EU Regulation 679/2016 on the processing of personal data – Art. 13

Website Privacy Policy

NTS s.r.l. with registered office in Via Fiorenzo Semini 28 – 16163 – Genoa, CF and P.IVA 01260190994 (hereinafter, “Data Controller”), as the data controller, informs you in accordance with Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes:

Object of Processing

This Privacy Policy concerns the way in which the website is managed with regard to the processing of users’ personal data. Processing of personal data means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as collecting, recording, organizing, structuring storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

1.1 Type of data collected

In accordance with EU Regulation 679/2016 on the processing of personal data when you use our services, you agree that our company collects some of your personal data. This policy is intended to tell you what data we collect, why, and how we use it.

1.1.1. Data provided by the user

When you request information or place a pre-order through the contact form on our site, we ask you to provide us with certain data that we need in order to use our services.

These are, by way of example but not limited to, the data we ask you for:

First name, Last name
email address
phone number

1.1.2. Data we automatically collect from the website

We collect the following data through the services we use:

technical data: e.g. IP address, browser type, information about your computer, data about the current (approximate) location of the tool you are using;
data collected using cookies or similar technologies. For more information about the types of cookies we use and how to disable them, please see the Cookie Policy
Purpose of processing

The purpose of data processing will be to carry out the activities listed below.

Personal data are collected on our site in order to:
allow the user to access the site,
allow the user to request information,
provide the requested information,
collect statistical information on the use of the site (most visited pages, number of visitors by daily time slot, geographical areas of origin, etc.) and improve its usability for its users.
Receive a resume from a candidate.
Your data may also be processed, subject to your explicit consent, for direct marketing purposes; for these types of processing, please refer to the specific information that will be submitted to you when you provide us with the personal data necessary for the execution of the above promotional activities ( e.g. first name, last name, email, contact information )

3 Methods of processing

The processing of your personal data is carried out by means of the operations indicated in Article 4 No. 2) GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.

Access to data

Your data may be made accessible for the purposes of art. 2.1 and , subject to your consent for the purposes of art. 2.2 to:

employees and collaborators of the Controller in their capacity as authorized and/or internal data processors and/or system administrators;
to third party companies or other entities (by way of example ICT companies, website providers, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
Communication of data

Without the need for express consent (art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.1 to Supervisory Bodies or Judicial Authorities, as well as to those subjects to whom the communication is obligatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous data controllers.. Your data will not be disseminated.

Data transfer outside the EU

Data management and storage take place on servers of the Data Controller and/or of Third Party Companies appointed as external data controllers. These servers are located at the Data Controller (in Italy) and in any case within the European Union.

Personal data are not transferred outside the European Union. In any case, it is understood that, should it become necessary, the Data Controller may also transfer personal data to countries outside the EU, guaranteeing as of now that the transfer of personal data outside the EU will take place in compliance with the applicable legal provisions (starting with EU Reg. no. 679/2016) and therefore by entering into, if and to the extent necessary, specific agreements that guarantee an adequate level of protection of personal data or in any case by adopting the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU.

The data you provide will not be disclosed to third parties.

Nature of data provision and consequences of refusal to respond

It should be noted that with reference to the purposes referred to in point 2.1 of the paragraph “Purposes of processing” in the absence of personal data concerning you, the service cannot be carried out. On the other hand, failure to provide consent to the processing of data for the purposes referred to in point 2.2. of the paragraph “Purposes of processing” will have no consequences on the provision of services. With reference to the consequences of non-acceptance and/or removal of cookies, see what is specified in the Cookie Policy

Period of data retention

The data collected by the site during its operation are kept for the time strictly necessary to carry out the specified activities. Upon expiration, the data will be deleted or anonymized, unless there are additional purposes for retaining the data, e.g. for security reasons in case of clarifying possible cases of misuse. In such cases, the Data Controller will retain the acquired personal data for as long as necessary to fulfill legal obligations and/or possibly to assert and/or defend a right in the appropriate forums. Data collected in connection with the purpose mentioned in 2.2 will be kept for 2 years from the time of ‘last marketing contact.

Rights of the Data Subject

In your capacity as a data subject, you have the rights under Article 15 GDPR and specifically the rights to:

obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in intelligible form;
obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and designated representative under Art. 3, paragraph 1, GDPR; e) the subjects or categories of persons to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, managers or agents;
obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even if pertinent to the purpose of collection, b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or mail. It should be noted that the data subject’s right to object, set forth in point b) above, for direct marketing purposes through automated modalities extends to traditional ones and that, in any case, the possibility for the data subject to exercise the right to object even partially remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.

Where applicable, it also has the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

How to exercise your rights

You may exercise your rights at any time by sending a registered letter with return receipt to NTS s.r.l. at the registered office at Via Fiorenzo Semini 28 – 16163 – Genoa – or by e-mail to

Owner, manager and appointees

The Data Controller is NTS s.r.l. with registered office at Via Fiorenzo Semini 28 – 16163 – Genoa – . The updated list of data processors and persons in charge of processing is kept at the operating headquarters of the Data Controller.

Compila il modulo per chiedere informazioni