(1)(f) GDPR, “processing is necessary for the pursuit of the legitimate interest of the controller”.

Retention period: personal data will be retained for the period strictly limited to the duration of the litigation, until the time limit for appeal actions is exhausted.

5.3 Direct marketing activities

Your personal data, subject to your free and specific consent, will be processed by the Data Controllers to update you on promotional, commercial and advertising initiatives, events, initiatives in accordance with the provisions of the Italian Data Protection Authority's provision “Linee guida in materia di attività promozionale e contrasto allo spam – 4 luglio 2013 [2542348]”. We inform you that these activities may be carried out by means of paper mail, telephone contact by operator (so-called “traditional modalities”), e-mail, sending of sms, push notifications and use of social networks (so-called “automated modalities”). In addition, we will process Your Data to perform analysis and reporting activities related to promotional communication systems. In the absence of your specific consent for this purpose, we will not be able to process your Personal Data for direct marketing purposes and will therefore not be able to inform you of new products and/or current promotions.

Legal basis for processing: Consent of the data subject ex art. 6(1)(a) GDPR, “the data subject has given consent to the processing of his/her personal data for one or more specific purposes”.

Retention period: personal data will be retained until the user withdraws consent. Purchase data for marketing purposes will be retained for 7 years from the time they are provided. This is without prejudice, in any case, to the possibility for Data Controllers to retain the user's personal data in order to demonstrate compliance with the principle of accountability under Article 5 GDPR.

5.4 Profiling

Subject to your free, optional and specific consent, we will process your personal data for profiling purposes. In particular, through requests made using the contact forms and the selection of brands in which you have declared interest as well as monitoring your behaviors and interactions, we will assess your behavior in more detail and analyze your preferences, interests, and consumption habits. In the absence of your specific consent for this purpose, we will not be able to process your personal data for profiling purposes.

Legal basis for processing: Consent of the data subject ex art. 6(1)(a) GDPR, “the data subject has given consent to the processing of his/her personal data for one or more specific purposes”.

Retention period: personal data will be retained until the user withdraws consent. Data from purchases for profiling purposes will be retained for 7 years from the time they are provided. This is without prejudice, in any case, to the possibility for Data Controllers to retain the user’s personal data in order to demonstrate compliance with the principle of accountability under Article 5 GDPR.

6. Recipients and transfer of personal data

The Data may be processed by parties operating as autonomous data controllers, such as but not limited to: authorities and supervisory and control bodies and in general subjects, public or private, entitled to request the Data.

Data may also be processed on behalf of the Company by external parties designated as Data Processors (pursuant to Article 28 of the GDPR), who are given appropriate operational instructions. These subjects are essentially included in the following categories: 

a. subsidiaries of Tecnica Group (pursuant to Article 2359 of the Civil Code);

b. companies that offer e-mailing services;

c. companies that offer services instrumental to the pursuit of the purposes stated in this policy (media agencies, IT suppliers, forwarders...);

d. companies that perform the service of managing and/or maintaining the Company’s website;

e. companies that offer support in conducting market studies;

Personal data are not transferred outside the European Union. In any case, it is understood that, should it become necessary, the Data Controller may also transfer personal data to countries outside the EU, guaranteeing as of now that the transfer will take place in compliance with the applicable legal provisions and therefore entering into, if and to the extent necessary, specific agreements guaranteeing an adequate level of protection of personal data, or in any case adopting the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU.

7. People authorized to process

The Data may be processed by the employees and/or collaborators of the Controller and/or the Manager deputed to the pursuit of the above purposes, who have been expressly authorized for the processing and have received appropriate operational instructions.

8. Withdrawal of consent and exercise of data subjects’ rights

Data subjects may contact the Data Controller by e-mail at the following e-mail address: [email protected] 

Data subjects may request from the Controller access to the data concerning them, their deletion, the rectification of inaccurate data, the integration of incomplete data, the restriction of processing in the cases provided for in Article 18 GDPR, as well as the opposition to processing, for reasons related to their particular situation, in cases of legitimate interest of the controller.

In the event that you exercise your right to erasure, the Data Controllers will remove the data referring to you not only from the Site, but also from all of the company's databases: this could therefore include the possible deletion also from other platforms of the Data Controllers on which you have registered. In view, therefore, of the impact that such deletion could have on you, the Data Controllers may provide for procedures better aimed at ascertaining your identity.

In addition, data subjects, where processing is based on consent or contract and is carried out by automated means, have the right to receive in a structured, commonly used and machine-readable format the data, as well as, if technically feasible, to transmit them to another data controller without hindrance.

Data subjects have the right to revoke the consent given at any time for marketing and/or profiling and/or data transfer/communication purposes. This is without prejudice to the possibility for a data subject who prefers to be contacted exclusively through traditional means to object to processing for marketing purposes only in relation to receiving communications through automated means.

Data subjects have the right to lodge a complaint with the competent supervisory authority in the member state where they usually reside or work or the state where the alleged violation occurred.