Next Duepuntozero S.r.l., with registered office in Via Italo Scotoni, 37 - 52044 Cortona (AR, Italy), FC and VAT No. 02088860511 (hereinafter, “Data Controller”), in its capacity as data processor, informs you pursuant to Art. 13 Legislative Decree no. 196 of 30.6.2003 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes following purposes:

  1. Data controller:
    The Data Controller is: Next Duepuntozero S.r.l. with registered office in Via Italo Scotoni 37, 52044 Cortona (AR), Italy.
    The updated list of data processors and persons in charge of the processing is kept at the registered office of the Data Controller.
  2. Object of processing:
    The Controller processes personal data - hereinafter referred to as “personal data” (or also “data”) - that you may have communicated in connection with the conclusion of contracts for services or products sold by the Controller.
  3. Purpose of processing:
    Your personal data are processed:
    a) The personal data that you provide through this website or directly to the Data Controller are processed without your express consent (Art. 6 lit. b), e) of the GDPR), solely for the following Service Purposes:
    • conclude contracts for the Controller’s services;
    • fulfil pre-contractual, contractual and fiscal obligations arising from existing relations with you;
    • to fulfil the obligations provided for by law, regulation, Community legislation or an order of the Authority;
    • exercise the rights of the Controller, such as legitimate interests or the right to defence in court;
    b) Personal data that you provide through this website or directly to the Data Controller will instead only be processed subject to your specific and distinct consent (Art. 7 GDPR), for the following Marketing Purposes:
    • send you by e-mail, post and/or sms and/or telephone contact, commercial communications or newsletters or other advertising material on products or services offered by the Controller;
    • send you questionnaires by e-mail to measure the degree of satisfaction with the quality of the services.
    We would like to inform you that if you are already our customer, we may send you commercial communications or newsletters relating to services and products of the Controller similar to those you have already used, unless you revoke the consent you have already given.
  4. Modalities, processing duration and data security:
    Your personal data are subject to both paper and electronic and/or automated processing.
    The Data Controller shall process personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Service Purposes (3.a) and for no longer than 2 years from the collection of the data for the Marketing Purposes (3.b).
    The Data Controller declares that it has adopted appropriate technical and organisational measures for the fulfilment of its obligations under the GDPR. In particular, the Data Controller declares that it has activated internal procedures to safeguard the security of data (both electronic and hard copy), by means of encryption, backup and disaster recovery measures and measures to protect its network by means of firewalls, antivirus or systems to prevent unauthorised access. The proprietor also declares that it has verified the existence of the same security measures with its suppliers who provide hosting services connected to the functions of this website.
  5. Other recipients of data:
    The Controller processes the collected data internally and uses it for the conduct of its business. There are no other recipients of the data, with the exception of recipients required by law.
  6. Data Transfer:
    Personal data, if acquired from the website, are stored on servers located in Italy or in any case within the European Union. In any event, it is understood that the Data Controller, should it become necessary, shall have the right to move the servers outside the EU as well. In this case, the Data Controller assures as of now that the transfer of the data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission and always guaranteeing the security of the transfer and after verifying the existence at the new supplier of suitable security measures and the absence of unauthorised use of the data.
  7. Rights of the data subject:
    In your capacity as data subject, you may exercise all your rights under Article 15 of the GDPR, namely the rights to:
    • obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and its communication in intelligible form;
    • obtain an indication:
      • a) of the origin of personal data;
      • b) of the purposes and methods of processing;
      • c) of the logic applied in the case of processing carried out with the aid of electronic instruments;
      • d) of the data controller identification details, of the data processors and the designated representative pursuant to Article 5(2) of the Privacy Code and Article 3(1) of the GDPR;
      • e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees;
    • obtain:
      • a) the updating, rectification or, where interested, integration of data;
      • b) the deletion, transformation into anonymous form or blocking of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
      • c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected;
    • oppose, in whole or in part:
      • a) for legitimate reasons, the processing of your personal data, even if relevant to the purpose of collection;
      • b) the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for the performance of market research or commercial communications, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, as set out in point b) above, for direct marketing purposes by automated means extends to traditional marketing methods and that, in any case, the data subject’s right to object may also be exercised in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.
    Where applicable, you also have the rights set out in Articles 16-21 of the GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to opposition), as well as the right to complain to the Data Protection Authority.
  8. Methods of exercising rights:
    The person concerned may exercise his or her rights at any time by sending:
    • A simple communication by e-mail to info@next20.it .
    • A written communication, by ordinary mail, to: Next Duepuntozero S.r.l. - Ufficio Protezione dei Dati, Via Italo Scotoni 37 – 52044 Cortona (AR), Italy.

Cookie Policy and Registry Files

A cookie is a piece of information that is transmitted from the website to the user’s computer for the purpose of enabling rapid identification and improving the user’s browsing experience. In accordance with the provisions of the Privacy Guarantor, Register of Measures No. 229 of 8 May 2014 “Identification of simplified procedures for the provision of information and acquisition of consent for the use of cookies” - 8 May 2014 (Published in the Official Gazette No. 126 of 3 June 2014), this website uses only technical cookies or third-party cookies, which are installed automatically upon access to the site, for purposes limited to normal navigation and without any tracking or profiling of the user and preferences and without providing advertising content of any kind:

  • _ga: a “technical” cookie installed by a third party for the purpose of increasing access statistics (Google Analytics), its duration is 24 months;
  • _gat: a “technical” cookie, it has the purpose of session tracking, its duration is limited to a single browsing session.

The data controller is Next Duepuntozero S.r.l. Unipersonal Company. Registered office: Via Italo Scotoni 37 - 52044 Cortona (AR), Italy. Pursuant to Art. 7 of the Privacy Code, at any time the interested party has the right to obtain confirmation of the existence or non-existence of data concerning him/her and to know its content and origin, to verify its accuracy or request its integration or updating, or correction. He also has the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose, for legitimate reasons, the processing of data concerning him. Relevant requests should be addressed to the following address: info@next20.it.