GDPR

Privacy Policy pursuant to art. 13-14 of the European General Data Protection Regulation 2016/679 (GDPR) for customers

M-S-06 (VER 00)

Dear Customer,

we wish to inform you that the EU Reg. 2016/679 ("European General Data Protection Regulation") provides for the protection of personal data of individuals.

Pursuant to art. 13 of the GDPR we therefore provide you with the following information:

1. Controller

The Controller is the company NOBEL CERTIFICATION ITALIA SRLS, Company Id. No.: FE-219093, with registered office at floor T-1 , No. 285 , Comacchio St., Ferrara (FE) - Italia, registered in Camera di Commercio di Ferrara e Ravenna, e- mail: atex@nobelcerti.it, PEC: nobelcertificationitalia@legalmail.it (the “Data Controller“).

2. Company Data

2.1.These are the data you provide for the provision of services in the context of the activities carried out by the Data Controller, as an example, are the following:

name of the company: ......
registration number: ......
tax identification number: .......
registered office: ......
operative office (if any): .........
email address: .......
telephone No.: ........

2.2. The collection and subsequent processing of your personal data are intended to allow the Data Controller

the execution of contractual and pre-contractual obligations deriving from the services requested by the Customer;
the provision of the services requested by the Customer, through the collection, storage and processing of data for the purpose of establishing and subsequent operational, technical and administrative management of the relationship;
the fulfillment of legal and tax obligations (eg. payment management, invoicing, etc);
management of relations with third party authorities and public bodies for purposes related to particular requests, the fulfillment of legal obligations or particular procedures;

The provision of such data is mandatory to follow up on the contractual relationship, or even for a simple informational contact. If data subject does not provide the data expressly provided as necessary, the Data Controller will not be able to carry out the processing related to the management of the requested services connected to them, nor the obligations that depend on them.

Subject to your consent, the data may be processed for purposes functional to the activity of the Data Controller, and / or third-party companies; in particular, the promotion of products or services (implemented through the sending of advertising material, telephone communications or by post and also through automated communication services such as SMS, E-mail, Fax); o publication for advertising and promotional purposes on the website of the Data Controller.

The consent for this treatment is optional and the denial does not affect the use of goods and services by the Customer.

3. The legal base for the processing

The legal base for the processing is Article 6, Paragraph 1 of the GDPR:

Letter b) c) for the mandatory
Letter a) for the optional

4. Recipients of the data

Besides the Controller, the above personal data shall be collected and processed also by the following subjects:

chartered accountant for the one and only part relating to tax burdens;
third parties whose right of access to such data is recognized by virtue of regulatory provisions;
all those natural and / or legal persons, public and / or private when the communication is necessary or functional to the performance of the activity and in the manner and for the purposes described above;
to the Public Security Authorities, the Judicial Authority and other public entities if the communication is mandatory by law.

5. Transfer of data outside the EU

The Controller shall be entitled to provide my personal data also to relevant recipients/ categories of recipients with domiciles outside the EU and the EEA. I acknowledge that in the case of transmission of personal data to third countries transfers are permitted provided that the adequacy of the third country or organization is recognized by decision of the European Commission (art. 45 of EU Regulation 2016/679).

In the absence of such a decision, the transfer is permitted where the data controller or data processor provides adequate guarantees that provide enforceable rights and effective means of appeal for the interested parties (art. 46 of EU Regulation 2016/679). In this regard, the following may constitute adequate guarantees:

without authorization from the Guarantor:
binding and enforceable legal instruments between public entities (art. 46, par. 2, letter a);
binding corporate rules (art. 46, par. 2, letter b)
the standard clauses (art. 46, par. 2, letter c and letter d)
the codes of conduct (art. 46, par. 2, letter e) • the certification mechanisms (art. 46, par. 2, letter f)

subject to authorization from the Guarantor:

ad hoc contractual clauses (art. 46, par. 3, letter a)
administrative agreements between public authorities or bodies (art. 46, par. 3, letter b)

In the absence of any other prerequisite, it is possible to transfer personal data based on some exceptions that occur in specific situations (art. 49 of EU Regulation 2016/679).

6. Processing methods

The data will be processed by means of the following operations: collection, registration, organization, storage, consultation, processing, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. They will be processed with the aid of paper, electronic and telematic tools. The Data Controller has adopted internal Policies (Good rules of conduct) specific to the technical and organizational measures inherent to the methods of data processing.

7. Duration and retention of personal data

Your data will be kept exclusively for the period necessary to carry out the contractual duties, or for the time required for storage by law to carry out tax operations.

Your data may be kept even after the termination of the existing contract for the fulfillment of all possible obligations connected with or deriving from the conclusion of the same for the time required by current national and community legislation, in accounting, tax, civil and procedural. Specifically, the data will be kept for a maximum of 10 years.

8. Rights of data subject

At any time, you can exercise, pursuant to articles 15 to 22 of EU Regulation no. 2016/679, the right to:

a) ask for confirmation of the existence or otherwise of their personal data;

b) obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;

c) obtain the rectification and cancellation of data;

d) obtain the limitation of the processing;

e) obtain data portability, i.e. receive them from a Data Controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another Data Controller without impediments;

f) oppose the processing at any time and also in the case of processing for direct marketing purposes;

g) oppose an automated decision-making process relating to natural persons, including profiling;

h) withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;

i) lodge a complaint with the supervisory authority, Guarantor for the processing of personal data, E-mail: garante@gpdp.it PEC: protocollo@pec.gpdp ..

You can exercise your rights by sending an official and documentable communication using one of the following channels:

Registered mail to be delivered to the registered office of the Data Controller;
Sending an e-mail to the e-mail address of the Data Controller company.

Before being able to provide you, or modify any information, it may be necessary to verify your identity, answer some questions and fill out an official request form that will be provided by the Owner. An answer will be provided as soon as possible.

ACKNOWLEDGMENT OF THE INFORMATION AND CONSENT TO THE TREATMENT

The undersigned / the undersigned ............................................................. .. ........................... .. ..................

As □ natural person □ representative of the Company (indicate the company region) ............................................................................. .. ...........................

Hereby declares:

to have read the information on privacy,
to □ give your consent □ not to give your consent for your personal data to be used directly by the Data Controller for commercial, promotional, profiling and marketing purposes;
to □ give your consent □ not to give your consent for your personal data to be transmitted to third parties and used by them for commercial, promotional, profiling and marketing purposes.

Date, there ………………………. …… .. …… . SIGNATURE: ………………… ………… .. …… .. …………………

GDPR

Privacy Policy pursuant to art. 13-14 of the European General Data Protection Regulation 2016/679 (GDPR) for customers

M-S-06 (VER 00)

Dear Customer,

we wish to inform you that the EU Reg. 2016/679 ("European General Data Protection Regulation") provides for the protection of personal data of individuals.

Pursuant to art. 13 of the GDPR we therefore provide you with the following information:

1. Controller

2.1.These are the data you provide for the provision of services in the context of the activities carried out by the Data Controller, as an example, are the following:

name of the company: ......

registration number: ......

tax identification number: .......

registered office: ......

operative office (if any): .........

email address: .......

telephone No.: ........

2.2. The collection and subsequent processing of your personal data are intended to allow the Data Controller

the execution of contractual and pre-contractual obligations deriving from the services requested by the Customer;

the provision of the services requested by the Customer, through the collection, storage and processing of data for the purpose of establishing and subsequent operational, technical and administrative management of the relationship;

the fulfillment of legal and tax obligations (eg. payment management, invoicing, etc);

management of relations with third party authorities and public bodies for purposes related to particular requests, the fulfillment of legal obligations or particular procedures;

The consent for this treatment is optional and the denial does not affect the use of goods and services by the Customer.

3. The legal base for the processing

The legal base for the processing is Article 6, Paragraph 1 of the GDPR:

Letter b) c) for the mandatory

Letter a) for the optional

4. Recipients of the data

Besides the Controller, the above personal data shall be collected and processed also by the following subjects:

chartered accountant for the one and only part relating to tax burdens;

third parties whose right of access to such data is recognized by virtue of regulatory provisions;

all those natural and / or legal persons, public and / or private when the communication is necessary or functional to the performance of the activity and in the manner and for the purposes described above;

to the Public Security Authorities, the Judicial Authority and other public entities if the communication is mandatory by law.

5. Transfer of data outside the EU

without authorization from the Guarantor:

binding and enforceable legal instruments between public entities (art. 46, par. 2, letter a);

binding corporate rules (art. 46, par. 2, letter b)

the standard clauses (art. 46, par. 2, letter c and letter d)

the codes of conduct (art. 46, par. 2, letter e) • the certification mechanisms (art. 46, par. 2, letter f)

subject to authorization from the Guarantor:

ad hoc contractual clauses (art. 46, par. 3, letter a)

administrative agreements between public authorities or bodies (art. 46, par. 3, letter b)

In the absence of any other prerequisite, it is possible to transfer personal data based on some exceptions that occur in specific situations (art. 49 of EU Regulation 2016/679).

6. Processing methods

7. Duration and retention of personal data

Your data will be kept exclusively for the period necessary to carry out the contractual duties, or for the time required for storage by law to carry out tax operations.

At any time, you can exercise, pursuant to articles 15 to 22 of EU Regulation no. 2016/679, the right to:

a) ask for confirmation of the existence or otherwise of their personal data;

b) obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;

c) obtain the rectification and cancellation of data;

d) obtain the limitation of the processing;

e) obtain data portability, i.e. receive them from a Data Controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another Data Controller without impediments;

f) oppose the processing at any time and also in the case of processing for direct marketing purposes;

g) oppose an automated decision-making process relating to natural persons, including profiling;

h) withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;

i) lodge a complaint with the supervisory authority, Guarantor for the processing of personal data, E-mail: garante@gpdp.it PEC: protocollo@pec.gpdp ..

You can exercise your rights by sending an official and documentable communication using one of the following channels:

Registered mail to be delivered to the registered office of the Data Controller;

Sending an e-mail to the e-mail address of the Data Controller company.

Before being able to provide you, or modify any information, it may be necessary to verify your identity, answer some questions and fill out an official request form that will be provided by the Owner. An answer will be provided as soon as possible.

ACKNOWLEDGMENT OF THE INFORMATION AND CONSENT TO THE TREATMENT

The undersigned / the undersigned ............................................................. .. ........................... .. ..................

As □ natural person □ representative of the Company (indicate the company region) ............................................................................. .. ...........................

Hereby declares:

to have read the information on privacy,

to □ give your consent □ not to give your consent for your personal data to be used directly by the Data Controller for commercial, promotional, profiling and marketing purposes;

to □ give your consent □ not to give your consent for your personal data to be transmitted to third parties and used by them for commercial, promotional, profiling and marketing purposes.

Date, there ………………………. …… .. …… . SIGNATURE: ………………… ………… .. …… .. …………………