INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS OF THE WEBSITE WWW.NOLOSTAND.IT

Pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (“GDPR”), Nolostand S.p.A. (“Nolostand” or “Controller”), as the data controller, informs you that it processes the personal data relating to the user or navigator (“User” or “Data Subject”) communicated by the latter or otherwise obtained as a result of the use of the website https://www.nolostand.it/ (hereinafter “Website”) in the manner and for the purposes described below in this policy (the “Policy”).

Please note that this Policy is provided only for the Website and not for other websites that may be consulted by the user via links (for which refer to their respective privacy policies).

By browsing the Website, the User acknowledges that they have read and understood the content of this Policy.

1.     Contact details of the Data Controller

The data controller is Nolostand S.p.A., with registered office in Milan, Piazzale Carlo Magno no. 1, 20149. You may contact the Controller by email at privacy@nolostand.it or by regular mail at the above address.

2.     Types of Personal Data

The Controller processes the following types of personal data of Users who navigate and interact with the web services of the Website, in particular:

Browsing Data

The operation of the Website involves the use of computer systems and software procedures that acquire, during their normal operation, some personal data related to web browsing, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified (e.g., IP addresses, URI - Uniform Resource Identifier - addresses of requested resources, the time of the request, etc.), and other parameters related to the User’s operating system and IT environment. These data are used for the purposes of monitoring the correct functioning of the Website and for the anonymous processing of statistical information on the use of the Website, including tag management. This type of services is functional to the centralized management of tags or scripts used on this Website. The use of such services involves the flow of data through them and, if applicable, their storage. Additionally, the data could be used for the possible judicial defense of rights, as well as for the fulfillment of legal obligations in response to requests from judicial and law enforcement authorities.

For the use of cookies installed through the Website and other online tracking devices, the User is invited to consult the Cookie Policy.

Data Voluntarily Provided by the User

Users are not required to provide personal data to visit the Website. However, contacts between Users and the Nolostand, through the sending of emails, messages, or any type of communication to the addresses indicated on the Website, result in the acquisition of common personal data, such as, for example, first name, last name, email, as well as any other personal data that will be provided by the User voluntarily interacting with the Nolostand through the Website.

3.     Purposes and Legal Basis of Processing

Personal data are collected and processed for the following purposes:

a) to allow Users to use the web services of the Website;

b) to manage User requests for information;

c) to prevent the commission of unlawful acts through the Website;

d) to protect the rights of Nolostand in the event of legal disputes;

e) to comply with legal obligations to which Nolostand is subject.

For the purposes referred to in points a) and b), Nolostand processes such data for the performance of a contract to which the Data Subject is a party or for pre-contractual measures taken at the request of the same pursuant to Article 6(1)(b) of the GDPR.

For the purposes referred to in points c) and d), Nolostand processes such data for the pursuit of a legitimate interest of the Controller pursuant to Article 6(1)(f) of the GDPR.

For the purpose referred to in point e), Nolostand processes such data for compliance with legal obligations to which the Controller is subject pursuant to Article 6(1)(c) of the GDPR.

If the Controller intends to use the collected personal data for any other purpose that is incompatible with the purposes for which it was originally collected or authorized, the Controller will inform the User in advance, and the User may also withhold or revoke his/her consent.

4.     Nature of the provision of data and consequences in case of refusal

The release of the User’s navigation data is necessary for purposes related to the operation of the Website and the routing of connections related to access to the Website itself, which may be precluded in the absence of such data. In other cases, the processing of User’s data is necessary to provide the services requested through the forms specifically prepared on the Website, which, in the absence thereof, would not enable Nolostand to fulfill its legal obligations. In any case, the User can freely decide whether or not to request the particular services available in the sections of the Website dedicated to this purpose, and the provision of data remains optional for these purposes. Failure to provide the data will make it impossible for the User to activate such services.

5.     Method of processing

Within the organizational structure of Nolostand, personal data will be processed by persons authorized to process them who act under the authority of the Data Controller, adequately instructed by the Controller, mainly using electronic systems in accordance with the principles applicable to the processing of personal data under to Article 5 of the GDPR.

6.     Data Retention Period

Data will be retained for the period necessary to fulfill legal obligations. The criteria used to determine the applicable retention period are as follows: the retention of personal data covered by this Policy will take place for as long as necessary (i) to manage the contractual relationship with the user, (ii) to manage complaints or specific requests from the user, (iii) to assert rights in judicial proceedings, and (iv) for the time required by applicable legal regulations.

For the retention periods of personal data processed through cookies, please refer to the Cookie Policy.

7.     Scope of Data Communication and Categories of Recipients

Exclusively for the purposes specified above, the data collected, recorded, and processed may be handled by external parties who perform organizational, technical, and security-related activities on behalf of Nolostand related to the management of the Website and the provision of related services (e.g., IT and telecommunication service companies), acting as data processors under specific contracts in place with Nolostand. Additionally, where necessary, the data may be communicated to competent authorities and other public entities that request them based on current regulations and in relation to investigations and proceedings relating to the prevention, detection and repression of crimes, and to the needs of judicial defense of rights.

The complete list of such entities or categories of entities is available at the Controller’s office and can be requested by sending a communication to the contact details indicated in paragraph 1 of this Policy.

Personal data will not be disseminated.

8.     Data Transfer to Third Countries Outside the EU

The User’s personal data will not be transferred to entities located extra SEE.

9.     RIGHTS OF DATA SUBJECTS

Within the limits provided by Article 2-undecies of the Privacy Code, the User has the right to exercise at any time the rights recognized by Articles 15 to 22 and 77 of the GDPR, as briefly summarized below:

  • Right of access: You may request information about the processing we carry out on your data or confirmation that the Controller processes your personal data. In such a case, you may request us to provide a copy of your data and to verify which data we hold.
  • Right to rectification: You have the right to request the rectification of your personal data if it is incorrect, including the right to request the integration of incomplete personal data.
  • Right to erasure: You have the right to request us to delete the data (or part of it) that you have provided to us, including data that is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • Right to restriction of processing: You may request us to restrict the processing of your personal data if the legal conditions are met.
  • Right to object: You may object to the processing of your personal data, subject to the existence of a legitimate overriding reason for continuing such processing.
  • Right to data portability: You may obtain from the Controller, in a structured, commonly used, and machine-readable format, the personal data you have provided to us, for the purpose of transmitting it to another entity. This right applies in cases where the Controller processes such data through automated means, based on consent or for the provision of services.
  • Withdrawal of consent: If the processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of the processing carried out before such withdrawal.
  • Right not to be subject to automated decision-making: You may request not to be subject to processing based solely on automated decision-making, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This right cannot be exercised if: i) the processing is necessary for the conclusion of a contract between you and the Controller; ii) the processing is authorized by law; iii) the processing is based on your consent.
  • Right to lodge a complaint with the Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent Supervisory Authority if you believe that the processing carried out violates the current regulations on the protection of personal data.

Without prejudice to the procedures provided by the Data Protection Authority for lodging a complaint, for all other rights, you may send a request to the Controller using the contact details indicated in paragraph 1 of this Policy. This Policy may be subject to changes. Therefore, it is advisable to regularly check this web page and consider the most updated version of the policy provided here.

 

Update on 21, March 2025