PRIVACY POLICY
INFORMATION FOR THE PROCESSING OF PERSONAL DATA
(Articles 13 and following of European Regulation 679/2016)
Dear data subject,
Oxygen S.R.L. is a company specialized in the field of Information Technology.
With this document (hereinafter referred to as the "Privacy Policy"), we aim to renew our commitment to ensuring that the processing of personal data collected through this website (hereinafter referred to as the "Website"), carried out in any manner, whether automated or manual, is fully compliant with the safeguards and rights recognized by Regulation (EU) 2016/679 (hereinafter referred to as the "GDPR" or "Regulation") and other applicable regulations regarding the protection of personal data.
The term "personal data" refers to the definition contained in Article 4, point 1) of the Regulation, which states that "any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" (hereinafter referred to as "Personal Data").
The Regulation requires that, before proceeding with the processing of Personal Data – understood as any operation or set of operations performed with or without the use of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction – it is necessary for the person to whom such Personal Data belongs to be informed about the reasons why such data is required and how it will be used.
In this regard, this Privacy Policy – prepared based on the principle of transparency and all the elements required by Articles 13 and following of the Regulation – aims to provide you, in a simple and intuitive manner, with all the useful and necessary information so that you can provide your Personal Data knowingly and informed, and at any time, request clarification and/or rectification.
A. DATA CONTROLLER
The company that will process your Personal Data for the main purpose described in Section B of this Privacy Policy and will therefore act as the data controller, as defined in Article 4, point 7) of the Regulation, which states that the data controller is "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data" is:
- Oxygen S.R.L. (hereinafter referred to as the "Data Controller"), with registered office at Via Bellosguardo, 12, VAT number 16000861001, 00134 – Rome (RM) (hereinafter referred to as the "Registered Office").
B. PURPOSES
Your personal data is collected and processed by the Data Controller for purposes strictly related to the use of the Website and its informational services. Additionally, your personal data may also be used in various processing operations (such as storage, archiving, processing, etc.) that are compatible with these purposes. In particular, your personal data may be processed for the following purposes:
a) To respond to inquiries;
b) To enable the provision of services requested by you;
c) To comply with legal obligations;
d) To send promotional and direct marketing communications, including newsletters and market research.
The legal basis for the processing of personal data for the purposes described in points a), b), and c) is Article 6(1)(b) and (c) of the GDPR, as the processing is necessary to respond to the data subject's requests, provide the requested services, and fulfill a legal obligation of the Data Controller. The provision of personal data for these purposes is optional, but failure to provide such data may result in the inability to activate the services provided by the website or respond to requests.
The legal basis for the processing of personal data for the purpose described in point d) is Article 6(1)(f) of the GDPR. The Data Controller may carry out this activity based on its legitimate interests, regardless of your consent, and until your objection or limitation (as provided in Section G, point d) of this Privacy Policy) to such processing, as further explained in Consideration 47 of the Regulation, which considers it a legitimate interest to process personal data for direct marketing purposes. This will also be possible based on the assessments made by the Data Controller regarding the potential prevalence of your interests, rights, and fundamental freedoms requiring the protection of personal data over its legitimate interest in sending direct marketing communications.
Contact methods for direct marketing activities may be both automated and traditional. However, as better specified in Section G, you will have the option to withdraw your consent, even partially, for example by consenting only to traditional contact methods.
Regarding contact methods involving the use of your phone contacts, please note that the Data Controller's direct marketing activities will be carried out after verifying your possible registration with the Register of Oppositions, as established under the provisions of Legislative Decree September 7, 2010, No. 178 and subsequent amendments.
The personal data required for the above-mentioned purposes will be those indicated in the contact form, including but not limited to: name, surname, email address, and phone numbers.
C. RECIPIENTS TO WHOM YOUR PERSONAL DATA MAY BE DISCLOSED
Your personal data may be disclosed to specific recipients who are considered to be recipients of such personal data.
Indeed, Article 4, point 9) of the Regulation defines the recipient of personal data as "a natural or legal person, public authority, agency, or another body to whom the personal data are disclosed, whether a third party or not" (hereinafter referred to as the "Recipients").
In order to correctly carry out all the processing activities necessary to achieve the purposes described in this Privacy Policy, the following Recipients may be involved in the processing of your personal data:
- Third parties who carry out part of the processing activities and/or activities connected and instrumental to the same on behalf of the Data Controller. These parties have been appointed as data processors, which, according to Article 4, point 8) of the Regulation, means "a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller" (hereinafter referred to as the "Data Processor").
- Individual persons, employees, and/or collaborators of the Data Controller, who have been entrusted with specific and/or multiple processing activities related to your personal data. These individuals have been given specific instructions regarding the security and proper use of personal data and are defined, in accordance with Article 4, point 10) of the Regulation, as "persons authorized to process personal data under the direct authority of the Data Controller or the Data Processor" (hereinafter referred to as the "Authorized Persons").
If required by law or to prevent or suppress the commission of a crime, your personal data may be communicated to public entities or the judicial authority without being considered Recipients. In fact, according to Article 4, point 9) of the Regulation, "public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients".
D. DATA RETENTION PERIOD
One of the principles applicable to the processing of your personal data concerns the limitation of the retention period, as regulated in Article 5(1)(e) of the Regulation, which states that "personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this Regulation to safeguard the rights and freedoms of the data subject."
In light of this principle, your personal data will be processed by the Data Controller only for the time necessary to achieve the purposes described in Section B of this Privacy Policy.
In particular, regarding the purposes described in Section B points a), b), and c), your personal data, subject to legal obligations, will be processed for a period of time equal to the minimum necessary, as indicated in Consideration 39 of the Regulation, which is 3 months from the contact request.
Regarding the processing carried out for the purpose described in Section B point d) of this Privacy Policy, the Data Controller may lawfully process your personal data for one year.
E. WITHDRAWAL OF CONSENT
As provided by the Regulation, if you have given your consent to the processing of your personal data for one or more purposes for which it was requested, you may revoke it in whole or in part at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
The methods for revoking consent are very simple and intuitive. You just need to contact the Data Controller using the contact channels provided in this Privacy Policy, specifically in Section G point g).
G. RIGHTS
As provided in Article 15 of the Regulation, you have the right to access your personal data, request its rectification and updating if incomplete or inaccurate, request its erasure if the collection was made in violation of a law or regulation, as well as object to the processing for legitimate and specific reasons.
In particular, we hereby inform you of all your rights that you may exercise at any time against the Data Controller.
a. Right of access
You have the right, in accordance with Article 15(1) of the Regulation, to obtain from the Data Controller confirmation of whether or not your personal data is being processed and, if so, access to such personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom your personal data has been or will be disclosed, particularly recipients in third countries or international organizations; d) where possible, the envisaged retention period for the personal data or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You can find all this information within this Privacy Policy, which will always be available to you in the Privacy section of the Website.