Privacy

Privacy Policy

Last updated: 28 February 2025

The purpose of this document is to inform the natural person (hereinafter the "Data Subject") about the processing of their personal data (hereinafter "Personal Data") collected by the data controller, The Nettuniani S.R.L., with registered office at Via Bocchetto 6, 20123 Milano (MI), Italy, Tax ID / VAT number 14049730964, e-mail address privacy@thenettuniani.com, certified e-mail (PEC) address thenettuniani@pec.it, telephone +39 392 777 9756 (hereinafter the "Controller"), through the website www.thenettuniani.com (hereinafter the "Application").

Any amendments and updates shall become binding upon publication on the Application. If the Data Subject does not accept changes to this Privacy Policy, they must cease using this Application and may request that the Controller erase their Personal Data.

1. Categories of Personal Data processed

The Controller processes the following types of Personal Data collected in an automated manner:

  • Technical data: Personal Data generated by devices, applications, tools and protocols used, such as information about the device used, IP addresses, browser type, Internet service provider (ISP) type. Such Personal Data may produce traces which, particularly when combined with unique identifiers and other information received from servers, may be used to build profiles relating to natural persons.
  • Browsing and Application usage data: e.g. pages visited, number of clicks, actions taken, session duration, etc.

If the Data Subject fails to provide Personal Data where there is a legal or contractual obligation, or where such data constitute a necessary requirement for concluding a contract with the Controller, the Controller will be unable to establish or continue its relationship with the Data Subject.

Where the Data Subject communicates to the Controller Personal Data concerning third parties, the Data Subject shall be solely and exclusively responsible for their origin, collection, processing, disclosure or dissemination.

2. Cookies and similar technologies

The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect Personal Data of the Data Subject regarding pages and links visited and other actions carried out while the Data Subject uses the Application. Such data are stored for transmission on the Data Subject's subsequent visits. The full Cookie Policy is available at: Cookie Policy.

3. Legal basis and purposes of processing

Processing of Personal Data is necessary:

a. for the performance of a contract with the Data Subject, specifically:

  1. performance of any obligation arising from the pre-contractual or contractual relationship with the Data Subject;
  2. support and contact with the Data Subject: to respond to the Data Subject's requests.

b. for compliance with a legal obligation, specifically:

  1. performance of any obligation required by applicable laws and regulations, in particular in tax matters.

c. on the basis of the Controller's legitimate interests, for:

  1. management, optimisation and monitoring of technical infrastructure: to identify and resolve technical issues, to improve Application performance, and to manage and organise information within an IT system (e.g. servers, databases, etc.);
  2. security and fraud prevention: to safeguard the Controller's assets, infrastructure and networks;
  3. anonymised statistical analysis: to conduct statistical analysis on aggregated, anonymised data to analyse the Data Subject's behaviour, to improve products and/or services provided by the Controller and better meet the Data Subject's expectations.

The Data Subject's Personal Data may also be used by the Controller to defend its rights in proceedings before the competent courts.

4. Processing methods and recipients of Personal Data

Personal Data are processed using paper and electronic tools with organisational procedures and logic strictly related to the stated purposes and through adoption of appropriate security measures.

Personal Data are processed only by:

  • persons authorised by the Controller to process Personal Data who are bound by confidentiality obligations or subject to an appropriate legal duty of confidentiality;
  • entities that act independently as separate controllers or as processors appointed by the Controller in order to carry out all processing activities required to pursue the purposes described in this notice (e.g. business partners, consultants, IT companies, service providers, hosting providers);
  • entities or bodies to which Personal Data must be communicated by law or by order of the authorities.

The persons and entities listed above must use appropriate safeguards to protect Personal Data and may access only such data as are necessary to perform their assigned tasks. Personal Data will not be disseminated indiscriminately in any way.

5. Location

Where necessary, Personal Data may be transferred to parties located outside the European Economic Area (EEA). Whenever Personal Data are transferred outside the EEA, the Controller shall implement any contractual measures that are appropriate and necessary to ensure an adequate level of protection of Personal Data, including—among others—the standard contractual clauses for transfers of data outside the EEA approved by the European Commission. To request information about the specific safeguards adopted, the Data Subject may contact the Controller at the following e-mail address privacy@thenettuniani.com.

6. Retention of Personal Data

Personal Data will be retained for as long as is necessary to fulfil the purposes for which they were collected, in particular:

  • for purposes related to performance of the contract between the Controller and the Data Subject, they will be retained for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years. In the event of court proceedings, for the entire duration of the proceedings until expiry of the time limits for bringing challenges;
  • for purposes related to the Controller's legitimate interest, they will be retained until such interest is fulfilled;
  • for compliance with a legal obligation, an order of an authority, or defence in legal proceedings, they will be retained in accordance with the time limits established by such obligations and regulations, and in any case until expiry of the limitation period under applicable law;
  • for processing based on the Data Subject's consent, they will be retained until consent is withdrawn.

Upon expiry of the retention period, all Personal Data will be erased or stored in a form that does not permit identification of the Data Subject.

7. Rights of the Data Subject

Data Subjects may exercise certain rights in relation to Personal Data processed by the Controller. In particular, the Data Subject has the right to:

  • be informed about the processing of their Personal Data;
  • withdraw consent at any time;
  • restrict processing of their Personal Data;
  • object to processing of their Personal Data;
  • access their Personal Data;
  • verify and request rectification of their Personal Data;
  • obtain restriction of processing of their Personal Data;
  • obtain erasure of their Personal Data;
  • have their Personal Data transmitted to another controller;
  • lodge a complaint with the supervisory authority for the protection of Personal Data and/or bring proceedings before a court.

To exercise their rights, Data Subjects may send a request to the following e-mail address privacy@thenettuniani.com. Requests will be handled by the Controller without undue delay and answered as soon as reasonably practicable, and in any event within 30 days.

See also the Legal Notice and Terms and Conditions.