INFORMATIVE INTERNET SITE nehexperience.com
pursuant to Art. 13 of EU Regulation 679/2016
in compliance with the provisions of Article 13 of the General Data Protection Regulation 2016/679 (also "GDPR") and the relevant Italian legislation, NehEx S.r.l. (henceforth also only "NehEx" or "Data Controller") provides information on the personal data indicated below that it may process as a result of your browsing this website (www. nehexperience.com - henceforth also only "Site"), your subscription to the Holder's newsletter and your purchase of experiential packages marketed by the Holder's business partners via the NehEx Platform according to the Terms of Sale published on the Site (henceforth also only "NEP Packages").
1) Data Controller
The data controller is NehEx S.r.l., headquartered in Turin, Via Luisa del Carretto No. 66, tax code, VAT no. and registration no. with the Register of Companies at the CCIAA of Turin 12536440014, in the person of its sole director and legal representative Mr. Emanuele Sega.
2) Nature of the data being processed
The Controller may process certain categories of personal data directly provided by you in connection with services rendered and/or in the course of browsing and/or registering on the Site, specifically when:
- you create your personal profile on the Site in order to make the purchase of one or more NEP Packages marketed by the Holder's business partners through the Site;
- makes the purchase of one or more NEP Packages marketed by NehEx's partners through the Site;
- optionally, explicitly and voluntarily sends messages to the Holder's email address;
- searches for products or services;
- subscribes to the Holder's newsletter.
Specifically, the Data Controller processes:
- identification data (first name, last name, age, nickname);
- contact data (address, phone number, email address);
- data related to orders and purchases made on the Site;
- all personal data spontaneously included in email communications sent by you to the Controller through the appropriate contact form or at nehexperience.com;
- navigation data (e.g. IP addresses, computer domain names) whose transmission is implicit in the use of Internet communication protocols.
The Data Controller does not process special categories of personal data.
3) Purpose and legal basis of processing
Your data referred to in Art. 2 lett. a), b) and c) above are processed by the Data Controller to enable you to purchase one or more NEP Packages marketed by NehEx's partners through the Site and, specifically, to receive and manage orders, process payments on behalf of the partners and communications regarding purchases made and promotional offers.
Legal basis for the processing of personal data provided by you is Art. 6(1)(b) - the processing is necessary for the performance of a contract to which you are a party -, (c) - the processing is necessary to comply with a legal obligation to which the Data Controller is subject of Regulation 2016/679.
The provision of data is mandatory and, without it, it will not be possible to process your orders and conclude the purchase of NEP Packages marketed by NehEx's partners on the Site.
Your data referred to in Art. 2 (a), (b) and (d) above are processed by the Data Controller to contact you in response to messages and requests sent by you (e.g., through direct e-mails or by using the appropriate contact form).
Legal basis for the processing of the personal data you provide is Art. 6(1)(b) - the processing is necessary for the performance of a contract to which you are a party -, (c) - the processing is necessary to comply with a legal obligation to which the Controller is subject of Regulation 2016/679.
The provision of data is optional, but without it, it will not be possible to respond to queries and requests for information made.
II processing of your data referred to in Art. 2, lett. a) and b) above is also aimed at subscribing to the Owner's newsletter, which you do by filling in the appropriate form on the Site, in order to receive information about the activities put in place by the Owner, such as offers related to the NEP Packages marketed by the partners on the Site. The sending of communications may take place through both electronic and traditional means (e.g. email, traditional mail, etc.).
The legal basis for the processing of such data is the performance of a contract to which you are a party, pursuant to Art. 6(1)(b) of the Regulations, as well as the consent you have given (Art. 6(1)(a) of the Regulations) and the fulfillment of legal obligations to which the Controller is subject pursuant to Art. 6(1)(c) of the Regulations.
The provision of such data is not compulsory, but is necessary to obtain subscription to the Holder's newsletter and for the Holder to send communications.
The navigation data referred to in Art. 2 letter e) above are used in order to:
- obtain anonymous statistical information on the use of the Site, which is deleted immediately after processing;
- manage control needs of the way the Site is used;
- ascertain responsibilities in case of hypothetical computer crimes.
The legal basis for such processing is the need to make the functionality of the Site usable following the User's access, as well as the legitimate interest of the Data Controller.
The provision of such data is mandatory in order to allow navigation on the Site.
4) Method of processing
The data you provide will be processed by the Data Controller and the persons authorized by the Data Controller to process them, mainly with electronic and manual systems in accordance with the principles of fairness, loyalty and transparency provided for in the applicable legislation on the protection of personal data and protecting the confidentiality of the person to whom the data refer through technical and organizational security measures to ensure an adequate level of security.
5) Storage of data
The Data you provide is collected by the Data Controller by computer and/or analogue means, with or without the aid of electronic or otherwise automated tools, including those designed to store, manage or transmit the data itself, but in any case suitable to ensure the security of the Data, and will be stored in both computer and analogue archives of the Data Controller.
The Data Controller shall take appropriate physical, organizational and computer security precautions and measures to prevent the misuse or dissemination of the Data to third parties. In any case, the data will be processed by the Controller in compliance with the security measures provided for by law - with particular reference to art 32 of the Regulations - and, in general, with the regulatory provisions in force.
The personal data that are processed are usually kept for 10 years in compliance with civil and tax obligations (limitation period).
At the end of this period the data will be deleted or transformed into anonymous form.
6) Communication, dissemination and transfer of data
Without prejudice to the communications performed in fulfillment of legal and contractual obligations, the data may be communicated to:
- specially appointed and authorized employees and collaborators of the Data Controller;
- to NehEx's business partners who market their NEP Packages through the Site;
- to specially appointed external Data Processors;
- third parties, independent data controllers, for the provision of certain necessary services to the Data Controller that involve the processing of personal data (e.g., tax consultants, lawyers, employment consultants and credit institutions);
- where necessary, entities and public administrations;
- parties entitled by law to receive such information;
- Italian and foreign judicial authorities and other public authorities (for purposes related to the fulfillment of legal obligations, or for the fulfillment of obligations assumed and arising from the contractual relationship, including for the need for defense in court).
- The full list of autonomous third party data controllers and Data Processors is available upon request at the Controller's office.
- Personal data will not be disseminated.
- Data are not transferred outside the European Union.
7) Rights of data subjects
In connection with the data processing described so far, at any time you may exercise by means of a PEC to email@example.com or by registered letter with return receipt to the address of the registered office above, the rights provided for in the Regulation (Articles 15-21), including:
- receive confirmation of the existence of your personal data and access to their content (access rights);
- update, modify and/or correct your personal data (right of rectification);
- request deletion or restriction of the processing of data processed in violation of the law including data whose retention is not necessary in relation to the purposes for which the data were collected or otherwise processed (right to be forgotten and right to restriction);
- object to the processing (right to object);
- revoke consent, where given, without prejudice to the lawfulness of the processing based on the consent given before revocation;
- to lodge a complaint with the Supervisory Authority in the event of a violation of personal data protection regulations;
- receive a copy of data in electronic format concerning him or her rendered in the context of the contract and request that such data be transmitted to another data controller (right to data portability).
8) Consent of the User over the age of 16.
Pursuant to the combined provisions of Articles 8 GDPR and 2d Privacy Code, subscription to the newsletter is permitted only to those over the age of 16. Therefore, only Users who are 16 years of age or older at the time of providing data may validly give consent.
9) Plugin Social Network
The collection and use of information obtained by means of the plugin is governed by the respective privacy policies of the social networks, to which please refer:
- Facebook: https://www.facebook.com/help/cookies
- Google: https://policies.google.com/technologies/cookies