This page will explain the management policy of users’ personal information, collected by visiting the Site www.nexormedical.com, owned by the company Nexor Medical GmbH.
This document concerns only the aforementioned website, not any additional sites that can be visited through links contained therein, and contains information given to users in compliance with the provisions of Regulation (EU) 2016/679 and Italian Legislative Decree 196/2003.
The contents of this Site, including data, news, information, images, graphics, drawings, trademarks, and domain names, are the property of Nexor Medical GmbH, unless otherwise indicated, covered by copyright and industrial and intellectual property laws.
It is clarified that the term “Personal Data” is used with reference to any information that enables the operators of the website www.nexormedical.com to identify you (or a third party whose data you provide), directly or indirectly, including any information related to the purchase of goods or services, or that you choose to communicate or share, while using the Website.
1. DATA CONTROLLER
The “Data Controller” is the company Nexor Medical GmbH, owned by Rafael Munoz Stefano with registered office in Take-Off Gewerbepark, 9 78579 Neuhausen ob Eck Germany. The Data Controller may be contacted by registered mail, by email at the address firstname.lastname@example.org, or by certified email at email@example.com
2. TYPE OF DATA PROCESSED and PURPOSES OF PROCESSING.
The Data Controller will process certain personal data of users who interact with the computer systems and software procedures used to operate the site. In particular, browsing data that the computer systems automatically acquire during use of the site and which are not connected to any additional personal information, for example IP addresses, domain names and types of browsers, will be used to gather anonymous statistical information on the use of the site, the control needs for the usage of that site, and for ascertainment of responsibility in the event of potential cyber crimes.
Data voluntarily provided by the user
Any email sent to the address indicated on this site involves the acquisition of the email address of origin, as well as any other personal data included in the message.
Personal data requested through forms will be processed, even without your consent, for the following purposes:
- fulfilment of pre-contractual and/or contractual obligations;
- Fulfilment of expected tax and accounting obligations;
- fulfilment of obligations under the law, a regulation, EU legislation or an order of the authorities;
- Prevention or discovery of fraudulent activity or abuse detrimental to the website;
- Exercise of the Data Controller’s rights, such as defence in court.
Your data will also be processed in order to: fulfil the obligations provided for in the tax and accounting field, and comply with the obligations in any capacity incumbent on the data controller and provided for by the regulations in force.
3. LEGAL BASIS
Users’ personal data are processed if:
– the data subject has given consent for one or more purposes and only in relation to the purpose to which the consent relates; - the processing of the data is necessary for the performance of the contract entered into with the data subject or the performance of pre-contractual measures requested by the data subject; - processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail.
Personal data collected on the site may be processed by other parties involved in various capacities, in particular:
- Those who have access to and process personal data under the authority of the Data Controller or data processors (contact persons/authorised persons);
- Individuals or legal entities that process personal data on behalf of the data controller (data processors).
In any case, the user can always ask the Data Controller for the updated list of data processors using the controller’s email address.
Except in the above cases, the user’s personal data will not be disclosed to third parties unless:
- the user has given their express consent to the communication;
- the communication is made necessary to provide the product or service requested by the user;
- it is requested by the Judicial Authority or the Public Security Authority.
5. METHODS OF DATA PROCESSING
Personal data are collected using processes that are not fully automated, with the consent of the user who enters their data in the forms provided on the site. Personal data will be processed within the European Union.
7. DATA RETENTION
Personal data will be processed and stored for as long as necessary for the fulfilment of the purposes for which they were collected and in particular:
for purposes pertaining to the management of the contract: the data will be retained for the entire term of the contract and, thereafter, for as long as the holder is subject to retention obligations for tax purposes or for other purposes required by law or regulation. The data will, in any case, be retained for the maximum time period of 2 years starting from the end of the contract, based on the ordinary limitation period provided by the Civil Code;
for marketing and profiling purposes: 2 years from collection, subject to the possibility for the data subject to modify and/or revoke consent;
for the newsletter: 2 years from collection, subject to the possibility for the data subject to modify and/or revoke consent;
Personal data will be kept for the time strictly necessary to achieve the purposes for which they are collected and processed. Once the purpose of the processing has been exhausted, i.e., in case of exercising the right to object to the processing or to revoke the consent given, the controller will still be entitled to further retain the personal data in whole or in part, for the purposes allowed by the GDPR (such as the need to enforce a right in court). After that time, the data will be deleted or made anonymous.
8. RIGHTS OF THE DATA SUBJECT
The data subject has the right to ask the Data Controller whether personal data concerning them are being processed and if so, to obtain access to the following information:
– purpose of the processing;- type of data processed;- recipients of personal data;- intended retention period, if possible, or a criterion for determining the period;- existence of the right to obtain rectification or erasure of the data or restriction of processing;- receive the personal data concerning themself in a structured, commonly used and machine-readable format and request their transmission to another data controller, if technically feasible;- existence of the right to lodge a complaint with a supervisory authority (Data Protection Authority – http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524;- if the data are not collected from the data subject, all information about their origin;- if the personal data are transferred to a third country or international organisation, the data subject has the right to be informed of the existence of adequate safeguards for the transfer.
9. METHODS OF EXERCISING RIGHTS
It is possible at any time to exercise these rights by sending:
– a registered letter with return receipt to the Data Controller;- an email to the Data Controller’s address;- a certified email to the Data Controller’s address.The Data Controller will acknowledge the user within 30 days, without prejudice to the user’s right to complain to the designated authority in case of a violation.
If the changes affect processing whose legal basis is consent, the Data Controller will re-collect the user’s consent if necessary.