Privacy Policy - Oilalá

Information regarding the processing of personal data prepared and supplied by Oilalà srl as Data Controller, pursuant to articles 13 and 14 of the EU Regulation 2016/679 on the protection of personal data of natural persons (hereinafter also “Regulation” or “GDPR”) and of art. 13 of Legislative Decree196/2003 “Code regarding the protection of personal data containing provisions for the adaptation of national legislation to Regulation (EU) n. 2016/679 of the European Parliament and of the Council, of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data, as well as to the free movement of such data and repealing Directive 95/46 / EC “” (of followed also “Code”). to Users who consult the site https://www.oilala.com (hereinafter also the “Site”).

The following information is provided only for the site https://www.oilala.com and not for other websites that may be consulted by the User via links. The Data Controller will collect and process the types of data listed below in accordance with the provisions of the Code and the Regulations.

I. Data Controller and contact information.

Oilalà srl, with registered office in Via Frà Cristoforo, 14/D – 20141 – Milano (Italy), phone: 0883 1984369, PEC: oilalasrl@pec.it and e-mail: info@oilala.com, VAT number: 09263310964.

The Data Controller is responsible for this privacy statement and for the cookies stored by their services.

II. Method of Treatment

The Data Controller processes the personal data provided and / or collected by users with analogue, IT and / or telematic tools, adopting the appropriate security measures aimed at preventing unauthorized access to the systems and, therefore, their disclosure, modification or destruction. authorized.

Personal data is also processed in aggregate form, with organizational methods and logic strictly suited to the purposes indicated in this statement. On some occasions, the data may be displayed by categories of subjects authorized by the Data Controller, also called in charge of data processing and involved in the organization of the provision of services connected to the website (such as, for example, administrative staff or that commercial, marketing department, legal department or system administrators) or even from external parties (third party technical service providers, couriers, hosting providers) who will be appointed, if the Owner deems it necessary, Data Processors. The updated list of managers and appointees may always be requested by the interested party and is available at the registered office of the owner.

III. Types of data collected and purposes

a) Contact details

These data are requested from the User when completing the registration form and when requesting information on the Site and include: Name, Surname, Company Name, State, Address, Postal Code, City, Province, Telephone Number , Fax number, tax code / VAT number, e-mail and may be processed by the owner for the following purposes:

fulfill the User’s specific requests;
execute the sales contract;
with the prior consent of the User, to establish and manage commercial relations, with particular reference to the purposes of commercial promotion, advertising communication, market research, surveys, statistical processing and marketing in a broad sense relating to products and services provided by the Owner, using both Automated Contact Mode pursuant to art. 130 of the Privacy Code (electronic mail, sms, mms , WhatsApp, telefax, etc. ), both Traditional Contact Modes (paper mail or calls with operator);
prior consent of the User, to detect your degree of satisfaction and consent, on the products and / or services offered, in relation to the analysis of habits and purchase choices, as well as to carry out market research choices made directly by the Owner .

The purposes referred to in points 3) and 4) above may be carried out by the Data Controller also through the use of cookies, as specified in point V of this statement, prepared pursuant to the Provision of the Privacy Guarantor of 05.05.2014 “Identification of simplified procedures for the information and the acquisition of consent for the use of cookies “.

b) Navigation Data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified persons, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the response status given by the server (successful, error etc.) and other parameters relating to the operating system and the User’s computer environment.

These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, the data itself is stored for the time defined in point IV of this information notice.

c) Provision of data

The provision of contact data for the purposes referred to in section III a.1 and III a.2 of this information, it is mandatory and failure to provide it, even partial, will make it impossible for the Owner to proceed with the provision of the services requested.

The provision of Registration data for all the purposes referred to in points III a.3 and III a.4 is optional and therefore there are no consequences in the event of refusal to provide data, unless it is impossible to inform the User about promotional activities. or to check his satisfaction.

The User assumes the responsibility of the Personal Data of third parties communicated or shared through the site https://www.oilala.com and guarantees to have the right to communicate or disseminate them, freeing the Owner from any responsibility towards third parties.

Personal Data may be entered voluntarily by the User, or collected automatically during navigation on the website https://www.oilala.com.

IV. Place and duration of the processing of the collected Data

a) Place

The Data are processed at the operational headquarters of the Data Controller and of the Data Processors, as well as any other place where the parties involved in the processing are located.

Some of our service providers (eg of a technological nature) use data centers or qualified subcontractors that are not established in the European Union, and this may involve the transfer of personal data outside the European Union. When this happens, the legal basis of this transfer is the signing by these suppliers of contractual clauses in accordance with the standard defined by the European Commission.

If personal data is transferred to a third country or to an international organization, the interested party may be informed of the existence of adequate guarantees pursuant to Article 46 of the “Regulations” relating to the transfer by contacting the Owner at the e-mail address info@oilala.com.

b) Duration of treatment and storage

The Data is processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document, and the User can always request the interruption of the Treatment or the cancellation, updating and modification of the Data .

The Data will not be stored beyond 24 months limited to personal data and for marketing purposes only, in compliance with the instructions of the Authority for the Protection of Personal Data on the subject. For the exercise of the right of defense, on the other hand, the duration of the treatment will be equal to the expiration of the time limit for exercising the ordinary judicial action.

V. Cookie Policy

This website uses cookies.

a) Information on Cookies

A cookie (from English, literally, “biscotto”) is a small and light text file that is generated by web services in order to memorize the preferences, activities and tastes of users. The cookie created by a service can be read and modified by the same in order to best characterize its users and, above all, to recognize the user when he returns to the site.

Therefore, different information can be stored in the cookie for different purposes, but only if the user has enabled the installation of cookies from their browser preferences.

It should be pointed out that cookies are not and cannot be dangerous in the common sense of the term: in fact, they cannot in any way convey viruses or other kinds of malware. Instead, they can be used to track user behavior on websites that adopt certain services.

In general, cookies can be completely disabled from your browser settings at any time. For more information, we recommend reading the help and support pages related to it provided by the developers of the same.

b) Types of cookies in use

Google Analytics

Google Analytics is a third party web analysis service provided by Google Inc.

Google uses the personal data collected through its scripts in order to trace and examine the navigation on this site and the services offered by it, compile reports and share them with other third-party services developed by Google.

Google uses personal data to contextualize and personalize the ads of its own advertising network composed of Adsense and Adwords .

Personal data collected: Cookies and navigation data on the site.

Place of processing: USA

You can exercise the right to opt out of Google Analytics from here: http://tools.google.com/dlpage/gaoptout?hl=it

Facebook Messenger

The service is provided by Facebook, Inc. and allows interaction with its live chat platform.

Personal data collected: Cookies, usage data, other data communicated by the user during chat sessions.

Place of processing: USA

Facebook, Inc. adheres to the Privacy Shield.

Pixel di Facebook

Provided by Facebook, Inc.

The Facebook Ads pixel is used to monitor the conversion of advertisements published by the Website Owner on Facebook.

The service links the data coming from the Facebook advertising network with the actions carried out on this site.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States

Facebook, Inc. adheres to the Privacy Shield.

Mailchimp

Mailchimp is an address management and email service provided by Mailchimp Inc.

It is used on this site to manage the e-mail addresses of users requesting the sending of the informative newsletter. Furthermore, the service allows data to be collected relating to the date and time of display of the messages by the recipient, as well as to its interaction with them, such as information on clicks on the links inserted in the messages.

Personal data collected: E-mail.

Place of processing: USA.

Jetpack

JetPack is a third party web analysis service provided by Automattic Inc.

Automattic uses the personal data collected through its scripts in order to track and examine the navigation on this site and the services it offers, compile reports and share them with other third-party services developed by Automattic .

Automattic uses personal data to provide anonymous and aggregate usage statistics of the website, as well as allowing the sharing of articles on the supported social networks.

Personal data collected: Cookies and navigation data on the site.

Place of processing: USA

VI. Rights of the interested parties

The subjects to whom the Personal Data refer as interested parties may exercise their rights pursuant to articles 13, 14, 16, 17, 18, 19, 20 and 21 of the “Regulations” and, therefore, in summary:

ask the Data Controller for access to personal data and the correction or cancellation of the same or the limitation of the processing that concern them or to oppose their treatment, in addition to the right to data portability;
to obtain from the individual Data Controller confirmation that a processing of personal data concerning him is being carried out and in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations; d) when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period; e) the existence of the data subject’s right to ask the Data Controller for the correction or deletion of personal data or the limitation of the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data is not collected from the interested party, all available information on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the person concerned;
to obtain from the Data Controller the correction of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
obtain from the Data Controller the deletion of personal data concerning him without unjustified delay. The Data Controller has the obligation to cancel personal data without unjustified delay, if one of the following reasons exists: a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; 4.5.2016 L 119/43 Official Journal of the European Union EN, (b) the data subject withdraws the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) , letter a) of the Regulation and if there is no other legal basis for the processing; c) the data subject opposes the processing pursuant to Article 21, paragraph 1 of the Rules and there is no legitimate prevailing reason to proceed with the processing, or he opposes the processing pursuant to Article 21, paragraph 2 of the Rules; d) personal data have been unlawfully processed; e) personal data must be deleted in order to fulfill a legal obligation established by Union or Member State law to which the Data Controller is subject; f) personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of the Rules;
to obtain the treatment limitation from the Data Controller when one of the hypotheses of Article 18 of the “Regulation” applies;
receive in a structured format, commonly used and readable by automatic device, the personal data concerning him provided to the Data Controller in order to be able to transmit such data to another Data Controller without impediment if: a) the processing is based on the consent pursuant to of article 6, paragraph 1, letter a), or of article 9, paragraph 2, letter a) of the “Regulation” or of a contract pursuant to article 6, paragraph 1, letter b) of the “Regulations” ; and b) the processing is carried out by automated means;
oppose at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) of) of the “Regulations”, including profiling on the basis of such provisions. The Data Controller will refrain from further processing the personal data unless he demonstrates the existence of legitimate cogent reasons to proceed with the processing which prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court;
Request the complete deletion of the data concerning him, exercising his right to oblivion, without prejudice to the possibility of the Data Controller to keep only the necessary data in another database, separate from the one with which he is processing, in order to exercise his own right of defense.

VII. Right of opposition

If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent to which it is connected to such direct marketing.
If the data subject opposes processing for direct marketing purposes, personal data can no longer be processed for these purposes.

VIII. Communication and dissemination of personal data contained in the curricula vitae

Your personal data will not be disclosed and will not be disclosed to third parties, except for the cases indicated below. They can in fact be communicated:

a) to managers, middle managers and employees designated by the Data Controller for personnel selection activities;

b) to consultants or external companies that carry out research, evaluation and eventual selection of personnel on behalf of the Data Controller;

c) to persons indicated by the user himself in the CV or in the context of the application, for the purposes of verifications and case evaluations.

IX. Changes to this privacy policy

The data controller reserves the right to make any modification to this extended information by giving publicity on this page.

At the end of the present the date of the last modification will be affixed to allow the tracking of the modifications themselves. A copy of each version of this information is available to interested parties at the data controller’s registered office.

In the event that the user does not accept the changes made, he can ask the Data Controller to remove his personal data. Unless otherwise specified, the previous privacy and cookie policy will continue to be applied to personal data collected up to that point.

In the event of non-acceptance of the changes made to this privacy policy, and without prejudice to the rights of the data subject referred to in the previous articles, he may request the Data Controller to remove his Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that point.

X. Normative references

Directive 2002/58 / EC, as amended by Directive 2009/136 / EC, provision of the Privacy Guarantor n. 229 May 8, 2014, Legislative Decree 196/2003, EU Regulation 2019/679.

Bari, 26.02.2019