Datenschutz und Sicherheit

Information on the processing of personal data pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“Regulation”)

Art. 1 Data controller and contact data

Northwave Srl - Via Levada, 145, 31040 Pederobba TV , ;e-mail NorthWave srl, is the data controller for the processing of personal data of users ("Data Controller") which are collected when accessing and/or browsing and/or registering on the site www.northwave.com owned by the company itself ("Site") and/or making a purchase through the Site and/or requesting assistance and customer care services from the Site (the "Site Services").
Further information
Please note that on the Site you can purchase products marketed under the Trademarks NorthWave srl. The NorthWave srl online sales service is provided by Ecommerce Outsourcing s.r.l. (VAT Reg. No. and Tax Code 08576060969) with registered offices in Via Sesia 5, 20017 Rho (MI), registered with the Business Register of Milan under no. 2034727, which sells, on behalf of NorthWave srl, the products marketed on the Site on an exclusive basis.
Ecommerce Outsourcing s.r.l., processes the data as data processor on the basis of the instrument of appointment as data processor conferred by the Data Controller.

Art. 2.1 Purpose and legal basis of processing

NorthWave srl, after you have granted your consent, will process your personal data for:

2.1a

  1. Allowing registration to the Site and the use of services reserved for registered users;
  2. allowing the conclusion of the purchase contract through the Site and the proper performance of the obligations arising therefrom, such as, for example, the delivery and payment of the products and/or services purchased;
  3. implementing the requests submitted by the user;
  4. managing and maintaining the Site.

The legal basis for this processing is the fulfilment of the contract or, as the case may be, the execution of pre-contractual measures adopted at the request of the data subject (art. 6.1.b) of the Regulation

The provision of data for the purposes set out in point 2.1a above is optional, i.e. there is no legal or contractual obligation to communicate the data; however, since their processing is necessary to allow registration on the Site and/or the conclusion and execution of the purchase contract on the Site, or to respond to your requests, failure to communicate the data will make it impossible for the user to register on the Site and/or to conclude a purchase contract through the Site and/or to receive a response to requests made.
For the purposes referred to in point 2.1a above, NorthWave srl will keep your data for the time strictly necessary to carry out the individual processing activities (e.g. the data necessary for the execution of the purchase contract will be processed until delivery of the product or, in case of non-delivery, until the termination of the contract), it being understood that, once this term has expired, the Data Controller may keep the data for the purposes and for the maximum storage limits provided for in the following sections of this notice and/or in any case, in the cases established by the Regulations and/or applicable Law.

2.1b

  1. implementing obligations of an administrative and/or accounting and/or fiscal nature, related to the provision of services and/or the purchase contract concluded through the Site.
  2. responding to requests to exercise the right of withdrawal and/or requests to exercise the legal guarantee of conformity and/or other rights arising from the purchase contract concluded on the Site and/or provided by law in relation to such contract;
  3. performing any activities which prove to be necessary as a result of the exercise of these rights and to make any reimbursements where appropriate;
  4. receiving and responding to requests for the exercise of personal data protection rights provided for in the Regulations and carry out all consequent activities.

The legal basis of this processing is the fulfilment by the Data Controller of legal obligations imposed under domestic and European sector regulations, from time to time applicable to the current relationship.

The provision of data for the purposes referred to in point 2.1b above is mandatory, because their processing is necessary to allow the Data Controller to fulfil legal obligations as well as to allow you to exercise the rights that the law or the contract grant you. any refusal to provide data for these purposes will make it impossible for the user to use the services of the Site and, in particular, to conclude the purchase contract, as well as to exercise the rights that the law or the contract generally grant you.

For the purposes referred to in point 2.1b above, the Data Controller will keep your data until the expiration of the legal terms provided for the execution of each administrative, accounting and fiscal fulfilment and/or for the exercise of the rights arising from the purchase contract; in case of exercise of the rights provided for by the Regulation (better listed in art. 6 of this notice), your data will be processed until the Data Controller certifies to have fulfilled your request.

2.1c

  1. for general assistance and customer care activities and therefore to respond to requests for information from users or to respond to complaints, reports;
  2. exercising the right of defence in all relevant courts (e.g. as proof of performance of the purchase contract);
  3. in case of payment for purchases made on the Site by credit card, prevent and/or repress fraud and/or illegal activities.

The legal basis for this processing is the execution of pre-contractual measures adopted at the request of the data subject (art. 6.1.b of the Regulation) or, as the case may be, the legitimate interest of the Data Controller (art. 6.1.f of the Regulation). Please note that, for example, it is a legitimate interest of the Data Controller to respond to requests for information and/or reports and/or complaints from users of the Site. It is also in our legitimate interest to prove that we have fulfilled the obligations arising from the contract with the data subject, or imposed on the data controller by law.

The provision of data for the purposes of assistance and customer care as per point 2.1c above is optional, there is no legal or contractual obligation to provide the data; however, given the purpose of the processing, failure to communicate your data would make it impossible to respond to your requests and/or reports and/or complaints, if the response to such requests involves the processing of your personal data.

With specific reference to customer care purposes, the Data Controller will process your data for the time required to carry out the requested activities.

The provision of data for the purpose of defending a right referred to in point 2.1c above is optional, therefore there is no legal or contractual obligation that requires you to provide the data for this purpose, moreover, any data initially collected for a different purpose are used for this purpose, the further processing of which is permitted as it is based on the legitimate interest of the Data Controller.

With specific reference to the purpose of defending a right, your data will be stored and possibly used for the purposes of proof of fulfilment of the purchase contract: for 10 years from delivery of the product or termination of the contract, in the case of non-delivery of the product; in the case of exercising the rights provided for in the purchase contract or by law: for 10 years from the closure of the file (e.g. delivery of the replacement product in the case of legal guarantee of conformity), the closure of the file means the last correspondence relating to the exercise of the right in question. Finally, if you exercise the rights provided for in the Regulation (as better specified in art. 8 of this information notice) your data will be kept for 5 years of the confirmation of having responded to the request of the data subject.

The provision of data for the purpose of "fraud prevention" referred to in point 2.1c is optional, therefore there is no legal or contractual obligation to provide such data for this purpose. We also inform you that for this purpose, the Data Controller uses personal data initially collected for different purposes (e.g. the execution of the purchase contract or its performance) whose further processing for the purpose of fraud prevention is allowed, as it is based on the legitimate interest of the Data Controller.

With specific reference to the purpose of "fraud prevention" referred to in point 2.1c above, your data will be kept for a period of 24 months from collection.

2.2

NorthWave srl, subject to your express consent and without any consequences in case of refusal, will process your data, for the following additional purposes:

2.2a

  1. marketing: to send you offers, promotions, discounts, advantages, commercial or promotional communications and complimentary products; invitations to events or venues; special initiatives concerning products marketed under their own or third party brands; to involve you in marketing activities or approval checks by means of automated systems (such as e-mail) or by postal service;
  2. profiling: for the processing of my consumption choices and purchasing habits, by Northwave srl through the detection of the type and frequency of purchases made on the website www.northwave.com in order to send Northwave commercial communications of my specific interest, referring to my own products and/or services or those of third parties through automated systems (e.g. e-mail, sms) and not (e.g. mail and/or telephone).

The legal basis for this processing is the express consent of the user (art. 6.1.a of the Regulation).

The provision of data for general marketing purposes is optional: there is no legal or contractual obligation for you to provide such data for this purpose and/or to consent to the processing of your personal data for this purpose.

For marketing and profiling purposes, NorthWave srl will process the user's data until the revocation of consent and/or the exercise of the right to object and, in any case, no later than 24 months after the data collection; before the expiry of this period NorthWave srl reserves the right to ask the user to renew the consent and/or update it.

Further Information:
We remind you that you are entitled to withdraw your consent at any time as well as to oppose, at any time, the processing of your data for marketing purposes by contacting the Data Controller as provided for in art. 6 of this notice.

Art. 3 Processing methods

The processing of personal data concerning you will mainly be carried out with the aid of electronic or automated means, in accordance with the methods and tools suitable to ensure the security and confidentiality of the data, in accordance with the provisions of the Regulation and the Code on the protection of personal data referred to in Legislative Decree 30 June 2003, n. 196 and subsequent amendments ("Privacy Code"). In particular, all technical, IT, organisational, logistical and procedural security measures will be adopted in order to guarantee the minimum level of data protection provided for by law, allowing access only to the persons in charge of processing by the Data Controller and the persons designated and instructed by the Data Controller.

The information acquired and the methods of processing will be relevant and not excessive compared to the type of services rendered.

The processing of personal data concerning you will mainly be carried out with the aid of electronic or automated means, in accordance with the methods and tools suitable to ensure the security and confidentiality of the data, in accordance with the provisions of the Regulation and the Code on the protection of personal data referred to in Legislative Decree 30 June 2003, n. 196 and subsequent amendments ("Privacy Code"). In particular, all technical, IT, organisational, logistical and procedural security measures will be adopted in order to guarantee the minimum level of data protection provided for by law, allowing access only to the persons in charge of processing by the Data Controller and the persons designated and instructed by the Data Controller. The information acquired and the methods of processing will be relevant and not excessive compared to the type of services rendered. The data will also be managed and protected in environments to which access is under constant control.

Art. 4 Categories of recipients of personal data

The personal data you provide may be communicated by NorthWave srl to the following categories of recipients:

  1. to entities acting as external data processors designated by NorthWave srl under a specific contract ("Data Processors", including eCommerce Outsourcing s.r.l.) or persons authorized to process personal data under the direct authority of the Data Controller ("Entities in Charge") or, in the case of third parties that the Data Processor uses, as "Sub - Processors", pursuant to art. 28.4 of the Regulation;
  2. companies of the group to which NorthWave srl belongs and/or the employees and/or collaborators of , for the performance of administration, accounting and IT and logistic support activities;
  3. to companies, consultants or professionals who may be responsible for installing, maintaining, updating and generally managing the hardware and software of NorthWave srl, including cloud computing service providers, and third parties they use;
  4. to companies appointed by NorthWave srl to send commercial communications both by e-mail and SmS by post;
  5. to companies that carry out logistical support and/or warehouse and/or packaging and/or shipping and delivery or collection of products purchased on the Site and to third parties that they use;
  6. to companies that provide software for tracking, monitoring and profiling both for marketing purposes and to prevent the improper use of the Site Services and to third parties that they use;
  7. to all those entities, including public authorities, that have access to the data by virtue of regulatory or administrative provisions;
  8. to all those public and/or private entities, natural and/or legal persons (legal, administrative and fiscal consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Labour Offices, etc.), if the communication is necessary or functional to the correct fulfilment of the contractual obligations undertaken in relation to the Site Services, as well as the obligations arising from the Law, or in the case of assessment, exercise or defence of rights.

The list of the addressees is available at the Holder's premises.

Art. 5 Transfer of personal data to third party countries

Your personal data is not transferred to countries outside the EU.

The transfer takes place on the basis of the adequacy decisions of the European Commission and the consequent consents issued by the Italian Data Protection Authority (Garante per la protezione dei dati personali) based on the standard contractual clauses in force between the data controller and data processor.

Art. 6 Rights of the data subject

The data subject may exercise the rights provided for in the following section by contacting the Data Controller at the following addresses:

Art. 7 Times and procedures of response in case of exercise of the rights of the data subject

In the event of a request to exercise the rights provided for in article 6 above, the Data Controller undertakes to provide the data subject with information on the actions taken, without undue delay and, in any case, within one month of receipt of the request. This period may be extended by two months if necessary, taking into account the complexity and number of requests. The Data Controller shall inform the data subject of this extension, and the reasons for the delay, within one month of receipt of the request. If the data subject submits the request by electronic means, the information shall be provided, where possible, by electronic means, unless otherwise indicated by the data subject.

If it is impossible to comply with the data subject's request, the Data Controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for the non-compliance and of the possibility of lodging a complaint with a supervisory authority and bringing an action before the courts.

Communications in response to the exercise of the rights of the data subject and actions taken shall be free of charge. If the data subject's requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the Data Controller has the right to:

Art. 8 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, a data subject who believes that any processing of data relating to him/her is in breach of the Regulation shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State where he/she habitually resides, works or where the alleged breach has occurred. the supervisory authority which the complaint is lodged with shall inform the complainant of the state or outcome of the complaint, including the possibility of a judicial remedy.

Art. 9 Name and contact details of the Person in charge of data protection

Users may contact the Data Protection Officer ("DPO") for all matters relating to the processing of their personal data and the exercise of their rights under the Regulation at the following contacts:

  1. by sending a registered letter to the following address Northwave Srl - Via Levada, 145, 31040 Pederobba TV ;
  2. by sending an email to info@northwave.com.