Information on the processing of personal data
This page describes how this site is managed with regard to the processing of personal data of users who consult it. The information is provided in accordance with current legislation on personal data for users who interact with the services of this site in the framework of the EU Regulation 2016/679. The information is provided only for this site and not for other websites that may be consulted by the user through our links.
The Data Controller is Otto Puro s.r.l.s., with registered office in Bassano del Grappa (VI), Piazzale Cadorna n. 42, fiscal code and VAT number 03959920244 (hereinafter referred to as “Otto Puro” or “Data Controller”).
Place of data processing
Treatments related to web services are only handled by authorized personnel, or any authorized occasional maintenance operations. No data deriving from the web service is communicated or disseminated.
Purpose of processing and legal basis of treatment
1.1 The personal data provided by users who submit requests and/or purchase products offered by the Owner through the site (including the sending of newsletters) are used for the sole purpose of responding to requests or to establish a contract and are communicated to third parties only where this is necessary for that purpose. The legal basis of these treatments is the need to respond to requests from interested parties or to execute a contract.
With the express consent of the user, the data may be used for marketing activities (commercial and promotional communication) relating to offers of products of the owner with automated methods of contact and traditional. Legal basis of this treatment is the consent freely expressed by the person concerned.r) are used only to respond to requests or to establish the contract and are communicated to third parties only where this is necessary for that purpose.
Apart from these cases, users’ browsing data are kept for the time strictly necessary for the management of processing activities within the limits provided for by law.
Types of data processed
The computer systems and software procedures used to operate the site acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Data provided voluntarily by the user
The conferment of data is required for the conclusion of the contract and / or its execution, and to respond to user requests. The refusal to provide the data does not allow, therefore, to establish the contractual relationship and / or fulfill its obligations, and to respond to requests.
Third party data voluntarily provided by the user
If the user provides personal data of third parties, with respect to these data the user will act as an independent owner of the treatment, assuming all the obligations and responsibilities of the law. In this sense, the user grants the widest possible indemnity with respect to any dispute, claim, request for compensation for damages from treatment, etc.. that may be received by the owner from third parties whose personal data have been processed through the user’s use of the services of the site in violation of the rules on protection of personal data applicable. In any case, if the user provides or otherwise treats personal data of third parties in the use of the site, ensures as of now – assuming all responsibility – that this particular case of treatment is based on the prior acquisition – by the user – the consent of the third party to the processing of information concerning him.
Recipients of personal data
Users’ personal data may be shared, for the purposes listed above, with:
subjects who typically act as data processors, namely (i) subjects delegated or appointed to carry out technical maintenance activities, (ii) providers of hosting services, (iii) persons, companies or professional firms that provide assistance and advice to the Data Controller in accounting, administrative, legal and financial matters;
subjects, entities or authorities to whom it is mandatory to communicate user data under the provisions of the law or orders of the authorities
persons authorized by the Owner to process personal data necessary to carry out activities closely related to the provision of services
The full list of those responsible for processing is available by sending a written request to the Owner.
Should we transfer personal data outside the territory of the European Union, we will cover such transfers with an adequate level of protection. In particular, your personal data may be transferred outside the territory of the European Union, alternatively, on the basis of your consent, on the basis of the need to execute the contract concluded by you with the Company or for the execution of pre-contractual measures taken at your request, on the basis of the need to conclude or execute a contract concluded between the Company and a third party in your favor.
If and when we transfer data to our vendors located outside the territory of the European Union, we do so on the basis of an existing adequacy decision or the Standard Contractual Clauses approved by the European Commission.
Modalities of treatment and data retention times
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access.
The data is kept for the time strictly necessary for the pursuit of the purposes indicated in this information and will be deleted at the end of this period, unless the data must be kept for legal obligations or to enforce a right in court.
Rights of interested parties
Within the limits and under the conditions provided for by law, the owner has the obligation to respond to requests from the interested party regarding personal data concerning him. In particular, according to current legislation:
- the data subject has the right to obtain from the data controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the data;
- the data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the treatment, the person concerned has the right to obtain the integration of incomplete personal data, including by providing an additional statement.
- The data subject has the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay and the data controller has the obligation to erase without undue delay personal data within the limits and in the cases provided for by current legislation. The holder of the treatment communicates to each of the recipients to whom the personal data were transmitted any corrections or cancellations or limitations of treatment within the limits and in the forms provided by current legislation.
- The data subject shall have the right to obtain from the data controller the restriction of processing.
- The data subject shall have the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that have been provided to a data controller, and shall have the right to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided them.
To exercise the rights listed above, the interested party must submit a written request to be sent to Otto Puro s.r.l.s., Piazzale Cadorna 72, Bassano del Grappa (VI).
In any case, the user is always entitled to lodge a complaint with the competent supervisory authority (Garante per la protezione dei dati).