Privacy Policy

This page describes the methods used for processing personal data of users visiting this website. It is also the disclosure document required by articles 13 and 14 of EU Regulation 2016/679 (GDPR).

Further information is provided in specific pages, where required and necessary. It does not apply to other websites, pages or online services accessible through links / buttons / banners that may be published in the website. This Website and the Services of the Data Controller are not intended for minors under the age of 18 and the Data Controller does not intentionally collect personal information about minors. In the event that information on minors is unintentionally registered, the Data Controller will timely delete it on users’ request.

INDEX
1) Data controller
2) Why we collect your data
3) What data we collect
4) Provision of data
5) Processing methods and security measures
6) Who are the recipients of your data?
7) Your rights

 

1) Data controller

The data controller is Nactarome S.p.a. in the person of the Legal Representative currently in office, based in Piazza Fontana 6, 20122 Milano (Mi) – C.f. e P.iva 10531780962

 

2) Why we collect your data

a) For purposes related to browsing and managing this website, that is:
• protecting the security of the site and its users and preventing or unmasking fraud or abuse to the detriment of the website;
• verifying and granting the correct operation of the site and its functions also through third parties;
• collecting access and browsing statistics to improve the services and the use of the website (through log and technical/analytical cookies, including third parties’); – Legal basis: the provision of site browsing service, the legitimate interest of the owner as well as the obligations established by the law (Art. 6.1.b / c / f of the GDPR). – Data retention: the data (IP address) used for the purposes of site security (blocking attempts to damage the site) are kept for 7 days and are deleted immediately after their aggregation (except for any need to establish criminal offenses by the judicial authority).
b) To respond to a contact or information request sent via the dedicated form. – Legal basis: pre-contractual measures (Art.6.1.b of the GDPR) . – Data retention: maximum 6 months for internal management and organizational purposes.
c) For registration to this website and its services (viewing/downloading of catalogues and technical documents), according to the terms and conditions of use. – Legal basis: the provision of services required (Art.6.1.b of the GDPR). – Data retention: maximum 6 months, after unsubscribing, for internal management and organizational purposes. d) For sending information and commercial newsletter by e-mail. – Legal basis: specific consent (Art.6.1.a of the GDPR). – Data retention: 3 years for internal management and marketing purposes or immediate cancellation in case of unsubscribing request.

 

3) What data we collect

a) Browsing data The computer systems used to operate the site automatically collect some data, even personal ones, the transmission of which is implicit, as well as necessary in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in the Uniform Resource Identifier (URI) notation of the requested sources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the digital code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.
b) Data provided by the user Contact forms and registration to the site. The sending of requests for information/quotation and/or registration to the site, require the recording of personal identification data (including surname, name, e-mail, telephone, residential address), as well as any personal data included in the communication forms. For commercial and promotional communications, only the e-mail address will be used.

 

4) Provision of data

The provision of data for the purposes referred to in point 2a is to be considered mandatory, because without them it is not possible to provide access and navigation to the site. The provision of data for the purposes referred to in points 2b, 2c and 2d is to be considered optional. However, without such data, it will not be possible to complete the registration or respond to any requests for information. The interested party always has the right to revoke all the consents provided. Such revocation will not affect the lawfulness of the treatment based on consent before revocation.

 

5) Processing methods and security measures

Personal data are processed electronically, for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

 

6) Who are the recipients of your data?

In pursuing the described purposes, your personal data as well as being processed by our staff, acting on the basis of specific instructions, may also be disclosed to various subjects, including the followings (but not only them):
• subjects and entities to whom access to such data is recognized by virtue of regulatory provisions;
• physical, juridical, public or private subjects to whom communication is necessary or functional to our activity;
• our suppliers of development, maintenance and hosting services necessary for the operation of this website; platforms for the management of newsletters or companies specialized in services or marketing studies.
The list of data processors can be requested from the Data Controller. In no case the provided personal data will be released without authorization. The transfer of the same data to a third country or to an international organization outside the EEA is not foreseen.

 

7) Your rights

The Data Controller grants the rights provided by Articles 15 to 21 of the GDPR, including: requesting and obtaining access to data; correction, deletion or limitation of data processing; the right to object, in whole or in part, for legitimate reasons, to the processing of personal data, to request the portability, to revoke the consent provided and to make a complaint to a supervisory authority. These rights may be exercised by sending a communication to the Data Controller, at the following address: tonio.grassmann@aromatagroup.com The information provided may be subject to revision. Users are kindly invited to periodically visit this page, so as to be constantly updated on the characteristics of the treatment.