Netsons s.r.l. (hereinafter referred to as Netsons) respects the privacy rights of its customers and website users, accessible at www.netsons.com, and recognizes the importance of protecting the collected personal data.
Since May 25, 2018, the European Privacy Regulation has brought about a significant change in the management of personal data and the approach to privacy rights. Netsons, in compliance with the requirements of EU Regulation no. 2016/679 - GDPR, has implemented its own Privacy Organizational Model that focuses on the security of personal data and respect for privacy rights.
In light of these changes, Netsons, in order to make the relationship with its customers, users of this website, potential customers, and third parties who come into contact with Netsons on behalf or under the delegation of customers, increasingly transparent, provides in this document the information on the processing of personal data required by the legislation. It is important, therefore, to carefully read the content of this information prepared in accordance with Articles 13 and 14 of Regulation (EU) 2016/679.
1 - DATA CONTROLLER
Personal data collected through this website, accessible at www.netsons.com, is processed as data
Name: Netsons S.r.l.
Registered Office: Via Tirino 99 - 65129 - Pescara, Italy
2 - DATA PROTECTION OFFICER - DPO
Netsons has appointed its own Data Protection Officer - DPO - in the person of lawyer Andrea Battistella, who is available for any information regarding the processing of the Data Controller's personal data. The DPO can be contacted by writing to: firstname.lastname@example.org.
3 - TYPES OF COLLECTED DATA
The term 'processing of personal data' refers to any operation performed on personal data. Within the scope of its activities, Netsons processes the following categories of personal data:
|Category of personal data||Description|
|Personal details||The personal data (name, surname, nationality, province and city of residence, landline/mobile phone number, tax code, email address) voluntarily provided by the data subject to Netsons through the completion of forms on the website or during the purchase of services.|
|Payment data||Personal data provided by the customer regarding transactions for the purchase of services provided by Netsons (IBAN and banking/postal data), excluding electronic transactions managed by third-party providers (e.g., credit card).|
|Login and Navigation Data||Information recorded by Netsons' computer systems during the normal provision of the service. This category of data includes, for example, all the information contained in log files relating to internet communication protocols, operations performed on files and services.|
4 - PURPOSE AND LEGAL BASIS
The personal data provided by the data subject to Netsons is processed for the following purposes and based on the corresponding legal bases:
|Purpose||Legal Basis (Art. 6 GDPR)|
|CLIENT AREA REGISTRATION - MANAGEMENT OF CONTACT REQUESTS
The processing of the data subject's personal data is carried out to manage: the creation of the client area, the life cycle of the service purchase order, the provision of services, requests for commercial and technical information or assistance.
|MANAGEMENT OF CONTRACTUAL RELATIONSHIP
The processing of personal data is aimed at fulfilling the obligations provided for in the service purchase contract, a regulation, Italian and/or community legislation, or an order from the Judicial Authority. In particular, for example, data is processed to handle requests for commercial and technical information or assistance, related billing, and payment management (excluding credit card numbers), as well as the fulfillment of any other obligations arising from the commercial relationship.
Legal Obligation Compliance
|SENDING PROMOTIONAL COMMUNICATIONS
The processing of the data subject's personal data is carried out for the purpose of sending promotional communications about Netsons' activities and services, as well as sending newsletters about Netsons' activities.
*the data subject has the right to withdraw consent at any time
|PHYSICAL AND INFORMATION SECURITY
In order to ensure the security of networks and information, the protection of corporate assets, and the security of premises and corporate systems, Netsons carries out control activities to prevent fraud and scams against itself and its customers. This type of processing concerns, for example, checks on hosting usage (e.g., exceptional increase in customer's disk space usage), anti-spam activities (blocking spam or phishing activities).
|Legal Obligation Compliance
Legitimate Interest of the Data Controller*
(Art. 6(1)(f) - Recital 47)
*the data subject has the right to object at any time to the processing of personal data concerning them for the above-mentioned purpose.
5 - DATA RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS
The personal data provided by the Customer may be communicated to third-party recipients in order to fulfill contracts or related purposes. Specifically, the data may be communicated to recipients belonging to the following categories:
- Legal and tax professionals and consultants;
- Banks and external providers for the management of payments made by credit cards;
- Competent authorities to fulfill legal obligations and/or provisions dictated by public bodies (Revenue Agency, Police Forces, etc.);
- Entities with whom it is necessary to interact for the provision of services (e.g., national and foreign registration authorities to whom technical and administrative documentation and Maintainer forms are to be transmitted, authorities managing the WHOIS database containing the personal data of domain name holders);
- External entities that manage/support/assist, even occasionally, the Data Controller in the provision of services, the administration of the information system, and telecommunications networks.
The entities belonging to the aforementioned categories act as Data Processors or operate independently as separate Data Controllers. The list of any Data Processors is constantly updated and available at the Data Controller's registered office. In any case, personal data will not be disseminated and, therefore, will not be made known to unspecified individuals.
6 - PROCESSING METHODS
The processing will be carried out both manually and/or with the aid of computer and telematic tools, using organizational and processing methods strictly related to the aforementioned purposes and in a way that ensures the security, integrity, availability, and confidentiality of personal data. In accordance with Article 5(1)(e) of EU Regulation 2016/679, the collected personal data will be stored in a form that allows the identification of data subjects for a period not exceeding the achievement of the purposes for which personal data is processed.
7 - DATA PROVISION
It should be noted that, given the purposes of the processing, the provision of data is optional. Failure, partial provision, or inaccurate provision may result in the impossibility to manage the activation and provision of services provided by Netsons. Consent to receive communications from the Data Controller is optional.
8 - TRANSFER OF DATA TO A THIRD COUNTRY
Personal data stored by customers on Netsons' computer systems is kept within the Italian territory and is not transferred outside the European Union.
The personal data of customers, where necessary for the provision of Netsons' services, may be shared with suppliers based in countries outside the European Union that provide an adequate level of personal data protection , as deemed appropriate by the European Commission through its own decision, or based on other appropriate safeguards, such as the standard contractual clauses adopted by the European Commission or with the data subject's consent. The data subject can request further information by writing to email@example.com
9 - DATA RETENTION PERIOD
Personal data is stored for the entire duration of the contractual relationship, which may also include backup following the cancellation of the service. If contractually provided, this backup extends the processing for a maximum period of 45 days from the conclusion of the service. In the event of revocation or other termination of the aforementioned relationship, personal data will only be processed for the period stipulated by law for the fulfillment of, for example, tax obligations (e.g., invoices will be kept for ten years).
For marketing purposes, personal data, during the existence of a contractual relationship, will be processed until consent is withdrawn or for the period established by regulations or provisions issued by the supervisory authority.
Navigational data is processed and stored for the time specified by the applicable laws of the activities and sectors in which the Data Controller operates.
Once the retention periods have expired, personal data will be erased or transformed into anonymous form.
10 - DATA SUBJECT'S RIGHTS
The data subject has the right, in the cases provided for by the GDPR, to exercise the rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, in particular:
- to access personal data;
- to obtain the rectification or erasure of personal data or the restriction of processing;
- to object to the processing; to data portability;
- to withdraw consent: the withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal;
- to lodge a complaint with the Supervisory Authority (Data Protection Authority)
The data subject can exercise their rights independently by managing their personal data and preferences in the privacy center available in their Client Area. In any case, you can send a request to the Data Controller using the following contact details:
- Netsons s.r.l. Via Tirino 99, 65129, Pescara, Italy
- +39 0854510052
Netsons services can only be purchased by registered users. The user, during registration and when purchasing services, undertakes to provide their personal data correctly and up-to-date.
Through the use of services provided by Netsons, the user may process the personal data of third parties. In this case, the customer (registered user) will be considered the data controller, assuming all the obligations and responsibilities provided for by the relevant regulations and ensuring that such processing is based on an appropriate legal basis pursuant to Article 6 of the GDPR. Therefore, the customer undertakes to provide Netsons with broad indemnity with respect to any dispute, claim, or request for compensation for damages resulting from processing related to the personal data of third parties.
DOMAIN NAME REGISTRATION
Regarding the processing of personal data carried out in the context of domain name registration, the provision of personal data is optional, but in the absence of such provision, Netsons will not be able to provide the requested service.
The personal data of the domain name holder, for purposes strictly related to the provision of the service, is communicated to national and foreign registration authorities to whom Netsons is required to transmit the technical and administrative documentation required by sector regulations, as well as to any other accredited entities for domain name registration for extensions for which Netsons does not act as a Registrar. The Customer acknowledges that these entities process the data of the domain name holder as independent data controllers.
This sharing is necessary to complete the domain name registration process, and therefore the legal basis of the processing is the service contract pursuant to Art. 6(1)(b) of the GDPR.
In addition, based on the policies of national registration authorities and/or based on the consent expressed during registration and/or renewal, personal data may be published, and therefore disseminated, on the public WHOIS database (https://lookup.icann.org/) containing the personal data of domain name assignees. With reference to this processing, we specify that ICANN acts as an independent data controller and Netsons has no control over the processing carried out by this entity.