NDG Natural Development Group Srl

Registered office: Via G. Matteotti 159/C – 40013 Castel Maggiore (BO) – ITALY
Tel./Fax: 051 41.21.099
e-mail: ndggroup@ndggroup.eu – Sito Internet: www.ndggroup.eu
VAT IT03584581205 – REA BO – 530867

PRIVACY POLICY USERS OF WWW.NDGGROUP.EU

The following information (“the Privacy Policy“) is provided to you, pursuant to article 13 of EU Reg. 2016/679 (“GDPR”), in order to illustrate the purposes and means of the processing of personal data related to users accessing the website www.ndggroup.eu (“the Website“) and carried out by NDG NATURAL DEVELOPMENT GROUP S.R.L.

This Privacy Policy only governs the processing of personal data relating to users of the Website (“the Data Subjects“), and does not govern the processing of personal data carried out by third parties when the Data Subjects visit pages and websites accessible through links embedded on the Website.

In addition to this Privacy Policy, the Data Controller may provide more specific information concerning certain processing operations that are carried out on information collected via forms embedded on the Website.

DATA CONTROLLER

he data controller is NDG NATURAL DEVELOPMENT GROUP S.R.L. (Fiscal code & VAT no. 03584581205), having its registered office in Via Salvatore Quasimodo, n. 42 – 40013 Castel Maggiore (BO) (“the Data Controller“). For the purposes of this Privacy Policy, the contact details of the Data Controller (“Contact Details“) are: phone number +39 051 4121099, e-mail: ndggroup@ndggroup.eu – certified e-mail: ndg.natural@pec.it.

CATEGORIES OF PERSONAL DATA PROCESSED AND PURPOSES OF PROCESSING

Whenever a user visits the Website, the following information relating to them may be subject to processing:

A) data related to the navigation of the Website, detected and collected by the Data Controller through the use of software applications which are necessary to ensure the ordinary functionality of the Website.

The processing of these information (such as the Internet Protocol address, the domain names of the computers and devices employed by users, the browser used, the Uniform Resource Identifier and other data that, by providing information on the device and connection used to visit the Website, may indirectly allow the identification of the Data Subject), is essential to the proper functioning of the Website and is therefore necessary to allow users enjoy the services offered.

Failure to provide these data will prevent from navigating the Website and from using of the services offered.

The technical parameters of the Website have been designed in order to minimize the collection and use of users’ personal data.

B) personal Data provided voluntarily by the Data Subjects through the filling of forms, the sending of e-mails or communications to the addresses of the Data Controller provided on the Website and the use of features offered by the Website.

These personal data are processed in order to provide the services which are being offered to the Data Subject through the Website, and therefore in order to respond to requests for information sent to the e-mail addresses in the “Contacts” subsection.

This processing operations concern information such as name, e-mail address and any other piece of information which the Data subject will spontaneously volunteer in their messages addressed to the Data Controller. The provision of such data is optional, but it is nevertheless necessary in order for the Data Controller to be able to fulfil requests and to offer its services.

Personal Data will be processed mainly by automated means (e.g. management software) and residually by non-automated means (e.g. paper filing systems) chosen in order to ensure the security of the data, by individuals who operate under the direct authority of the Data Controller and who have been properly authorized and instructed in this regard by the latter.

DATA STORAGE PERIOD

Personal data processed for the purposes referred to point A) will be stored for the time necessary to allow navigation of the Website and in any case no further than 7 days from collection, except when a longer storage period is required for purposes of detection of crimes by public authorities or for purposes of exercising or defending a legal claim of the Data Controller.

Personal data processed for the purposes referred to point B) will be stored and processed for the time strictly necessary to achieve the purposes for which they were collected.

RECIPIENTS OF PERSONAL DATA AND TRANSFERS TO THIRD COUNTRIES

Personal data relating to the Data Subjects may be disclosed to:

• suppliers of information technology (IT) services, such as websites’ management and maintenance support, hosting and e-mail delivery;
• Data Controller’s staff tasked with managing the Website and providing feedback to requests made through the Website;
• public authorities, such as police forces and judicial offices, where required by law or by a legitimate order.

If the conditions established by the GDPR are met, the Data Controller shall enter into specific contracts with those recipients, among those listed above, who receive disclosure of personal data so that they may process them on the Data Controller’s behalf (“Data Processors“), aimed at ensuring that the operations carried out are performed consistently with the instructions given by the latter and that appropriate technical and organisational measures are implemented to safeguard the security of the personal data processed. Disclosure of personal data to these recipients might imply their transfer to countries outside the European Economic Area (“Third Countries“), and namely to the Republic of San Marino: such a transfer is subject to appropriate safeguards, which have also been provided for by recourse to the standard contractual clauses adopted by the European Commission. Should it decide to transfer personal data to other Third Countries, the Data Controller shall provide Data Subjects with appropriate supplementary information and shall only transfer personal data to Third Countries whose level of personal data protection has been deemed adequate by the European Commission, or upon providing appropriate safeguards, including recourse to standard contractual clauses.

DATA SUBJECTS’ RIGHTS

At any time, the Data Subject may exercise the rights attributed to him or her by articles 15 et seq. GDPR by reaching out to the Data Controller. Namely the user, as a Data Subject and within the limits established by the GDPR, may exercise the following rights:

• the right of access, i.e. the right to obtain confirmation as to whether or not your data are being processed, as well as the right to receive any information related to the processing operations and a copy of the personal data undergoing processing;
• the right to rectification, i.e. the right to obtain the rectification or the completion of the personal data undergoing processing, if they are inaccurate or incomplete taking into account the purposes of the processing;
• the right to erasure (“right to be forgotten”)”), i.e. the right to obtain the erasure of the personal data undergoing processing when they are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or when another ground established by article 17 GDPR applies;
• the right to restriction of processing, i.e. the right to obtain the restriction of the processing of personal data, when the requirements set out in article 18 GDPR are met;
• the right to data portability, i.e. the right to receive personal data concerning the Data Subject, which he/she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and to have the personal data transmitted directly from one controller to another, where technically feasible;
• the right to object to the processing, i.e. the right of the Data Subject to object at any time, on grounds relating to his or her particular situation, to the processing operations of personal data concerning him or her which are necessary to the performance of a task carried out in the public interest, to the exercise of official authority or for the purposes of the legitimate interest of the Data Controller, unless the latter demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
• the right to lodge a complaint with a Supervisory Authority, such as the Garante per la Protezione dei Dati Personali, with offices in Piazza Venezia 11 – 00187, Rome (RM), Italy (IT), E-mail: garante@gpdp.it, PEC: protocollo@pec.gpdp.it.

These rights may be exercised free of charge, by sending a written request to the Data Controller at the latter’s Contact Details. However, in case manifestly unfounded or excessive requests – in particular because of their repetitive character – are filed, the Data Controller may charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request altogether.

PRIVACY POLICY CHANGES

Over the course of time, the Data Controller may make changes or amendments to this Privacy Policy, in order to ensure it is updated to the processing operations being performed or merely in order to improve its clarity; in such cases, the Data Controller shall promptly inform users of the Website employing the most effective and appropriate tools to that end.

Last update: 20 September 2024

Distinti saluti.
NDG Natural Development Group Srl