In accordance with current legislation and the provisions of Art. 13 of the Regulation (EU 2016/679) of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data (General Data Protection Regulation), hereinafter the "Regulation" or "GDPR", this Policy illustrates the processing of users' personal data carried out in relation to the browsing of this website www.neogy.it (hereinafter the "Website") and, where applicable, in the context of contractual or pre-contractual activities carried out on behalf of the customer or potential customer.

This Website is managed by Neogy Srl, with headquarters in Bolzano, via Dodiciville 8, Tax Code 02945160212, telephone: +39 0471 986111, Certified Email (PEC): info@pec.neogy.it (hereinafter the "Data Controller" or "Controller"), who, as Data Controller, determines the purposes and means of the processing of the personal data provided by you through the Website. For specific enquiries related to the protection of personal data, please send your request to the email address privacy.info@neogy.it.

The Data Controller has appointed, pursuant to Art. 37 of the GDPR, a Data Protection Officer, abbreviated as "DPO"), who can be contacted at the following email address: dpo@neogy.it 

PROCESSING PURPOSE

The processing of personal data may have the following purposes:

• to allow the user to browse the Website and use all of its features, check the correct functioning of the Website, allow the user to make better use of the contents and services, also by registering and/or accessing the reserved area
• user interaction on the Website (reserved area, through data provided voluntarily, response to questions posed by the data subject)
• to allow the security checks required by law
• to ascertain responsibility in the event of IT crimes against the Website
• to detect, prevent, mitigate and ascertain fraudulent or illegal activities in relation to the services provided on the Website
• to allow the use of the apps made available by Neogy and use of the related services
• to allow access to the "save and continue" features available on the Website when concluding contracts via the internet, to use contact details in order to facilitate the conclusion of the procedure
• to carry out activities aimed at improving the quality of the services offered, by way of example, through surveys to assess customer satisfaction
• to collect in aggregate and anonymous form data relating to the use of the Website through analytics cookies, similar to technical cookies
• (in case of optional consent) to collect data relating to the use of the Website by the individual user through analytical and statistical cookies
• (in case of optional consent) through profiling and third-party cookies, to directly or indirectly send advertising messages in line with the user's preferences and browsing

For more information on cookies, please refer to the Cookie Policy.

TYPE OF DATA PROCESSED

Neogy will process the Personal Data communicated by the user and/or lawfully collected, in particular the following categories of Personal Data may be processed:

• Browsing data: the computer and telematic systems and the software procedures responsible for the operation and use of the Website acquire some data, such as the date and time of access, the pages visited, the name of the Internet service provider and the Internet protocol (IP) address used to access the Internet, the Internet address from which the user connects to the Website (URL), etc., the transmission of which is implicit in the use of web communication protocols or is useful for better management and optimisation of the data and email sending system.
• Data collected while browsing through cookies and/or other monitoring technologies on the Website: for more information, see the Cookie Policy 
• Data provided voluntarily by the user, such as identification data allowing direct identification, personal data (name, surname, tax code, VAT number, address, etc.), contact data such as telephone number, email address, etc.) communicated to the Controller: for more information, see the section "Data provided voluntarily by the user"
• Data acquired by Customer Service, such as data provided during interactions with Customer Service, including recording of telephone calls with prior consent or in cases of registration pursuant to a legal obligation
• Reserved area data, such as data provided for the purpose of accessing the reserved area, including any identification and contact data, as well as any other contractual data, necessary to successfully complete the registration (registration data)

LEGAL BASIS OF THE PROCESSING - MANDATORY PROVISION

The Data Controller will process the user's Personal Data in the presence of one or more legal bases provided for by the GDPR:

• following the free, specific, informed, unequivocal consent expressed to the processing by the user: for third-party cookies, profiling cookies and non-aggregated analytical and statistical cookies
• for the purpose of executing a contract to which the user is a party or pre-contractual measures taken at the user's request: for the use of the Website's features, to check the correct functioning of the Website, for the "save and continue" feature, reserved area and/or APP, to respond to questions / requests from the Data Subject, for customer experience
• in fulfilment of a legal obligation to which the Data Controller is subject: for the purposes of the security checks required by law and for the purposes of ascertaining responsibility in the event of hypothetical IT crimes against the Website
• in the presence of a legitimate interest of the Data Controller: for the correct functioning and security control of the Website, for the detection, prevention, mitigation and verification of fraudulent or illegal activities in relation to the services provided by the Website, for the improvement and measurement of customer experience satisfaction, quality control of the services offered.

The provision of Personal Data by the user will be:

• necessary in all cases in which the processing takes place on the basis of a legal obligation or to execute a contract or to fulfil pre-contractual obligations, in the event of any refusal, the Data Controller will be unable to process the user's requests and provide the services requested
• voluntary for the pursuit of other additional purposes.

COLLECTION AND METHOD OF PROCESSING 

Data are collected from the Data Subject, i.e. the data that the user provides and those resulting from the use of the Website.
The personal data collected will be processed, with the aid of computerised, telematic and possibly manual means, for the purposes of carrying out the purposes specified above. Processing of Personal Data means any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

The IT systems and software used to operate the Website collect some personal data, the transmission of which is implicit in the use of Internet communication protocols (e.g. IP addresses or domain names of the computers used by users connecting to the Website, URI - Uniform Resource Identifier - addresses of the resources requested, time of the request, method used to send the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server - successful, error, etc. - and other parameters relating to the user's operating system and IT environment). Although this information is not collected to be associated with identified data subjects, by its nature it could, through processing and association with data held by third parties, allow users to be identified.

These data are used for the sole purpose of obtaining statistical information on the use of the Website, not linked to any user identification data, and to check that it is functioning correctly, and are cancelled immediately after processing.

Furthermore, data will be collected through cookies to manage and improve the browsing experience: 

• Technical cookies strictly necessary for the functioning of the Website or to allow the user a better use of the contents and services
• Analytics / analytical and statistics cookies, which allow the collection of data relating to the use of the Website.
• Profiling and third-party cookies to directly or indirectly send advertising messages in line with the user's preferences and browsing.

For further information, including the storage duration of the collected data, please refer to the Cookie Policy.

STORAGE PERIOD

The Personal Data of the Data Subject will be kept for the time necessary to achieve the purposes indicated above, in compliance with the principles of proportionality and necessity, including, where appropriate, to fulfil any related or subsequent obligations required by applicable law.

RECIPIENTS OF PERSONAL DATA

The data collected and processed may be communicated and/or made accessible, for the purposes specified above, to:

• judicial authorities, law enforcement agencies, public administrations, supervisory and control authorities and any other subjects to whom the right to access such data is recognised by law, as well as for the fulfilment of obligations established by law and/or by regulations and/or by public authorities;
• employees, collaborators, suppliers of the Data Controller, in the context of the related duties and/or execution of contractual obligations with reference to the management of the Website and the purposes specified above: by way of non-limiting example, the suppliers of the Data Controller include:
  - other companies of the Alperia Group that perform intercompany services for the Controller as well as for other third parties in charge of providing the services instrumental or in any event necessary for the management of the Website;
  - companies responsible for providing and managing the services relating to the Website: Konverto SPA, via Bruno-Buozzi 8 - 39100 Bolzano
•  (if the Data Subject has given consent to third-party cookies) third-party companies, referring to the list of third-party companies shown in the Cookie Policy)

The aforementioned subjects will process the Personal Data as independent data controllers or, if appointed, as data processors or subjects expressly authorised on the basis of instructions received from the Data Controller.

PLACE OF DATA PROCESSING

Processing will take place within the European Union and data will be stored on servers located within the European Union. There is no intention to transfer the data outside the European Union or to an international organisation. Any transfers of Personal Data to countries outside the European Union will be governed by the provisions of Chapter V of the GDPR and, therefore, provided that an adequate level of protection of Personal Data is ensured by virtue of an adequacy decision of the country issued by the European Commission; and, in the absence of such adequacy decision, on the basis of adequate guarantees of a contractual nature, including binding corporate rules and standard contractual data protection clauses.
Google may transfer the user's Personal Data outside the European Union, in particular to the United States, only after anonymisation.

Please refer to the specific Cookie Policy also available in the footer of this website.

Neogy Srl, as Controller of the Website, informs you that the personal data provided voluntarily by the user (through forms on the Website or through the optional, explicit and spontaneous sending of messages by email or traditional mail to the addresses indicated on the Website) may involve the subsequent acquisition of the information provided, necessary to respond to requests (i.e. the address, including email, of the sender or the relative telephone number), as well as any other personal data included in the relative communications.

Such data will be processed for the sole purpose of following up on the user's request by the persons in charge of the treatment by the Data Controller and may be communicated to companies of the Alperia Group, as well as other third parties (service providers such as independent Data Controllers or, if appointed, as Data Processors), only if this is necessary for this purpose.

The provision of such data is optional, but refusal to provide it would not allow the Data Controller to satisfy the request of the Data Subject.
The consent of the Data Subject is not required for the processing of personal data necessary for these purposes, since the processing is necessary for the performance of a contract to which the Data Subject is party or to take steps at his request prior to entering into a contract (Art. 6(1)(b) GDPR) and, where applicable, to comply with a legal obligation (Art. 6(1)(a) GDPR).

The data will be processed by personnel appointed by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the Data Subject's personal data. The processing consists of the collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation, destruction of the data, including the combination of two or more of the aforementioned activities.

Data are kept for the time strictly necessary to provide the user with the requested service and are erased immediately afterwards, subject to further storage obligations established by law. The data will not be disseminated.

In order to carry out the aforementioned purposes, the Data Controller may also use the services of third parties acting on behalf of and in accordance with the instructions of the Data Controller and appointed as Data Processors, such as providers of processing or instrumental services, including, for example, IT service providers for the operation of the Website.
Please also see the Policy for Website users.

The GDPR gives Data Subjects the right to ask the Data Controller for access to their Personal Data, to rectify or erase it (“right to be forgotten”), or to restrict its processing, as well as to object to its processing. 

If the processing is based on consent or on the performance of a contractual obligation and is carried out with the aid of automated tools, the Data Subject shall have the right to obtain the relevant personal data in a structured format, in a language generally accepted in the industry and readable by automatic means, and, if technically feasible, to request its communication to another controller without impediment. 

Data Subjects then have the right to withdraw their consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal.

The above description is indicative, with reference to articles 7, 15-22, of the GDPR.

To exercise these rights, the Data Subject may contact the Data Controller by sending a written request to the dedicated email address: privacy.info@neogy.it
The Data Controller has appointed, pursuant to Art. 37 of the GDPR, a Data Protection Officer (DPO), who can be contacted at the email address: dpo@neogy.it, specifying the content of the request in the subject line.

Users of the Website have the right to withdraw their consent to the use of non-technical cookies, such as analytical and statistical cookies and/or profiling cookies and third-party cookies, as well as to refuse to accept cookies used for marketing purposes, without affecting the functioning and features of the Website, by accessing the relevant section at the bottom of the pages visited.

Data Subjects always have the right to lodge a complaint with the Italian Data Protection Authority.
The Italian Data Protection Authority can be contacted via the contact details indicated on the Authority's website www.garanteprivacy.it.