PRIVACY POLICY

This notice (hereinafter referred to as ‘the privacy policy’) is provided in compliance with the current legislation regarding the personal data protection and, in particular, with the article 13 of EU Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data and the free movement of data (“GDPR”) and it relates to the processing of personal data of the visitors to the website www.nitty-gritty.it (hereinafter referred to as “the Site” or “the Website”).
This Privacy Policy aims to describe in a simple and transparent manner to the users which personal data are processed, for what purpose, by whom and how the data are processed and to inform the users about the measures undertaken to protect the data subjects’ rights and freedoms. This Privacy Policy, therefore, concerns only this Website and does not apply to other websites that may be visited by the user through hyperlinks accessed on the Website.

1. DATA CONTROLLER
The Controller of the processing of personal data of the users is Nitty-Gritty S.r.l., VAT Number: 02316620364, with legal office in via Mazzini 182F, 41049 – Sassuolo (MO) – Italy; e-mail: info@nitty-gritty.it, PEC: nitty-gritty@pec.confartigianato.it.

2. WHEN DO YOU COLLECT MY DATA?
NITTY-GRITTY S.r.l. will collect the information you provide directly:
• when you access and browse the Site;
• when download one of our guides;
• when you request to submit the newsletter;
• when you have questions or advice to submit and use the contact sections;
• when you want to ask us to become a Distributor;
• when you register and log into your personal account as a Distributor;
• when you want to share your curriculum vitae with us and apply to work with us.

3. CATEGORIES OF DATA PROCESSED
Different types of personal data may be processed and treated differently, depending on the services rendered.

a) Navigation data
The information systems and software procedures used to the operation of this web site acquire personal data as part of their standard functioning. Such information is not collected in order to relate it to identifiable data subjects; however, it may allow User identification after being processed and matched with data held by third parties.
This data category includes the: IP addresses or names of computer domains used by visitors who access the website; URI (Uniform Resource Identifier) addresses of the requested resources; time of request; method used to submit the request to the server; size of the file obtained in response; numerical code indicating the status of the response from the server and other details relating to the operating system and the information environment of Users. This data is used only to obtain anonymous statistical information about the website and to check its correct functioning and is deleted immediately after processing. This data may also be used to ascertain responsibility in the case of possible computer crimes against the website. Excepting this, data on web contacts is not stored for more than seven days. As for cookies, please refer to paragraph 4.4.

b) Data supplied voluntarily by the User (messages)
The voluntary and explicit sending of communications by e-mail emails to the contact addresses (info@nitty-gritty.it) or using the contact form on this website will entail the subsequent acquisition of the sender’s data, including his e-mail address, and the consent to receive replies to his request.
The personal data provided herein are used solely for the purpose of responding to the submitted requests and are disclosed to third parties only if this is necessary for that purpose. The data will be stored for the times prescribed by law.

c) Data supplied voluntarily by the User (Became a Distributor)
You can contact us by filling out the form in the “Become our Distributor” section on the page https://www.nitty-gritty.it/diventa-nostro-distributore/: the information requested in the form allows us to identify you and contact you to provide you all the details and evaluate together how to start our collaboration.

d) Data supplied voluntarily by the User (login and personal account registration for Distributors)
If you are a Distributor, you can create a personal account by filling out the form on the page https://www.nitty-gritty.it/login-distributori/. For registration and access to the reserved area, the user’s personal data and / or those that identify him are collected, such as username and password and contact details, in addition to identification data. When you have created your personal account, information relating to your identification and contact data, your activities and our services will be stored on your page. You will always be able to manage your information, directly from your account or by making a specific request.

e) Data supplied voluntarily by the user (Work with us)
You can contact us to submit your application for open job positions, by filling out the appropriate form in the section https://www.nitty-gritty.it/lavora-con-noi/ and thus authorizing the Data Controller to process personal data for the aforementioned purpose. To this end, they will request identification data (name and surname), a contact email address and their curriculum vitae. The provision of data is mandatory only for the submission of your candidacy and therefore the sending of your curriculum vitae is left to the will of the individual candidate and any refusal will make it impossible to use the service, without further consequences. Consent to processing is not necessary, pursuant to art. 111bis of the Legislative Decree. n. 196/2003 (so-called Privacy Code, as amended by Legislative Decree no. 101/2018) and art. 9, paragraph 2, letter b) of the GDPR, when the processing concerns data contained in the curricula spontaneously transmitted by the candidates for the purpose of the possible establishment of the employment / collaboration relationship, even in the case of data falling within the particular categories provided for by art. 9 of the GDPR (for example, in the event that the data in question must be known due to the establishment of a working relationship, with particular reference to the possible belonging of the candidate to protected categories or the need to carry out pre-employment medical examinations). At the time of any interview, the data subject will be provided with all further information on the processing of their personal data. The data will be kept for the period necessary to evaluate your request and, in any case, for a maximum period of two years. The deletion of the data sent will also be carried out at any time, in the event of a specific request from the candidate to the Data Controller being sent.

f) Data supplied voluntarily by the user (Download file)
Through the section https://www.nitty-gritty.it/area-download/ and in other areas of the Site, users can download free guides, catalogues and safety data sheets or relating to products and services by Nitty-Gritty. These contents represent material owned by Nitty-Gritty or its suppliers and, therefore, in order to proceed with the downloads, the user is required to fill in a form and release some information: these data are used to identify the person making the request ( name, surname and company), to contact the user (for example, in the event of the introduction of new similar services or changes), to provide the correct content (language), to perform aggregate statistical analysis of the requests received (Country). The data can always be deleted at the request of the data subject (by contacting the Data Controller or by opting out in the case of communications received by e-mail).

g) Marketing and promotional communications – Soft-spam
Only if personal data (in particular, e-mail address) are provided by the data subject in the context of the purchase of products or services, the data thus collected by the Controller may also be used to send related e-mail communications to products similar to those already purchased by the user, pursuant to art. 130, paragraph 4, legislative decree 196/2003 and art. 6, lett. F), GDPR, without the need for express and prior consent (so-called soft spam). In any communication, however, the user is reminded that he can revoke the consent at any time and without formalities. The data is deleted at the request of the data subject.

h) Newsletter
Nitty-Gritty’s newsletter is sent by e-mail to those who explicitly request it, by filling out the appropriate form on the Website and authorizing the Data Controller to process their personal data for the aforementioned purpose.
Consent: The service is provided only following explicit and unequivocal consent (released by the user selecting the appropriate box on the Website) and the provision of data is mandatory only for the purpose of receiving the newsletter. Any failure to provide consent will prevent the user to use the service, without further consequences.
Purpose: The personal data provided by users (e-mail address) will be processed only for the purpose to send the newsletter and will not be disclosed to third parties.
Modalities: The collected data will be processed with IT tools and/or automated means; specific security measures are adopted in order to prevent losses and unlawful use or to prevent unauthorized access to the Site.
Removal from the service: in order to stop receiving the newsletter, you can simply select the link for removal at the end of each e-mail or send a specific request to the e-mail address info@nitty-gritty.it.
The erasure could be managed automatically, therefore the user may receive for a period no longer than 72 hours further newsletters, whose submission had been planned before the reception of the cancellation request.
The newsletter service is provided by

– ActiveCampaign , with registered office in Chicago – 1 North Dearborn St 5th Floor, 60602 IL – USA: for further information, please visit the following page: https://www.activecampaign.com/legal/privacy-policy e qui https://www.activecampaign.com/legal
– rapidmail , with registered office in Freiburg – Augustinerplatz 2, 79098 – Germania: for further information, please visit the following page: https://www.rapidmail.com/data-protection

i) Cookie
What is a cookie? Cookies are information stored by the browser when you visit a Web Site using a PC, smartphone, or tablet. Each cookie contains several pieces of data (e.g., the name of the server from which it originates, a numeric identifier, etc.). Cookies can remain in the system for the duration of a session (until the closing of the browser), or for long periods, and may contain a unique identifier.
When you will visit the website again, cookies will be reforwarded to the website that has generated them (first-party cookies) or to the ones that were provided by third parties and that are able to recognize them (third-party cookies).
In any case, Nitty-Gritty S.r.l. grants that the cookies used in its website are safe: they will not cause any damage to your device and they will allow you to surf faster the website.
What are they used for? Cookies are used for different purposes, depending on their type: some are strictly necessary for the correct functioning of the Web Site (technical cookies), whereas others optimise performance to provide the User with a better experience while they are visiting the Web Site. In addition, cookies allow Web Site usage statistics to be obtained, such as cookies analytics; others are for the purpose of displaying advertisements (in some cases advertisements are targeted based on cookie profiling).
Consent: Consent from the Users is stored by the Controller, for the purpose of fulfilling its responsibilities, through a technical cookie. The User is informed both by the brief privacy notice (displayed in a banner upon the first visit to the Web Site until permission is granted or denied) and by this privacy policy.
Nitty-Gritty’s website uses both cookies that do not require your previous consent (e.g., Technical cookies) and cookies you will have to assent to (e.g., profiling cookies).
In detail, on the website might be active:

Types of cookies used on the Web Site

a) Technical cookies (which do NOT require your consent):
These are cookies necessary for the functioning of the site and allow you to access its functions (so-called navigation cookies) or to authenticate yourself in the session.
Functional cookies are also used to store your preferences and settings, thus improving your browsing experience on the site.
In order to guarantee their functionality, these cookies are generally not deleted when you close your browser; however, they have a default duration (generally up to a maximum of 2 years) and after this period they are automatically deactivated. These cookies and the data they collect will in no way be used for further purposes.
The installation of technical cookies takes place automatically when you access the site or to activate certain functions (e.g. by selecting the “remember me” option). You can always decide to disable them at any time by changing your browser settings: in this case, however, you may have some problems viewing the site.

b) Analytical cookies (which do NOT require your consent)
These cookies track the choices made by the user on the site and the data related to navigation, in order to carry out statistical analysis, in anonymous and aggregate form.

c) Profiling cookies (requiring your CONSENT):
This site also uses profiling and third-party cookies. However, your prior consent is required for their installation.
Profiling cookies may include several categories, including advertising profiling, retargeting or social cookies.
Advertising profiling cookies: create a user profile that allows you to view advertising content in line with your preferences while browsing the site;
Retargeting cookies: are designed to create a user profile in order to send you personalized advertising content related to products in which you have expressed interest;
Social cookies: this site provides for the installation of cookies related to social network plug-ins. These cookies are managed directly by third parties and allow the display of advertising messages in line with your preferences.

The installation of profiling, retargeting, analytical and social cookies, and every other related activity is provided by third parties. For further information and to turn on or off these cookies, please visit the specific privacy notices of the third parties. You can find a list with the link to their policies at our Cookie Policy.
The User is informed both by the brief privacy notice (displayed in a banner upon the first visit to the Web Site until permission is granted or denied) and our Cookie Policy, that we invite you to read, in order to get all the information you need about the cookies used in the website and how to enable them.

Control via browser
The browsers commonly used (e.g., Internet Explorer, Firefox, Chrome, Safari) accept cookies by default, but this setting can be changed by the User at any time. This applies to both PCs and mobile devices like tablets and smartphones, and it is a function generally and widely supported.
Therefore, cookies can easily be disabled or turned off by accessing the browser’s options or preferences, and in general third-party cookies can also be blocked. As a general rule, these options will only have an impact on that browser and on that device, unless there are active options to synchronize the preferences on different devices. Specific instructions can be found on the Options page or Help page of the browser itself. Disabling technical cookies, however, may affect the full and/ or proper functioning of different sites, including this one.
Normally, browsers used today:
• offer the “Do not track” option, which is supported by some websites (but not all). Thus, these websites are no longer able to collect certain navigation data;
• offer the option of anonymous surfing or incognito mode: in this way, data will not be collected in the browser and browsing history will not be saved, but the navigation data may still be acquired by the operator of the Web Site that was visited;
• allow the deletion of cookies stored in whole or in part, but after visiting a Web Site again they are usually installed, where such possibility is not blocked.
Below are links to the support pages for the most popular browser (with instructions on how to disable cookies on these browsers):
– Firefox: (https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie);
– Internet Explorer e Microsoft Edge: (https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies );
– Safari: (iOS) (https://support.apple.com/it-it/guide/safari/sfri11471/mac) and (https://support.apple.com/it-it/HT201265#:~:text=Per%20cancellare%20i%20cookie%20senza,o%20disattiva%20la%20navigazione%20privata);
– Chrome: (https://support.google.com/chrome/answer/95647?hl=it).

Third-party cookies: When you access the site, through a special banner you will be informed of the presence of profiling and retargeting cookies and, through it, you can consent or not to their installation. At any time, you can revoke the consent previously given, without prejudice to the possibility of visiting the site and using its contents. The installation of profiling, retargeting, analytical and social cookies, including any other activity connected to them, is managed through third-party services. For more information and to enable or disable these cookies, you can access the information provided directly by third-party or using the methods described above (following the links listed in the previous paragraph).

On-line tools: You may notice that from http://www.youronlinechoices.com/ you can not only learn more about cookies, but also check the installation of numerous cookies on your browser and/or device and, if supported, also disable them.
Moreover, you may note that from http://www.youronlinechoices.com/ you can not only learn more about cookies, but also check the installation of numerous cookies on your browser and/or device and, if supported, also disable them.

4. PURPOSES OF DATA PROCESSING
Your personal data will be used to:
1. let you access and visit the Site and use its features;
2. let you register and create a personal account if you are a Distributor;
3. let you download our guide and brochure;
4. to evaluate your requests to become a Distributor and for open job positions;
5. to provide appropriate responds to your requests;
6. to comply with all the legal, public and governmental requirements and orders;
7. to manage any disputes or therefore defend the rights of NITTY-GRITTY, both in and out of court.
The above-mentioned purposes will be all together referred to as “Mandatory Purposes” and, therefore, the provision of data will be in those cases compulsory.
Moreover, only in case of previous consent, your data might be used:
8. to carry out market investigations, that will allow us to improve your experience and the quality of our products and to send you Nitty-Gritty’s commercial communications, that will be sent through adequate means (like direct mail, e-mail, SMS or phone calls) and will concern offered products and services, special events or personalized proposals;
9. to send you the newsletter;
10. to create a profile based on your preferences and needs to send you personalized commercial communications about products and services that you had asked for or that you could be interested in.
These purposes are jointly defined as optional purposes because the provision of your data is always left to the free choice of the data subject, in relation to the single service he wishes to use.
In order to be sure to process your personal data for the purposes defined in this Section, we inform you that:
• the mandatory purposes are such because they are necessary for the registration, use and provision of the services offered by the website; therefore, if you do not intend to provide us with your personal data for these purposes, you will not be able to browse and register on the Site and you will not be able to use the individual services offered by NITTY-GRITTY S.r.l.;
• the marketing or profiling purposes are discretionary, but failure to consent to their execution will make it impossible for NITTY-GRITTY S.r.l. to provide you with commercial communications based on your interests. At any time, you can still revoke the consent previously given for these purposes, by sending a communication to the e-mail address indicated in the section 1, or, for newsletter, request cancellation from the service by selecting the link at the bottom of each communication.

5. LEGAL BASIS OF DATA PROCESSING
The legal bases related to the purposes mentioned under point 1 are the following:
• With regard to navigation data (point 1), the legitimate interests pursued by Nitty-Gritty S.r.l. to the correct operation of the Website and the safe Website browsing;
• For the activities referred to in points 2, 3, 4 and 5, the provision of the service you have requested and the fulfillment of contractual services or the execution of pre-contractual activities;
• For orders from the Authority (point 6), the fulfillment of a legal obligation on the part of the Controller;
• For the protection of the rights of the Controller (point 7), the legitimate interest of the Controller in the defense of their rights;
• For sending marketing communications and statistical surveys (point 8), your free and informed consent or the legitimate interest of the Data Controller, if the user has already expressed his interest in our services and products;
• to submit the newsletter service (point 9), your free and informed consent;
• to create profiles and targets based on your interests and your browsing activity (point 10), your free and informed consent.

6. TO WHOM CAN THE COLLECTED DATA BE DISCLOSED?
The processing operations related to the web services of this Site are only handled by internal and/or external technical staff specifically delegated for processing. In particular, where necessary and only with prior consent, the data may be disclosed to third parties whose collaboration is needed for the performance of the services offered. The data collected via the web, or in any case arising from web services, may be disclosed to the technological and instrumental partners who cooperates with the Data Controller to provide the services required by users, always in compliance with the purposes set forth in article 2. To this purpose, the subjects who will have access to personal data will be specifically authorized for processing by the Data Controller and, if due, appointed as Data Processors, pursuant to Articles 28 and 29 of the GDPR.
In this regard, we specify that:
– the newsletter service is provided by ActiveCampaign e rapidmail;
– the list of cookie suppliers is available in the Cookie Policy.
We also remind you that the list of authorized subjects and data processors is available at the registered office of the Data Controller or alternatively, you can request it using the contact details indicated in the section 1.
Extra UE processing: the data that Nitty-Gritty s.r.l. processes are held in server located within the European Union. Some of the cookie service providers have registered offices outside European Union, especially in the U.S.A., as specifically explained in our Cookie Policy. In these cases, the personal data are held in server located in the United States, in compliance with art. 45 and thereafter of GDPR.
Indeed, we will adopt all the necessary precautions in order to ensure a complete data protection. The data transfer will be based on: a) an adequacy decision of the European Commission about a third country designed as receiver; b) appropriate and explicit safeguards of the third subject designed as receiver pursuant to art. 46 GDPR; c) the adoption of Corporate binding rules.
These requirements are always ensured by Nitty-Gritty’s suppliers.

7. HOW ARE THE DATA PROCESSED?
1. Data will be managed lawfully and used only for the aforementioned purposes (art. 2). It will be processed using suitable means to guarantee its security and confidentiality, using the most appropriate, also automated, means (hard copy or electronic) to store, manage and transmit the data. The Controller assess the appropriate level of security in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
2. This data will be retained for the period stipulated under the relevant law and, anyway, for no longer than is necessary for the purposes for which the personal data are processed and/or until the data subject revokes the consent given for the purposes referred to in art. 2.
3. Nitty-Gritty S.r.l. will limit the number of subjects that will be allowed to have access to servers or databases, setting out a system to prevent cyber-attacks.
4. The data Nitty-Gritty s.r.l. processes are held in server located within the European Union. Some of the cookie service providers have registered offices outside European Union, especially in the U.S.A., as specifically explained in our Cookie Policy [inserire un anchor point]. In these cases, the personal data are held in server located in the United States, in compliance with art. 45 and thereafter of GDPR.
Indeed, we will adopt all the necessary precautions in order to ensure a complete data protection. The data transfer will be based on: a) an adequacy decision of the European Commission about a third country designed as receiver; b) appropriate and explicit safeguards of the third subject designed as receiver pursuant to art. 46 GDPR; c) the adoption of Corporate binding rules. These requirements are always ensured by Nitty-Gritty’s suppliers.

8. DATA RETENTION PERIOD
Nitty-Gritty S.r.l. will process your personal data only for the period of time that will appear necessary to pursue the purposes set forth in section 2.
At the end of the retention period, your personal data will be deleted or irreversibly anonymised and aggregated.
As regards deletion deadline of the data processed through cookies, you can find all the information you might need at our Cookie Policy.

9. WHICH ARE THE DATA SUBJECT’S RIGHTS?
Regarding your personal data and according to GDPR provisions, Nitty-Gritty S.r.l. informs you that you have the right to:
• access to your personal data;
• rectification of any incorrect personal data about you that is in our databases;
• erasure of your personal data that are retained in lack of legal requirements;
• restriction of processing;
• portability of data;
• object.
In the following chart we show you how to exercise your rights:

YOUR RIGHT HOW TO EXERCISE IT?
Access you can ask:

  • a confirmation about a processing on your personal data;
  • to have a copy of your personal data;
  • to have further information about your personal data that you cannot find in this privacy notice.
Rectification you can ask for the rectification of incorrect or incomplete personal data.
Before rectification the data, we will verify the accuracy of the information in our archives.
Erasure
(‘right to be forgotten’)
you can ask for the erasure of your personal data, in the following cases:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based.
  • there are no legitimate grounds for the processing;
  • the personal data must be erased for compliance with a legal obligation in Union or Member State law to which Nitty-Gritty S.r.l is subject.
Restriction of processing you can ask for the restriction of processing, in the following cases:

  • the accuracy of the personal data has already been contested;
  • the personal data are no longer needed for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

data can be still used if:

  • there is your consent to it;
  • it appears necessary to exercise or defend from a legal claim;
  • for the protection of the rights of another natural or legal person involved in the data processing.
Portability you can ask for a copy of your personal data in a structured, commonly used and machine-readable format.
Object You can object at any time to the processing of personal data concerning you when:
• they are based on the pursuing of a legitimate interest pursued by the controller;
• your personal data are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
When you object:
• to processing for direct marketing purposes, your personal data will no longer be processed for such purposes;
• in case of legitimate interest of the data controller, the processing may continue only if he demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
It is possible to exercise the right of object also by automated means using technical specifications, such as those you can find on your personal account and in the e-mails you may receive (link for cancellation).

 

Nitty-Gritty ensures that we will answer to your requests within 30 days from the receipt.
If you think that Nitty-Gritty S.r.l. personal data processing is unlawful or violates GDPR, you also have the right to lodge a complaint to the competent supervisory authority. For further details see next paragraph.

10. RIGHT TO WITHDRAW CONSENT, TO OBJECT AND TO LODGE A COMPLAINT
You have the right to lodge a complaint to a supervisory authority, if you think that Nitty-Gritty’s personal data processing is not compliant to GDPR or any other national law.
In Italy, the competent authority is Garante per la protezione dei dati personali, whose contact are accessible at the following page: http://www.garanteprivacy.it/.
Further information and a template to lodge a complaint are here: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
Finally, in case there are the conditions of artt. 78 e 79 GDPR, you have the right to an effective judicial remedy at the competent court.