(updated to the gdpr 679/2016)

Olojin S.r.l. Società Benefit, headquartered in Via Ferrovia, 26 – 31020 San Fior – TV – ITALY – TAX ID N°, VAT N° 01560130930, represented by its legal representative, as data controller (subsequently, the holder of the authorisation) informs you, pursuant to Articles 13 and 14 of the EU regulation n.2016/679 (thereafter GDR) and in compliance with Italian Legislative Decree n°196/03(thereafter “Privacy Code”, as modified in 101/18 Legislative Decree), that its data will be trated with the means and for the following purpose:

1) Subject-matter of the processing
Considering our business services and products, the data controller treats personal, identifying and not particular data (for example:name, surname, tax code, email, telephone number (thereafter personal data or just “data”) supplied by you under the process of application for our services and/or when defying contractual arrangements and/or for promotional initiatives and for the purposes indicated hereunder.
For some services processing of particular data is necessary, namely of personal data suitable for detecting racial and ethnic origins, religious, philosophic or other types of belief, political opinions, party, trade union joining, groups or organization of a religious, philosophical, political or trade union like background, the health and the sexual life (thereafter particualr data). Legal data may be required for certain legislative purposes.

2) Purpose of processing and legal basis for processing
Your personal data are processed:
A) Without your explicit permission, because they derive from legal and/or contractual obligations or refer to legitimate interests(Privacy Code and article 6 - DGPR) for the following purposes:

Manage and maintain the services required by the person concerned and to find the subject for the organization of the services requested;
Fulfil the pre-contractual, contractual and tax obligations arising from the relationship established with you; Fulfil the obligations required by the law, by regulations, by Community legislation or by an order of the Authority, including accounting and tax matters;
Preventing or detecting malicious fraudulent activity or abuse and/or for the purposes set out in the applicable anti-money laundering legislation.

Mandatory requirements deriving from organizational and management model requirements based on specific recognized standards (e.g. ISO standard, UNI, etc.) required by law and/or specific contractual obligations required by the interested party and/or explicit as service requirements.

Exercise the rights of the Controller, for example the right of defence in court.
Availability of the subject for information relating to the services requested and their management;
Allow you to sign up for the service and and allow the sending of useful information to the subject according to the services requested;

For legitimate interest in updating communications about our organization and/or arising from applicable regulatory/legislative requirements.

B) only with your explicit prior consent (art.7 GDPR and Legislative decree 196/03), for the following purposes
B.1 marketing and/or commercial: by e-mail newsletter, commercial communications and/ or advertising material on products and services of the owner. Please note that if you are already a customer, we may send you commercial communications relating to services and products of the Owner similar to those you have already used, subject to your disagreement(Privacy Code).
To send you informative, promotional, advertising and marketing material.

For other purposes, it is the controller’s responsibility to define specific information and related requirements for consent and/or additions to the processing.

3) Methods and duration of data processing
The processing of your personal data is performed by means of operations or combination of operations indicated in the Italian law D. Lgs. 196/2003 and in the GDPR art. 4n. 2) and, precisely: collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block, communication, dissemination, erasure, destruction. Your personal data will be processed both on paper, electronic or other automatic systems. The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no longer than 10 years from the end of the contract for the purposes of point 2.A (unless other legislative requirments). For porpuses of point 2B, instead, data are processed up to the revocation of consent, or after 2 years of the interruption of relations/communications with the subject.

Profiling: data profiling are only carried out for communication and analysis purposes.

4) Data access
You can have access to your data any time, by making a simple request to the email addresses indicated in this statement.

5) Data communication
Your data may be made accessible and/or communicated for the purposes referred to art. 2.A) and 2.B): Without prejudice to communications and publication made in compliance with legal obligation, your data may be communicated in Italy and/or abroad (as ias stated in the following points) to:
employees and collaborators of the owner in the capacity of agents and/ or internal managers of the processing and/ or management system administrators;
technicians and collaborators for administrative, financial and accounting management, and/or for wich external suppliers have been identified;
our network of agents, factoring companies, banks, debt collection agencies; credit insurance companies; companies in the field of business information for services required; professional and consultants; companies operating in the transport field;
technicians and collaborators in charge of providing the services/products requested, supervisory boards, legal authorities, as well as all other parties to whom communication is mandatory by law for the accomplishment of the aforementioned purposes. To legal entities to which services referred to in this policy have been entrusted.

To companies and other legal entities, qualified and designated in accordance with art.28 of 679/16 regulations for support activities such as: management and development of communication, management and development of company processes and projects, communication and promotion systems, for the storage of personal data. Access may be allowed to third parties and associated companies, which provide services deemed necessary and / or useful by the controller for the management of business activities and support processes related to or requested by it. Suppliers include IT system maintenance companies; banks, professional offices, companies that provide services on computer systems/platforms whose use the Controller considers useful, companies that outsource activities on behalf of the controller, as external data processors.

6) Data transfer
The management and storage of personal data will take place on servers located within the European Union of the Controller and / or third companies appointed and duly appointed as data processors. Our internal servers are currently located in Europe. The data will not be transferred outside the European Union. In any case, it is understood that the Controller, if necessary, will have the right to move the location of the servers in non-EU countries.
In this case, the Data Controller hereby guarantees that the non-EU transfer of data will take place in accordance with the applicable legal provisions. Where necessary it will conclude agreements, guaranteeing an adequate level of protection and/or adopting the standard contractual clauses established by the European Commission. For some mailing or storage services we rely on "cloud" platforms, that can have non -EU servers, but data are only temporarily stored for the requested service

7) Compulsory or optional authorisation to the handling of personal data and consequences of denial.
The provision of data for the purposes referred to in Article. 2.A) is mendatory. In their absence, we could not guarantee you the services referred to in point 2.A). The provision of data for the purposes referred to in paragraph 2.B) is optional.
You may therefore decide not to provide any data or subsequently to deny the possibility to process data already provided: in this case, you will not be able to receive commercial communications and advertising material concerning the Controller services. In any case, you will continue to be entitled to the Services referred to in art. 2.A).

8) Rights of the data subject
In your capacity as an interested party, you have the rights set forth in 196/03 of the Privacy Code and art. 15-22 GDPR and precisely the rights:
A) to obtain confirmation whether or not your personal data exist, even though the information is not yet registered and to request that the data are made available to you in intelligible conditions.
B)to receive information on: the origin of personal data; the purposes and methods of their processing; the logic applied in the case of processing performed using electronic instruments; the identification details of data controller, data processor and the representative designated according to the Privacy Code and art.3 clause 1 GDPR, the indication of the subjects or of the categories of subjects to whom the personal data may have been disclosed or who may have access to it acting as State officer, as executives or persons in charge;
C)to obtain the updating, rectification or integration of data and their cancellation, transformation into anonymous form or blocking them if used in violation of the law; including the ones which don't need to be stored if related to the purposes they have been collected and treated for; a certification that the operation mentioned at the two points above 8.A) and B) have been notified, also in relation to their content, to the other companies to which the data have been communicated or widespread, unless such performance proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
D) to oppose, fully or partially, for legitimate reasons to the treatment of personal data concerning his/her person. although pertinent to the purpose for which it was collected; to the treatment of personal data relating to advertising material, direct sales, market research or commercial communication surveys. Thorugh automated calling systems without human intervention, through traditional form of marketing, through the phone or paper mail. It should be noted that the right of opposition of the subject, as set out in point B) above, for purposes of direct marketing by means of automated methods extends to the traditional ones and that, in any case, the possibility for the subject to exercise the right of opposition even in part is not affected.Data subjects may therefore decide to only receive communications using traditional means, or only automated communications or neither of these two types of communications.
If applicable, you have the rights under articles 16-21 GDPR (right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right of objection),as well as the right to lodge a complaint with the Italian Data Protection Authority.

9) Means of exercising the rights
You can exercise your rights at any time by sending:

10) Underage
All services are not intended for children under 14 and the Controller will not collect personal information of children on purpose. If underage people’s information is unintentionally recorded, the Controller will delete them promptly, at user request. For potential needs of treatment of underage people’s data, specific consent and authorisation will be requested from the person exercising parental responsibility and/or from the holder of parental responsibility (as in art.8 of the 679/16 regulations).

11) Controller, processor and people appointed
The data controller is Olojin S.r.l. Società Benefit, in the person of the pro-tempore legal representative. The Controller is available at addresses mentioned above. The updated list of supervisors and data processors is kept at the registered office of the Data Controller.

12) Data Protection Officer (D.P.O.)
Omniter Group Srl, in the person of Scarabello Michele, Via Pierobon, 65 – 35010 Limena (PD);

13) Changes to this Privacy Policy
This policy may change. It is therefore advisable to check regularly this privacy policy and refer to the most updated version.