Privacy Policy

PRIVACY STATEMENT 31/07/2024

1. Introduction 

negg Group S.r.l. Socio unico (hereafter also “negg®” or “Data Controller”) is committed to protect your personal data and to respect your privacy.  

negg® collects and further processes personal data pursuant to the Italian Legislative Decree 196/2003 Code regarding the protection of personal data (“Privacy Code”) and subsequent amendments and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Hereinafter the Privacy Code and the GDPR are collectively referred also to as “Applicable Regulations”. 

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights. 

In accordance with the Applicable Regulations, the Data Controller is negg Group S.r.l. Socio unico, having its registered office in Piazza del Popolo 18 – 00187 Rome (RM).  

For any information concerning the processing of personal data by the Data Controller, including a request for the list of data processor personnel working on behalf of the Data Controller, please contact privacy@negg.group

negg® confirms that the processing of personal data is based on the principles of legality, fairness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality. Therefore, personal data will be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations set out therein. 

2. Definitions 

“Personal Data” refers to any information concerning an identified or identifiable physical person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements pertaining to their physical, economic, cultural or social identity. (Art 4.1 GDPR) 

“Particular Data” refers to personal data sufficient to reveal the racial and ethnic origin, religious or philosophical convictions, or membership of Trade Unions, as well as genetic and biometric data, data related to health or sex life or to the sexual orientation of the person (Article. 9, GDPR). 

“Judicial Data” refers to personal data relating to criminal convictions and crimes or related security measures. 

“Data Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Article 4, No. 2, GDPR). 

“Data Subject” or “User”: the individual the personal data refers to; 

“Data Controller”: the legal person, a public authority, an agency or other body that determines the purposes and means of processing personal data, deciding the how and why of a data processing operation; in this case it refers to negg®. 

“Applicable Regulations”: refers to the Italian Privacy Code and the GDPR. 

3. Why and How do we process your personal data? On what legal grounds? 

Personal data voluntarily provided may be processed by the Data Controller for one or more of the following purposes

(i) performing the activities that enable negg® to run the blog, for example sharing contents available on the website; 

(ii) complying with the obligations provided for by applicable laws or regulations, as well as by decisions and guidelines issued by the competent supervisory and control authorities/bodies; 

(iii) administrative accounting. For the purposes of the application of the provisions regarding the protection of personal data, the processing performed for administrative-accounting purposes are those related to the performance of organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. These objectives are pursued by the internal organizational activities; 

(iv) sending newsletter and providing commercial information on the services carried out by negg. The use of e-mail coordinates provided by the customer through the “newsletter subscription” area of the website, is permitted for the purpose of sending information and newsletters. The party concerned, when receiving communications on his/her email, is informed of the possibility to object and stop the processing at any time, easily and free of charge. 

(v) analyzing and processing information to profile your preferences. Subject to your consent, negg may process your personal data, including through tracking technologies such as cookies, to proceed with activities to analyze and process information about you aimed at profiling your preferences, habits, consumption choices and/or browsing experiences. These profiling activities may also be conducted using tools made available by third parties, such as by way of example social networks or third-party advertising service providers (e.g. Google), and adopting, where possible, security measures such as “hashing” (which consists of associating strings of numbers and letters to your personal data, e.g. email, practically anonymizing your data). For this purpose, we may also associate personal data acquired through tracking technologies such as cookies (where you have given the relevant consent; view our cookies policy) and/or personal data provided by you as part of our specific initiatives and/or initiatives of third party partners of ours (and, in the latter case, in any case in accordance with the respective privacy policy), with personal data that we acquire as a result of your registration to one of the Sites or as a result of their use. In addition, to pursue this purpose of processing,negg may also make use of anonymous information, not referring to any data subject, present on public databases and information systems (e.g. census data)As the Personal Data must be processed for the purposes indicated under points (i) and (ii) above so that negg® may fulfil specific legal obligations, the Data Subject’s consent is not required for those purposes. 

The personal data of the self-registered individuals is processed based on their consent after having read, understood and agreed to this privacy statement. Consent can be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 

The processing will be carried out in both an automated and manual manner, with methods and tools aimed at safeguarding maximum security and confidentiality, by persons appointed as responsible for and in charge of processing in accordance with the applicable legislation.  

4. Which personal data do we collect and further process?  

In order to carry out the above-mentioned activities negg® collects the following categories of personal data provided voluntarily by the Data Subject: 

Personal information: first, middle and last name(s), date of birth, additional personal information (for example but not limited to: address, phone or mobile number, e-mail address). 

Data belonging to particular categories pursuant to Article 9 of the GDPR will not be processed. However, a specific information notice will be provided and specific consent will be requested to the user, if data belonging to particular categories will be processed. 

5. Provision of personal data  

Personal Data must be provided so as to allow negg® to conduct the activities referred to in points (i) and (ii) paragraph No. 3. Therefore, if a Data Subject does not provide the relevant Personal Data, negg® will be unable to properly perform the commercial activities it has been engaged to conduct and to fulfil its specific obligations provided under the law. 

The provision of Personal Data for the purposes provided for under point (iii), (iv) and (v) of paragraph 3 is, by contrast, optional. Lack of consent from a Data Subject would, however, mean that negg® is unable to send the Data Subject updates or material containing information of a commercial nature and information relating to negg®’s activities. 

6. Nature of conferral and refusal  

With regard to the data that we are obliged to obtain in order to fulfil the obligations demanded by laws, regulations, community legislation, or provisions issued by the Authorities legitimated to do so by law and by supervising and controlling entities, failure to provide such data will make it impossible to establish or continue the relationship, within the limits in which such data are necessary for the execution of the same. The provision of data to allow the Data Controller to send commercial communications is optional; the party concerned can object to the treatment at any time by exercising the rights provided for under the Applicable Regulations in the forms and methods indicated herein. 

The Data Controller also states that any non-communication, or incorrect communication, of one of the mandatory information areas, will have the following consequences: 

– the impossibility for the Data Controller to guarantee the adequacy of the processing itself to the contractual agreements for which it is performed; 

– the possible lack of correspondence of the results of the processing to the obligations imposed by the fiscal, administrative and civil laws to which it is addressed. 

7. How long do we keep your personal data? 

negg® only keeps your personal data for the time necessary to fulfil the purpose for no longer than is necessary for the purposes for which the personal data are processed (according to Article 5, co. 1, lett. e, GDPR). The maximum data retention time is 12 (twelve) months. 

8. How do we protect and safeguard your personal data? 

All personal data in electronic format (databases) are stored on secure servers. 

In compliance with the provisions of Article 5 of the GDPR, Personal Data processed by negg® is: 

(i) processed lawfully, fairly and in a transparent manner in relation to the Data Subject; 

(ii) collected and registered for specified, explicit and legitimate purposes, and further processed in a manner that is compatible with those purposes; 

(iii) adequate, relevant and limited to what is necessary to the purposes for which they are processed; 

(iv) accurate and, where necessary, kept up to date; 

(v) processed in a manner that ensures appropriate security; 

(vi) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed. 

Personal Data will be processed by negg® by automated and non-automated means. Namely, in order to protect your personal data, negg® has put in place a number of technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of the processing operation. 

Specific security measures are adopted when and where applicable so as to prevent data loss or data usage in an unlawful or improper manner, as well as to prevent unauthorised access thereto. 

9. Who has access to your personal data and to whom is it disclosed? 

Access to your personal data is provided to negg®’s staff responsible for carrying out this processing operation and to authorised staff according to the “need to know” principle. Specifically, it is the Marketing & Communication team. Such staff abide by statutory, and when required, additional confidentiality agreements. 

Personal Data may be transferred to European Union Member States and third countries that are not part of the European Union for the purposes indicated in paragraph 3 above. If Personal Data is transferred outside the European Union without any decision having been taken by the European Commission on the adequacy of the protections provided in relation thereto, the applicable legislation on the transfer of Personal Data to third countries who are not part of the EU will still be observed. 

Personal Data is not subject to public disclosure. 

The data object of the processing will not be divulged unless explicit authorization of the Data Subject has been granted after appropriate information. The data may instead be communicated to companies contractually linked to the Data Controller.  

The data may be disclosed to third parties belonging to the following categories: 

– subjects that provide services for the management of the information system used by the Data Controller and the telecommunications networks, and that are responsible for the maintenance of the technological areas (including e-mail and the newsletter service); 

– professionals, firms or companies in the field of assistance and consultancy; 

– individuals that perform control, revision and certification of the activities carried out by the Data Controller; 

– competent authorities for the fulfilment of legal obligations and/or provisions of public entities, upon their request; 

– third parties like publishers, advertisers, etc.   

The identification data processed in compliance with corporate security procedures are not subject to communication, without prejudice to express and specific requests on the part of the competent judicial and investigative Authorities. 

The individuals belonging to the aforesaid categories perform the function of Data Processing Manager or operate in complete autonomy as separate Data Controllers. The list of data processor personnel and shared data controllers is constantly updated and available on request from the Data Controller’s headquarters. 

Any further communication or divulgation will take place only with the explicit consent of the party concerned. 

Moreover, during the ordinary processing activities, they will be able to access personal and identifying data and therefore become aware of the subjects expressly designated by the writer as responsible and/or in charge of processing, authorized according to their respective profiles. 

If negg Group is involved in a merger, acquisition, or sale of assets, it will continue to ensure the confidentiality of your personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy. 

For more information about this type of processing, please see our cookie policy. 

10. What are your rights and how can you exercise them? 

The Users, as data subject, have the rights granted by the GDPR. In particular, you may exercise, pursuant to articles 15 to 22 of the GDPR, the right to: a) request from the Data Controller access to the personal data, obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the storage period; b) request the rectification or erasure of the data and the restriction of processing; c) exercise the right to data portability, object to the processing, object to automated decision-making process concerning natural persons, including profiling; d) withdraw consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation; e) to lodge a complaint with the Data Protection Authority (email protocollo@gpdp.it. ; pec. protocollo@pec.gpdp.it).  

11. Contact Information 

The Data Controller: If you would like to exercise your rights under the GDPR, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact negg® at Piazza del Popolo n. 18, 00187 Rome, Italy or at privacy@negg.group

12. Updating  

negg® verifies regularly its own privacy policy and, where appropriate, reviews it according to regulatory, technological or organizational amendments. In the case of amendments, the new version will be published within this section of the website. 

To top