This notice is provided pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation” or “GDPR”) and describes how personal data of users who visit and use this website, accessible at https://neurally.it (hereinafter also referred to as the “Site”), or who take advantage of the services offered through the Site, are processed. In accordance with the current European Regulation on the protection of personal data No. 679/2016 (“GDPR”), data collection and processing will always adhere to the principles of lawfulness, fairness, and transparency.
By browsing the Site, data related to the user accessing the Site (defined as the “data subject,” meaning an identified or identifiable natural person) may be processed.
The Data Controller is NEURALLY S.R.L., located at Via L.V. Beethoven 15/C, 44124 Ferrara (FE), Italy, VAT number 02062960386.You can contact the Data Controller at the following email address:info@neurally.it
The Data Controller has appointed a Data Protection Officer (DPO), whom you may contact to exercise your rights, report an issue, or simply request information regarding the processing of your data.
1. Browsing Data
Personal Data may be collected independently by the Data Controller or through third parties. In this case, the IT systems and software procedures responsible for the operation of this Site acquire certain technical and IT-related Personal Data of Users (e.g., IP address, browser type, operating system, domain name, and addresses of websites accessed or exited from, etc.), the transmission of which is inherent to the normal functioning of the internet.
Purpose: such data may be processed solely to obtain anonymous statistical information on the use of the Site and/or to ensure its proper functioning.
Retention: such data will be deleted immediately after processing.
Legal Basis: Processing is carried out based on the legitimate interest of the Data Controller in ensuring the usability and security of the Site (Article 6(1)(f) GDPR).
For profiling activities specifically, processing is based on the explicit consent of the data subject (Article 6(1)(a) GDPR).
2. User contact via email, phone, or form submission
The optional, explicit, and voluntary sending of communications via email to the addresses indicated on this Site results in the subsequent acquisition of the data provided by the user, including their email address, as well as consent to receive any response messages to their requests.
In this case, providing an email address and any other requested data is optional but necessary to use the service and receive a response. Without this information, we will be unable to process the request.
Purpose: the personal data provided is used solely to fulfill or respond to the transmitted requests and is shared with third parties only when strictly necessary for this purpose.
Retention: I dati vengono conservati per il periodo necessario ai fini dell’espletamento della richiesta e in conformità alla normativa vigente.
Legal Basis: The processing is carried out for the performance of a contractual or pre-contractual obligation undertaken by the Data Controller in relation to the service (Article 6(1)(b) GDPR).
3. Submission of curriculum vitae via the “Careers” section
The provision of personal data for the stated purposes is necessary to ensure the proper functionality of the website’s application system and to allow candidates to participate in potential selection processes.
The Candidate’s data collected by the Data Controller for this purpose includes: name and surname, mail address, phone number, all personal information and data voluntarily provided in the CV, details shared in the “Tell us about yourself” field. No further processing of the Candidate’s personal data will be carried out by the Data Controller beyond these purposes.
Finalità: the personal data provided is used exclusively for recruitment and selection purposes or to propose other job opportunities aligned with the candidate’s professional profile (pre-contractual obligations). Additionally, data processing may be carried out to comply with specific legal obligations or to fulfill tasks required by laws, regulations, or EU legislation (legal obligation).
Retention: personal data related to candidates for open positions is retained only for the time strictly necessary to properly carry out the selection process. Candidates deemed unsuitable for any position will have their data deleted within 14 (fourteen) days from the moment the Data Controller determines their ineligibility. Candidates considered suitable for other open positions will have their data retained for the duration of the selection process. If ultimately deemed unsuitable for those positions as well, their data will be deleted within 12 (twelve) months.
Legal Basis: The processing is carried out for the fulfillment of a contractual and pre-contractual obligation undertaken by the Data Controller in relation to the service (Art. 6, para. 1, letter b).
4. Newsletters and commercial/promotional communications.
Where explicitly requested by the user, it is possible to provide contact details in order to receive commercial and/or informational communications regarding the activities of the Data Controller. Providing such data for these purposes is entirely optional but essential to proceed with the provision of the promotional information service described above. The company collects emails and your data, for example, during events and trade fairs. To send newsletters, we use the Mailchimp tool.
Pupose: the personal data provided (Name, Surname, phone number, email address, company affiliation) are used solely to fulfill or respond to the submitted requests and are shared with third parties only when necessary for this purpose and only with the explicit consent of the data subject.
Retention: the data is retained for the period necessary to carry out the activity for which it was provided and, specifically for the aforementioned purposes, for no longer than two years as expressly required by law (unless the data subject renews their consent or the data is used for other purposes as permitted by applicable regulations).
Legal Basis: the processing is carried out based on the explicit consent of the data subject (Art. 6, para. 1, letter a).
5. Links to other websites
The Website may include hyperlinks to other websites. By clicking on one of these links, the user may be redirected to another website or an alternative Internet source that may collect information about the user through cookies or other technologies. The Data Controller assumes no responsibility or control over these other websites or Internet sources, nor over their collection, use, and disclosure of the user’s personal data. Users should review the privacy statements of these other websites and Internet sources to determine whether they comply with privacy regulations.
6. Integration of social media plugins
We have integrated social media plugins (Instagram, LinkedIn, Facebook, TikTok) on the website. This means that when you click or tap one of the buttons (for example, the Facebook “Like” button), some information is shared with the social media service providers. If you are logged into your social media account when you click or tap one of these buttons, the social media provider may link this information to your social media account. Depending on your settings, they may also display these actions on your social media profile, making them visible to other users in your network.
7. This website uses technical, tracking, and profiling cookies. For details, please refer to the specific policy cookie policy
The personal data collected is processed by the Controller’s staff, who act under specific authorization based on detailed instructions regarding the purposes and methods of processing.
Furthermore, the entities designated as data processors pursuant to Article 28 of the GDPR or sub-processors, engaged by the Controller for the provision of services and the performance of its activities, may be recipients of the data collected following the consultation of the Website or the use of services, within the limits of their respective assignments. The relevant list can be requested from the Controller using the contact details provided in Section A. If, through the services offered by the website, a data processor or sub-processor is designated under Article 28 of the GDPR, the data will be communicated to the respective Data Controller and/or Data Processor.
No transfer of the provided personal data abroad is foreseen.
Data subjects – the identified or identifiable natural persons to whom the data refers – may exercise specific data protection rights, listed as follows:
a) right of access: the right to obtain confirmation from the Controller as to whether or not personal data is being processed and, if so, to access the personal data and detailed information regarding its origin, purposes, categories of processed data, recipients of communication and/or data transfer, and more.
b) right to rectification: the right to obtain from the Controller the correction of inaccurate personal data without undue delay, as well as the completion of incomplete personal data, including by providing a supplementary statement.
c) Right to erasure (“right to be forgotten”): the right to obtain from the Controller the erasure of personal data without undue delay in the following cases: i. The data is no longer necessary for the purposes for which it was processed; i. The consent on which the processing is based is withdrawn, and there is no other legal basis for the processing; iii. The personal data has been unlawfully processed; iv. The personal data must be erased to comply with a legal obligation.
d) right to object to processing: the right to object at any time to the processing of personal data based on the legitimate interest of the Controller.
e) right to restriction of processing: the right to obtain from the Controller the restriction of processing in cases where the accuracy of personal data is contested (for the time necessary for the Controller to verify the accuracy of such data), if the processing is unlawful, and/or if the data subject has objected to the processing.
f) right to data portability: the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit such data to another Controller, if technically feasible. This applies only when processing is based on consent or contract and solely for data processed by electronic means.
g) right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial remedy, the data subject who considers that the processing concerning them violates the Regulation has the right to lodge a complaint with the supervisory authority of the Member State where they reside or habitually work, or where the alleged violation occurred.
These rights can be exercised by contacting the Controller using the contact details provided in sections A and B, repeated below:
Data Controller: info@neurally.it
This privacy policy is updated as of 22/07/2023.
In accordance with the Regulation on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (EU Regulation of the European Parliament and of the Council of April 27, 2016, No. 2016/679/EU – GDPR).
1. Data Controller
The Data Controller is NEURALLY S.R.L., located at Via L.V. Beethoven 15/C, 44124 Ferrara (FE), Italy, VAT number 02062960386. You can contact the Data Controller at the following email address:info@neurally.it
Data processed: personal data, identification data of individuals who collaborate and interact with the Data Controller by virtue of the existing contractual relationship, contact details such as phone number, personal or department email, addresses, accounting, financial, administrative, and banking data, as well as any necessary information provided by you for the execution of the contract.
Purpose of Processing and Legal Basis
The personal data you provide will be processed for purposes related to the execution of the contract, including any pre-contractual phase, specifically for the compilation of customer and supplier records, accounting management, invoicing, communication through both paper and electronic means, tax compliance, organizational management of requested services, contract stipulation, appointment scheduling, order fulfillment, deliveries, and bureaucratic requirements related to the requested supply relationship.
The data you provide will be processed for the following purposes:
a) for the fulfillment of contractual obligations arising from the contract signed with you and for the protection of the Data Controller’s contractual rights, including the sending of communications related to the agreed contractual terms and their execution. The legal basis for processing is the contractual relationship, as provided for in Article 6(b).
European Regulation.
b) compliance with legal obligations provided by the legal framework for requirements established by tax and fiscal regulations. The legal basis for processing is the contractual relationship as outlined in Article 6, letter c) of the European Regulation. Providing the data is mandatory; refusal to provide the data or complete opposition to its processing for the aforementioned purposes may result in the inability to conclude the contractual relationship with you.
c) The sending of communications via email to the contact details provided to the Data Controller through the voluntary and optional submission of emails, phone contact, or during the organization of trade fairs entails the subsequent acquisition of the communicated data and consent to receive possible response messages to requests. These communications also include emails regarding company initiatives and invitations to events where ongoing or potential business relationships can be further developed.
The personal data provided is used solely to fulfill or respond to the transmitted requests and is shared with third parties only when necessary for this purpose. The processing is carried out for the performance of a contractual or pre-contractual obligation undertaken by the Data Controller with the service (Art. 6, para. 1, letter b).
3. Recipients of the Data
Your data may also be disclosed to third parties for technical and operational needs strictly related to the purposes mentioned above, specifically to the following categories of recipients:
a) entities, professionals, companies, or other structures appointed by us for processing activities related to the fulfillment of administrative, accounting, and managerial obligations connected to the ordinary conduct of our economic activity, including for debt recovery purposes;
b) public authorities and administrations for purposes related to the fulfillment of legal obligations or to entities authorized to access such data by virtue of legal provisions, regulations, or EU legislation;
c) banks, financial institutions, or other entities to whom the transfer of the aforementioned data is necessary for the operation of our company in relation to the fulfillment of our contractual obligations towards you.
d) providers of installation, support, and maintenance services for IT and telecommunication systems, as well as all functionally connected services necessary for the fulfillment of the contractual obligations. The list of data processors is available upon request.
4. Data Retention Periods
We will retain your data in a form that allows for its identification for no longer than necessary to achieve the purposes for which it was collected. Therefore, it will be stored for the duration of the existing contractual relationship and no longer than 10 years from the termination of the contract (Article 2946 of the Italian Civil Code on the statute of limitations). Personal data strictly necessary for tax and accounting obligations, once the purpose for which they were collected is no longer applicable, will be retained for a period of 10 years as required by Article 2220 of the Italian Civil Code.
5. Data Transfer
The Data Controller does not transfer personal data to third countries or international organizations.
6. Rights of Data Subjects
Data subjects – the identified or identifiable natural persons to whom the data refers – may exercise specific data protection rights, listed as follows:
a) right of access: the right to obtain confirmation from the Controller as to whether or not personal data is being processed and, if so, to access the personal data and detailed information regarding its origin, purposes, categories of processed data, recipients of communication and/or data transfer, and more.
b) right to rectification: the right to obtain from the Controller the correction of inaccurate personal data without undue delay, as well as the completion of incomplete personal data, including by providing a supplementary statement.
c) Right to erasure (“right to be forgotten”): the right to obtain from the Controller the erasure of personal data without undue delay in the following cases: i. The data is no longer necessary for the purposes for which it was processed; i. The consent on which the processing is based is withdrawn, and there is no other legal basis for the processing; iii. The personal data has been unlawfully processed; iv. The personal data must be erased to comply with a legal obligation.
d) right to object to processing: the right to object at any time to the processing of personal data based on the legitimate interest of the Controller.
e) right to restriction of processing: the right to obtain from the Controller the restriction of processing in cases where the accuracy of personal data is contested (for the time necessary for the Controller to verify the accuracy of such data), if the processing is unlawful, and/or if the data subject has objected to the processing.
f) right to data portability: the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit such data to another Controller, if technically feasible. This applies only when processing is based on consent or contract and solely for data processed by electronic means.
g) right to lodge a complaint with the supervisory authority: Without prejudice to any other administrative or judicial remedy, the data subject who believes that the processing concerning them violates the Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which they reside or habitually work, or of the State where the alleged violation occurred.
The rights can be exercised by contacting the Data Controller at the following address: info@neurally.it
This privacy policy is updated as of 22/07/2024
Neurally S.r.l.
Capitale sociale € 30.000 (i.v.)
VAT: 02160050387
LEGAL AND OPERATIONAL HEAD OFFICE
Via L.V. Beethoven 15/C
44124 | Ferrara (FE)
Via Copernico 38
20125 | Milan (MI)
