- A) INFORMATION RELATING TO THE SITE’S PRIVACY POLICY
OMZ S.r.l. with headquarters in Santo Stefano Ticino (MI), Via Roma, nr. 33, Tax ID code/ VAT number 12625650150 (hereinafter, “Owner”), as data controller, it informs you pursuant to the art. 13 EU Regulation nr. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes:
- B) DATA PROCESSING
1) Object of the treatment
The Owner processes personal, identifying and non-sensitive data (by way of example but not limited to, name, surname, business name, address, telephone number, e-mail – hereinafter, “personal data” or even “data”) communicated by you when registering for purchases on the Owner’s website (hereinafter site).
2) Purpose of the processing
Your personal data is processed: Without your express consent (art. 6 let. b), e) GDPR), for the following Service Purposes:
- Manage relationships with the Customer and coordinate accounting, orders, invoicing and any disputes;
Legal basis: Execution of a contract.
- Carry out operations connected and instrumental to the acquisition of preliminary information to the conclusion of the contract;
Legal basis: Execution of pre-contractual measures
- Respond to specific requests for information addressed to the Owner via the contact form;
Legal basis: Execution of a service.
- To fulfill the obligations established by laws or regulations in force, including Community ones;
Legal basis: Legal obligation.
- For the management of disputes relating to contractual breaches, transactions, debt collection, judicial disputes;
Legal basis: Treatment in court.
3) Treatment methods
The processing of your personal data is carried out by means of the operations indicated in the art. 4 Privacy Code and in the art. 4 nr. 2) GDPR and specifically: collection, recording, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subjected to both paper and electronic and/or automated processing.
4) Retention time of processed data
The Owner will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for service purposes.
5) Processing of navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. It is about information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method use in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
6) Security measures
The Owner in compliance with the provisions of the Regulation, has adopted technical and organizational security measures aimed at avoiding even partial or accidental loss of data and access by unauthorized persons.
7) Data access
Your data may be made accessible for the purposes referred to in the art. 2.A) and 2.B):
- • To employees and collaborators of the Owner, in their capacity as internal appointees and/or Managers of the treatment;
- • To third party Companies or other subjects (by way of example: credit institutions, professional firms, forwarders, carriers, etc.) who carry out outsourced activities on behalf of the Owner, appointed, if necessary, external data controllers.
The updated list of data controllers and persons in charge of processing is kept and can be consulted at the headquarters of the Owner.
8) Data communication
Without your express consent (ex art. 24 let. a), b), d) Privacy Code and art. 6 let. b) and c) GDPR), the Owner may communicate your data to supervisory bodies, judicial authorities as well as to all other subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes. Your data will not be disclosed.
9) Data transfer
The management and storage of personal data will take place in Europe, on servers located in Italy of the Owner and/or third party Companies in charge and duly appointed as Data Controllers.
10) Nature of providing data and consequences of refusing to respond
The provision of data for the purposes referred to in art. 2 is mandatory. In their absence, we will not be able to guarantee you the services of the art. 2. 2.
11) Rights of the interested party
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights indicated therein and in particular:
Right of access Obtain confirmation as to whether or not your personal data is being processed and, in this case, receive information relating, in particular to: purposes of the processing, categories of personal data processed and retention period, recipients to whom these may be communicated (article 15, GDPR); Right of rectification – Obtain, without unjustified delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (article 16, GDPR); Right to deletion – Obtain, without unjustified delay, the deletion of your personal data, in the cases provided for by the GDPR (article 17, GDPR); Right of limitation – Obtain from the Owner the limitation of processing, in the cases provided for by the GDPR (article 18, GDPR); Right of portability – Receive in a structured format, commonly used and readable by an automatic device, your personal data provided to the Owner, as well as obtain that the same are transmitted to another Owner without impediments, in the cases provided for by the GDPR (article 20, GDPR); Right of objection – Object to the processing of your personal data, unless there are legitimate reasons for the Joint Controllers to continue processing (article 21, GDPR); Right to propose a complaint with the supervisory authority – Propose a complaint with the Guarantor Authority for the protection of personal data, Piazza Venezia, 11 – 00187 Roma
12) Methods of exercising rights
You can exercise your rights at any time by sending: – a registered letter with return receipt to OMZ S.r.l. – Via Roma, nr 33 – 20010 Santo Stefano Ticino (MI) – an e-mail to the address: privacy@omzsrl.it
We remind you that you always have the possibility to propose a complaint with the Guarantor for the protection of personal data (www.garanteprivacy.it).
13) Changes to this Policy
This Policy may be subject to changes. We therefore recommend that you regularly check this Policy and refer to the most updated version. The updated version of the privacy policy, in any case, is published on this page, with indication of the date of its last update.
Last update on 10 April 2024