Privacy Policy
The company Nexi Payments S.p.A. with registered office at Corso Sempione 55, Milan (MI) (hereinafter, "Company", "we" and "our"), as the data controller, undertakes to protect the user's privacy. This privacy policy ("Privacy Policy") applies only to the website (hereinafter referred to as the "Site"). 
Please read the Privacy Policy carefully before using the Site.

1. The Site
The main purpose of the Site is to present the services and products of the Company and provide users with detailed information. 
This Privacy Policy describes how we collect, use and share the personal data we obtain as a result of use of the Site by users. 
Since the Company reserves the right to add or remove functions from the Site at any time and to change the services and/or products offered, the Privacy Policy can be updated at any time by the Company with communication to users and visitors of the Site regarding any changes made. 
Since the Site could allow access to websites owned and operated by the Company or by third parties, we specify that this Privacy Policy does not apply to such websites and that, in particular, the Company is not responsible for the protection of personal data by these third parties.

2. Data processed
Data provided voluntarily by the user. The Company may collect the following personal data provided voluntarily by the user: 

  • name and surname of the user 
  • his/her email address
  • company
  • other information provided by the user through the contact form.

Browsing data. The browsing data includes all data collected automatically through the Site and relate, for example, to the types of actions performed on the Site by users and how they use the Site. Furthermore, we can automatically record the IP address (meaning the univocal address that identifies the user's device on the internet), which is automatically identified by our server. Browsing data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, and they are deleted immediately after they are processed. These data could also be used to establish responsibility in case of any computer-related crimes against the Site or to protect our rights.

3. Purpose and legal basis of the processing

Purpose Legal basis
A. The Company processes the user's personal data to provide the service and/or product requested by the user, to respond to or satisfy a user's request, including assistance services, creation of an account, to ensure and manage participation in initiatives, events or promotions for which the user has chosen to register. A. The Company processes the data for these purposes to execute a contract and/or pre-contractual procedures adopted following the request of the user.
B. The Company processes the user's personal data to send the user promotional information regarding services and/or products of the Company and/or third parties, to send invitations to events of the Company and/or third parties and to carry out market surveys using automated tools (e.g. via email) and non-automated tools (paper mail, telephone calls by an operator) without prejudice to the possibility for the user to oppose the sending of such communications at any time and the possibility to select the tools through which he/she can be contacted. B. The Company processes the data for these purposes only with the prior consent of the user given at the time of the collection of personal data for said purposes.
C. The Company processes the user's personal data for communication to our business partners for their marketing activities through automated tools (e.g. via email) and non-automated tools (paper mail, telephone calls by an operator) in their role as independent data controllers. The user has the right to withdraw his/her consent at any time. C. The Company processes the data for these purposes only with the prior consent of the user given at the time of the collection of personal data for said purposes.
D. The Company processes the user's personal data to ensure that the Site is up-to-date and meets the needs of users, to analyze, review and improve the products or services offered on the Site, to provide users with a user-friendly browsing experience, to ensure compliance with the terms of use of the Site, the safety of the Site and of its users and for the protection of the rights and/or assets of the Company. The information used for this purpose will remain strictly anonymous and will not be used to identify any user nor will it be added to the personal data of users. D. The Company processes the data for these purposes in order to pursue its legitimate interest of protecting its assets, its business and its rights.
E. The Company processes the user's personal data to fulfill obligations deriving from the law, regulations or EU legislation. E. The Company processes the data for these purposes to fulfill a legal obligation.

4. Nature of the conferment of data and consequences of refusal
The conferment of data for the purposes set out in point 3.A and 3.E is necessary and a refusal by the user implies the impossibility for the Company to perform its contractual obligations and provide the user with the functionalities, services and the information requested as specified above. The conferment of data for the purposes referred to in paragraph 3.D is automatic and implicit in Internet transmission protocols. 
Conferment of data for the purposes referred to in paragraph 3.B and 3.C is optional and any refusal by the user will not have any consequences on the performance of the services or the features and provision of information requested through the Site.

5. Recipients of the data
Affiliated companies, subsidiaries. Where it is necessary to pursue the purposes described in this Privacy Policy, the Company communicates the users’ personal data to its affiliated, subsidiary and parent companies, also located outside the European Union. 
Third-party service providers. We share the users’ personal data with third-party service providers who act as data controllers in order to make the use of the Site possible and/or obtain services through the Site. By way of example, such third parties may include professionals, even in associated form, who provide technical, commercial or administrative consulting to the Company in relation to its business and purposes as described in this Privacy Policy, companies that deal with the management or maintenance of the IT infrastructure on which the Site is based, and agencies performing promotional and marketing services in the name and on behalf of the Company. 
Third parties in compliance with a legal obligation or to protect the rights of the Company. The users’ personal data can be communicated to institutions, law enforcement agencies, judicial, administrative, or regulatory bodies, in the context of a legal or administrative procedure, or in order to fulfill a legal obligation or protect our rights, including in court of law. 
Third parties in the case of corporate operations. The users’ personal data can be communicated in case of events such as mergers, sale of companies (or of a business branch) or other extraordinary operations by which the Company may need to share information with potential buyers or counterparties and the related consultants. 
Third-party business partners. With the user's consent, we can communicate the users’ personal data to our business partners to pursue the purposes referred to in point 3.C. 

6. Data of minors 
The Company does not collect or intentionally store personal data of individuals under the age of 18, nor does it intentionally allow such minors to use the Site. 
Users under the age of 18 are requested not to register on the Site and not to provide personal data.

7. Transfer abroad 
To provide services to the users themselves and to pursue the other purposes listed in this Privacy Policy, the Company may need to transfer the users’ personal data abroad. Before proceeding with the transfer of data outside the European Union, it will adopt all the appropriate precautions, also of a contractual nature, provided for by the applicable privacy legislation in order to guarantee the protection, security and confidentiality of the personal data transferred (for example, the adoption of the Standard Contractual Clauses provided for by the European Commission) or to verify that the recipient, if established in the United States, is enrolled in the "Privacy Shield" program.

8. Data retention 
We retain the users’ personal data only for the time strictly necessary to provide the services or to achieve the purposes for which the data were collected and in compliance with legal obligations. For example, we retain the personal data necessary for the exercise of our defense rights in the event of legal disputes such as personal data relating to a contract or the provision of a service, up to a maximum of 10 years from the termination of the supply of the service and/or supply of the product, according to the limitation period set out in the Italian Civil Code. 
After this period, personal data are deleted or rendered anonymous. 
In the event that we have collected personal data based on the user's consent and no longer have any other valid legal basis to continue with their processing, if the user subsequently revokes his/her consent we will delete the personal data affected by such revocation. Without prejudice to the foregoing, we retain the personal data of users collected in accordance with this Privacy Policy for the marketing purposes referred to in paragraph 3.B for a period not exceeding 2 years from their collection and for profiling purposes as per point 3.D for a period not exceeding 12 months from their collection. 
After this period, the data are deleted or rendered anonymous.

9. Data security
The Company undertakes to protect the security of the users’ personal data and complies with the security provisions of the applicable law in order to avoid any loss, illegitimate or illegal use of the data and unauthorized access to the same. In addition, information systems and computer programs are configured in such a way as to minimize the use of personal and identifying data, which are used only when necessary for the specific purposes from time to time pursued as indicated in this policy. The Company uses multiple advanced security technologies and procedures to promote the protection of the users' personal data. For example, personal data are stored on secure servers located in places with controlled access. Users can help the Company to update and maintain their personal data by communicating any changes, such as for instance their e-mail address.

10. Privacy rights 
The user has the right to access, rectify or delete the data stored by the Company that concerns him or her, as well as the right to object to, or limit, certain types of processing (including the right to revoke consent to the processing previously granted), as well as to be sent the personal data concerning him or her in a structured, commonly used format readable using an automatic device (right to data portability). Finally, the user has the right to lodge a complaint with a competent Supervisory Authority. The exercise of the above rights does not have costs but should we deem the exercise of privacy rights by the user manifestly unfounded or excessive, we reserve the right to charge the requesting user a reasonable contribution for expenses relating to his/her request. To exercise your privacy rights, as well as to request any information or clarification regarding this Privacy Policy, you can contact the Company at the following email address:
The Data Protection Officer (DPO) can be contacted via this form, by selecting in the Privacy section the Data Protection Officer (Nexi Payments), Data Protection Officer (SIApay), Data Protection Officer (SIA Central Europe) or Data Protection Officer (New SIA Greece) field.