NEMESIS S.r.l. protects the confidentiality of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation.
As required by the European Union Regulation no. 679/2016 («GDPR»), and in particular to the art. 13, here below
we provide to the subjects the information required by the law regarding the processing of personal data.
Who we are and what data we process (art.13, paragraph 1 letter a, art.15, letter b GDPR)
NEMESIS S.r.l. has appointed a Data Protection Officer, controller of sensitive data processing, with registered office in Modena (MO), Via Benassi, 31, can be contacted at email@example.com and collects and / or receives information that concern the interested party, such as:
Data category — Exemplification of data types
Personal data — Personal data, address, nationality, province and common, landline and / or mobile phone, fax, VAT number, e-mail address
Bank details — IBAN and other bank data
NEMESIS does not require the Subject to provide data named «Particular», that is, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In case the performance requests NEMESIS to require the processing of such data, the interested party will receive prior notice and will be asked to give consent.
The Data Protection Officer (DPO) can be contacted for any information and requests to the e-mail address: firstname.lastname@example.org.
For what purposes we need the data of the interested party (Article 13, paragraph 1 of the GDPR)
The data will be visible to all NEMESIS employees for tax purposes, marketing and promotion activities, manage and execute contact requests forwarded by the interested party, provide assistance, fulfill the legal and regulatory obligations to which the Holder is held in relation to activity exercised. In no case does NEMESIS resell the personal data of the interested party to third parties nor use them for undeclared purposes.
In particular, the data of the interested party will be processed for:
1) Tax purposes;
2) Marketing and promotion activities;
3) Functional needs of the information system.
The processing of personal data of the interested party takes place to carry out preliminary activities and consequent to the order of a Product, the management of the related order, the preparation and delivery of the Product, the related invoicing and the management of the payment, the handling of complaints and / or reports to the assistance service and to perform the assistance itself, fraud prevention and the fulfillment of any other obligation arising from the contract.
The legal basis of these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with
Commercial Marketing activities on Products different from those purchased by the Interested Party
The personal data of the interested party may also be processed for purposes of commercial promotion, for surveys and market research with regard to Products that the Holder offers only if the Subject has authorized the processing and does not object to this.
This treatment can be automated, in the following ways:
— telephone contact
and can be done:
1. if the interested party has not revoked his consent for the use of the data;
2. if, in the event that the processing takes place through contact with the telephone operator, the interested party is not
registered in the register of oppositions referred to in the D.P.R. n. 178/2010;
The legal basis of these treatments is the consent given by the interested party prior to the processing itself, which is
revocable by the interested party freely and at any time.
The Holder, in line with the provisions of Recital 49 of the GDPR, has a high level of IT security through Antivirus Software, Antispyware, to safeguard the total or partial theft of data, which compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted.
The Holder will promptly inform the Interested parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR concerning notifications of violation of personal data.
The legal basis for such processing is compliance with legal obligations and the legitimate interest of the Holder to carry out
processing related to the protection of company assets and security of NEMESIS offices and systems.
Communication to third parties and categories of recipients (Article 13, 1st paragraph GDPR)
The communication of the personal data of the interested party also takes place to third parties whose activity is necessary for the performance activities related to the relationship established and to meet certain legal obligations, such as:
Target categories — Purpose
Third-party suppliers of NEMESIS, External Consultants — Administrative and accounting obligations
Credit institutions and banking institutions — Management of collections / payments
The Holder imposes to third parties suppliers and data processing responsible compliance with security measures equal to those adopted in relation to the Interested Party, restricting the perimeter of action of the data processing responsible to the treatments connected to the requested service.
The legal basis of these treatments is the fulfillment of the services inherent to the relationship established, the fulfillment of obligations
of law and the legitimate interest of NEMESIS to carry out treatments necessary for these purposes.
How we process the data of the interested party (Article 32 GDPR)
The Holder disposes the use of adequate security measures in order to preserve confidentiality, integrity and availability of personal data of the interested party and imposes similar security measures to third parties suppliers and data processing responsible.
Where we process the data of the interested party
The personal data of the interested party are kept in paper, computer and electronic archives located in Modena MO Italy,
country in which the GDPR is applied and partly on distributed systems (Cloud).
How long are the data of the interested party stored? (Article 13, paragraph 2, letter to GDPR)
Unless he expressly expresses his will to remove them, the personal data of the interested party will be stored until they are necessary with respect to the legitimate purposes for which they were collected.
In particular, regarding the management and provision of services relating to the contact requests submitted from the interested party, such data will be kept no more than a maximum period of 12 months; likewise, in the event of acceptance of the offer, they will be kept for the entire duration of the contract itself and in any case not more than a maximum period of 24 (twenty-four) months from the last of the active Services and connected to it, or if, within this period, there were no Active and / or purchased services of the Products through the contract.
In the case of data provided to the Holder for the purposes of commercial promotion for services other than those already acquired
from the interested party, for which he initially gave his consent, these will be kept for 24 months, save withdrawal of consent.
In the case of data provided to the Holder for the purposes of profiling (such as data analysis and selected products), these will be
kept for 12 months, always subject to revocation of consent given.
Furthermore, personal data will in any case be kept for the fulfillment of obligations (e.g. tax and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the data processing responsible will retain only the data
necessary for its pursuit.
The cases in which the rights deriving from the contract and / or enrollment were asserted in court are excluded; in these cases the personal data of the interested party, exclusively those necessary for such purposes, will be processed for the time necessary for their pursuit.
What are the rights of the interested party? (Articles 15 — 20 GDPR)
The interested party has the right to obtain from the data processing responsible the following:
a) confirmation that it is or is not underway the processing of personal data concerning him and, in this case, obtaining
access to personal data and the following information:
1. the purposes of the processing;
2. the categories of personal data in subject;
3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if
recipients of third countries or international organizations;
4. when possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period;
5. the existence of the right of the data subject to request the data processing responsible to correct or delete the personal data or the limitation of the processing of personal data concerning him or to oppose their treatment;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the data subject, all information available on their origin;
8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the interested party.
9. the appropriate guarantees provided by the third country (non-EU) or an international protection organization for the eventual transferred data.
b) the right to obtain a copy of the personal data being processed, unless this right does not affect the rights and the freedom of others. In case of further copies requested by the interested party, the data processing responsible may charge a reasonable cost contribution based on administrative costs.
c) the right to obtain from the data processing responsible the correction of inaccurate personal data concerning him without unjustified delay
d) the right to obtain from the data processing responsible the cancellation of personal data concerning him without unjustified delay, if subsisting the reasons provided for by the GDPR in art. 17, among which, for example, in case they are no longer necessary for the purposes of the treatment or if this is assumed to be illicit, and only if the conditions established by law for exist; and in any case if the treatment is not justified by another reason equally legitimate;
e) the right to obtain from the data controller the limitation of processing, in the cases required by art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Holder for verify its accuracy. The interested party must be informed, in reasonable time, even when the period of suspension has been accomplished or the cause of the limitation of treatment has ceased, and therefore the limitation has been revoked;
f) the right to obtain communication from the Holder of the recipients to whom the requests for any corrections or cancellations or limitations on processing have been sent, unless this proves impossible or implies one disproportionate effort.
g) the right to receive personal data in a structured, commonly used and automatic-device-readable form concerning him and the right to transmit such data to another data processing responsible without impediments by the data processing responsible to whom he has provided them, in the cases described by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one controller to another, if technically feasible.
For any further information and in any case to send your request you must contact the Holder at the address email@example.com. In order to ensure that the rights mentioned above are exercised by the interested party and not by unauthorized third parties, the Holder may request the interested party to provide any additional information necessary for the purpose.
How and when can the data subject oppose the processing of personal data? (Article 21 GDPR)
For reasons related to the particular situation of the interested party, the same can oppose at any time the treatment of the personal data if it is based on legitimate interests or if it takes place for commercial promotion activities, by sending the request to the Holder at firstname.lastname@example.org.
The interested party has the right to cancel their personal data if there is no legitimate overriding reason of the Holder, with respect to the one that gave rise to the request, and in any case in case the interested party has opposed the treatment for commercial promotion activities.
To whom can the interested party submit a complaint? (Article 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the interested party may lodge a complaint to the competent authority of control on Italian territory (Guarantor Authority for the protection of personal data) or to the one that performs its duties and exercise its powers in the Member State where the GDPR violation took place.
Each update of this Information will be communicated promptly and by appropriate means and also it will be communicated if the Holder processes the data of the interested party for purposes other than those referred to in this Notice before proceeding and following the manifestation of the relative consent of the interested party if necessary.
Disclosure of Information
When you register for news and updates, we need to know your email address only. This allows us to send you product information which is relevant to your business. NEMESIS will use your email address to provide our products and services to you and to update you about new products/services. If we send you an email regarding our products and services you will have the option to unsubscribe. We do not sell, rent or exchange your personal information with any third party for commercial reasons. We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access in accordance with the EU data protection legislation.
Keeping records accurate
We do not collect sensitive information about you except when you specifically knowingly provide it. In order to maintain the accuracy of our database, you can check, update or remove your personal details by emailing email@example.com
We use a technology called “cookies” as part of a normal business procedure to track patterns of behaviour of visitors to our site. A cookie is an element of data that our Website sends to your browser which is then stored on your system. You can set your browser to prevent this happening. Any information collected in this way can be used to identify you unless you change your browser settings.
NEMESIS reserves the right to vary the terms and conditions of this policy from time to time. Such variations become effective immediately upon the posting of the varied policy on the NEMESIS website. By continuing to use the NEMESIS website after such posting you will be deemed to accept such variations. You should visit the page periodically to review this policy and its terms and conditions because they are binding upon you. In the event that any term of this policy is held to be invalid, unlawful, void or for any reason unenforceable, that term shall be deemed severable and the remainder of this policy shall remain valid and enforceable.
If you have any questions about privacy please contact us at:
Tel: +39 059 314548
Write to us:
NEMESIS, Via G. Benassi, 31 — 41122 Modena (MO) Italy