NearBy Group

Privacy policy

Purpose of this document

To describe how the Data Controller shall process the personal data of users who are browsing the following website: www.nearbygroup.it

Data Controller

The Data Controller is Plastidue Srl, VAT No. 00595000266, Via Giulio Pastore, 35 – 31044, Montebelluna (TV) Italy, email: info@plastidue.com . Although the Data Controller is a company based in Italy, all communications and notifications to the company may also be conducted in English.

Data processing by the Controller – Legal basis

According to GDPR and the Italian Privacy Code, each and every personal data processing activity must be justified by an appropriate legal basis. The data processing is lawful under the following legal bases:
Consent: the data processing shall be lawful when the Data Subject expresses their informed consent in a free, unequivocal, and specific manner.
Contract: the data processing shall be lawful when necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
Legal obligation: the data processing shall be lawful when necessary for compliance with a legal obligation to which the Data Controller is subject.
Legitimate interest: the data processing shall be lawful when necessary for the purposes of the legitimate interests pursued by the Data Controller or third parties (except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, in which case the processing is NOT lawful.)

Data processing by the Controller – Purposes

Perform its business and improve its quality

The Data Controller shall process the personal data of users in order to provide its own products and/or services, reply to all requests received, and improve the overall quality of its activities.
Legal basis: Contract | Legitimate interest

Please note:

Communication of personal data is instrumental to this purpose: any user may refuse to disclose the required data. However, this might prevent the Data Controller from performing and complying to its obligations, providing its services, or transmitting information in whole or in part.

Abide by the law

The Data Controller shall also process the personal data of users to comply with the legal obligations it is subject to, protect its own rights, and allow judicial authorities to exercise their functions.
Legal basis: Legal obligation

Please note:

Communication of personal data is instrumental to this purpose: any user may refuse to disclose the required data. However, by doing so the Data Controller will not be able to comply with the legal obligations it is subject to.

Categories of data processed by the Controller

Personal data disclosed by the user

Any user may expressly contact the Data Controller, on their own will, by several means:
By sending messages to the Controller’s contact addresses.
By sending private messages to any profiles or official pages of the Controller on social media.
By completing and sending any of the contact forms available on the website.
The Controller shall process the personal data disclosed by the user. The provision of certain services (e.g. restricted area login, contact forms, or newsletter subscription) is accompanied by a relevant policy for each service.

Examples of personal data disclosed by the user:

Identification data: first and last name, tax identification number, date and place of birth
Contact data: telephone number, email address, permanent or temporary address, mailing address, office address

Browsing data

This website runs on information systems and software processes which may acquire, during their normal course of operations, certain personal data whose transmission is inherent in the use of Internet communication protocols. Those data are required in order to use the services provide by the website. They are anonymised in order to collect site traffic statistics and check its proper operation. Once processed, those data are automatically erased (unless they are required by the judicial authority in order to conduct investigations on potential criminal offences.)

Examples of browsing data:

IP addresses or domain names of computers and terminals used by users.
URI/URL (Uniform Resource Identifier/Locator) addresses of any resource requested.
Time of request, method used to submit the request to the server, and size of the reply file.
Numeric code showing the status (Accepted, Error, etc.) of the response given by the server.
Other parameters related to the operating system and IT environment used by a single user.

Web usage statistics

The Data Controller generates statistics on the usage of its website through Google Analytics. Google Analytics does not gather any personal data from any user, since all IP addresses are anonymised as soon as they are received from the Internet, before being saved or processed.

Examples of statistics generated by Google Analytics:

Most viewed pages
Use of services
Number of viewers per day
Number of viewers per time slot
Geographical location of viewers

Cookie

Like almost any other website does, the Data Controller’s website makes use of cookies and other similar technologies. Cookies are text files which are installed into the device of any user visiting the website, in order to improve their browsing experience by automating certain processes and to analyse how the website is used.

Please note:

All necessary information about the cookies used by the Controller’s website and how to manage (and disable) them are described in the Cookie Policy.

Processing methods

The processing of personal data (either on hard copy or in electronic/digital format) is carried out by means of the operations described in Art. 4, paragraph 2) GDPR, i.e.: collection, recording, organization, storage, consultation, adaptation, alteration, selection, retrieval, use, restriction, disclosure, erasure and destruction of data.

Examples of processing methods:

Hard copy archives
Email
Telephone
Instant messaging services

Data retention period

The Data Controller shall process the personal data of any user either for a period of time strictly necessary to achieve the purposes stated herein, or longer if required to protect its own rights or to allow any lawsuit by the judicial authority.

Please note:

All data disclosed for advertising purposes (e.g. newsletter marketing) shall be processed until the user communicates their decision to opt out. Any user may revoke their consent to the processing of data disclosed for advertising purposes by notifying the Controller thereof at any time.

Recipients of data

The Data Controller may disclose user data to third parties whose co-operation is necessary to achieve the purposes stated herein, and to judicial authorities acting in their capacity as such.

Examples of recipients of the data:

Employees, trainees, and internal partners of the Data Controller.
Legal professionals and advisers, law firms, and consulting firms working in partnership with the Data Controller (e.g. attorneys, labour consultants, etc.)
Individuals or entities managing the proper functioning of the website, information systems, and telecommunications networks (e.g. webmasters, web agencies, etc.)
Individuals or entities performing data procurement and processing services.
Public authorities and institutions, to the extent that prerequisites set forth by the applicable regulations are satisfied.

Rights of the Data Subject

n the cases provided for by the law, the Data Subject (i.e. the individual the personal data subject to the processing refer to) has the right to access their own data, and have them rectified or erased, the right to object to the processing of their data or ask for a restriction of processing, as well as the right to receive the personal data concerning them in a structured, commonly used and machine-readable format. Moreover, the Data Subject has the right to withdraw their consent given to the Controller at any time without affecting the lawfulness of the processing based on consent given before its withdrawal.

Please note:

The Data Subject may exercise their rights and revoke their consent by notifying the Data Controller thereof using the contact information above.

The Data Subject has in any case the right to lodge a complaint with the Data Protection Commissioner or bring proceedings before a court if they deem the processing of their personal data by the Controller to be unlawful.

Notes

This document may be subject to amendments over time. You are therefore invited to check it out on a regular basis.
This document only applies to the Data Controller’s website. In case links to other websites are included, you are recommended to check out their own privacy policies.
This document was drawn up thanks to the technical support provided by Mi.Zar S.r.l.