Nextbit privacy notice
1. Data controller
The Owner of the treatments carried out through the Site is Nextbit srl (hereinafter: “Owner” or “Company” or “Nextbit”). Nextbit is available for any information concerning the processing of personal data carried out by the same. You can contact the Owner by writing to: firstname.lastname@example.org.
2. Processing of Personal data
By “processing” of personal data we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction. We inform you that the personal data being processed will be constituted - also depending on your decisions on how to use the Services - by an identification such as name and surname, email address, password, identification number, activated services, and other data suitable to make it identified or identifiable, depending on the type of Services requested (hereinafter only “Personal Data”). In particular, the Personal Data processed through the Site are as follows:
- Navigation data.
During their normal operation, the IT systems and software procedures used to operate the Site acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.). and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and / or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Company or third parties: except for this eventuality, at present the data on web contacts do not persist for more than fourteen days, unless required of the user (e.g. access to the user’s personal pages within Nextbit.it which summarize the services used, the information published, etc.).
- Registration data and data processing within Services.
As regards the processing of Personal Data carried out as part of the management service of Nextbit’s solution and services, available for subscription through the Nextbit customer portal (https://customers.nextbit.it), it should be noted that Nextbit will only put in place the treatments strictly necessary to provide the service, except for further treatments on the basis of a suitable legal basis pursuant to art. 6 of the Regulation (e.g. with your consent). The data collected by Nextbit as part of the service registration request are only those strictly necessary for the provision of the service itself. The provision of such data is in itself optional, however in the absence of such provision Nextbit will not be able to provide the requested service. Furthermore, the data may be communicated to the competent national and foreign Authorities to which Nextbit is required to transmit the technical and administrative documentation required by the sector legislation. This sharing of data is necessary for its use of the service, therefore, according to current privacy legislation, it is justified pursuant to art. 6 (1) (b) of the Regulation. It follows that, at the time of signing the service, you accept that some of your Personal Data will be communicated to the subjects listed above. If, however, in requesting registration to the Services and in the processing of data consequent to the use of the Services themselves, it provides Nextbit with Personal Data of other third parties interested in the treatment, it acts as an independent data controller, assuming all the obligations and legal responsibilities. In this sense, you confer on the point the widest indemnity with respect to any dispute, claim, request for compensation for damage from treatment, etc. that it should reach Nextbit from third parties whose Personal Data have been processed through your use of the Services in violation of the applicable Personal Data protection rules. In any case, if you provide or otherwise process Personal Data of third parties in the use of the Service, it guarantees from now - assuming any related responsibility - that this particular hypothesis of treatment is based on a suitable legal basis pursuant to art. 6 of the Regulation that legitimizes the processing of the information in question (e.g. consent of the interested party). With reference to this treatment, Nextbit has no control over the existing data.
- Traffic data.
As part of the services, Nextbit processes some data for the purpose of transmitting communications on the electronic communications network. These data are: Internet protocol (IP) address and e-mail address and any further identification of the sender;
date and time (GMT) of the connection and disconnection of the service user, regardless of the technology and the protocol used;
the internet service used, personal data of the registered user who made the communication.
These data are processed and stored by Nextbit to provide the service, for the purpose of ascertaining and suppressing crimes and with stringent security measures that make them accessible only to persons specifically authorized in writing. The data is also processed by Nextbit for ordinary company processing related to the provision of the service (for example: for documentation purposes in the event of disputing the invoice or claiming payment, for the detection of fraud, for carrying out analyzes on behalf of customers).In this case, the data are kept, with stringent security measures applied in accordance with the law, for six months from their generation, and subsequently deleted.
Definitions, characteristics and application of the legislation.
3. Purpose of the treatment, legal basis and mandatory or optional nature of the treatment
The treatment we intend to carry out, with your specific consent where necessary, has the following purposes:
- allow the provision of the Services requested by you and the subsequent and autonomous management of the same (e.g. your reserved area), which you will access by registering and creating your user profile when providing the Services, including collection, storage and processing of data for the purpose of the establishment and subsequent operational, technical and administrative management of the relationship connected with the provision of the Services and the making of communications relating to the performance of the relationship established;
- allow navigation and consultation of the Nextbit website;
- respond to requests for assistance or information, which we will receive via e-mail through the “Contact Us” page of our Site. With reference to the aforementioned requests, the same, together with the relative feedback, will be kept for the time necessary to guarantee the correct fulfillment of the requests, as well as, subsequently, to allow Nextbit to defend itself in court, where necessary. The legal basis for the processing of Personal Data for the purposes referred to in letters (a), (b) and (c) above is art. 6 (1) (b) of the Regulation as the processing is necessary for the provision of the contracted services. The provision of Personal Data for these purposes is optional but any failure to provide it would make it impossible to activate the requested Services;
- fulfill legal, accounting and tax obligations: this treatment is legitimate pursuant to art. 6 (1) (c) of the Regulation. Once Personal Data has been provided, the processing may indeed be necessary to fulfill legal obligations to which Nextbit is subject; it is not possible to oppose this treatment as it derives from legal obligations.
For exclusive security purposes and prevention of fraudulent conduct, based on Nextbit’s legitimate interest in preventing fraud and scams carried out to its detriment or to the detriment of its customers, pursuant to art. 6 (1) (f) of the Regulation and on the basis of both Recital 47 of the Regulation, which expressly provides that it is the legitimate […] interest of the data controller to process personal data strictly necessary for fraud prevention purposes, as well as on the basis of different balances of interests carried out by the owner from which it does not appear that the treatments in question are detrimental to his fundamental rights and freedoms. In particular, the activities of this type include an automatic control system that involves the detection and analysis of some user behavior on the Site, associated with their IP addresses and other Personal Data combined with navigation. The consequences of this treatment are that if a subject tries to engage in fraudulent conduct on the Site, Nextbit reserves the right to exclude such subject from the use of the Service or to take any other appropriate measure for its own protection.
4. Recipients of personal data
Your Personal Data may be shared, for the purposes referred to in section 3 above, with subjects (some of whom typically act as data processors), namely:
- the people, companies or professional firms that provide assistance and advice to Nextbit in accounting, administrative, legal, tax, financial, technical and credit recovery matters relating to the provision of the Services;
- subjects with whom it is necessary to interact for the provision of the Services;
- or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks);
- subjects, entities or authorities to which it is mandatory to communicate your personal data pursuant to legal provisions or orders from the authorities (for example, during criminal investigations Nextbit can receive requests from the judicial authority to provide log in about the use of the Services); persons authorized by Nextbit to process Personal Data necessary to carry out activities strictly related to the provision of the Services, who are committed to confidentiality or have an adequate legal obligation of confidentiality, such as Nextbit employees; commercial partners, for their autonomous and distinct purposes, only if you have given specific consent. The complete list of data processors is available by sending a request to email@example.com.
5. Transfers of personal data
Nextbit ensures that the processing of your Personal Data by the Recipients takes place in compliance with EU Regulation. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. More information is available by writing to firstname.lastname@example.org.
6. Data retention
Personal Data will be processed for the time strictly necessary to achieve the purposes indicated in point 3.
Without prejudice to the foregoing, Nextbit will process your Personal Data up to the time allowed by Italian law to protect its interests (Articles 2946 and 2947 (1) (3) cc) as well as for the fulfillment of a specific obligation or law applicable.
More information about the data retention periods and the criteria used to determine these periods can be requested by writing to the Data Controller.
7. Rights of the interested parties
You have the right to request Nextbit, at any time, access to your Personal Data, rectification or cancellation of the same or to oppose their treatment in the cases provided for by art. 20 of the Regulation, has the right to request the limitation of treatment in the cases provided for by art. 18 of the Regulation, as well as obtaining the data concerning you in a structured format, commonly used and readable by an automatic device, in the cases provided for by art. 20 of the Regulation.
Requests should be sent in writing by writing to email@example.com.
It should be noted that, in the presence of requests from interested parties relating to the reporting of abuse in the use of spamming services or activities carried out by a Nextbit customer (it should be noted that this customer typically acts as data controller pursuant to the Regulation) , as well as in the presence of any further request to exercise the rights pursuant to art.15 and ss. of the Regulation, Nextbit, without going into the merits of the request, on the one hand will promptly inform the customer / owner, and on the other hand will provide the interested parties with the details of the customer / owner himself.
In any case, you always have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data), pursuant to art. 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force, or to take appropriate judicial offices (art. 79 of the Regulation).
Nextbit reserves the right to modify or simply update the content of this policy, in part or completely, also due to changes in the applicable legislation. If the changes to this policy concern substantial changes in the treatments or may in any case have a significant impact on the interested parties, Nextbit will take care to notify them appropriately to the interested parties. This notice was last updated on June 15th 2020.