NOMINATION SRL, via F.lli Bandiera 22, 50019 Sesto Fiorentino, VAT identification number 05018590488, email: customerservice@nomination.com, gives maximum importance to the rights of its customers with regards to the protection of personal data and to its legal obligations, in its capacity as Data Controller for the Processing of Data (hereafter: “Data Controller”).

In accordance with (EU) Regulation n. 2016/679 (hereafter “GDPR”, general provisions concerning the protection of physical persons relating to the processing of personal data and the free circulation of such data), this Privacy Declaration (“Declaration”) describes the ways in which we process the personal data of customers, gathered via www.nomination.com (“Site” or “Website”) and using other tools (e.g. social media, cookies, etc.), in compliance with the regulation cited above and with the principle of transparency stipulated in art. 5 of the GDPR. We invite you to read this declaration carefully.

1. TYPES OF PERSONAL DATA GATHERED REGARDING THE CUSTOMER

The personal data gathered by this Website, either autonomously or through third parties, for the purposes described in this Policy, includes:

• Contact information (for example, name, surname, date of birth, nationality, email address, postal address, telephone number and any other personal data) provided by the Customer through completion of the forms present on the Site, including those allowing subscription to the newsletter, registration and the creation of an account on the Site;

• Information relating to any electronic commercial transactions that take place, including the sending of purchasing forms, as well as any linked to pre-sale and post-sale assistance;

• Personal data that may be contained within communications sent by the Customer, for example to signal a problem or to voice a request, uncertainty or comment relating to the Site and/or its content;

• Information deriving from questionnaires and/or surveys that we may carry out from time to time on the Site for the purposes of research, if the Customer decides to respond or to take part;

• Personal and usage data gathered by third parties, for example data that the customer wishes to share with us on social networks accessible to the public (such as Facebook, Instagram, etc.) and/or that we can gather from other databases accessible to the public. Registration and access via a social profile require the acquisition of explicit consent, which must be given before log-in and which will allow for the execution of actions with the user’s account. For further information please refer to the privacy policy present on the respective social media website;

• Personal data pertaining to navigation, processed either to guarantee th correct functioning of the Website or for marketing purposes. For more information, we recommend that you read our “Cookie Policy” (which can be viewed on this page).

The provision of such data is not obligatory. Personal Data can be provided freely by the Customer, or, in the case of Usage Data, gathered automatically during use of this Website. Communication of personal data (especially personal information, email address, postal address and telephone number) is necessary to provide the services offered by the Site at the Customer’s request, to conclude transactions, or, when necessary, to meet obligations stipulated by law or regulations in force. A refusal to provide personal data that is required to meet the aims described above may prevent us from complying with legal provisions and other standards in force. Consequently, a failure to provide personal data may, in some cases, legitimately and justifiably preclude us from providing the services offered on the Site.

The provision of further personal data beyond that which is necessary for the aims of complying with legal or contractual obligations and correct consultation of our services with necessary data relating to navigation is, by contrast, optional, and will not have any effect on your use of the Site and its services. We will always inform you as to whether the provision of personal data is obligatory or optional, indicating data that is obligatory for the provision of services requested on the Site with an appropriate symbol (*). Customers who have doubts regarding which Data is obligatory are recommended to contact the Data Controller. The eventual use of Cookies – or other tracking tools – by this Website, where not explicitly stated, is carried out with the aim of providing the Service requested by the Customer, as well as other purposes described in this document and in the Cookie Policy.

The Customer assumes responsibility for third party Personal Data that is obtained, published or shared through this Website, and guarantees that they have the right to communicate or disseminate such data, freeing the Data Controller from any responsibilities regarding third parties.

2. LEGAL BASIS OF PROCESSING

Processing is necessary to execute a contract and/or to execute pre-contractual measures;

Processing takes place based on the prior and explicit consent of the Customer, for example to carry out marketing activities;

Processing is necessary to comply with a legal obligation to which the Data Controller is subject;

Processing is necessary to perform a task carried out in the public interest or to exercise public powers in which the Data Controller is invested;

Processing is necessary to pursue legitimate interests of the Data Controller or third parties;

It should be noted that, based on current legislation, this type of contact (so-called “soft spam”) does not require the provision of consent. The Customer may, in any case and at any time, request an interruption to the processing of their data in this way, which the Data Controller must put into effect without delay.

It is, furthermore, always possible to request that the Data Controller clarifies the concrete legal basis of every processing operation, and in particular to specify whether the processing has a basis.

3. PURPOSES OF PROCESSING

The personal data provided by you is processed:

Without your explicit consent, pursuant to art. 6 lett. b) and e) of the GDPR, for the following service purposes:

a) Management and execution of pre-contractual and contractual obligations, including the correct execution of acquisitions through the “Site”;
b) Insertion of data into the company’s database to monitor the execution of the contract, including for invoicing aims;
c) Stipulation and execution of the contract and all related activities and consequences, including, by way of example, the correction and modification of products and services offered;
d) Management of fiscal and accounting compliance and all related activities, including, by way of example, invoicing, documentation, refunds in the event of tax free shopping, credit protection, administrative services, management services, and functional services relating to execution;
e) Compliance with legal obligations stipulated by law, regulations and community legislation;
f) The exercising of the rights of the Data Controller, including rights that are enforceable in a court of law.

Subject to specific consent, for the following additional purposes:

g) Direct marketing carried out by the Data Controller, using traditional and/or automated means, which may not entail the intervention of the operator, with the aim of improving the range of products and services offered and receiving communications, newsletters, informative and/or promotional materials, assessing the level of customer satisfaction or concerning events and initiatives, market research or other trade research and direct sales, information and updates regarding products, sales, promotional campaigns, events and other initiatives via automated (email, SMS, newsletter, MMS and/or instant messaging) and traditional (telephone calls with operators and/or post) means of contact;
h) Direct marketing carried out by third parties, via traditional and/or automated means, which may not entail the intervention of the operator, with the aim of receiving communications, newsletters, informative and/or promotional materials, assessing the level of customer satisfaction or concerning events and initiatives, market research or other trade research and direct sales, statistics, interaction with social networks and external platforms, comments on content, through automated (email, SMS, newsletter, MMS and/or instant messaging) and traditional (telephone calls with the operator and/or post) means of contact, in their capacity as Commercial Partners operating within the relevant product sector;
i) Profiling activities carried out via automated means, which aim to improve the range of products and services offered and, partly through the electronic processing of data and the profile and through analysis of the habits and consumption choices of the Customer, enable the identification of preferences, behaviour and interests relating to products and services used, with the aim of rendering the products and initiatives more relevant to the tastes and needs of the Customer.
j) Research activities, using non-automated means, investigating consumption habits with the aim of making products and initiatives more relevant to the tastes of the Customer. Such activities have the exclusive aim of offering customers and users products, services and initiatives that are more relevant to their needs, using methods that do not invade their personal sphere.

At any time and free of charge, data subjects can exercise their right to object, either in full or in part, to the processing of their data for the purposes described in points g), h), i) and j).
The provision of personal data relating to the purposes described in points g), h), i), and j) is optional and its use is subject to the provision of explicit consent. If you refuse to provide consent, this will make it impossible for you to subscribe to the “Newsletter”, to the “Joy of Life Club”, and will preclude you from receiving informative and promotional information, brochures and communications relating to products, promotions and services offered by our Company.
Within the context of the sending of publicity material, promotional material, informative material and/or brochures, please note that consent to the processing of personal data can be withdrawn at any time by selecting the relevant “delete” box, which you can access via a link contained within the communications sent.
Such data (especially personal details, email address, postal address, telephone number and bank details – in the case of payment via credit card) is necessary to conclude contracts for the acquisition of products via the site, or for some “pre”-sale and “post”-sale services, or to comply with obligations driving from legal or regulatory standards. As indicated above, a failure to provide this data may constitute a legitimate and justified reason for not executing a contract for the acquisition of products online and/or the provision of linked services, depending on the case in question.

We also inform you that our Company uses the IP addresses of visitors, in an entirely anonymous way, to monitor traffic on the Site.

4. MEANS AND LOCATION OF THE PROCESSING OF PERSONAL DATA GATHERED

4.1 Means of processing and security

The data controller has adopted relevant security measures, which aim to prevent unauthorized access, dissemination, modification, or destruction of Personal Data. In particular, this uses technology to encrypt data in SSL, as well as complying with ISO/IEC 27000 standards. With regards to the purposes indicated, the data of users is subject to processing in an automated and manual form, in compliance with the principles of correctness, lawfulness and transparency, as well as dispositions in force regarding the protection of personal data and security measures, pursuant to art. 32 of the GDPR, by persons who have been specifically appointed and authorised, and in compliance with the stipulations of the GDPR. The processing of the personal data of users is carried out through operations including the gathering, registration, organisation, preservation, consultation, elaboration, modification, extraction, comparison, use, communication, deletion and destruction of data. The data controller may also use cookies (temporary markers designed to identify physical persons online) with the aim of qualifying, providing, improving and personalising the products and services offered. The data controller has adopted automated decision-making procedures, including profiling. To ensure the best possible protection of personal data, beyond the limits of control exercised by us, we recommend that you protect the devices you use for navigation (for example with an up-to-date anti-virus system) and to ensure that your internet provider uses appropriate measures for the transmission of data online (for example firewalls and anti-spam filters).

In some cases, in addition to the Data Controller, the following may have access to Data: other subjects involved in the organisation of this Website and companies affiliated and/or linked to Nomination Srl, (administrative, commercial, marketing and legal staff and system administrators) or external subjects (such as third party providers of technical services, postal couriers, advisors, hosting providers, information companies, communication agencies, credit institutions for the management of payments via credit card) who have been appointed, including, if necessary, Data Processors operating on behalf of the Data Controller. An updated list of Data Processors can always be requested from the Data Controller.

4.2 The Location of the Processing and Transfer of Data

Data is processed at the operational headquarters of the Data Controller and in other locations where parties involved in processing are located. For more information, contact the Data Controller.

Personal Data is saved on servers located in the member states of the European Union, but, pursuant to art. 44 and ss. of the GDPR, the Data Controller, where necessary, reserves the right to transfer such servers, including to third countries that do not belong to the European Union, in compliance with applicable legal provisions.

The Customer has the right to obtain information relating to the legal basis of the transfer of Data outside the European Union or to an international organisation of public international law or consisting of two or more countries, as well as information relating to the security measures adopted by the Data Controller to protect Data.

5. PERIOD OF PRESERVATION

In compliance with principles of lawfulness, limitation of purposes and minimisation of data, pursuant to the GDPR, the period of preservation of the personal data of users is determined for a period of time no greater than that which is required to fulfil the purposes for which the data is gathered and processed, in compliance with time-frames stipulated by law and by provisions of the Italian Data Protection Authority. Therefore:

• Personal data gathered for aims linked to the execution of a contract between the Data Controller and the User will only be processed until this contract has been executed. Personal data gathered for sales purposes is preserved for a period of no longer than 10 years, in compliance with fiscal and civil regulations.

• Personal data gathered for purposes linked to the legitimate interest of the Data Controller will be processed until such interest has been satisfied. The User can obtain further information relating to the legitimate interest pursued by the Data Controller in the relevant sections of this document, or by contacting the Data Controller.

When processing is based on consent from the User, the Data Controller can preserve Personal Data for a longer period, until such consent is withdrawn. Furthermore, the Data Controller may be obliged to preserve Personal Data for a longer period, to comply with a legal obligation or an order emanating from a relevant authority. At the end of the period of preservation, Personal Data will be deleted. Therefore, at the expiration of this period, the rights to access, to deletion and to rectification, as well as the right to the portability of data, can no longer be exercised.

6. THE RIGHTS OF THE DATA SUBJECT

The Data Subject may, at any time, exercise the following rights:

The right to withdraw consent at any time. The data subject may withdraw consent to the processing of their Personal Data that has previously been given. The data subject should contact us directly as the following address: customerservice@nomination.com.To withdraw consent to the receiving of our newsletter, you can do this automatically by following the link that you will find at the bottom of each communication;

The right to access your own Data. The data subject has the right to obtain information on the Data processed by the Data Controller, on certain aspects of processing, and to receive a copy of the Data processed. He/she can contact us directly at the address: customerservice@nomination.com.

The right to rectification. The data subject can verify the correctness of his/her Data and request the updating and/or correction of this Data. He/she can contact us directly at the address: customerservice@nomination.com.

The right to the limitation or processing. Under certain conditions, the data subject can request the limitation of the processing of his/her Data. In this case, the Data Controller will not process the data for any other reason than its preservation.

The right to the deletion or removal of your own Personal Data. Under certain conditions, the Data Subject can request the deletion of his/her Data by the Data Controller.

The right to the portability of data. The Data Subject has the right to receive his/her Data in a structured, commonly used and machine-readable format, and, where technically feasible, to obtain the transfer of this Data without hindrance to another data controller. This provision is applicable if the Data is processed with automated tools and the processing carried out is based on the consent of the Customer, on a contract to which the Customer is party, or on contractual measures linked to this.

The right to make a complaint. The data subject can make a complaint to the relevant supervisory authority for the protection of personal data, or engage in legal proceedings.

The right to oppose the processing of data for commercial purposes. At any time, the data subject has the right to object to the processing of his/her data if this is used for direct marketing and commercial purposes.

7.MEANS OF EXERCISING RIGHTS

At any moment, you can exercise your rights as described above in written form, by sending a registered letter (with acknowledgement of receipt) to the company NOMINATION SRL, Via F.lli Bandiera 22, 50019 Sesto Fiorentino (FI), or, alternatively, via electronic post to the email address customerservice@nomination.com, or to the email address nm-gdpr@nomination.com and to the certified email address nomination@pec.it . Requests are handled free of charge and processed by the Data Controller within the shortest period possible, and in any case within one month.

8.THE RIGHTS OF MINORS

The services offered by the Data Controller and the Site managed by the Data Controller are not targeted at minors below 16 years of age (or below the age limit established by legislation in the User’s country of residence), from whom the Data Controller does not intentionally gather (and then use) information and personal data. In order to protect the security and privacy of minors, wherever such information is involuntarily gathered and/or recorded, the Data Controller undertakes, upon request, to delete it promptly. Registration with the Site implies confirmation that the User has reached the age of majority in his/her country of residence.

9. MODIFICATIONS TO THIS DECLARATION

The Data Controller reserves the right to make modifications to this privacy policy at any time, for example in order to comply with new requirements imposed by applicable legislation or technical requirements, and will provide information regarding such modifications on this page. We therefore request that you consult this page regularly, referring to the most up-to-date version.
If modifications are made that affect processing operations whose legal basis is consent, the Data Controller undertakes to gather the User’s consent again, if necessary.

10. COOKIE POLICY

This Website makes use of Cookies.
To find out more and to view the detailed declaration, the User can consult the Cookie Policy on this page.

11. FURTHER INFORMATION REGARDING THE PROCESSING OF DATA

Legal Defence

The Personal Data of the User may be used by the Data Controller for legal action or in the preparatory phases for the eventual establishment of a defence against misuse of this Website or connected Services on the part of the User. The User declares that he/she is aware that the Data Controller may be obliged to divulge Data by order of public authorities.

System Log and Maintenance

For reasons linked to its functioning and maintenance, this Site and eventual third party services used by the Site may collect system Logs, or files that register interactions and that may also contain Personal Data, such as the User’s IP address.

Chat Live Help®

The Chat LiveHelp® services present on this site is managed by Sostanza S.r.l., which is the external Data Controller for the data that is collected via this service. For more information please read the Terms and Conditions of the service at: www.livehelp.it

Information that is not contained in this Policy

Further information relating to the processing of Personal Data can be requested at any time from the Data Controller, using the contact details provided.

COOKIES POLICY

Cookies are short lines of texts stored on your computer by websites you’ve visited. They are widely used in order to make websites work more efficiently, as well as to provide information to the website owner. They are used to store information about visitors preferences and record user-specific information (authentication, language, location and other). Part of the information collected is used for statistics and marketing purposes.

Types: • Session cookies (they are deleted when the browser is closed)
• Persistent cookies (they are deleted after a fixed period of time)
• First-party cookies (they can be read by the domain being visited only)
• Third-party cookies (they are created and subject to external domains, different than the visited website)

The table below summarizes which cookies are used.

Cookie Name Type Purpose
CoGoogle Analytics

_utma
_utmb
_utmc
_utmz

Third-party persistente These cookies are used to collect information about how visitors use the website. This information is used to compile report and assist with site improvement. Cookies collect information in an anonymous form, including the number of website’s visitors, where visitors have come to the website from and the pages they visited. Click here for Google privacy policy.
.NET Session ASP.NET_SessionId First-party sessione This cookie is fundamental to manage users sessions. This cookie collects information in an anonymous form and is deleted when the browser is closed. Visit the Microsoft website.
Facebook Third-party facebook.com https://www.facebook.com/help/cookies/
Twitter Third-party twitter.com http://support.twitter.com/articles/20170514
Linkedin Third-party linkedin.com http://www.linkedin.com/legal/cookie_policy
Google+ Third-party plus.google.com https://www.google.com/policies/technologies/cookies/

Most web browsers enable to control cookies management through settings. For further information on cookies, including how to verify saved cookies, how to manage cookies settings and how to delete them, please visit www.aboutcookies.org o www.allaboutcookies.org.
To disable tracking by Google Analytics across all websites, please visit http://tools.google.com/dlpage/gaoptout.