Privacy Policy in accordance with Regulation (EU) 2016/679 (GDPR)
This Privacy Policy describes how personal data is processed through the NDR Impianti website, accessible at [www.ndrimpianti.com], in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR).
This notice is directed to all users interacting with the site, both through simple browsing and through specific services (contact form, advertising interactions, affiliate links, etc.).
1. Data Controller
- Full Name: Andrea Pauletto
- Email: paulettoandrea92@gmail.com
- Role: Sole manager of the “NDR Impianti” website
2. Types of Data Processed
The data collected through the website may include:
- Identification data: name, surname, email, and any other data voluntarily entered in the contact form.
- Browsing data: IP address, browser type, operating system, date and time of access, pages visited, time spent, geographic origin.
- Cookies and similar technologies: technical, analytical, advertising, and profiling tools (e.g., Google Analytics, Google AdSense, Amazon).
- Affiliate conversion data: anonymous data relating to clicks on affiliate links and resulting purchases, without user identification.
No special categories of personal data as per Art. 9 GDPR (sensitive data) are collected.
3. Purpose, Legal Basis, and Retention Period
Personal data processed and related purposes:
| Data Processed | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Name, email, and message submitted through the contact form | To respond to user inquiries | Explicit consent (Art. 6.1.a GDPR) | 12 months from the date of submission |
| IP address, browser type, browsing data | Technical analysis, site security, and anonymous statistics | Legitimate interest of the controller (Art. 6.1.f GDPR) | 14 months (Google Analytics retention period) |
| Tracking cookies (profiling and remarketing) | Display of personalized advertising (e.g., Google AdSense) | Explicit consent via cookie banner (Art. 6.1.a GDPR) | 13 months, as per Google’s policy |
| Clicks on affiliate links (e.g., Amazon), anonymous aggregated data | Performance tracking of affiliate programs | Legitimate interest of the controller (Art. 6.1.f GDPR) | Defined by Amazon; anonymous and aggregated only |
4. Processing Methods
Personal data is processed lawfully, fairly, and transparently in accordance with the principles set out in Article 5 of the GDPR. Processing is carried out using electronic and IT tools, with logic strictly related to the purposes indicated above.
Appropriate technical and organizational measures are adopted to ensure data security, confidentiality, and integrity, in compliance with Article 32 of the GDPR. No profiling systems or automated decision-making processes that produce legal effects for the user are used by the data controller.
5. Cookies and Tracking Tools
This site uses technical, analytical, and profiling cookies, both proprietary and third-party, installed after the user provides consent through a banner managed by Complianz.
- Technical cookies: necessary for site functionality and service delivery.
- Analytical cookies: used to collect anonymous statistical data via Google Analytics (IP anonymized).
- Advertising and profiling cookies: used by Google AdSense to display personalized ads, subject to consent.
- Affiliate tracking pixels or tags: provided by Amazon to track commissions generated through affiliate programs.
For more information on the types of cookies used, their duration, controllers, and purposes, please refer to the site’s Cookie Policy.
6. Disclosure and Access to Personal Data
Collected data may be processed, within the limits of the intended purposes, by third parties appointed by the Data Controller for technical, administrative, or analytical tasks, including:
- Hosting and site management service providers (e.g., Hostinger, SiteGround);
- Google LLC – for Analytics, AdSense, and Search Console services (Privacy Policy);
- Amazon Europe Core S.à r.l. – for the affiliate program (Privacy Policy);
- Complianz B.V. – for managing cookie consent (Complianz Privacy Policy).
These parties act as data processors (per Article 28 GDPR) or independent controllers, as applicable. An updated list of processors is available upon request.
7. Data Transfers Outside the EU
Some services used on the website involve data transfers to third countries (outside the European Economic Area), particularly to the United States, via providers such as Google LLC and Amazon.
These transfers are carried out in accordance with Articles 44 and following of the GDPR and are covered by:
- Agreements based on Standard Contractual Clauses (SCCs) approved by the European Commission;
- Other appropriate safeguards under Articles 45 and 46 of the GDPR.
The Controller commits to regularly verifying that these entities offer adequate data protection guarantees.
8. Data Security
The Data Controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 of the GDPR. These measures include:
- HTTPS protocol for secure communication;
- Server protection through firewalls and intrusion prevention tools;
- Access to data limited to the Controller and authorized providers only;
- Regular backups to prevent accidental data loss.
Despite these measures, the Controller cannot guarantee that Internet transmissions or storage systems are entirely secure.
9. Minors’ Personal Data
This website and its services are not intended for users under the age of 16. The Controller does not knowingly collect personal data from minors.
If it is later discovered that data relating to minors was collected inadvertently, the Controller will promptly delete such data.
10. Data Subject Rights
In accordance with Articles 15–22 of the GDPR, users have the right to:
- Access their personal data (Art. 15);
- Request rectification of inaccurate or incomplete data (Art. 16);
- Request erasure of data in the cases provided (Art. 17 – right to be forgotten);
- Request restriction of processing in the cases provided (Art. 18);
- Receive data in a structured, commonly used, and machine-readable format and transmit it to another controller (Art. 20 – portability);
- Object to processing for legitimate reasons (Art. 21), including profiling;
- Not be subject to decisions based solely on automated processing (Art. 22), unless exceptions apply.
Users also have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
11. Exercising Your Rights
To exercise your rights, you may send a written request to the following email address: paulettoandrea92@gmail.com, clearly specifying:
- Full name of the data subject;
- The specific request (access, deletion, rectification, objection, etc.);
- A valid email address for the response.
The Controller will respond within 30 days of receiving the request, as required by Article 12 of the GDPR. In case of complaints, you may contact the Italian Data Protection Authority (www.garanteprivacy.it).
12. Changes to This Policy
The Controller reserves the right to modify, update, or replace this Privacy Policy at any time. Changes will be posted on this page and, where necessary, communicated to users via appropriate means.
It is recommended to periodically check this section to stay informed about how personal data is processed.
