Pursuant to art. 13 of Regulation (EU) 2016/679 governing the protection of personal data, this statement sets out the necessary information concerning the processing of personal data provided by users (hereinafter “Users”) of www.nosecrets.com (hereinafter the “Website”).
This statement shall not apply to other websites that it may be possible to reach via links provided on this Website. NO SECRETS accepts no responsibility for data processing undertaken by websites attributable to third parties.
This statement is also given pursuant to Recommendation 2/2001, which the European personal data protection authorities, meeting within the framework of the Working Party established by art. 29 of Directive 95/46/EC, adopted on 17 May 2001. In particular, efforts have been made to identify certain minimum requirements for the collection of personal data online, such as, for example, the procedures, time periods and nature of the information that data controllers must give Users when they visit web pages, regardless of the purpose of their visit.
Data controller, place of and procedures for data processing
Pursuant to Regulation (EU) 679/2016, the Data Controller is NO SECRETS SRL con sede legale in Via della Spiga, 1 – 20121 Milano (ITALY), a company with registered office at Via della Spiga, 1 – 20121 Milano (ITALY), (hereinafter “NO SECRETS”).
The data will be processed at the headquarters of NO SECRETS, both manually and automatically, using procedures and instruments designed to ensure the highest level of security and confidentiality, by the parties appointed for the purpose (including parties which process data on behalf of NO SECRETS on an occasional basis in relation to maintenance activities), in accordance with articles 32 et seq of the European Regulation. The data will be kept for a period not exceeding the time necessary to achieve the purposes for which they are collected and processed.
The data deriving from the web service may be communicated to the technological and instrumental partners used by NO SECRETS to provide the services requested by Users.
The personal data provided by Users who submit requests for the transmission or dispatch of information (requests for information, answers to questions, etc.) or who make purchases online (orders) are used for the sole purpose of providing the service requested, and are communicated to third parties only where necessary (provision of requested services via technological and instrumental partners).
Types of data processed
“Personal data” shall mean all information relating to natural persons, who have been or can be identified, either directly or indirectly, by reference to any other information, including a personal identification number. “Identification data” shall mean personal data by which the data subject can be directly identified (e.g. name, surname, date of birth, residence or domicile, email address, telephone numbers, etc.).
In the course of normal operation, the IT systems and software used to run the Website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Users, but by its nature, it could enable such Users to be identified, by means of processing and association with data held by third parties. This category of data includes the IP addresses or domain names of computers used by Users, the URI addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (done, error, etc.) and other parameters relating to the User’s operating system and IT environment. The data could be used to ascertain responsibility in the event of hypothetical cyber crimes against the Website.
Data provided voluntarily by the User
The optional and voluntary sending of emails to the addresses indicated on the Website, and/or the filling out of data collection forms, entails the subsequent acquisition of the address of the sender, insofar as it is a pre-requisite for responding to requests, in addition to any other personal data entered. Specific statements will be progressively included or displayed on the pages of the Website set up for particular on-request services.
Purposes of processing, for which consent is given where required by the European Regulation
The personal data made available to NO SECRETS by the User will be used for legal purposes, to manage and fulfill the User’s orders or purchase proposals, to provide the User with the envisaged ancillary services, and to respond to specific requests from the User.
More specifically, the personal data voluntarily provided by the User will be processed for the following purposes:
- a) browsing the Website;
- b) any contact request, with the sending of information requested by the user;
- c) general administrative and accounting operations. For the purposes of applying personal data protection requirements, any processing carried out for administrative and accounting purposes shall be connected with the performance of organizational, administrative, financial and accounting operations, irrespective of the nature of the data processed. In particular, internal organizational operations and other operations involved in the fulfillment of contractual and pre-contractual obligations shall be deemed to pursue such purposes;
- d) profiling: i.e. the compilation of User profiles by NO SECRETS, on the basis of analyses of Users’ habits and purchasing choices, with a view to improving the company’s commercial offering and services. Personal data may only be processed for this purpose with the express consent of the User;
- e) subscription to mailing lists, if applicable;
- f) marketing and market research: for the purpose of receiving information by automated means, email, SMS, telephone, traditional mail or other means of communication; for determining the degree of customer satisfaction; for undertaking promotional, commercial and/or advertising activities relating to the company’s products and services, programs and competitions involving the award of prizes, and events held by NO SECRETS.
Legal basis for processing
The legal basis for data processing for the purposes established in points a), b) and c) of the previous paragraph lies in the specific contractual relationship entered into with Users, with the performance of operations strictly connected with and instrumental to the management of relations with said Users, and the fulfillment of the legal obligations to which the Data Controller is subject.
The legal basis for data processing for the purposes established in points d), e) and f) of the previous paragraph is the consent given by the data subject.
Communication and dissemination of Users’ data
The processed User data will not be disseminated, but may be communicated by NO SECRETS to (i) companies related to and/or controlled by, or in any event belonging to the NO SECRETS, in accordance with and within the limits laid down in art. 44 et seq of the European regulation; (ii) any persons who provide NO SECRETS with services that are instrumental to the purposes listed above; (iii) suppliers, banks and/or insurance companies or, in general, other persons/bodies that, on behalf of NO SECRETS, provide the services indicated in the paragraph on the purposes of processing or activities connected therewith or instrumental thereto; (iv) consultants who assist NO SECRETS in various capacities, on legal, fiscal, social security, accounting and organizational matters; (v) any other person/body/authority to which the data must be communicated by virtue of legal requirements.
Submission of data and consequences of refusal
Without prejudice to the points established in relation to browsing data, the submission of personal data by the User is optional.
Refusal to submit information or the submission of incorrect and/or incomplete information may make it impossible, without giving rise to any liability on the part of NO SECRETS, to manage and/or fulfill orders or purchase proposals made by the User and, in general, to carry out the operations specified in the paragraph on the purposes of processing.
Rights of Users
Data Subjects may exercise their rights vis-a-vis the Data Controller, pursuant to articles 15 et seq of Regulation (EU) 2016/679, and may thus obtain confirmation of the existence of their personal data and request that it be communicated to them in intelligible form. They shall also be entitled to have the said data updated, corrected, supplemented or deleted or to restrict the processing thereof. Lastly, they shall be entitled to object, for legitimate reasons, to the processing of their personal data, as a whole or in part, even if relevant to the purpose for which it was collected. They shall be entitled to exercise the right of data portability and to lodge a complaint with the supervisory authority, pursuant to art. 77 of Regulation (EU) 2016/679.
A full, up-to-date list of Data Processors shall be available, on request, from the Data Controller.
Requests should be addressed to: firstname.lastname@example.org
Amendments to this privacy statement
NO SECRETS reserves the right to amend, update, add or remove parts of this privacy statement at any time, at its own discretion. Users shall be under obligation to check periodically for possible amendments. In order to facilitate such checks, the statement indicates the date on which it was last updated. Using the Website after the publication of amendments to it shall constitute acceptance of the said amendments.