Privacy Policy

Information on the processing of personal data EU Reg. 2016/679

NORDA SpA, as Data Controller of your personal data, pursuant to and for the purposes of EU Regulation 2016/679 and It. Legislative Decree no. 196 of 2003, hereby informs you that the aforementioned law provides for the protection of data subjects regarding the processing of personal data and that this processing will be based on the principles of correctness, lawfulness, transparency and protection of your confidentiality and your Rights.

Your personal data will be processed in accordance with the legislative provisions of the aforementioned law and the confidentiality obligations set out therein.

Purposes of processing: in particular, your data will be processed for the following purposes related to the compliance with legislative and/or contractual obligations and therefore to legitimate interests pursued by NORDA:

  • Legal obligations concerning taxation and accounting
  • After-sales assistance
  • Dispute management
  • Customer management (offers, negotiations, orders, deliveries)
  • Supplier management (offers, negotiations, orders, deliveries)
  • Quality Management
  • Activity planning
  • Contract management
  • Customer satisfaction surveys
  • Supplier evaluation
  • Customer invoicing log

The processing of functional data for the fulfilment of these obligations is necessary for the proper management of the relationship and their provision is mandatory to implement the purposes indicated above. The Data Controller also states that any non-communication or incorrect communication of some of the mandatory information may render it impossible for the Data Controller to guarantee the adequacy of the processing itself.

The data fall under those relevant and not excessive, therefore excluded from the consent.

Modality of the processing: your personal data may be processed in the following ways:

  • Entrusted to third parties for processing operations;
  • Processing with computers;
  • Manual processing by means of paper archives.

Processing takes place in compliance with the methods set out in art. 32 of the GDPR by adopting the appropriate security measures.

Your personal data will be processed and stored for the time necessary to achieve the purposes for which they are provided and, however, for the period of time required by law.

Communication: your data will be communicated exclusively to competent and duly appointed persons for the performance of the services necessary for the correct management of the relationship, guaranteeing the protection of the rights of the data subject.

Your data will be processed only by authorised personnel, trained by the controller.

Your data may be communicated to third parties, duly appointed Data Processors both in Italy and abroad, in particular to:

  • Freight forwarders for the purpose of shipments of goods
  • auditors for checks on company financial statements
  • board of statutory auditors for checks on company financial statements
  • Holding companies for company management checks
  • Companies that collaborate on projects for managing existing contracts
  • Systems and IT application managers for maintenance of information systems
  • Business consultants in general for managing existing contracts
  • Lawyers for the management of disputes
  • Banks and credit institutions for payments
  • Financial intermediaries for payments
  • Supervisory firms for the security of company assets


We, however, reassure you that only the data necessary and relevant to the purposes of the processing for which they collected shall be transferred to the aforementioned parties.

Transfer: If data are transferred outside the European Community, before transfer NORDA ensures that the recipient of the data guarantees an adequate level of data protection (for example by virtue of an adequacy decision of the European Commission for the intended country of destination or on the basis of a contract based on so-called EU standard clauses signed with the recipient), or that the user has consented to the transfer.

The user has the right to receive a list of recipient countries and a copy of the expressly agreed provisions that guarantee an adequate level of data protection. For this purpose, we invite you to use the contact details of the Data Controller provided below.

Dissemination: your personal data will not be disclosed in any way.

Data Controller: the Data Controller, pursuant to the Law, is NORDA SpA, 103, Via case Sparse, 25124 Brescia e-mail; telephone 030.2165311.

The Data Controller agrees to reply to any reasonable request related to the review of personal data and to correct, amend or erase any inaccuracies. If you have any questions or comments to submit regarding Norda’s Privacy Policy, please write to

Rights of the data subject: the data subject has the right to obtain from the data controller the erasure (right to be forgotten), the limitation, updating, correction, portability, to object to the processing of personal data concerning him/her, and in general may exercise all the rights provided for by articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.


Summary of EU Regulation 2016/679 – Rights of the data subject

  1. The data subject has the right to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form
  2. The data subject has the right to obtain the indication:
  3. Of the origin of personal data
  4. Of the purposes and modalities of processing
  5. Of the logic in case of processing carried out with the aid of electronic instruments
  6. The identification details of the data controller, the data processors and the designated representative pursuant to article 5, paragraph 2
  7. Of the persons and the categories of persons to which the personal data can be communicated or who may become aware thereof in their capacity as representative designated in your country, data processors or persons mandated with processing.
  8. The data subject has the right to obtain:
  9. a) Updating, rectification or, when interested, integration of data
  10. The erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
  11. Certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right;
  12. Data portability
  13. The data subject has the right to object, in whole or in part:
  14. a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
  15. b) to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication


Cookie Policy