Privacy policy – European General Data Protection Regulation 679/2016

Data controller and data protection officer

Pursuant to the applicable Law and the European General Data Protection Regulation 679/2016, the Data Controller is: OSS LAB S.r.l. Via RIGHI,2 – Verona acting through its pro tempore Legal Representative.

The Data Controller has appointed Eng. Luca Oldrini as Data Protection officer (dpo@ecoconsult.it)

We inform you that the aforementioned Regulation provides for the protection of data subjects regarding the processing of personal data and that this processing activity will be based on principles of fairness, lawfulness, transparency and protection of your privacy and your rights in compliance with the provisions of Reg. 679/2016

Purposes of processing

Your data will be processed for the following purposes related to legislative or contractual obligations, in particular:

• provide the services requested, manage relations with customers and manage any disputes / complaints made by the data subject;
• control of the quality of communications (including phone calls, emails and messages, etc.) and verification of the effectiveness of the assistance services offered by OssLab S.r.l .;
• purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their judicial functions;
• advanced navigation purposes or personalized content management;
• purposes related to the execution of a contract of which you are a party or to the execution of pre-contractual measures adopted at your request (eg: contact request via the contact form, etc.);

The processing of functional data for the fulfilment of these obligations is necessary for a proper management of the contractual relationship and their provision is mandatory to implement the abovementioned purposes. The Data Controller states that any non-communication, or incorrect communication, of one of the mandatory information, may cause the Data Controller's inability to guarantee the adequacy of the processing.

Methods of processing and legal basis

Your personal data may be processed manually or with electronic means. Each processing activity takes place by adopting the appropriate security measures.

For phone calls connected to the services provided, the user in case of any registration of the call, will be notified in advance through a short information note issued by a recorded voice. If the user does not intend to interrupt the phone call, the principle of "continuation of the phone call / consent" to registration is understood.

The provision of data is optional, but necessary to manage the quality control of the service provided.

The legal basis of the processing are the stipulation and execution of a contract, the fulfillment of legal obligations and the pursuit of the legitimate interest of the Data Controller. OssLab S.r.l. specifies that it does not carry out automated processing (including profiling) of the personal data.

Disclosure of personal data:

Your personal data, given voluntarily in the services available on the present website, will be processed and managed for the purposes necessary for the correct management of the requested relationship, with guarantee of protection of the data subject’s rights. Your data will be processed only by staff expressly authorized by the Data Controller.

In the event that personal data require the performance of a service that involves the sending of promotional notices, in accordance with the conditions and authorizations issued by the data subject, the company may use external services of third parties specialized in the management of these services. In this case it will be the responsibility of the data controller to specify exactly the terms of the service and to request consent under the terms of this regulation.

Category of subjects to whom the data may be disclosed:

Personal data may be disclosed to companies contractually linked to OssLab S.r.l. within the European Union, in order to comply with the purpose for which they were collected. The data can be communicated to:

• third-party companies and / or companies connected to the Data Controller;
• subjects appointed as processors by the Data Controller;
• competent authorities for any fulfillment of legal obligations and / or provisions of public bodies;
• staff of the Data Controller who carry out processing activities as authorized subjects.

The list of these subjects is available at the headquarters of the Data Controller.

Transfer of data: the transfer of personal data to third countries is not envisaged, except in the case in which this transfer is legitimized by specific situations of safeguarding the physical safety of the data subjects, overriding public interest or national security. In such cases, the transfer of data abroad will take place exclusively in the context and in compliance with current legislation.

Retention period

Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, the storage period of your personal data is:

• Established for a period of time not exceeding the completion of the services provided
• Compliant to the terms of the law provided for by the specific processing.

Cookies management:

For more details see the information on cookie management in the footer on the homepage:

https://www.one-sky-solutions.com

In the event that you have any doubts or concerns regarding the use of cookies, you can always choose to prevent them from being set and read, for example by changing the privacy settings in your browser in order to block them.

Rights of the data subjects:

You can assert your rights as established by the GDPR by sending an email to privacy@oss-lab.it

You have the right to obtain from the Data Controller the erasure (right to be forgotten), limitation, updating, correction, portability, object to the processing of personal data concerning you, as well as in general can exercise all the rights provided from the articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.

1. The data subject has the right to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet registered, and their communication in intelligible form.

2. The data subject has the right to obtain information about:

1. the origin of personal data;
2. the purposes and methods of processing;
3. the logic applied in case of processing activity carried out with the aid of electronic means;
4. the contact details of the Data Controller, of the Data processor and of the designated representative according to article 5, paragraph 2;
5. subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, processors or in charge of.

3. The data subject has the right to obtain:

1. the update, rectification or, when interested, to have incomplete personal data completed;
2. the erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
3. the proof that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or would involve a disproportionate effort;
4. data portability.

4. The data subject has the right to object, in whole or in part:

1. for legitimate reasons, to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;
2. to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales or for carrying out market research or commercial communication.

Right to lodge a complaint:

The data subject has the right to lodge a complaint with the competent supervisory authority and to appeal to the competent national courts of the Member States in accordance with Article 79 - Competent Authority www.garanteprivacy.it

Profiling

For the purposes and types of data collected from this website, the absence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, is confirmed.

Further information

For any further need, request for information or clarification, please contact our office at the telephone numbers and / or email listed below (footer area).