INFORMATION PROVIDED IN ACCORDANCE WITH ART. 13 AND FOLLOWING OF THE GDPR
(GENERAL DATA PROTECTION REGULATION) 2016/679

Nivi S.P.A. C.F. P.IVA IT04105740486, with registered office in Florence, Via Odorico da Pordenone, 20, 50127, in the person of the Sole Director Federico Nicosia informs the interested party, pursuant to articles 13 and 14 of the GDPR 2016/679, on how his/her personal data is processed.

Nivi S.P.A. C.F. P.IVA IT04105740486, with registered office in Florence, Via Odorico da Pordenone, 20, 50127, in the person of the Sole Director Federico Nicosia informs the interested party, pursuant to articles 13 and 14 of the GDPR 2016/679, on how his/her personal data is processed. First of all, it is specified that Nivi, in this section of its website, acts as Data Controller limited to certain types of data, while for other data it acts as Data Processor/Sub-Processor (see point 3 of the information notice) by virtue of specific appointment deeds signed with each Client/Principal, of which you can find the indication in the notifications or reminders you have received from the undersigned. To consult the complete information notice of the Data Controller concerning the data processed by Nivi as Data Processor/Sub-Processor, please contact the Data Controller indicated in the notifications/notices sent to you. In any case, if you need assistance in obtaining said information, you can contact Nivi at the contacts indicated below.

According to the provisions of the Regulation, the processing carried out by Nivi S.p.A. will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and conservation, data minimization, accuracy, integrity and confidentiality.

1. Data Controller

The data controller is Nivi S.p.A., with registered office in Via Odorico da Pordenone, 20, 50127, Florence, to whom you can contact to assert your rights.

The contact information of the Data Controller is listed below:

• Address: Via Odorico da Pordenone, 20, 50127, Florence
• Email address: nivispa@pecnivi.it

2. Data Protection Officer

The Data Protection Officer (DPO-RPD) of Nivi S.p.A. is Dr. Leonardo Maggi, to whom you can contact the email address: dpo@nivi.it

3. Type of data processed

The data processed is the information collected automatically through this Website including, by way of example and not limited to: IP addresses, the time of the request and the country of origin.

In addition to this data, information provided directly by the interested party may also be processed, as in the case of sending, through the appropriate section, information transmitted by the interested party even if not requested in any way by Nivi for the performance of its duties.

As previously specified, with regard to data other than those indicated above, Nivi does not act as Data Controller but as Data Processor/Sub-Processor by virtue of specific appointment deeds. For this reason, the interested party must contact the Data Controller indicated in the payment notifications/advice directly to obtain the information required.

4. Purpose of the processing

The processing that we intend to carry out has the following purposes:

1. To allow the provision of the Services requested by you via the website, including the collection, storage and processing of data for the purposes of establishing and subsequently managing the operational, technical and administrative relationship connected to the provision of the Services and sending communications relating to the performance of the established relationship;
2. to allow navigation and consultation of the Nivi S.p.A. website;
3. to comply with legal obligations;

5. Legal basis and mandatory or optional nature of the processing

The legal basis for the processing of Personal Data for the purposes referred to in the previous section letter a) is art. 6(1)(b) of the Regulation as the processing is necessary for the provision of the contractual or pre-contractual services. The provision of Personal Data for these purposes is optional but any failure to provide it would make it impossible to activate the requested Services.

The purpose related to legal obligations (letter c) represents a legitimate processing of Personal Data pursuant to art. 6(1)(c) of the Regulation. Once the Personal Data has been provided, the processing may indeed be necessary to fulfill legal obligations to which Nivi is subject.

For the remaining parts (letter b) the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties whose legal basis is represented by art. 6(1) letter f of the Regulation

6. Methods of processing

In relation to the purposes referred to in the previous point, the processing of personal data occurs in compliance with the principles of confidentiality, correctness, lawfulness and transparency, using manual, computerised and telematic tools, with logic strictly related to the purposes themselves, also through the use of telephone, mobile phone, email or other remote communication techniques; the personal data will be managed by implementing adequate technical and organisational measures to guarantee a level of security appropriate to the risk pursuant to art. 32 GDPR. There are no automated decision-making processes and/or data profiling systems managed by the owner.

7. Recipients of the data

Your Personal Data may be shared not only with the authorized persons acting under the direct authority of the Data Controller, duly appointed pursuant to Article 29 GDPR and 2-quaterdecies of Legislative Decree 196/2003 and subsequent amendments, for the purposes referred to in the section above, but also with:

1. subjects who typically act as data controllers, namely: i) persons, companies or professional firms that provide assistance and consultancy to Nivi in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services; ii) subjects with whom it is necessary to interact for the provision of the Services; iii) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks). In this regard, it is specified that for the use of the chat-box it is possible to consult the information of the service provider at the address: Smartsupp — Data Privacy & GDPR As regards payment transactions, it is possible to use additional providers such as electronic money institutions, whose information can be consulted when you are directed to the respective web page.
2. subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of provisions of law or orders of the authorities; The complete list of data controllers is available by sending a written request to Nivi at the address nivispa@pecnivi.it

8. Data retention period

The data will be processed for the entire duration of the contractual relationship and also subsequently, for the fulfillment of legal obligations and for administrative and commercial purposes for a maximum period of 10 years from the provision, unless otherwise provided by law.

In the remaining cases, Nivi will process the data for the time strictly necessary for the performance of the requested services.

9. Rights of the interested party

Pursuant to Articles 7, 15, 16, 17, 18, 20, 21 and 22 of EU Regulation no. 2016/679, the interested party has the right to obtain confirmation as to whether or not data concerning him or her are being processed and, where that is the case, to obtain access to the data and the following information:

The interested party has the right to obtain information on:

1. the purposes of the processing;
2. the categories of personal data in question;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
4. where possible, the envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period;
5. all available information on the source of the data if they are not collected from the interested party;;
6. the existence of automated decision-making, including profiling

The data subject shall also have::

1. the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her;
2. the right to obtain from the controller without undue delay the erasure (“right to be forgotten”) of personal data concerning him or her;
3. the right to obtain from the controller restriction of processing;
4. the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data;
5. ithe right to receive personal data concerning him or her in a structured, commonly used and machine-readable format;
6. the right to withdraw consent at any time;
7. the right to lodge a complaint with a supervisory authority;
8. the right to be informed of the existence of appropriate safeguards where personal data are transferred to a third country or to an international organisation;
9. the right to obtain a copy of the data being processed.

To exercise these rights, you may contact the Data Controller at the contact points indicated in paragraph 1- Data Controller, by sending a specific request by registered letter, fax and/or email.

10. Data Transfer

The management and storage of personal data will take place on servers located within the European Union. Therefore, your personal data will not be transferred to countries outside the European Economic Area. However, if it becomes necessary to change the server location, the data controller ensures that the transfer of data outside the European Economic Area will be carried out in accordance with the law, and if necessary, agreements will be made to ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

11. Cookies

Regarding the cookies processed by Nivi, please refer to the cookie policy.

COOKIES POLICY - in compliance with the guidelines of June 10, 2021, of the Italian Data Protection Authority:

A cookie is a small text file that a website saves on the user's computer browser. Usually, cookies allow for the storage of user preferences so they do not have to be re-entered later. The browser saves the information and sends it back to the site server when the user revisits that website. To enhance website navigation and user experience, we use technical cookies:

• __RequestVerificationToken: This is a cookie necessary for the proper functioning of the website, which expires automatically at the end of each browsing session.

At any time, the user can prevent cookies from reaching their computer or mobile device by selecting "Disable cookies" in their browser settings (we encourage users to consult their browser documentation). Information on how to block or delete cookies installed can be found for the following browsers:
Chrome
Firefox
Explorer
Safari