OMEC SRL (hereinafter referred to as the “Data Controller”) is constantly committed to protecting the online privacy of its users. This document has been drafted pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter: “Regulation”) to allow you to understand our privacy policy, understand how your personal information is managed when you use our site (hereinafter “Site”), and, if necessary, to provide express and informed consent to the processing of your personal data.
According to the Regulation, the data processing carried out by the Data Controller will be based on principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
WHAT TYPES OF PERSONAL DATA DO WE PROCESS
a. Data provided during registration The Data Controller will process the personal data necessary to correctly register you on the site to allow access to our e-commerce and related services. These data are provided directly by the user and may include personal and contact details, such as name, surname, date of birth, email address, and phone number.
If you authorize us or through the use of cookies, we may store authentication or payment data, which you can delete at any time and will only be used for contract execution purposes.
b. Data collected to provide the service To purchase our products, we will ask for the data necessary to execute the contract, such as shipping and billing information. To provide our service, we may need to process special categories of data under Article 9 of the Regulation.
c. Navigation data The computer systems acquire, during the use of the platform and for its normal operation, data that by their nature do not have an identifying function but could be associated with data held by third parties. This category includes IP addresses, URI addresses of requested resources, request times, device characteristics, file sizes exchanged, or other types of information. These are anonymous or aggregated data that generally do not allow your identification and serve to identify anomalies and issues. Data may be retained to protect our rights but will not be stored for more than seven days unless needed for this purpose.
PURPOSES, LEGAL BASIS, AND EXPLANATION
Below we indicate the purposes for which we will use your personal data, the legal basis under Article 6 of the Privacy Regulation, and a brief explanation of each purpose:
Purpose | Legal Basis | Explanation |
---|---|---|
a) Registration, authentication, and site use | Contract performance | To provide access to our services. |
b) Order processing | Contract performance | To handle your orders. |
c) Storage of payment data | Consent | To save payment data for faster purchases. Without consent, nothing will be saved. |
d) Communication to business partners and third parties | Consent | With your authorization, data may be shared with operational partners (logistics and couriers), but never for advertising or commercial purposes. |
e) Newsletter | Consent | By subscribing, you allow us to send updates and information on topics of interest. |
f) Profiling | Consent | With your authorization, we may analyze your interests to place you in specific categories or predict your behaviors. |
g) Direct marketing communications | Legitimate interest | We will update you only on our products or services if you have previously purchased from us. Our emails will not be frequent or invasive, and you can unsubscribe at any time. |
h) Service and experience improvement, management and market planning | Legitimate interest | We use anonymous and aggregated data as much as possible for service improvement and planning; personal data may be necessary but will be used internally and securely. |
i) Detect or prevent fraudulent activities | Legal obligation and legitimate interest | We may need to process your personal data in case of malicious activities on our site. |
j) Compliance with judicial or public authority orders | Legal obligation | |
k) Accounting record keeping | Legal obligation |
Some products may require access to special categories of data under Article 9 of the Privacy Regulation; thus, we may request consent to provide additional services related to these products. Such data will generally be processed using encryption, anonymization, and pseudonymization techniques.
WHAT HAPPENS IF YOU DECIDE NOT TO PROVIDE YOUR DATA?
Providing your personal data for purposes a) and b) is necessary for registration on the platform and contract conclusion. Without this data, we cannot provide our services. Consent for purposes c) and d) is optional and will not negatively affect your user experience. However, consenting to these purposes allows us to grow and provide better and cheaper services.
TO WHOM DO WE COMMUNICATE YOUR DATA
Based on legitimate interest and as specified in section 2 of this information notice, we communicate your personal data to other companies within our group for better organizational efficiency, adopting all necessary technical and legal precautions. Additionally, we communicate data to our suppliers for service provision needs or where there is a legitimate interest as indicated in Article 2. Suppliers may include delivery services, IT companies, legal consultants, payment processing companies, and marketing companies. If suppliers process personal data on behalf of the Data Controller, they will be appointed as data processors ex. art. 28 GDPR.
TRANSFER TO THIRD COUNTRIES
Some personal data may be shared with entities outside the European Economic Area; we ensure this is done in compliance with Regulation 679/2016, adopting safeguards that provide for transfer only to countries with adequacy decisions, standard contractual clauses approved by the European Commission, consent, or other appropriate legal basis.
DATA RETENTION
Personal data will be retained only for the needs related to each of the purposes in section 2 and in compliance with the principle of minimization. We may need your data to defend your or our rights (Articles 2946 cc. et seq.) and to comply with accounting record-keeping obligations. Thus, we retain this data as long as necessary and in any case no longer than 10 years. We also retain your data whenever required by law or public authority orders. We keep your marketing data for two years from the last commercial contact. You can revoke your consent at any time by requesting it from the Data Controller.
More information on data retention periods and the criteria used to determine these periods can be obtained by writing to: info@omec-srl.com.
YOUR RIGHTS
You have the right to access your data at any time under Article 7 of the Privacy Code and Articles 15-22 GDPR. Specifically, you can request access (Art. 15 Regulation), rectification (Art. 16 Regulation), deletion (Art. 17 Regulation), limitation of data processing in the cases provided by Art. 18 Regulation, data portability in the cases provided by Art. 20 Regulation, and lodge a complaint with the competent supervisory authority (Personal Data Protection Authority). You also have the right to revoke your consent at any time under Article 7 of the Regulation; it is specified that revocation of consent does not affect the lawfulness of the processing based on consent before its revocation.
You can submit an objection request to the processing of your data under Art. 21 Regulation, providing evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate your request, which would not be accepted in case of compelling legitimate reasons to proceed with the processing that outweigh your interests, rights, and freedoms.
HOW TO EXERCISE YOUR RIGHTS OR REQUEST INFORMATION ON THE PRIVACY POLICY
For any information and needs, as well as to exercise the mentioned rights, we are at your disposal at the email address info@omec-srl.com.
CHANGES
This privacy policy is effective from 22/05/2023. The Data Controller reserves the right to modify or simply update its content, in part or entirely, also due to changes in the applicable legislation. The Data Controller will inform you of such changes, and they will be binding once published on the Site. The Data Controller invites you to regularly visit this section to become aware of the most recent and updated version of the privacy policy to stay updated on the data collected and how it is used by the Data Controller.
COOKIE POLICY
WHAT IS A COOKIE?
Cookies are small text strings that the sites visited by the user send to their terminal (usually the browser), where they are stored to be retransmitted to the same sites upon the next visit by the same user. While browsing a site, the user may also receive cookies from different sites or web servers (so-called “third parties”), on which some elements (such as images, maps, sounds, specific links to pages of other domains) may reside.
WHY DOES OMEC-SRL.COM USE COOKIES?
Cookies are used for different purposes, such as performing computer authentications, session monitoring, storing information on specific configurations, or for targeted advertising.
WHAT COOKIES ARE USED?
The Site uses the following cookies that can be deselected, except for third-party cookies for which you must refer directly to the respective selection and deselection methods indicated through links:
NOTE: Disabling technical and/or functionality cookies may make the Site unavailable or some services or functions of the Site may not be available or work correctly, and you may be forced to modify or manually enter some information or preferences each time you visit the Site.
Third-party cookies, i.e., cookies from sites or web servers different from Omec SRL used for the purposes of these third parties. It is specified that these third parties, listed below with the respective privacy policies, are typically autonomous data controllers for the data collected through the cookies they serve; therefore, you must refer to their data processing policies, information notices, and consent forms (selection and deselection of the respective cookies), as specified in the General Data Protection Regulation 679/2016 (GDPR):
HOW CAN I DISABLE COOKIES?
Most browsers accept cookies automatically, but you can also choose not to accept them. We recommend not to disable this function as it may prevent you from moving freely from one page to another and from enjoying all the features of the Site. If you do not want your computer to receive and store cookies, you can modify your browser’s security settings. However, certain parts of our Site can only be used fully if your browser accepts cookies. Therefore, your choice to remove and not accept cookies may negatively affect your visit to our Site.