Privacy policy

Privacy policy, pursuant to Regulation (EU) 2016/679, on the processing of personal data carried out through the Website https://onitsmart.it/ (hereinafter referred to as “Website”) also by using COOKIES

(version no. [1] of 14 January 2022)

The privacy policy below (hereinafter referred to as “Web Privacy Policy”) is provided to the data subject by Onit Smart S.r.l. as Data Controller (hereinafter also referred to just as “Controller”) in compliance with Regulation (EU) 2016/679 (hereinafter also referred to just as “Regulation”).

This Web Privacy Policy is provided to the data subject by the Data Controller also in compliance with the regulation on cookies issued by the Italian Data Protection Supervisor (hereinafter referred to as “Cookie Regulation”), available at the following URL: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3118884.

The Data Controller wishes to inform herewith all data subjects about the processing of their personal data carried out through the Website and the Cookies used by the Website, underlining the maximum efforts and commitment by the Data Controller to protecting the data subjects’ rights.

This Web Privacy Policy also provides instructions on how to manage cookies.

This Web Privacy Policy applies only to the Website and therefore it does not relate to other websites, web pages or online services accessible through any links available on the Website but relating to resources external to the domain.

The Data Controller reserves the right to modify this Web Privacy Policy at any time at its sole discretion. Any changes shall be effective from the date of publication of the modified version of the Web Privacy Policy on the Website.

Further and more accurate details on the purposes of the processing as well as other useful information are available in the specific privacy policies of the various services.

In any case, the Data Controller guarantees that personal data shall be processed according to the principles of lawfulness, fairness, transparency and protection of the data subject’s privacy and rights.

By accessing the Website and using its services, a User acknowledges to have viewed the Web Privacy Policy.

Data Controller and contact details

Name: Onit Smart S.r.l. – Società Benefit

Tax code: 04600120408

Number of registration in the Companies’ Register of Forlì: 425472

Registered office: Via Dell’Arrigoni 220, Cesena, Italy

Email: info@onitsmart.it

Certified email: onitsmart@pec.onitsmart.it

Tel.: +39 0547 313110

Fax: +39 0547 318021

For any requests about the processing of personal data and the exercise of the data subject’s rights, please use the contact details below

Email: privacy@onit.it

Certified email: onit@pec.onit.it

Tel.: +39 0547 313110

Fax: +39 0547 318021

Types of data being processed, methods and purposes of processing, storage period and/or criteria for determining storage periods, and legal bases

The following categories of personal data shall be processed: (i) navigation data; (ii) data provided by the data subject; (iii) data obtained through the cookies.

Data shall be processed automatically by the computer systems owned by and/or available to the Data Controller.

(i) Navigation data

The computer systems, the applications and the software procedures used to operate the Website collect, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

Such personal data include: (a) IP address or domain name of the PC and terminal used by the data subject; (b) URI/URL addresses of the requested resources; (c) the time of the request; (d) the method used to submit the request to the server; (e) the size of the file obtained in reply; (f) the numerical code indicating the status of the reply given by the server; (g) the search engine, if any, used to find the link to the Website and then access the Website; (h) other parameters concerning the operating system and computer environment used by the data subject to access and navigate the Website.

(i).1. Purposes of processing

Navigation data under point (i) shall be processed for the following purposes:

(a) allowing users to use the Website;

(b) checking the correct operation of the Website and carrying out the technological maintenance of the Website;

(c) establishing responsibility for any offences committed against the Data Controller through the Website or against the Website itself;

(d) obtaining anonymous aggregate statistical information about the use of the Website.

(i).2. Storage period

Navigation data under point (i) shall be stored for no longer than seven days and shall be cancelled immediately after having been aggregated and anonymised, unless otherwise required by a judicial authority for the detection of any offences.

(i).3. Legal basis

The legal basis for processing the navigation data under point (i) shall consist of the following concurrent and/or alternative criteria: (1) the legitimate interest of the Data Controller, pursuant to as well as within the limits of art. 6, par. 1, point f) of the Regulation, in order to ensure the correct use of the Website and prevent any possible cyber crimes; (2) the consent of the data subject pursuant to art. 6, par. 1, point a) and, if applicable, art. 9, par. 2, point a) of the Regulation; (3) the implementation of pre-contractual measures taken at the data subject’s request or the performance of a contract to which the data subject is party, which functionally require the processing of such data [art. 6, par. 2, point b), of the Regulation] in order to allow users to navigate the Website and access its contents free of charge, unless otherwise specified. 

(ii) Data provided by the data subject

The voluntary sending of messages by the data subject to the Data Controller’s contact addresses, also by sending any emails or filling in and submitting any forms to the Data Controller, implies the collection by the Data Controller of the data subject’s contact details as well as other data, if any, provided by the data subject upon sending of the message (e.g. any data provided in the message content). The data subject shall be expressly forbidden to provide through any forms any personal data of a special nature and/or any personal data of third parties.

Pursuant to art. 13 and 14 of the Regulation, it is understood that, if the Data Controller intends to collect personal data for other specific purposes, the Data Controller shall provide the data subject with information on such additional purposes.

(ii).1. Purposes of processing

The processing of the data provided by the data subject (1) is aimed at allowing communication between the data subject and the Data Controller according to the data subject’s needs, including (2) the submission of any requests for additional information with respect to the information available on the Website or (3) the start of negotiations in order to enter into contracts for the supply of the services offered by the Data Controller. Obviously, should the Data Controller carry out any additional and more specific processing through the Website, the Data Controller shall each time provide the data subject with the relevant additional and more specific information on the protection of personal data (e.g. in relation to any requested services or if the Website includes specific processing such as the subscription to a newsletter or the request to send a CV for specific job roles). Should there be a material and actual risk of a dispute or of any offences committed through the above-mentioned means of communication, the data might be processed (4) to defend or to establish a right in court or (5) to allow any necessary investigations to be carried out, including by any competent public authorities.  

(ii).2. Storage period

The data provided by the data subject under point (ii) shall be stored for the time strictly necessary to satisfy any communication needs as well as any data subject’s requests, except in the event of any requirements relating to the establishment or defence of legal claims or any dispute (in these cases the storage period shall be the one required for the above defence, taking also into account, if necessary, any evidence requirements, any terms of lapse and statutory limitation, which may also provide for a ten-year period, as well as any necessary investigations to be carried out about any offences, including by any competent authorities). It is also understood that the Data Controller may establish different storage periods within the specific privacy policies provided in relation to any additional specific services provided through the Website or any other purposes, for which the Data Controller shall provide specific and separate information on the protection of personal data, including information on storage periods.

(ii).3. Legal basis

The processing of the data under point (ii) shall be based on the following legal bases, which may be concurrent and/or alternative depending on the actual case: (A) the legitimate interest of the Data Controller, pursuant to as well as within the limits of art. 6, par. 1, point f) of the Regulation, in order to be able to carry out the communication activities relating to its business or to satisfy any request for further information or to react to any offences committed through its computer system; (B) the consent of the data subject pursuant to art. 6, par. 1, point a) and, if applicable, art. 9, par. 2, point a) of the Regulation, expressed by clicking the appropriate consent button available in the form for sending a message in the section about the information on the protection of personal data or, in any case, expressed through a significant behaviour, including the conscious and voluntary sending of the relevant message to the Data Controller through the tools available on the Website on which this privacy policy shall be previously available; (C) the implementation of pre-contractual measures taken at the data subject’s request or the performance of a contract to which the data subject is party, which functionally require the processing of such data [art. 6, par. 2, point b), of the Regulation], if the communication sent by the data subject aims at establishing, at the data subject’s initiative, or at carrying on the contacts required to enter into a contract about one or more services provided by the Data Controller; (D) the establishment and/or defence of legal claims or anyway in the event of a dispute, should it be necessary in the actual case in question in relation to the communications sent by the data subject [art. 9, par. 2, point f), of the Regulation].

(iii) Data obtained through the Cookies, methods and purposes of processing, storage period, and legal bases

Cookies may be defined (see Cookie Regulation) as «small strings of text which the websites visited by the user send to the user’s terminal (usually to the browser), where they are stored to be retransmitted to the same websites at the next user’s visit. While navigating a website, the user may also receive on his/her terminal cookies sent by other websites or web servers (so-called “third-party cookies”), which may contain some elements (such as images, maps, sounds, specific links to pages of other domains) available on the website that the user is visiting. The user’s browsers usually contain a great quantity of cookies, which sometimes are also very persistent. Cookies are used for several purposes: computer authentication, session monitoring, storage of information on specific settings about the users accessing the server, etc.».

There are different categories of Cookies according to objective (non-persistent technical session or navigation cookies; persistent technical cookies or functional cookies; analytical cookies with or without anonymised IP address; profiling cookies) or subjective classifications (cookies attributable to the website owner or manager, the so-called “editor” or “first-party” cookies; cookies attributable to other subjects, the so-called “third-party” cookies).

In particular, the Website uses the following Cookies for the specified purposes and storage period.