This Policy describes the OMET commitments to the protection of personal data.
OMET respects the privacy of every user who visits the Site. The Policy does not apply to third-party sites that can be accessed through external links. Users’ personal data will be processed in compliance with the applicable regulations, with a special reference to EU Regulation 2016/679 and to the Italian laws and regulations (hereinafter the “Applicable Privacy Law“).
Identification of the Data controller and contact details
Pursuant to EU Regulation 2016/679 on the protection of personal data, the Controller of data possibly collected through this Website is the Company: OMET S.r.l.
Registered office: 22, Via Caduti Lecchesi a Fossoli (Lecco)
Type of data processed by OMET
The computer systems and software procedures responsible for this Website’s operation acquire, in normal operation, some personal data that are then implicitly transmitted in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature it could allow users to be identified, through processing and association with data held by third parties. This category of data includes, for example:
- the IP addresses or domain names of the computers used by users who connect to the site;
- the URI addresses (Uniform Resource Identifier) of the queried resources;
- data related to the type of browser used by Users as well as the date and time of use to access the Site.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct operation. Data may be used to ascertain responsibilities in case of hypothetical computer crimes against the site.
Data provided voluntarily by the data subject
These are personal data provided directly by the User at the time of registration necessary to access the Site or in special sections of the Site, i.e. all personal information that allows the identification of the User (such as name and surname, address, e-mail address, telephone numbers, other numbers or personal identification codes).
The optional, explicit or voluntary sending of e-mails to the addresses indicated on the Website or the completion of forms for the collection of personal data involves the subsequent acquisition of the sender’s address, which is needed to respond to requests, as well as any other personal data sent.
Purposes and legal grounds for the processing of personal data
OMET processes Users’ data mainly to allow them to access, subscribe and surf the Site as well as to use the Services.
Any further processing takes only place on the basis of obligations established by law, or upon the explicit consent given by the User.
In particular, the Data Controller collects and processes personal data of Users for the following purposes:
- to reply to requests from Users sent via the Site;
- to send information material (for example offers or catalogues);
- to prevent fraud or crimes committed through the Site;
- to fulfil legal or tax obligations pursuant to applicable law;
- to contact Users through automated and non-automated tools (e-mail, social, paper mail, telephone with operator) to offer them commercial offers and promotions, including by sending regular newsletters as well as involving them in market research and surveys.
For the purposes referred to in letters (a) to (d), OMET will process personal data of Users based on their requests and their legitimate interest.
For the purposes referred to in the letters (e), it will process personal data of Users on the basis of their consent.
Communication to third parties
The persons appointed from time to time by the Company as data processors or in charge of processing may become aware of the User’s personal data.
Personal data may be communicated to:
– subsidiaries and/or companies controlled by OMET Group for the same purposes specified in letters a), b), c) and d) above. Upon prior consent of the user, the above-mentioned companies may, in turn, use such data for marketing and advertising communications purposes via e-mail, telephone and any other remote communication technique, being now available or developed in the future. These persons will act as independent data controllers.
The consent to the communication of personal data is optional and any refusal will not compromise the possibility of registering on the Website and participating in the initiatives promoted by the Company. Even in case of consent, the user will still have the right to object, in whole or in part, to the communication of his/her personal data to these third parties, as well as their resulting processing for marketing or direct sales, by submitting a simple request, without any formalities, to the Company or to third parties to whom data will be communicated. The User’s personal data will in no way be disclosed to the public
Data retention period
Personal data processed on the basis of the consent from the User will be kept for the time strictly necessary to achieve the purposes for which they were originally collected and, in any case, will no longer be processed after any revocation of the granted consent and in any case no later than 10 years from the termination of the commercial relationship.
Should the processing of personal data take place to fulfil legal, tax or judicial obligations, data may be stored up to a maximum of ten (10) years from the completion of the activities.
Method of processing
All personal data will be processed mainly through electronic tools and methods; however processing by paper means is not excluded beforehand by OMET.
The Data Controller will take all necessary security measures in order to minimise the risk of accidental destruction or loss of data, unauthorised access or processing that is not permitted or not compliant with the purposes indicated in this document.
However, since it is not possible to guarantee that the measures taken for the security of the Site and the transmission of data are such as to exclude any risk of unauthorised access or loss of data, we recommend that the user make sure that his/her computer is equipped with updated antivirus software for data network protection – both inbound and outbound – and that his/her Internet service provider has adopted firewalls and anti-spam filters, or other appropriate measures for the security of data transmission.
Transfer of personal data abroad
Users’ personal data may be transferred to countries outside the European Union in compliance with data protection levels in line with the applicable Privacy Law. In case of transfer of personal data outside the European Union, OMET undertakes to take all the necessary precautions to protect such transfers – for example, through the use of standard contractual clauses or other legal instruments, in the absence of an adequacy decision.
The Data Controller can be freely contacted for any request related to this Policy by writing to OMET, or by sending an e-mail to the address email@example.com.
The Data Protection Officer of OMET can be contacted at firstname.lastname@example.org.
Pursuant to the Applicable Privacy Law, Users will be entitled to:
- a) be informed of the purposes and methods of processing their personal data;
- b) access their personal data;
- c) obtain a copy of their personal data, if these are stored in countries outside the European Union, as well as to obtain an indication of the place where such personal data are stored or transferred;
- d) request the correction, update or supplementation of their own personal data;
- e) request for cancellation, anonymisation or blocking of the processing of personal data;
- f) object, in whole or in part, to any processing performed through automated decision-making processes, including profiling;
- g) revoke their consent to the processing, where provided, freely and at any time;
- h) contact the Data Protection Officer;
- i) file a complaint with the Supervising Authority for the protection of personal data.
Pursuant to the Applicable Privacy Law, from May 2018, Users will also have the right to exercise the following rights:
- a) the right to data portability, i.e. the right to receive their personal data in a structured, commonly used and machine-readable format, and the possibility of being able to transmit them to another data controller freely and without impediments – where applicable;
- b) the right to request the limitation of the processing of personal data, where applicable.
Children under the age of 16 must not and cannot provide information or personal data to the Company without the consent of those who have parental authority over them. Without this consent, no online registration will be possible.
OMET invites all those who exercise parental authority over children to inform them about the safe and responsible use of electronic or paper means and to put in place the most appropriate procedures during registration or compilation. If in doubt about this subject, please contact email@example.com.
Identification of the Data Protection Officer
Pursuant to Article 37 of EU Regulation 2016/679 on the protection of personal data, a Data Protection Officer (DPO) has been appointed, who can be contacted at the following email address: firstname.lastname@example.org.
Changes and updates
This Policy is updated and enforceable from 25/05/2018