Privacy policy for the processing of personal data
The Data
Controller is the company Nues Vapes S.r.l. (VAT IT17379751005), with registered office in Rome, Via di Generosa n. 3, in the person of its pro tempore legal representative, who can be contacted at the following email address info@nuesvapes.com (“Data Controller”).
Purpose of data
processing The processing is aimed at fulfilling pre-contractual and contractual obligations following requests for information, distribution and sale of the products offered by the Data Controller; to achieve marketing purposes, in accordance with Article 7 of the GDPR, for communications with commercial, promotional or informative content in relation to the Nues Vapes branded product, as well as statistical analyses and market research strictly related to the services and products offered through the www.nuesvapes.com site or following the spontaneous release of your data, including during promotional events organized by the Data Controller; to carry out profiling activities, such as the analysis of customers’ consumption habits or choices, processing, mainly: (a) data relating to the date and time of your display of e-mail messages containing information, including of a commercial and promotional nature, relating to the www.nuesvapes.com site, as well as interaction with them and information on clicks on links included in the messages; (b) the data acquired when purchasing products on the site, therefore, also through the detection of the type and frequency of purchases. It is hereby declared that the interested party is of legal age, freeing the Data Controller from any liability. In addition, your personal data will also be processed in order to: i) comply with tax and accounting obligations and ii) comply with any legal obligation incumbent on the Data Controller or by order of the Authority. Your data may therefore be extracted by common search engines in the case of online searches carried out by third parties.
Legal basis of the processing
The legal basis of the processing is the consent of the data subject to the processing of data expressed through the compilation of this form or rendered during participation in promotional events organized by the Data Controller, or at which you were present or in any case made spontaneously on the site www.nuesvapes.com also to send requests for information, for registration, consulting/editing your profile, for the management of online purchases and for subscribing to newsletters or mailing lists. In any case, the Data Controller will process your data lawfully as the processing is aimed at and necessary i) for the correct and complete execution of existing contracts and sales ii) for the pursuit of the legitimate interest of the data controller, also for example for marketing and promotional purposes iii) for the correct fulfillment of the legal obligations incumbent on the data controller as well as iv) whenever the same processing is based as in this case on your express consent.
Consequences of failure to provide personal data
The provision of data is optional. You assume responsibility for your own or third parties’ data published or shared through the site and guarantee that you have the right to communicate or disseminate them to the Data Controller. Failure to provide personal data prevents the proper functioning of the site and the related sale of products, therefore the completion of the contract as well as any relationship based on it, with the impossibility of proceeding with the provision of products and services, also offered through the site.
Method of processing personal data
The data processing will take place in full compliance with the principles of lawfulness, fairness, transparency, purpose limitation, and data minimization and, in any case, with all the principles referred to in Article 5 of the GDPR. In relation to the purposes indicated, your personal data are subject to computer and/or paper processing, in order to guarantee confidentiality and security. The processing of personal data takes place, under the authority of the Data Controller, by subjects specifically appointed, authorized, and instructed to process according to Art. 29 GDPR and 30 of the Privacy Code. No automated decision-making is carried out.
Data storage
Your personal data will be stored for the entire period of the contractual duration and validity of the commercial, promotional, informative, and/or advertising offers of the Data Controller and in any case, even subsequently, only for the time in which the Data Controller will be subject to the legal obligations of keeping accounting records and for tax and/or other purposes always provided for by law, and in any case until the definition of any tax assessments. In any case, for marketing purposes, the data will not be processed for a period of more than 24 months, while for profiling purposes, the data taken for this purpose is kept for a duration of 12 months from the last operation on the site and then deleted.
Data management
Your personal data may be communicated in a manner that guarantees security and confidentiality and for the performance of the functions assigned to them i) to employees, collaborators and/or consultants, IT technicians and/or providers of payment services, cloud services, hosting services, website management, the email marketing system, profiling services, third parties producing cookies as per the cookies policy ii) to accountants, lawyers, consultants or other professionals who provide services and/or services functional to the registration and execution of the contract and in any case for tax purposes and other purposes under the law; iii) to banking and insurance institutions that provide functional services for the purposes mentioned above; iv) to subjects who process data in compliance with specific legal obligations, including competent authorities to comply with legal obligations upon specific request.
Dissemination of data
Your personal data is not subject to dissemination. Your personal data provided, at present, are managed and stored on servers located in the territory of the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Switzerland or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place by the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
Rights of the party
Your rights under the GDPR, to be exercised by communicating to the Data Controller’s email, are those of:
– request and obtain from the data controller i) access to your personal data, ii) the rectification of inaccurate data or the integration of any incomplete data, iii) the deletion of personal data if one of the conditions referred to in art. 17, paragraph 1 of the GDPR or iiii) the restriction of the processing of your personal data in the event of one of the hypotheses referred to in Art. 18, paragraph 1 of the GDPR;
– object at any time to the processing of your personal data in the event of particular situations concerning you. It is understood that the processing is based on consent and carried out before the processing remains lawful;
– revoke consent at any time if it has been given for one or more specific purposes and concerns so-called common personal data (date and place of birth, place of residence or domicile, etc.), or concerns particular categories of data (racial origin, political opinions, religious beliefs, etc.). It is understood that the processing is based on consent and carried out before the processing remains lawful;
– lodge a complaint with the competent Data Protection Authority.