Privacy Management System

27/04/2016, hereinafter referred to as GDPR, the Company NOVALBERG S.R.L. informs you of the following:
A) Purposes of data processing and legal basis
Your personal data is processed by NOVALBERG S.R.L. as the data controller for the following
Service Purposes:
A1) pursuing its own legitimate interest, consisting of guaranteeing the security of the website
www.novalberg.it and the information exchanged on it, i.e. the ability of this website to
resist, at a given security level, unforeseen events or unlawful or malicious acts that
compromise the availability, authenticity, integrity and confidentiality of personal data
stored or transmitted and the security of related services offered or made accessible;
A2) for the fulfillment of pre-contractual and contractual obligations following an online purchase request,
any legal and/or regulatory obligations (e.g. tax and accounting obligations, etc.) and
internal controls, as well as to facilitate the continuation of communication with the customer;
A3) Acquisition and processing in both paper and digital format for the performance by the
Controller of marketing activities to promote commercial offers, as well as promotional activities
through the use of corporate social channels such as Instagram and Fb.
A4) to comply with obligations provided for by law, a regulation, community legislation or
an order of the Authority (such as, for example, anti-money laundering);
A5) exercising the Controller's rights, for example the right of defense in court;
B) Nature of data provision
Your personal data subject to processing are collected directly by the Data Controller
or by the person expressly authorized by them.
The legal basis for data processing for the purposes referred to in points A1) and A2) is respectively
Article 6.1, letter f) of the GDPR, as the processing is necessary for the performance of the activities
agreed on a contractual basis. The provision of Personal Data for these purposes is optional,
but any failure to provide it would make it impossible to initiate and/or continue the
contractual/pre-contractual relationship.
The legal basis for data processing for the purposes referred to in point A3) above is Article 6
paragraph 1 letter a of the Regulation, according to which your data may be lawfully processed
exclusively with your specific, separate, express, documented, prior and
entirely optional consent. With regard to these processing purposes for which your consent is required,
we inform you that your refusal will not affect the obligations otherwise assumed.
The legal basis for data processing for the purposes referred to in points A4) and A5) is the legitimate
interest pursuant to Article 6, paragraph 1 letter c of the Regulation (processing necessary to
comply with a legal obligation to which the data controller is subject) and does not require your
consent.
C) Data processing methods
Your data is processed lawfully and fairly, in accordance with the provisions of Articles 5
and 6 of the Regulation for the pursuit of the purposes indicated above and in compliance with the fundamental principles
established by applicable law. The processing of personal data may take place both
through manual, IT and telematic tools, but always under the supervision of adequate technical and organizational measures
to guarantee its security and confidentiality, especially in order to
reduce the risks of destruction or loss, even accidental, of data, unauthorized access, or
unauthorized processing or processing not conforming to the purposes of collection.

D) Categories of data and their origin

The subject of the processing is your personal data, acquired through the
Request for Profile Activation on the website www.novalberg.it, as well as any data
transmitted via email or telephone.
E) Scope of communication
Within the limits relevant to the purposes of the data processing indicated, only authorized employees involved in their processing and belonging to the Data Controller's organizational structure may become aware of them.
It is specified that your data may be transmitted to the following recipients:
- Authorized internal party who processes the data for the provision of the service;
- Suppliers and/or partners for the processing of all or part of the personal data to the extent necessary for
the execution of their services.
F) Retention period
In accordance with the principle of "storage limitation" referred to in Article 5 of Regulation (EU)
No. 679/2016 (GDPR), the collected data subject to processing for the purposes indicated above will be
stored according to the deadlines provided by law and, subsequently, for the time
the Company is subject to retention obligations for purposes provided by law or
regulation. The obsolescence of the data stored in relation to the purposes for which
they were collected is checked periodically.
In any case, data is expected to be stored for a maximum period of:
Commercial Data = 5 years
G) Profiling and Data Dissemination
Not applicable;
H) Rights of the data subject
As a data subject, you have the rights pursuant to Article 15 of the GDPR, namely the rights to:
1. obtain confirmation as to whether or not personal data concerning you are being processed, even if not
yet recorded, and their communication in an intelligible form;
2. obtain information about: a) the origin of the personal data; b) the purposes and methods of
processing; c) the logic applied in case of processing carried out with the aid of electronic
instruments; d) the identification details of the controller, processors and the designated representative
pursuant to Article 3, paragraph 1, GDPR; e) the subjects or categories of subjects to
whom the personal data may be communicated or who may become aware of them as
designated representative in the State territory, or as processors or authorized persons;
3. obtain: a) the updating, rectification or, when interested, the integration of the
data; b) the erasure, anonymization or blocking of data processed in
violation of the law, including those whose retention is not necessary in relation to the
purposes for which the data were collected or subsequently processed; c) certification that the
operations referred to in letters a) and b) have been brought to the attention, also as regards
their content, of those to whom the data have been communicated or disseminated, except in cases where
such fulfillment proves impossible or involves a manifestly disproportionate use of means
compared to the protected right;
4. object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you,
even if pertinent to the purpose of the collection; b) to the processing of personal data concerning
you for the purpose of sending advertising material or direct sales or for carrying out market
research or commercial communication, through the use of automated calling systems without
the intervention of an operator via email and/or through marketing methods

traditional by telephone and/or paper mail. Please note that the data subject's right to object,
as set out in point b) above, for direct marketing purposes using automated methods extends to traditional ones, and that in any case, the data subject retains the
possibility to exercise the right to object even partially. Therefore,
the data subject can decide to receive only communications via traditional methods or
only automated communications or neither type of communication.
5. Right to rectification of your personal data in case they are modified and do not correspond to those
previously acquired or communicated (Art. 16)
6. Right to erasure of data ("right to be forgotten" Art. 17). NOVALBERG S.R.L. if one of the following cases exists,
proceeds with the erasure of the data from all databases and archives where it is contained:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or
otherwise processed;
b) the data subject withdraws consent and if there is no other legal ground for the
processing;
c) the data subject objects to the processing pursuant to Article 21, paragraph 1, and there are no
overriding legitimate grounds for the processing, or the data subject objects to the
processing pursuant to Article 21, paragraph 2;
d) the personal data have been unlawfully processed;
e) the personal data must be erased for compliance with a legal obligation in Union or Member State law
to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services
referred to in Article 8, paragraph 1.
7. Right to restriction of processing (Art. 18). The data subject has the right to obtain from the controller the
restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to
verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests
the restriction of their use instead;
c) although the controller no longer needs the personal data for the purposes of the processing, they
are required by the data subject for the establishment, exercise or defense of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the
verification whether the legitimate grounds of the controller override those of the data subject.
8. Right to object (Arts. 21-22): The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on Article 6(1)(e) or (f), including profiling based on those provisions. NOVALBERG S.R.L. does not subject data to decisions based solely on automated processing.
To lodge a complaint with a supervisory authority (Italian Data Protection Authority – with registered office in Rome, Piazza Venezia n.11 - www.garanteprivacy.it);
I) Data Controller and Data Protection Officer
The Data Controller is NOVALBERG S.R.L. with registered office in Pozzuoli (NA), Via Campana 233/A, 80078, VAT no. 07338000636
The Controller can be contacted at the following email address: info@novalberg.it