Privacy

Privacy Notice

(Article 13 Regulation (EU) 2016/679)

Introduction

The aim of this Policy is to describe the way this website is managed with reference to processing the personal data of the website’s users/visitors.
Terme Merano S.p.A., in line with Regulation (EU) 2016/679 (“GDPR”), intends to guarantee the privacy and security of each visitor’s personal data, also with regard to internet accesses made from abroad, in line with the requirements stated in this policy.
Please note that this Privacy Policy does not extend to other websites the user may consult by browsing via links.
By using this Website, users accept this notice and are therefore invited to read it before providing personal information of any kind.
Type of data processed

• Browsing data
During normal operation the computer systems and software procedures set up for the operation of this website obtain some personal data, the transmission of which is implicit in the use of internet communication protocols.
This category of data includes: IP addresses, type of browser used, operating system, domain name and addresses of websites from which access or exit was made, information on the pages visited by the users within the site, time of access, time spent on each individual page, internal path analysis and other parameters relating to the user’s operating system and computer environment.
This information will never be communicated to third parties by the data controller or used to contact the users of the site unless upon their request or authorisation.

• Data supplied voluntarily by the user
The optional, explicit and voluntary sending of information to the addresses referred to on this site involves the subsequent acquisition of the sender’s address, necessary for replying to requests, and also any other personal data included in the communication. If data are not provided voluntarily, it may not be possible to obtain results (e.g. replying to the user’s message).

• Cookies
Cookies are small strings of text which, following website navigation, are transmitted to and stored on the User’s terminals, enabling them to be recognised even during subsequent visits.
a) Technical cookies
These cookies may enable certain functions, without which it would not be possible to use the website fully, and they are transferred to the user’s device only during the browsing session.
b) Session cookies
The use of what are known as session cookies (which are not placed in permanent storage on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary for permitting safe and secure exploration of the site. The session cookies used on this site avoid recourse to other IT techniques that may be prejudicial to the privacy of users’ navigation and they do not permit the acquisition of personal data identifying the user.
c) Third party cookies
Google Analytics
Google Analytics cookies allow Terme Merano to generate reports on visitors’ interactions with the websites. These cookies are used to store information that does not allow users to be personally identified.
The data generated by Google Analytics are stored by Google as stated in the notice that may be found at the following link: https://support.google.com/analytics/answer/6004245?hl=en
Users can selectively disable Google Analytics by installing Google’s opt-out add-on for their browser. To disable Google Analytics, go to the following link: https://tools.google.com/dlpage/gaoptout
d) Cookies present on the site
PHPSESSID: technical cookie for managing the maintenance of navigation information between one page and the next (for example shopping cart)
__utmb: Google Analytics cookie for approximately tracking the bounce rate on the pages
__utmz: Google Analytics cookie for tracking the origin of requests (from link, bookmark or search engine, etc.)
_dc_gtm_UA-1480760-1: Google Tag Manager cookie relating to the use of Google Analytics
_ga: general Google Analytics cookie
cb-enabled: technical cookie for managing the cookie disclaimer bar.
DoubleClick: Google Adserver cookie

Profiling cookies - Retargeting:
In this respect, please note that the profiling cookies used do not store personal data and usage profiles will not be generated with your personal data. No individual can be identified via profiling cookies, and the only information stored is that which permits anonymous information for the targeted management of marketing campaigns based on interests. If you wish to prevent the use of profiling cookies, you can block them directly via the browser (see description below).

Delete and manage cookies
Users can set their own devices so as to accept all cookies, receive notification when a cookie is sent or not receive cookies at all.
For optimum management, activation and deactivation of cookies depending on the browser used to view the site termemerano.it, we supply the following links to help sections for the most common browsers: Internet Explorer, Safari, Chrome, Firefox, Opera.
For more information on how cookies and targeted advertising work, you can also consult the sites:www.youronlinechoices.eu e www.allaboutcookies.org.

Web monitoring
Web tracking - Google Analytics:
In order to continue improving and optimising our service, we use tracking technologies. This website uses Google Analytics, a web analysis service supplied by Google, Inc. (“Google”). Google Analytics uses cookies, which permit the analysis of your website use with a view to determining the attractiveness of our websites and improving performance and content. The information generated by cookies on use of the website (including your IP address) will be sent to a Google server in the United States and stored there. On behalf of this site’s manager, Google will use this information to assess the website use, draw up reports on the website activities and provide other services relating to the use of the site and internet for the website manager. In addition, Google and/or this information may be transferred to third parties where this is required by law or where such third parties process this information on behalf of Google and/or other web analysis service providers. Under no circumstances will your IP address be linked to other Google data and/or data of other web analysis service providers.
You can refuse to use cookies by selecting the appropriate setting on your browser; but note that in this case you may not be able to use all the functionalities of this website. You can also prevent the recording of the data generated by the cookie and concerning the use of the website (including your IP address) by Google and the processing of that data by Google, by downloading and installing the plugin for the browser available at https://tools.google.com/dlpage/gaoptout?hl=en.
For general information on Google Analytics and data protection, see https://support.google.com/analytics/answer/6004245?hl=en
By using this site, you agree to the processing of your data by Google and/or other web analysis services in the manner described above and for the above-mentioned purposes.

Google Adwords Remarketing:
We use Google Remarketing to re-link users of the Google Display network. Google uses cookies, which are stored on your computer, to enable analysis of your use of the website. The information generated by the cookie on the use of the website (including your IP address) will be sent to a Google server in the United States and stored there. Google then removes the last three digits from the IP address; it is therefore no longer possible to assign it to a unique IP address. Google respects the privacy policy of the “USA Safe Harbor” agreement and is registered with the “Safe Harbor” program of the United States Department of Commerce. Google will use this information to assess the website use, compile reports on the website’s activities for the website operators and provide other services connected with the use of the website and the internet. Google can also transfer this information to third parties if required by law or if such third parties process this information on behalf of Google. Third party suppliers, including Google, display ads on internet sites. Third party suppliers, including Google, use the stored cookies to show ads on the basis of previous visits by a user of this site. Google will not associate your IP address with any other data held by Google. The collection and archiving of data may be withdrawn at any time with future effect. Google’s use of cookies can be deactivated by visiting the page for deactivating Google ads. However, please note that in this case you may not be able to use all the functionalities of this website. By using this site you agree to the processing of your data by Google for the procedures described above and for the above-mentioned purposes. The collection and archiving of data may be withdrawn at any time with future effect.
Remarketing is not used on sensitive content of the site with personal data.

Google Adwords Conversion:
This website also uses Google Conversion Tracking. Here, a cookie is set on the computer by Google Adwords, if you have reached our site via a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits particular pages on the site of an Adwords customer, Google and the customer can see that the user has clicked on an ad and has been redirected to this page. Every Adwords advertiser receives a different cookie. Cookies cannot therefore be monitored on the advertisers’ websites. Information obtained via cookie conversion information is used to create conversion statistics for AdWords customers who have opted for conversion monitoring. Advertisers know the total number of users who have clicked on their ad and have been directed to a page which has a conversion-tracking-tag. However, they will not receive information with which it might be possible to identify the users personally. If you do not wish to participate in the monitoring process, you can also reject the setting of the relevant cookie – e.g. by setting your browser to deactivate the automatic setting of the cookies. It is also possible to deactivate the conversion monitoring cookies by setting your browser to block cookies from the domain: “www.googleadservices.com”.

Digital Control
Digital Control GmbH & Co. KG collects and stores data (on this site and the relevant sub-pages) for marketing and optimisation purposes. These data may be saved with an anonymous user profile. Cookies are used for this purpose. Cookies are small text files, which are stored locally in the cache memory of the site visitor’s internet browser. Cookies enable us to recognise the visitor’s browser. Data collected by digital control technology will not be used to personally identify the visitor and are not combined with the anonymous profile data. Under http://advolution.de/datenschutz.php you can at any time block the collection and archiving of data with future effect.
Purposes of the processing

a) To provide the requested services:
Your data will be processed by the Controller to provide the requested services (provide information, register purchases made).
b) Newsletter:
The Terme Merano newsletter is sent by email to those who specifically request it, by filling in the form on the site, authorising the company to process their personal data.
The supply of data is optional. If you refuse to supply data, you will not be able to obtain the newsletter service.
If you no longer wish to receive the newsletter, you can cancel your registration at any time by sending an email to the following address: [email protected].
Categories of subjects to whom personal data may be forwarded and purpose of the communication

The Controller may forward, for the same purposes, some of your personal data to third parties, who will process your personal data in the capacity of Processors. The list of Processors may be requested from the Controller at any time.
Roles and responsibilities with regard to privacy

Your personal data are processed by Terme Merano S.p.A. in its capacity as Controller.
We also inform you that the Controller has appointed a Data Protection Officer, domiciled at the establishment’s head office at Piazza Terme n.9 in Merano, who may be contacted at the following address: .
Data processing methods

The personal data transmitted by you are processed by digital and hard copy media in order to meet your requirements for the time strictly necessary to achieve the aims for which the data were collected, and at all events, in accordance with the principles of lawfulness, appropriateness, relevance, and not exceeding the purposes for which they were collected contained in the current privacy legislation.
Data storage

We inform you that Terme Merano S.p.A. will store and process your personal data for a period not exceeding that stated in current European legislation and measures issued by the Italian Data Protection Authority.
Rights of data subjects

The subjects to whom the personal data processed via this website refer (“data subjects”) are entitled to exercise their rights in accordance with the methods and within the limits stated in the current privacy legislation.

With regard to the processing of your personal data, you have the right to request of Terme Merano S.p.A.:
• Access: you may request confirmation as to whether or not data concerning you are being processed, in addition to further clarification concerning the information in this notice;
• Rectification: you may ask to rectify or add to the data you have supplied to us, if they are incorrect;
• Erasure: you may ask for your data to be erased, if they are no longer necessary for our purposes, if you withdraw your consent or oppose processing, in the case of unlawful processing, or if there is a legal obligation to erase the data or the data refer to children under sixteen years of age;
• Restriction: you may ask for your data to be processed for storage purposes only, to the exclusion of other processing, for the period necessary for the rectification of your data in the event of unlawful processing, if you have to exercise legal claims and the data stored by us may be useful to you, and finally, in the event of objection to processing and a check is in progress as to whether our legitimate grounds prevail over yours;
• Objection: you may object to the processing of your data at any time, unless we have legitimate grounds to proceed with the processing which prevail over your grounds, for example with regard to exercise of or our defence of legal claims.
• Portability: you may ask to receive your data, or have it forwarded to another controller designated by you, in a structured, commonly used and machine-readable format.

In addition, in accordance with Article 7( 3) GDPR, we inform you that you can exercise your right to withdraw consent at any time, without this affecting the lawfulness of processing based on the consent previously given.
Finally, we inform you that you have the right to file a complaint to the Supervisory Authority, which in Italy is the Data Protection Authority.
The rights in question may be exercised by sending a registered letter with advice of receipt to the following address: Terme Merano, Piazza Terme n. 9 – 39012 Merano or by written request to the address: .
Changes to the policy

This Policy governs the methods of processing the personal data supplied by visitors while browsing the website. Terme Merano reserves the right to update and/or amend this notice to bring it into line with any changes to the law. It is therefore possible that our policy may be amended over time, and we therefore invite visitors to check this page periodically.

Security and protection of your personal data

We are committed to protect your personal data. Therefore, we collect data only in accordance with the GDPR. In our privacy policy we inform you about the most important aspects of data processing concerning our website.

To protect your details against any possible loss of information or any form of unlawful processing, this site has taken appropriate organizational and technical measures.

Definitions

Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency'). For the purposes of this Regulation:

Personal data
'personal data's means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling
'profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation
'pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Filing system
'filing system' means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
Controller
'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party
'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent
'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Lawfulness of processing

Processing shall be lawful only if and to the extent that at least one of the following applies (legal basis for data processing: Article 6, paragraph 1, point a – f of the GDPR):

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Collection and storage of personal data and the nature and purpose of their use

You can in principle use our website without revealing your identity. When you visit our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention and stored until automated deletion (legal basis for data processing: Article 6, paragraph 1, page 1, point f of the GDPR):

IP address
Date and time of access
Name and URL of the retrieved file
Website from which access takes place (referrer URL),
Browser used and, if applicable,
the operating system of your computer as well as
the name of your access provider

The data mentioned are processed by us for the following purposes:

Ensuring a smooth connection to the website
Ensuring comfortable use of our website
Evaluation of system security and stability, as well as
Other administrative purposes.

Use of Cookies

This site uses cookies to help us provide you with a better user experience tailored to your personal preferences. By using cookies this site makes sure that you do not receive or need to enter the same information every single time you visit this website. Cookies are also used to optimize the performance of the website. For example, cookies make the checkout process easier or help you to find a specific piece of equipment faster.

Minors

Our offer is basically aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.

Rights of the data subject

Right of access
You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to rectification
You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure ('right to be forgotten')
You shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.

Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing.

Right to data portability
You shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to object
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point e or f of Article 6, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information, please see this link: https://policies.google.com/privacy/partners?hl=en.

Google AdWords and Google Conversion-Tracking

Google AdWords conversion tracking is an analytics service provided by Google Inc. that connects data from the Google AdWords advertising network with actions performed on this Application. Google Privacy Policy: https://www.google.de/policies/privacy/.

YouTube Video

YouTube is a video content visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages. Google Privacy Policy: https://www.google.de/policies/privacy/.

Google Tag Manager

This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralized fashion. Google Privacy Policy: https://www.google.de/policies/privacy/.

By registering with our newsletter system, you agree to regularly receive information by means of a newsletter. You can withdraw your consent to the use of your personal data at any time. You can withdraw consent, for example, by clicking on the button at the end of each newsletter to unsubscribe. As soon as you unsubscribe from the newsletter, all your data will be deleted from our mailing list. We use these data exclusively for the purpose of sending the requested information and do not pass them on to third parties.

Facebook Pixel

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The data collected is anonymous to us as operators of this website and we cannot use it to draw any conclusions about our users’ identities. However, the data are stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.

Check out Facebook’s privacy policy to learn more about protecting your privacy: www.facebook.com/about/privacy/.

You can also deactivate the custom audiences remarketing feature in the Ads Settings section at www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: www.youronlinechoices.com.

Privacy & Terms Google

Privacy & Terms Google

This privacy notice may be updated at any time.

Nexi Xpay

Informativa Privacy
Informativa in materia di trattamento dei dati personali per pagamenti online.

Ai sensi di quanto disposto dalla normativa vigente in materia di protezione dei dati personali, con particolare riferimento agli artt. 13 e 14 del Regolamento (UE) 2016/679 (di seguito anche 'Normativa Privacy'), la società Nexi Payments S.p.A., (di seguito anche 'Nexi'), in qualità di società proprietaria della piattaforma tecnologica per l'accettazione dei pagamenti on-line, La informa di quanto segue:

I dati personali che Lei liberamente ha conferito nel corso dell'esecuzione dell'operazione di pagamento (a titolo esemplificativo i dati relativi alla disposizione di pagamento, comprensivo dell'indirizzo di posta elettronica ed i dati di spedizione e/o fatturazione) saranno trattati esclusivamente per le seguenti finalità:

finalità strettamente connesse alla gestione del pagamento on-line;
finalità connesse agli obblighi previsti da leggi, da regolamenti e dalla normativa comunitaria, nonchè da istruzioni impartite da autorità a ciò legittimate dalla legge e da organi di vigilanza e controllo;
finalità di prevenzione e monitoraggio del rischio frodi.

Il trattamento dei dati personali che, per le suindicate finalità, non richiede un Suo esplicito consenso, avverrà in modo da garantirne la sicurezza e la riservatezza, e verrà effettuato attraverso strumenti manuali ed elettronici. La base giuridica del trattamento è, quindi, individuata nell'adempimento degli obblighi di legge ai quali è sottoposta Nexi e nella necessità di dare esecuzione all'operazione di pagamento.

In particolare al momento della conferma dell'ordine sul sito dell'esercente, i dati della transazione saranno veicolati tramite una connessione protetta verso gli enti autorizzatori (le banche o le società che emettono e/o gestiscono le carte di pagamento), al fine di chiedere agli stessi le necessarie autorizzazioni. A tutela sia dell'acquirente che dell'esercente, in nessun caso i numeri delle carte di credito saranno resi noti all'esercente (quest'ultimo riceve solamente un codice autorizzativo, non riconducibile alla carta).

Per lo svolgimento delle attività di cui sopra Nexi potrà rivolgersi ad altre società del Gruppo di cui è parte, ovvero ad altre categorie di soggetti che tratteranno i suoi dati in qualità di "titolari autonomi" o "responsabili di trattamento" specificatamente nominati per iscritto da Nexi. A titolo esemplificativo ma non esaustivo:

società che supportano Nexi nella gestione della piattaforma tecnologica per i pagamenti on-line;
i Circuiti Internazionali (ad esempio Visa, Mastercard) proprietari dei rispettivi marchi, che garantiscono il corretto funzionamento dei rispettivi Circuiti e la regolarità dei pagamenti;
banche e/o società che emettono e/o gestiscono carte di pagamento;
Autorità, quali ad esempio organi di vigilanza (es. Banca d'Italia e UIF), organi giudiziari e forze di polizia, etc.

I dati relativi alla transazione, oggetto di trattamento, sono trattati da Nexi all'interno del territorio dell'Unione Europea, in ogni caso per ragioni tecniche, operative e/o contrattuali, potrebbero essere trasferiti da Nexi anche all'estero; in caso di trasferimento al di fuori dello Spazio Economico Europeo, ciò avverrà sempre nel rispetto dei diritti e delle garanzie previsti dalla Normativa Privacy (cfr. Capo V del GDPR).

I dati saranno conservati per il solo tempo necessario allo svolgimento delle attività e alla realizzazione delle finalità di cui sopra, nel rispetto dei termini prescrizionali o dei diversi termini eventualmente stabiliti dalla legge per la relativa conservazione (10 anni), o per un tempo maggiore nel caso in cui sia necessario conservarli per esigenze di tutela dei diritti di Nexi.

Lei potrà in ogni momento esercitare nei confronti di Nexi i diritti che gli sono riconosciuti dalla Normativa Privacy (cfr. artt. 15 e ss. del Regolamento (UE) 679/2016), quali: Diritto di accesso, di rettifica e aggiornamento, di cancellazione, di limitazione al trattamento, di portabilità, di opposizione, di non essere sottoposto a processo decisionale automattizzato, laddove previsto e di proporre reclamo all'Autorità Garante della Privacy.

Il Titolare del trattamento è Nexi Payments S.p.A. avente sede in Milano, Corso Sempione n. 55; il Responsabile della protezione dei dati (Data Protection Officer) a cui rivolgersi per ogni richiesta in merito al trattamento dei propri dati personali è il Responsabile della Funzione Compliance & AML, contattabile scrivendo al seguente indirizzo di posta elettronica: [email protected], oppure inviando una richiesta scritta a Nexi Payments S.p.A., ufficio del Data Protection Officer, Corso Sempione 55, 20149 Milano.