With this privacy policy notice on the processing of personal data, provided pursuant to Art. 13 of Regulation (EU) 2016/679 (the so-called "GDPR"), the company N2S srl (hereinafter referred to as "N2S" for brevity), with registered office in Via A. Fogazzaro, 54/56 - 36073 Cornedo Vicentino (VI) Italy, VAT No. 03883570248 - Tax Code 03883570248, Tel. 0445. 952800 - e-mail info@dueessesrl.eu - before proceeding to process Users' personal data - illustrates to the Data Subject (User of the website dueessesrl.eu) how his/her personal data, collected through and during navigation on this website, are processed when using its services and/or accessing its contents, and informs him/her how he/she may, at any time, exercise his/her rights as provided for by law.
To immediately access the Cookie Policy click here

1. Who is the Data Controller?

N2S srl (hereinafter referred to as "N2S" for the sake of brevity), with registered office in Via A. Fogazzaro, 54/56 - 36073 Cornedo Vicentino (VI) Italy, VAT no. 03883570248 - Tax code 03883570248, Tel. 0445.952800 - e-mail info@dueessesrl.eu, as Data Controller, is responsible for the confidentiality of your personal data and for guaranteeing the necessary protection from any event that might put them at risk of being violated.
The Data Controller undertakes to process your personal data in compliance with the GDPR, Legislative Decree 196/2003 and subsequent amendments and additions (hereinafter referred to as the "Privacy Code" for the sake of brevity), the relevant provisions and guidelines of the Data Protection Authorities and the national and European judicial authorities, as well as the applicable national and European legislation.

2. What personal data does the Data Controller collect and process?

The Data Controller processes your personal data, collected when you visit the Site, when you use its services and/or when you access its contents, as well as when you contact the Data Controller also by filling in a contact form. By way of example, the Data Controller may acquire the following types of information:

• personal data, such as name and surname;
• contact data, such as telephone number and e-mail address;
• navigation data, such as IP address, access time and/or platform registration time, server access methods, numeric code indicating the status of the response given by the server (successful, error, etc.).

N2S may also collect data relating to Your interaction with social networks (e.g. "Share" or Facebook's "Like") and/or external platforms (e.g. Google Maps). The interactions and information acquired through this modality are in any case subject to the privacy preferences set by You on each social network and/or external platform. In any case, the data controller of your data is the operator of the social network and the external platform.

Your data will be processed by the Data Controller exclusively for the purposes and within the limits set out in the following sections.

3. Purposes for which the Data Controller processes your personal data

Personal data relating to you will be processed for the following purposes:

1) Use of the content and services offered through the Site;

2) Manage and process your requests for assistance, information and/or clarifications received by the Data Controller by means of a communication using the contact addresses on the Site or the contact form;

3) Fulfilment of obligations, including legal obligations, and any other obligation resulting from orders by the competent authorities, as well as the exercise or defence of a right or interest of the Data Controller or a third party deriving from the relationship.

In connection with the aforementioned activities, your Personal Data will also be processed for all related administrative, financial and/or legal operations.

4. What is the legal basis for the processing?

Below we set out the legal basis of the processing for each of the purposes indicated in the previous section:

a. The legal basis of the processing for the purposes referred to in points 3.1) and 3.2) is to be found in the need to execute the contractual relationship to which you are party and/or to take pre-contractual measures at your request (Art. 6(1)(b) GDPR);

b. The legal basis of the processing for the purposes referred to in point 3.3) is to be found in the need to fulfil obligations, including legal obligations, and any other obligation arising from decisions of the competent authorities, as well as to exercise or defend a right or interest of the Data Controller or a third party.

5. Is the communication of your personal data optional or compulsory?

The provision of your Personal Data for the purposes set out in points 3.1), 3.2) and 3.3) is necessary and a failure to do so will not allow the Data Controller to perform the requested service.

6. Which recipients may receive your data?

Only for the purposes specified above, the Data Controller may communicate your personal data to the following categories of subjects as Autonomous Data Controllers, Data Processors or External Data Processors:

- internal figures authorised to process data in accordance with their respective duties;
- public, financial and institutional bodies and/or administrations and/or authorities;
- entities, companies, freelancers and other entities that provide goods/services to the Data Controller;
- partners of the Data Controller for the performance of the service requested/assigned by the data subject;
- external accounting and tax consultants;
- legal consultants;
- computer technicians, internet service operators or other providers of telematic/digital services.

7. How, where and how long are your data stored?

How
The processing of data is performed using printed material or computerised procedures by specially authorised persons. They are granted access to your personal data to the extent and within the limits necessary for the performance of the processing activities concerning you.
The Data Controller periodically checks the instruments through which your data are processed and the security measures established for them, which it constantly updates; it verifies, also through the persons authorised to process them, that no personal data are collected, processed, filed or stored whose processing is not necessary or whose purposes have been fulfilled; it verifies that the data are stored with a guarantee of integrity and authenticity and that they are used for the purposes of the processing actually undertaken.
The Data Controller guarantees that any data that, even after verification, prove to be superfluous or irrelevant shall not be used, except for the possible storage, in accordance with the law, of the act or document containing them.
The processing of users' personal data is carried out through the use of automated tools with reference to access data to the pages of the website.

Where
The data are stored in paper, computer and electronic archives within the European Economic Area (EEA) and security measures are in place to protect them.

Should it become necessary for technical and/or operational reasons to use entities located outside the European Union, or should it become necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the European Union, the processing will be carried out in accordance with the provisions of Regulation (EU) 2016/679. All necessary precautions will be taken in order to ensure the protection of personal data basing such transfer: a) on third country adequacy decisions expressed by the European Commission; b) on adequate guarantees expressed by the third party recipient in accordance with Article 46 of Regulation (EU) 2016/679; c) on the guarantees referred to in Article 49 of Regulation (EU) 2016/679.

Storage period
Your personal data are stored for as long as it is necessary for the performance of the relationship with the Data Controller and for the fulfilment of obligations, including legal obligations, as well as the exercise of the rights arising therefrom.
Navigation data do not last for more than 12 months.
In any case, once all the purposes justifying the storage of your personal data have been fulfilled, the Data Controller will take care of deleting them or anonymising them.
In any case, your data may be stored - for the sole purpose of protecting any rights of defence - for a maximum of 10 years.

8. Interactions with external platforms

This type of service allows interactions with external platforms, specifically Google Maps, directly from the pages of this Application.
The interactions and information acquired by this Application are in any case submitted to the User's privacy settings relating to the external platform.

9. What rights do you have and how can you exercise them?

The rights you are granted allow you to be in control of your data at all times. You have the rights to:

• access;
• rectification;
• consent withdrawal;
• cancellation;
• restriction of processing;
• objection to processing;
• portability.

Basically, at any time and free of charge and without any special charges or formalities for your request, you can:

• obtain confirmation of the processing carried out by the Data Controller;
• have access to your personal data and know its origin (when the data is not obtained from you directly), the purposes and aims of the processing, the data of the persons to whom it is communicated, the storage period of your data or the criteria used to determine it;
• update or rectify your personal data so that they are always exact and accurate;
• revoke consent at any time where it forms the basis of the processing. Withdrawal of consent, however, does not affect the lawfulness of the processing based on the consent given before the withdrawal;
• delete your personal data from the databases and/or archives, including backup archives, if they are no longer necessary for the purposes of the processing or if the processing is assumed to be unlawful, and always if the conditions provided for by law are met; and in any case if the processing is not justified by another, equally legitimate reason;
• limit the processing of your personal data in certain circumstances, for example where you have objected to its accuracy, for the period necessary for the Data Controller to verify its accuracy. You must also be informed, in an appropriate timeframe, when the period of suspension has expired or the reason for the restriction of processing has ceased to exist, and the restriction itself lifted;
• obtain your personal data, if they are processed on the basis of a contract and by automated means, in electronic format also for the purpose of transmission to another data controller;
• on the basis of reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on a legitimate interest and obtain the deletion of your personal data if there is no legitimate reason overriding the one that gave rise to your request.

The Data Controller shall do so without delay and, at the latest, within one month of receipt of your request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received. In such cases, the Data Controller shall, within one month of receipt of your request, inform you and notify you about the reasons for the delay.
For any further information and to send your request, please write to N2S to the following e-mail address: info@dueessesrl.eu

10. To whom can you lodge a complaint?

Without prejudice to any other administrative or judicial action, you may lodge a complaint with the Italian Data Protection Authority whose contact details can be found at garanteprivacy.it. However, you may appeal to the Supervisory Authority of another Member State when the object of the processing only concerns an establishment in that Member State or substantially affects data subjects only in that Member State.

Any updates to this policy will be communicated to you promptly and by appropriate means, and you will also be informed if N2S processes your data for purposes other than those referred to in this policy, before doing so and in time to give your consent if necessary.

Last update: 29/05/2023