a) What is the purpose of the policy?

In compliance with the provisions of current legislation on the protection  of personal data, namely EU Regulation 2016/679 (also called “GDPR”) and, as applicable, by complementary national legislation, we wish to inform you about the processing of your personal data by the organization of the Data Controller which will be carried out in conformity with the principles of correctness, lawfulness and transparency, as well as the protection of your privacy and the protection of your rights. This information is provided for personal data provided by you, i.e. the data subject who reads the policy.

b) When do we collect your personal data?

This information is provided for the personal data you provide using the website.

c) How to contact him?

The Data Controller is the company OIKYWEB S.p.A with registered office in Via B.do Lamarmora, n. 19, 28100 Novara (NO), C.F./P.IVA 01772060032, hereinafter the “Data Controller”. The Data Controller can be contacted at the postal address indicated above or at the following email address: oikyweb@oikyweb.com.

d) What categories of personal data do we process?

To offer you the services provided by the website we must process some of your personal data mainly referring to the following categories:

  • common identification data that you may provide us such as: name, surname, address, e-mail or telephone etc., for example when filling out forms;
  • technical web identification data such as: IP address, MAC address, identification code of the device used to access the site etc. These personal data are necessary for the use of the site and the services offered (see also the cookie policy);

In the event that the form should provide for the possibility for you to insert free texts (eg specific requests in the “Contact us” section), we invite you not to enter in the form personal data relating to criminal convictions and crimes or data that belong to particular categories of data. In the event that the latter (e.g. data relating to health status, political orientation, etc.) are strictly necessary to satisfy your request, they may be processed by us only in the presence of the necessary legal bases. Failing this, your data will be deleted from our archives.

e) For what purposes is the data processed? On what legal basis? And how long are they stored?

Below we indicate the purposes of the processing, the legal basis that legitimizes the processing and the storage time of your personal data:

FinalitàBase giuridicaConservazione
Management of the contract and the service of which you are a part, ie your request (also by e-mail or website form) for information, services (including the sending of newsletters to which you have subscribed), and related contractual and / or pre-contractual relationships.Execution of pre-contractual or contractual obligationsThe data will be kept at most for the period of validity of the contractual relationship and the subsequent limitation period of rights.
For the newsletter service requested by you, the data will be kept until you request to unsubscribe from the same.
Fulfillment of legal obligations, ie to meet any legal obligations that the Data Controller is required to respect.Compliance with legal obligationThe data will be kept for the retention period required by tax and / or accounting regulations.
Direct marketing ie promotional activities, customer satisfaction activities, sending advertising material, including newsletters, using traditional means (mail, telephone, etc.) and / or electronic tools (email, social, sms, push notifications, online advertising, etc.) also through third parties such as social networks and platforms (remarketing and retargeting activities through which we will show our non-personalized advertising on banners and posts) as more detailed in the cookie policy. This processing will be carried out only with your specific and explicit consent, which will be requested at the time of data collection for this specific purpose. In the absence of your explicit consent, the processing for this purpose will not be carried out.Consent (always revocable)The data will be kept until the opposition, request for cancellation or revocation of consent.
Profiling of your habits, your behavior in order to carry out profiled marketing activities, to provide you with products and services that meet your needs and your real interests using traditional means (mail, telephone, etc.) and / or electronic tools (email, social, sms, push notifications, online advertising, etc.) also through third parties such as social networks and platforms (remarketing and retargeting activities through which we will show on banners and posts our targeted advertising) as more detailed in the cookie policy. This processing will be carried out only with your specific and explicit consent, which will be requested at the time of data collection for this specific purpose. In the absence of your explicit consent, the processing for this purpose will not be carried out.Consent (always revocable)The data will be kept until the opposition, request for cancellation or revocation of consent. In any case, the retention period of profiling data collected through cookies or similar tools is indicated in the cookie policy.

f) Is it mandatory to provide data? What happens if you don’t provide them?

The provision of your personal data for the purposes (1) Management of the contract is a requirement for the conclusion of the contract and the provision of the requested services. Providing data for the purpose of (2) Fulfillment of legal obligations is mandatory to comply with the law. Failure to provide it for these purposes makes it impossible to conclude the contract or to provide the services requested by you; for the purposes (3) Marketing  and (4)  of Profiling, the provision is optional and in case of failure to provide your personal data and your failure to consent makes it impossible to provide you with communications or promotional information generalized  – for Marketing – or profiled and suitable for your real interests – for Profiling –.

g) Who can know your data? To whom do we communicate them?

Personal data relating to the processing in question, for the purposes mentioned above, may be communicated or made known:

  • Authorized personnel: to those within the organization of the Data Controller who need it because of their job or hierarchical position. These subjects are the persons authorized to process under the direct authority of the Data Controller;
  • Autonomous data controllers: to those subjects to whom the provisions of the law give the right of access, or to whom the transfer of data is necessary for the obligations required by laws or regulations, by the contract, such as, for example, banks, transporters, lawyers, auditors;
  • Data processors: to third parties who carry out processing on behalf of the Data Controller, related to the processing and purposes described above. These subjects are authorized to process them as Data Processors in accordance with the provisions of Article 28 of the GDPR;
  • Group companies: Companies belonging  to the same Business Group as the Data Controller within the EU (parent companies, subsidiaries or associates pursuant to Article 2359 of the Italian Civil Code or companies subject to common control, as well as members of consortia, business networks and groupings and temporary associations of companies) that are authorized to process them for internal administrative purposes.

h) Is personal data transferred outside the European Union (EU)?

Some data collected may be transferred abroad to locations outside the European Union. This transfer will in any case be carried out in compliance with the guarantees prescribed by the GDPR for this type of activity (articles 45 to 49). These include: transfer to companies located in countries for which the existence of guarantees of protection of personal data comparable to those of the GDPR (White List Countries) is recognized by an adequacy decision; or to companies with which specific contractual clauses for the protection of personal data approved by the Guarantor Authority or binding rules of companies approved by the Guarantor Authority have been signed or the transfer takes place on the basis of specific derogations. For more information you can contact the Data Controller as indicated in the point below entitled “What are your rights as an interested party“.

i) What are your rights as a data subject?

The GDPR recognizes the following rights in relation to your personal data that you can exercise within the limits and in compliance with the provisions of the law:

  • Right of access to your personal data (Article 15);
  • Right to rectification (art. 16);
  • Right to erasure (right to be forgotten) (art. 17);
  • Right to restriction of processing (art. 18);
  • Right to data portability (art. 20);
  • Right to object (art. 21); The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her based on legitimate interest, including profiling on the basis thereof. The Data Controller refrains from processing unless it demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court;
  • Right to object to a decision based solely on automated processing (Article 22);
  • Right to revoke, at any time, the consent given, without prejudice to the lawfulness of the processing based on the consent given before the revocation.

You can exercise your rights by sending a written request addressed to the Data Controller at the postal address or by e-mail, as indicated above. Furthermore, you have the right to lodge a complaint with the Supervisory Authority for the protection of personal  data (www.garanteprivacy.it), if you believe that the processing of your data is contrary to the legislation in force (Article 77) or to take legal action (Article 79).

j) How is personal data protected?

Personal data will be processed both electronically and without the aid of electronic tools, using technical and organizational security measures appropriate to the nature of the data to ensure its integrity and confidentiality and protect it against the risks of unlawful intrusion, loss, alteration, or disclosure to third parties not authorized to process them.

k) Updates

The Data Controller reserves the right to modify and update this information at any time. The variations will apply from their appearance. It is therefore necessary that you regularly check the Policy in force.

Edition of 03/08/2023