This policy describes the procedures applied by Nimbl LLC (hereafter “Nimble” or the “Data Controller”) in relation to the processing of personal data collected through the web site http://www.benimbl.com/ (hereafter referred to simply as the “Site”).
Unless otherwise specified, this policy shall also serve as notice – under art. 13 of EU Regulation no. 2016/679 (hereafter referred to as the “GDPR”) – provided to anyone who interacts with the Site (hereafter the “User”).
Detailed information on personal data processing is, where necessary, provided on the pages regarding individual services offered through the Site. This information is intended to state the limitations on and methods of personal data processing involved in each service, on the basis of which the User may freely give consent, where necessary, and authorize any collection and processing of data that may be required.
Data Controller. Data Processors. The Data Controller is Nimbl,1401 Zuni St Suite 202, Denver, CO 80204, tel +1 303 800-0245. An up-to-date list of data processors, if any, is available in the Data Controller’s offices.
Types of data processed.
The Site may be used to collect and process:
Cookies are small text files which the web sites a user visits send to the user’s terminal, where they are memorised in order to be sent back to the site on the next visit. Cookies allow sites to work properly and efficiently to improve the user’s experience, allowing sites to store information in the memory of the user’s computer or other device.
The Site uses technical cookies. These cookies are technical in nature and do not require the User’s prior consent for installation and use.
The Site also uses third-party profiling cookies. The User is assumed to consent to use of these cookies whenever he or she clicks on the “Accept” button in the banner on the homepage. The User may, however, revoke consent for installation of these cookies at a subsequent time.
The cookies used in the Site are of the following sub-types:
Purposes and legal basis of data processing.
Personal data collected through the Site will be processed:
Personal data processing for the purposes listed under point a) does not require the User’s consent, as this form of processing is necessary to respond to the data subject’s specific requests under art. 6, paragraph 1, letter b) of the GDPR. Processing of personal data for the purposes listed under point b) requires the User’s consent under art. 6, paragraph 1, letter a) of the GDPR.
Supplying data and consequences of failure to supply it.
Providing personal data for the purposes listed above is optional, and the sole consequence of failure to provide it will be that it will be impossible for the Data Controller to respond to and fulfill the data subject’s requests or send commercial information on products and services.
Recipients and categories of recipients.
Personal data may be made accessible to, brought to the knowledge of, or disclosed to the following parties, who will be appointed by the data controller or data processor, as appropriate:
Personal data will not be disseminated under any circumstances.
Personal data will be stored for a maximum of 24 months following the date on which they are recorded, as a rule, for the purposes stated above; in the event that Nimble should have a legitimate interest storing the data for a longer time period, NIMBL will provide an additional notice.
Right to data access, erasure, restriction and portability.
Data subjects enjoy the rights identified in points 15 through 20 of the GDPR. By way of example, as a data subject, you have the right to:
Right to object.
Every data subject is entitled to object to processing of his or her personal data for the pursuit of the Data Controller’s legitimate interests at any time. In the event of opposition, the User’s personal data will no longer be processed, unless there are legitimate reasons for proceeding with processing which prevail over the data subject’s interests, rights and freedom, or for the investigation, exercise or defence of a right in court.
Right to revoke consent.
If consent is required for processing of personal data, each data subject may also revoke the consent already given at any time without affecting the lawfulness of data processing with consent prior to the revocation. Consent may be revoked by sending an email to firstname.lastname@example.org
Right to objection and revocation of consent for data processing for marketing purposes.
With reference to personal data processing for the purposes listed under point b), each data subject may revoke their consent, if given, or object to processing of data by sending an email to email@example.com. Objection to processing by this method also extends to the sending of marketing information by post or via telephone calls, and users may exercise this right in part, for example, by objecting to data processing using automated communication systems only.
Right to make a complaint to the Data Protection Commission.
Data subjects may, moreover, make a complaint to the Data Protection Commission if they believe their rights under the GDPR have been infringed, by the methods specified on the Data Protection Commission’s web site at: www.garanteprivacy.it.