Privacy policy

PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 (GDPR) AND ITS AMENDMENTS
Website User Privacy Notice Model REV. 01 of 02/01/2025

Dear Data Subject, with this document, SCATOLIFICIO NICCOLI DI NICCOLI A. & C. S.A.S. provides information regarding the processing of your personal data collected by us.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller is SCATOLIFICIO NICCOLI DI NICCOLI A. & C. S.A.S. (hereinafter also referred to as "Data Controller" and/or "Company" and/or "SCATOLIFICIO NICCOLI"), with its registered office at Via Parroffia 16, 51018 Pieve a Nievole (PT), VAT number 00087810479, represented by the legal representative pro tempore, who can be contacted, in addition to the aforementioned registered office, at the following contact details:

Phone 0039 0572 81034
Fax 0039 0572 951939
E-mail info@scatolificioniccoli.it 
Certified Email info.niccoli@pec.dibix.it

2. TYPE OF DATA SUBJECT TO PROCESSING

Following the navigation of the Website, we inform you that SCATOLIFICIO NICCOLI will process your personal data, which may include an identifier such as your name, an identification number, an online identifier, or one or more elements characteristic of your physical, economic, cultural, or social identity, capable of making the data subject identified or identifiable. This refers to browsing data, cookies, and data voluntarily provided by the user as specified below.

a. Navigation data

The computer systems and software procedures responsible for the operation of the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. These are information that are not collected to be associated with identified data subjects, but which, by their very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (success, error, etc.), and other parameters related to the user's operating system and IT environment. These data are used solely for the purpose of obtaining anonymous statistical information on the use of the Website and to monitor its proper functioning, identify anomalies and/or abuses, and are deleted immediately after processing. The data may be used for the determination of responsibility in the event of potential cybercrimes against the site or third parties; except for this eventuality, web contact data do not persist for more than seven days. The legal basis for such processing is the legitimate interest of the Data Controller in the technical management related to the functionality and security of the website.

b. Cookie

Cookies are text strings that websites visited by users (so-called Publishers or "first parties") or other websites or web servers (so-called "third parties") place and store on the user's terminal device, to be retransmitted to the same websites on the next visit. For more information about cookies, the User is encouraged to visit the specific pages on the website of the Data Protection Authority
https://www.garanteprivacy.it/temi/cookie.

Currently, this website does not use any type of cookies, neither first-party cookies nor third-party service provider cookies, and for this reason, this website does not need to display a so-called cookie banner.

c. Data voluntarily provided by the data subject

Sending emails to the addresses listed on the website: The optional, explicit, and voluntary sending of emails to the addresses listed on the Company's website leads to the subsequent acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data included in the message. Such data will be processed exclusively for the purpose of responding to the user's request. The legal basis for the processing is the performance of a contract or pre-contractual measures.

Interaction with Social Users on the Data Controller's social media pages: the personal data of Social Users who interact with the Data Controller's pages may be processed to manage requests sent by the user via social networks. The social platforms used by the Company, through the creation of accounts associated with dedicated pages, are currently Facebook, Instagram, and YouTube. These channels operate through the application of their own privacy policies, to which the user has access and agrees. In this regard, the management of potentially collectable and processable data is handled directly by the platforms, and the Company uses them in the manner and for the purposes specified in this section. The content provided should be considered as an implementation of the privacy policies applied by the social network platforms where the Company holds its own account, which is used solely and exclusively for presenting its activities and for the purposes outlined. Therefore, the Company, as a legal entity with its own privacy management system in accordance with and pursuant to EU Reg. 2016/679 and Legislative Decree 101/2018, is exempt from any actions taken by the social network platform operators that are not compliant with the applicable regulations and may potentially infringe the freedom of individuals. The following references are provided, which can be consulted at any time and are continuously updated, regarding the privacy policies applied by the mentioned social network platforms:

Facebook https://it-it.facebook.com/privacy/explanation
Instagram https://about.instagram.com/it-it/safety/privacy
Youtube https://www.youtube.com/howyoutubeworks/user-settings/privacy/

3. DEFINITION OF PROCESSING

Pursuant to Article 4(2) of the GDPR, "Processing" means "any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction."

4. PURPOSE OF DATA PROCESSING, LEGAL BASIS, AND OBLIGATORY OR OPTIONAL NATURE OF THE PROCESSING

The data processing we intend to carry out may have the following purposes:

a. To allow the provision of Services requested by the User, such as the generic or specific request for information through the website or through the Company's Social media pages. The legal basis for the processing of personal data for the purposes outlined above is Article 6.1.b) (i.e., the performance of a contract to which the data subject is a party or the performance of pre-contractual measures taken at the request of the data subject) of the Regulation, as the processing is necessary for the provision of the Services or for responding to the data subject's requests. Providing personal data for these purposes is optional, but failure to provide the data would make it impossible to activate the Services offered by the Website.

b. To fulfill any legal obligations. This purpose represents a personal data processing carried out pursuant to Article 6.1.c) of the Regulation, for compliance with a legal obligation. Once the personal data is provided, the processing is indeed necessary to fulfill a legal obligation to which the Data Controller is subject.

c. To assert or defend rights in legal proceedings, in case of abuse in the use of the Website and/or the Services offered. The processing would be carried out pursuant to Article 6.1.f) of the Regulation (legitimate interest of the Data Controller).

5. METHODS OF DATA PROCESSING

The data processing may be carried out using electronic, telematic, or automated tools, in compliance with the technical and organizational security measures set forth in Article 32 of the EU Regulation, by authorized persons who have been properly instructed and trained, in accordance with the provisions of Article 29 of the aforementioned Regulation.

6. RETENTION PERIOD

Personal data processed for the purposes referred to in section 4 (a-c) will be kept for the time strictly necessary to achieve those same purposes, in compliance with the principles of data minimization and storage limitation pursuant to Article 5.1(e) of the Regulation.

7. RECIPIENTS OF PERSONAL DATA

Personal data may be shared, for the purposes referred to in section 4 above, with:

a. Entities that typically act as data processors pursuant to Article 28 of the Regulation, namely

  1. individuals, companies, or professional firms providing assistance and consulting services to the Company regarding the provision of the Services;
  2. entities with whom it is necessary to interact for the provision of the Services (e.g., hosting providers);
  3. or entities delegated to perform technical maintenance activities (e.g., maintenance of network devices and electronic communication networks); (collectively, "Recipients"); the list of data processors who process data can be requested from the Data Controller.

b. Entities, bodies, or authorities, independent data controllers, to whom it is mandatory to communicate your personal data pursuant to legal provisions or orders from authorities.

8. DISCLOSURE OF DATA

Unless specifically requested in writing by you, or pursuant to a precise order from the Judicial Authority/legal obligation, the personal data you have provided will not be subject to disclosure.

9. TRANSFER OF DATA ABROAD

The data collected will not be transferred to third countries or international organizations. Some personal data of the data subjects may be shared with recipients located outside the European Economic Area. In the event that this occurs and the transfer of the data provided to servers located in non-EU countries becomes necessary, the Data Controller ensures that the transfer and processing are carried out in compliance with the applicable regulations, i.e., transfers are made using appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other legal instruments.

10. RIGHTS OF THE DATA SUBJECT

The regulation grants the Data Subject the exercise of specific rights listed in Articles 15 to 22 of the GDPR, including the right to obtain from the Data Controller confirmation of whether or not personal data concerning them exists (i.e., access), their provision in an intelligible form, as well as the right to rectify, delete, or restrict the processing of such data, or object for legitimate reasons to the processing and/or withdraw consent at any time (subject to the consequences outlined), or to request the portability of their data regarding data subject to specific consent, or even request updates. The Data Subject has the right to be informed about the origin of the data, the purposes and methods of the processing, the logic applied to the processing, the identifying details of the Data Controller, and the entities to whom the data may be communicated. The Data Subject also has the right to request anonymization, restriction, or blocking of data processed in violation of the law; they can also file a complaint concerning unauthorized data processing with the Data Protection Authority in accordance with the procedures published on the website of that authority ( https://www.garanteprivacy.it/ ).

Requests regarding the exercise of the aforementioned rights can be addressed to the Data Controller at the contact details provided above, without formality, or alternatively, by using the form provided by the Data Protection Authority, which can be found on the website: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924

11. COMPLAINT TO THE DATA PROTECTION AUTHORITY

The Data Subject may file a complaint in the manner and within the time limits specified on the website https://www.garanteprivacy.it

12. CHANGES TO THIS PRIVACY NOTICE

This privacy notice (or privacy policy) is effective as of 02/01/2025. SCATOLIFICIO NICCOLI reserves the right to modify or update its content, either partially or entirely, also in response to the activation of new services or changes in applicable regulations. The Data Controller will inform you of such changes as soon as they are implemented, and these will become binding as soon as they are published on the Website https://scatolificioniccoli.it/ and does not apply to other websites owned by SCATOLIFICIO NICCOLI, for which the User is referred to the reading of the specific privacy notices available on those sites.