Privacy Policy – Next TRE srl Cookies
Privacy policy under art. 13 of the EU General Data Protection Regulation no. 679/2016.
Next TRE S.r.l. with registered office at Piazza Cesare Battisti n° 27 – 52025 Montevarchi (Ar – Italy), VAT Reg. No. 02219810518, (hereinafter “Next TRE”) hereby states that it is the Data Controller pursuant to articles 4, no. 7), and 24 of Regulation (EU) No. 2016/679 of 27 April 2016 relating to the protection of individuals with regard to the processing of personal data (hereinafter, “Regulation”), in respect of any personal data processed.
The terms “Data Subject(s)” or “User(s)” shall mean in general natural persons over 18 years of age; natural persons at least 16 years of age in their own right; or natural persons under sixteen years of age authorized by the parental responsibility holder(s).
Processing of personal data shall mean any operation or set of operations which is performed, whether or not by automatic means, upon personal data or sets of personal data, regardless whether it or they is or are contained in a database, such as collection, recording, organisation, structuring, storage, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Data will be processed for the purposes reported below, manually and/or by computer or data transmission means.
Identification and contact details of the Data Controller.
As required by the transparency Guidelines WP 260/2017, we indicate below the identification and contact details of the Data Controller to ensure that it can be contacted rapidly.
Next TRE S.r.l.
Piazza Cesare Battisti n° 27
52025 Montevarchi (Ar – Italy)
Tel. +39 055 9850281
Fax 055 19992597
VAT Reg. No. 02219810518
info@nexttre.com
The processing of personal data on the Website shall fully comply with the provisions on the protection of personal data.
Processing of minors’ data under art. 8 of the Regulation.
In order for the provision of personal data to be valid, data must be provided either by persons who are at least 18 years old, or by minors who are at least 16 years old: under art. 8 of the Regulation, minors who have attained the age of sixteen years can directly give their consent to the processing of their own personal data, also with respect to the services offered on the Website.
Art. 8 of the Regulation also provides that the processing of the personal data of a minor under sixteen years of age may be carried out with the valid consent of the minor, but only on condition that he/she is authorized to give such consent by the parental responsibility holder(s), or that the consent is directly given by the parental responsibility holder(s). Registration of users under the age of sixteen who are not so authorized shall not be permitted. By surfing or otherwise providing his/her personal data on the Website, the data subject confirms that he/she meets the above-mentioned age requirements.
Purposes of processing
We process data for the purposes reported below. The following list specifies in a correct and exhaustive manner the purposes of processing, which will only be carried out by Next TRE when the data subject intends to use the offered services. If you do not use any specific services, or if no processing is required for you to browse the Website, your personal data will not be subject to processing. The list, however, specifies all the possible purposes for your information.
The purposes of processing are as follows:
- The personal data of users requiring any services will be processed in order to enable Next TRE to meet its own obligations in respect of said services. Moreover, the data subject’s personal data may also be processed for pre-contractual purposes, e.g. to reply to specific requests of the data subject. For the sake of transparency towards the data subject, please note that the main purposes of processing connected to the fulfilment of obligations related to the provision of the services listed above – if requested – may specifically include for example, but are not limited to, the purpose of: providing the services as defined, maintenance and technical support; managing any complaints and/or disputes; storing personal data; using personal data to send notices about the contractual relationship established; verifying the correct fulfilment of the obligations assumed; opposing any unlawful or fraudulent behaviour.
- Privacy Service: receiving service purchase requests; identifying the requesting party and its request; managing the Service according to supply conditions;
- Other Services: managing all the other requests received by the Data Controller through the various contact forms and e-mail addresses available to the user on the Website pages in connection to the provision of specific services and/or of the information requested.
- For the purpose of directly sending advertising material relating to products or services of Next TRE similar to the current ones.
Under article 6 of the Regulation, the legal basis of processing, in all cases, and processing as contemplated in this paragraph, is as follows:
- processing is necessary for the performance of an agreement (or the implementation of pre-contractual measures taken in response to the data subject’s request).
- Secondly, personal data will also be processed in order to meet the obligations laid down by law, by a regulation or by the community legislation, as well as for civil, administrative, accounting and tax purposes. The legal basis of processing, in these cases, is a legal obligation that Next TRE is required to meet.
- Personal data may be processed to exercise or invoke in the courts having jurisdiction (judicial, arbitration, administrative courts, etc.) rights of any kind, whether or not linked to a contractual relationship for the provision of the offered services (e.g. breach) or to other legal terms and conditions of the Website. In the case of actions to exercise or invoke a right in court, the legal basis of processing is the legitimate interest
- Processing may be carried out for the purpose of sending advertising material concerning products or services of Next TRE similar to the ones you purchased, without your consent (so-called “soft spam”). The processing of your data for such a purpose is the legitimate interest referred to in art. 6.1.f) of the Regulation, and in art. 130 paragraph 4 of Legislative Decree 196/2003. In any case, under art. 21 of the Regulation, you can oppose this processing at any time, immediately or later on, free of charge and in an easy manner, e.g. by writing to the Data Controller using the contact details indicated above, and obtain immediate confirmation of the processing interruption (art. 15 of the Regulation).
The categories of personal data processed can be defined by an identifier such as the name, an identification number, an online identifier, or one or several factors specific to your physical, economic, cultural or social identity that are suitable for qualifying you as an identified or identifiable natural person.
Other Personal Data freely given by you through the Contact or Work for Us forms may be processed. Sensitive data, as referred to in art. 9.1 of Reg. 2016/679/EU, shall not be processed unless you give your express consent for us to do otherwise or processing is necessary for compliance with a legal obligation.
Scope of communication and dissemination of personal data to achieve the purposes of processing.
In all the cases illustrated above, Next TRE will not share your personal data with external recipients, unless this is required by the type of service in question, or by binding orders of public and/or judicial authorities. Your data shall not be disseminated.
Your Personal Data may be shared, for the purposes mentioned above, with:
- parties typically acting as data processors under art. 28 of the Regulation, i.e.: i) individuals, companies or professional firms providing assistance and consultancy to Next TRE on accounting, administrative, legal, tax, financial and debt collection matters in connection with the provision of the Services; ii) parties with whom it is necessary to interact for the provision of the Services (e.g. hosting providers) iii) parties in charge of technical maintenance activities (including the maintenance of network devices and of electronic communication networks); (collectively “Recipients”). The list of data processors can be obtained from the Data controller.
- parties, bodies or authorities, independent data controllers, with whom it is necessary to share your Personal Data by virtue of provisions laid down by law or orders of the authorities;
- persons authorized by Next TRE to process Personal Data under art. 29 of the Regulation as necessary to carry out activities that are closely related to the provision of the Services, who have committed themselves to confidentiality or are under a statutory obligation of confidentiality (e.g. employees of Next TRE)
Mandatory or optional nature of consent to achieve the purposes of personal data processing.
Except in special cases, which will be properly managed, Next TRE generally has no obligation to get the specific consent to processing from the data subject. The processing illustrated above namely pursues primary purposes for which the Regulation excludes the need to obtain a specific consent, given the application of different legal-judicial bases that justify and legitimate processing without consent. These include in particular the legal basis of processing necessary for compliance with obligations arising out of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract; processing necessary for compliance with an obligation laid down by law, by a regulation or by community legislation, or – lastly – processing necessary for exercising or invoking a right in court, or for pursuing a legitimate interest of the Company.
If you refuse to provide the personal data required and necessary as illustrated above, it might not be possible to provide the services.
Data retention periods.
Data shall be retained for the periods laid down in the applicable legislation, as specified below pursuant to art. 13, paragraph 2, letter (a) of the Regulation: ten years as of the end of the contractual relationship for documents and the related civil, accounting and tax information as provided for by the laws in force.
Moreover, the Personal Data processed for the above-mentioned purposes shall be retained for the time strictly necessary to achieve such purposes in compliance with the principles of data minimisation and limitation of data retention under art. 5.1.e) of the Regulation.
Further information on the data retention period and the criteria used to determine such period can be requested by writing to the Data controller.
Security
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration or damage.
International transfers of personal information
Our affiliates and service providers are located all over the world. The personal information we collect may therefore be transferred to and stored in countries other than your own. Any international transfers of personal information are carried out based on appropriate warranties, such as the standard clauses on the protection of data adopted by the European Commission. For further information on these warranties, please contact us using the contact details provided.
Exercise of rights by the data subject.
Pursuant to articles 13, paragraph 2, letters (b) and (d), from 15 to 22 of the Regulation, you are informed that:
- you have the right to request access to, or rectification or erasure of your personal data, or the limitation of processing thereof, or to object to such processing, when this is the case;
- you have the right to lodge a complaint – in Italy – with the Data Protection Supervisor, if this is the relevant Authority, following the procedures and indications published on the official website of the Authority at www.garanteprivacy.it;
- alternatively, you have the right to lodge a claim for infringement of your rights with another relevant European privacy Authority located in the place of your habitual residence or domicile in Europe, following the applicable procedures and indications;
- any data rectifications or erasures or limitations of processing upon your request – unless this proves impossible or involves a disproportionate effort – shall be notified by Next TRE to each one of the recipients of the personal data. Next TRE will notify you of such recipients upon your request.
- The exercise of rights is not subject to any formal requirement, and is free of charge. Only when you request further copies of the data, Next TRE may charge you a reasonable fee based on administrative costs. If you submit your request by electronic means, the information will be provided to you in a commonly used electronic format, unless you indicate otherwise. The specific address of Next TRE where you can send your requests to exercise the rights granted by the Regulation is as follows: info@nexttre.com. No other formality shall be required. A reply will be sent within the terms set out in article 12, paragraph 3 of the Regulation (“The data controller shall provide the data subject with information on the action taken in respect of a request pursuant to articles from 15 to 22, without undue delay and in all cases at the latest within one month after receipt of the request. This term can be extended by two months, if necessary, considering the complexity and the number of requests. The data controller shall inform you about such extension, and about the reasons for the delay, within one month after receipt of the request. If the data subject submits his/her request by electronic means, the information will also be provided, if possible, by electronic means, unless otherwise indicated by the data subject”)
Pursuant to the provisions of the transparency Guidelines WP 260/2017 issued by the Group of European Supervisory Authorities, the data controller must set out a summary/compendium of all the rights of the data subject, and must provide separate indications on the right to data portability.
Specific information on the right to data portability.
Next TRE hereby informs you about your specific right to data portability. Article 20 of the General Data Protection Regulation introduces the new right to data portability. This right enables you to receive the personal data provided to Next TRE in a structured, commonly used and machine-readable format, and – subject to certain conditions – to send it to another data controller without hindrance.
This only covers personal data (a) concerning you, and (b) that was supplied to the Company by you; (c) that is processed by electronic means within a contractual framework.
Data portability includes your right to receive a subset of the personal data concerning you that is processed by Next TRE, and to store it in view of further use for personal purposes. In this case, data may be stored on a personal data medium or on a private cloud, without necessarily sending the data to another data controller. Portability supplements and strengthens the right of access to personal data, also provided for by art. 15 of the Regulation.
If you require portability and the direct transmission of your data to another data controller, please note that this right is subject to the condition of technical feasibility: art. 20, paragraph 2 of the Regulation namely provides that data can be directly sent from a data controller to another data controller upon request of the data subject if this is technically possible. The technical feasibility of transmission from a data controller to the other is to be assessed on a case-by-case basis.
Recital 68 of the Regulation clarifies the boundaries of “technically feasibility”, specifying that “it should not create an obligation for the data controller to adopt or maintain processing systems which are technically compatible”. Therefore, direct transmission of data from Next TRE to another data controller may take place if it is possible to safely establish communication between the systems of the two data controllers (transferring and receiving data controller), and if the receiving system is technically able to receive the incoming data. If some technical problems prevent direct transmission, Next TRE shall inform you, explaining in detail the situation. As regards compatibility of formats in order to assure portability, Next TRE shall comply with the provisions of paragraph 1021, letter (b) of Law 205/2017 (“availability of adequate infrastructure for the compatibility of formats of the data made available to data subjects”), if it is in force after 25 May 2018, and in any case within the limits set out in the Guidelines on data portability WP242 issued by the Group of European Supervisory Authorities (“The data controller is expected to send personal data in an interoperable format, but this does not entail any obligation upon the other data controller to support that format”).
Moreover, please note that, according to the Guidelines on data portability WP242, the data controllers meeting a request for portability have no specific obligation to check the quality of data before sending it. Furthermore, portability does not impose on Next TRE any obligation to retain data for any period longer than is necessary or any period additional to that specified. In particular, it does not impose any further obligation to retain personal data for the sole purpose of meeting a potential request for portability.
The exercise of the right to data portability (or of any other right pursuant to the Regulation) is without prejudice to any other right. Portability does not result in the automatic erasure of the data stored in the systems of Next TRE, and has no effect on the retention period originally applicable to the data being transmitted. You may exercise your rights as long as processing is carried out by the Company.
Next TRE undertakes to process any requests for portability within 30 days after receipt of the request, reserving the right, under art. 12, paragraph 3 of the Regulation, to process the request within a longer term of three months in more complex cases. Requests for portability must be sent to the following specific email address: info@nexttre.com
Summarised information on the other rights of the data subject.
The Regulation grants the data subject a number of rights that – pursuant to the Guidelines on Transparency WP 260 – are to be summed up, as to their main content, in the privacy policy. These rights can be summarized as follows:
Right of access (to your own personal data only): You have the right to obtain from the data controller the confirmation as to whether personal data concerning you is being processed, and in this case, to obtain access to this personal data, and to be informed on the purposes of processing; on the categories of personal data in question; on the current or future recipients or categories of recipients of the personal data, in particular third-country recipients or international organizations; when possible, on the applicable data retention period or, if not possible, on the criteria used to determine such period; if the data was not collected from you, you have the right to receive all the information available on the origin of the data; the right to receive information on the existence of an automated decision-making process, including profiling, and the relevant information on the approach used, as well as on the importance and expected consequences of this processing for you.
Right to rectification and addition: You have the right to obtain from the data controller, without undue delay, the rectification of inaccurate personal data concerning you. Taking into consideration the purposes of processing, you have the right to add information to incomplete personal data, including by submitting a supplementary statement. The data controller shall notify each data recipient of any rectification of data, unless this proves impossible or involves a disproportionate effort. The data controller shall inform you about these recipients on your request.
Right to erasure: You have the right to obtain from the data controller the erasure of personal data concerning you without undue delay (unless the specific conditions set out in art. 17 paragraph 3 of the Regulation are met, which relieve the data controller from the obligation to erase data) if this personal data is no longer necessary for the purposes for which it was collected or otherwise processed; or if you withdraw consent on which the processing is based and there is no other legal basis for processing; or if you oppose processing for marketing or profiling purposes, including by withdrawing consent; or if the personal data has been processed unlawfully or includes information collected from minors, in breach of art. 8 of the Regulation. The data controller shall notify each data recipient of any erasure of data, unless this proves impossible or involves a disproportionate effort. The data controller shall inform you about these recipients on your request.
Right to restriction of processing: You have the right to obtain from the data controller the restriction of processing (i.e., according to the definition of “restriction of processing” provided by article 4 of the Regulation: “the marking of stored personal data with the aim of limiting its processing in future”) in one of the following cases: you contest the accuracy of the personal data, for the period necessary to the data controller to check the accuracy of this personal data; the processing is unlawful, and you oppose the erasure of the personal data, asking for a restriction of the data use; although the data controller no longer needs the personal data for the purposes of processing, you need this personal data for determining, exercising or invoking a right in court; you have opposed marketing processing, pending verification as to whether the legitimate reasons of the data controller prevail over your legitimate reasons. If processing is restricted, this personal data may, with the exception of storage, only be processed with your consent, or for determining, exercising or invoking a right in court, or for the protection of the rights of another natural or legal person, or for an objective of public interest. If you have obtained the restriction of processing, you shall be informed by the data controller before said restriction is revoked. The data controller shall notify each data recipient of any restriction of processing, unless this proves impossible or involves a disproportionate effort. The data controller shall inform you about these recipients on your request.
Right to opposition: You have the right to oppose at any time the processing of your personal data by the data controller, for reasons related to your particular situation, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the data controller, or for the purposes of the legitimate interests pursued by the data controller or by a third party (including profiling). Moreover, if personal data is processed for direct marketing or commercial profiling purposes, you have the right to oppose at any time the processing of your personal data for such purposes.
Right not to be subject to automated decisions, including profiling: You have the right not to be subject to a decision based solely on automated processing – including profiling – if this produces legal effects on you or similarly significantly affects you, unless the automated decision is necessary to perform a contract between you and a data controller; is required by law, taking all necessary measures and precautions to protect data; is based on your express consent.
For convenience, you can find below the link to articles from 15 to 23 of the Regulation on the rights of data subjects.
Changes
This privacy policy came into force on 25 May 2018. Next TRE reserves the right to change or simply update its contents, in whole or in part, including due to changes in applicable legislation. Next TRE will inform you about any changes as soon as they are made. Changes will be binding as soon as they are published on the Website. Therefore, Next TRE kindly asks you to regularly visit this section to read the most recent and updated version of the privacy policy so you can always be informed about the data collected and how it is used by Next TRE.
Cookies FOR SECTOR 8: REFER by LINK applied to the word Cookie to IUBENDA COOKIE POLICY
This cookie policy refers exclusively to the website https://www.nexttre.com/ (“Website”), and shall be deemed to be an integral part of the Privacy Policy of said Website.
- Definitions, features and application of regulations
Cookies are small text files that are placed on your computer or mobile device by websites that you visit, and are then sent back to the same websites at your next visit. They enable the website to remember your actions and preferences (such as login, language, font size, other display preferences, etc.) so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies are thus used for user authentications, session monitoring, and storage of information on the activity of users accessing a website, and may contain a unique identifier which enables tracking of your activity on the website for statistical or advertising purposes. While visiting a website, your computer or mobile device may receive cookies from other websites or web servers (so-called “third-party” cookies). Please note that without cookies you may not be able to take full advantage of all of the features on our website. In some cases, cookies are thus technically necessary for the functioning of the website.
There are various types of cookies, according to their features and functions, and they may remain on your computer or mobile device for varying lengths of time, i.e.: so-called session cookies, which are automatically deleted when you close your browser; so-called persistent cookies, which remain on your computer or mobile device until they expire.
According to the legislation in force in Italy, the user’s express consent is not always required for the use of cookies. In particular, consent is not required for “technical cookies”, i.e. cookies used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide a service explicitly requested by a user. In other words, these cookies are indispensable for the functioning of the website, or necessary to carry out activities requested by the user.
According to the Italian Data Protection Supervisor (cf. Provision for defining simplified privacy policy and cookie consent procedures of 8 May 2014, hereinafter in short “Provision”), technical cookies, for whose use no express consent is required, include:
“analytical cookies” if they are directly used by the webmaster to collect information, in aggregate form, on the number of users, and on their activity on the website;
Browsing or session cookies, which ensure normal browsing and use of a website (allowing you, for example, to make a purchase or to authenticate to your personal account);
Functional cookies, which ensure browsing according to a number of selected criteria (e.g., language, products selected for purchase) in order to improve the service provided to the user.
On the other hand, for “profiling cookies”, i.e. cookies used to create user profiles, and to send adverts in line with the preferences shown by the user during web-browsing, the prior consent of the user is required.
- Types of cookies used on the Website
Below is a list of the cookies set by the Website. These cookies can be disabled at any time, except for third-party cookies, for which we are not responsible and we refer you to the enabling and disabling procedures set out in their respective cookie policies, to which a link is provided:
Technical cookies – browsing or session cookies – strictly necessary for the functioning of the Website or to enable you to take advantage of the services and contents you required.
Analytical cookies, which enable the Website manager to analyse your surfing behaviour on the website. These cookies do not collect information that identifies you, or personal data. Information is processed in aggregate and anonymous form.
Functional cookies, used to enable specific functions of the Website and a number of selected criteria (e.g., language, products selected for purchase) in order to improve the service provided to you.
ATTENTION: Please be aware that disabling technical and/or functional cookies on the Website may affect your experience of the site, e.g. you might not be able to surf it, or some services or functions of the Website might not be available or function properly, and you might have to change or manually enter some information or preferences every time you visit the Website.
Next TRE may use third-party cookies, i.e. cookies of websites or webservers other than the one of the Data Controller, for specific purposes of these third parties, including analytical cookies. Please note that said third parties, which are listed below along with the hyperlinks to their privacy policies, act as independent data controllers in respect of the data collected through the cookies sent by them. You should therefore review their policies on the processing of Personal Data, privacy policies, and consent forms, if any (enabling and disabling of their respective cookies).
How to display and change your cookie preferences on your browsing programme (so-called browser)
You can select which cookies you want to authorize through the specific procedure available in the Cookie Settings section. You can also authorize, block or delete (in whole or in part) cookies though the specific functions of your browser: however, if all or some of the cookies on your computer are disabled, you might not be able to surf the Website, or some services or functions of the Website might not be available or function properly, and/or you might have to change or manually enter some information or preferences every time you visit the Website.
For further information on how to set your preferences on the use of cookies on your browser, you can find the relevant instructions below:
Google:
https://www.google.it/intl/it/policies/technologies/types/Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en-GB
Cookie settings
Please be aware that if you do not authorize the use of technical cookies you might not be able to use the Website, view its contents, and take advantage of its services. Disabling functional cookies may affect the availability or proper functioning of certain services or functions of the Website, and you might have to change or manually enter some information or preferences every time you visit the Website.
The failure to authorise the third-party cookies indicated will not affect the functioning of the Website; however, since these cookies are sent by third parties, and the Website manager has no control over the transmission of these cookies to your computer, you can only oppose it using the consent forms of these third parties, if any, or through your browser settings.
As concerns the cookies directly sent by the Website manager, you can also block or delete them (in whole or in part) through the specific functions of your browser.
Your cookie preferences will be stored in a special technical cookie, which has the characteristics reported in the table of cookies used on this site. In some circumstances, however, this cookie might not function properly: in such cases, we advise you to delete and disable the use of undesired cookies through the functions of your browser, too.
Your cookie preferences will have to be set again if you have access to the Website from a different device or browser.
November 18, 2019