Skip to main content

www.novustec.it

PRIVACY POLICY

  1. How is personal data protected?

In compliance with the provisions of the current legislation on personal data protection, namely EU Regulation 2016/679 (also known as the “GDPR”), and, where applicable, complementary national legislation, we wish to inform you about the processing of your personal data by the Data Controller’s organization. The processing will be based on the principles of fairness, lawfulness and transparency, as well as the protection of your confidentiality and the protection of your rights. This privacy notice is provided for the personal data you, as the data subject reading this notice, have supplied.

  • When do we collect your personal data?

This privacy notice is provided for the personal data you provide when using the website.

  • Who is the data controller? How to contact him/her?

The Data Controller is Novus Srl, located at Via Lavoratori Autobianchi, 1, 20832 Desio (MB), Tax Code/VAT No. 04565730969, hereinafter referred to as the “Controller.” You can contact the Controller using the postal address mentioned above or via email at info@novustec.it.

  • What categories of personal data do we process?

To provide you with the services offered by the website, we need to process some of your personal data, primarily related to the following categories:

  • common identifying data that you may provide to us, such as: first name, last name, company, email address, and additional data related to the request you submit, for example, when filling out forms.
  • Technical web identification data such as: IP address, MAC address, device identifier used to access the site, etc. These personal data are necessary for the use of the site and the services offered (see also the section below titled “cookies”).
  • For what purposes are the data processed? What is the legal basis? And how long are they retained?

Below are the purposes of the processing, the legal basis that legitimizes the processing, and the retention period for your personal data:

PurposesLegal basisRetention
Management of the institutional website services, or any request for information, services, and related contractual and/or pre-contractual relationships.Execution of pre-contractual or contractual obligations.The data will be retained for a maximum period corresponding to the duration of the service of which you are a part, and the subsequent period for the prescription of rights.
Compliance with legal obligations, to fulfill any legal requirements that the Data Controller is obliged to comply with.Compliance with a legal obligation.The data will be retained for the retention period required by the regulations related to your request.
  • Is it mandatory to provide the data? What happens if you do not provide them?

Providing your personal data for the purpose (1) Management of the institutional website services is a necessary requirement for the provision of the requested services. Providing data for the purpose (2) Compliance with legal obligations is mandatory to comply with the regulations. Failure to provide data for these purposes will result in the inability to provide you with the requested services.

  • Who can know your data? To whom do we communicate them?

The personal data related to the processing in question, for the purposes mentioned above, may be communicated or disclosed to:

  • to those within the Data Controller’s organization who need the data due to their duties or hierarchical position. These individuals are the persons authorized to process the data under the direct authority of the Data Controller.
  • to those subjects to whom legal provisions grant access, or to whom the data transfer is necessary for compliance with laws or regulations, or the contract, such as public authorities or supervisory or control bodies authorized to access the data, lawyers, auditors, etc.
  • to third parties who process data on behalf of the Data Controller, related to the processing and purposes described above (such as services for managing the institutional website or informational services). These parties are authorized to process the data as Data Processors, as provided by Article 28 of the GDPR.
  • Companies belonging to the same corporate group as the Data Controller within the EU (such as parent companies, subsidiaries, or affiliated companies according to Article 2359 of the Civil Code, or companies under common control, as well as entities participating in consortia, business networks, and temporary business groupings or associations) that are authorized to process the data for internal administrative purposes.
  • Is personal data transferred outside the European Union (EU)?

The collected data are not transferred to locations outside the European Union.

  1. What are your rights as a data subject?

The GDPR grants you the following rights in relation to your personal data, which you may exercise to the extent and in accordance with the provisions of the legislation:

  • Right of access to your personal data (Art. 15);
    • Right of rectification (Art. 16);
    • Right to erasure (right to be forgotten) (Article 17);
    • Right to limitation of processing (Art. 18);
    • Right to data portability (Art. 20);
    • Right to object (Art. 21); the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on legitimate interest, including profiling on the basis thereof. The Controller shall refrain from processing unless it can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of a legal claim;
    • Right to object to a decision based solely on automated processing (Art. 22);
    • Right to revoke, at any time, the consent given, without affecting the lawfulness of the processing based on the consent given before revocation.

You can exercise your rights by sending a written request to the Data Controller at the postal address or via email, as previously mentioned.

In addition, he or she has the right to file a complaint with the Data Protection Authority(www.garanteprivacy.it) if he or she believes that the processing of his or her data is contrary to applicable laws (Art. 77) or to take legal action (Art. 79).

  • The Data Protection Officer (DPO/DPO). How can you contact him and for what?

The Owner has designated a Data Protection Officer (also known as RDP or DPO) whom you can contact for all matters related to the processing of your personal data and the exercise of your rights under the GDPR. The contact details of the DPO are as follows: gdpr@novustec.it

  • How are personal data protected?

Personal data will be processed both electronically and manually, using appropriate technical and organizational security measures to ensure the integrity and confidentiality of the data and protect them against risks of unlawful intrusion, loss, alteration, or disclosure to unauthorized third parties.

  • Other notices/information

Specific notices are provided for special processing activities:

  • Cookies: When you connect to the Data Controller’s website, a series of cookies (or similar tools) are installed on your device to facilitate your use of the site or to define your user profile. For more information about cookies, to learn about their features, and to exercise your right to accept them in full or to express your preferences regarding their use, we invite you to consult our “cookie policy” available in the footer of this site.
  • Candidates: If applications are submitted through the completion of the appropriate form on the website, reference should be made to the specific privacy notice provided on this site.
  • Updates

The Owner reserves the right to modify and update this policy at any time. The changes will apply from the moment they are published. Therefore, it is necessary for you to regularly check the current Privacy Notice.

Edition: December 2024