Privacy Policy

Here is the reviewed and numbered version of the “INFORMATION ON THE PROCESSING OF PERSONAL DATA” document, with only the main paragraphs numbered:

INFORMATION ON THE PROCESSING OF PERSONAL DATA

According to Article 13 of Regulation (EU) 2016/679 (“GDPR”), this document aims to provide clear, complete, and transparent information on the processing of personal data collected from the data subject.

1. Data Controller

Omnio Europe S.p.A. Registered office: Via Antonio Salandra 13, 00187 Rome, Italy Tax Code/VAT Number: 07624990961 Email: office@omnioeurope.com PEC: domecspa@pec.net

2. Data Processor

The processing of personal data may be carried out by subjects specifically appointed as Data Processors (according to Article 28 GDPR) on behalf of the Data Controller. Specifically, the Commercial Agent responsible for collecting contractual proposals acts as a Data Processor, based on a specific written contract under Article 28 GDPR.

3. Purpose of the Processing and Legal Basis

Personal data will be processed for the following purposes:

  • Collection and management of contractual proposals transmitted by the Merchant through the Agent to the Data Controller.
  • Contact, management, and communication with the Merchant for the possible establishment of a contractual relationship.
  • Fulfillment of pre-contractual and contractual obligations (e.g., verification of requirements, correspondence, follow-up).
  • Archiving and management of data for legal protection and compliance purposes.

The legal basis for the processing is:

  • Article 6, paragraph 1, letter b) of the GDPR (“execution of pre-contractual measures at the request of the interested party”).
  • Where necessary, Article 6, paragraph 1, letter f) (“legitimate interest of the holder in managing business contacts and negotiations”).

4. Type of Data Processed

The Data Controller processes the following categories of personal data:

  • Identification data of the owner or legal representative of the commercial exercise: name, surname, tax code.
  • Company data: name of the activity, registered office, registration number in the Business Register, company website, social contacts (e.g., Facebook, Instagram, etc.).
  • Contact details: phone number, company email.
  • Data of company representatives other than the owner or legal representative: name, role, contact details. The processing of special categories of personal data (according to Article 9 GDPR) is not provided for.

5. Methods of Processing

The processing will be carried out:

  • Employing electronic and paper instruments.
  • By subjects authorized to process.
  • In compliance with the principles of correctness, lawfulness, transparency, minimization, and security provided for in Articles 5 and 32 GDPR.

6. Obligation of Contribution (Provision of Data)

The provision of data is optional but necessary for the evaluation and management of the contractual proposal. In case of non-conformance, the Data Controller will not be able to follow up on the proposal.

7. Recipients or Categories of Recipients

The data may be communicated exclusively to:

  • Duly authorized personnel and collaborators of the Data Controller.
  • Formally appointed commercial agents.
  • Legal and tax advisors for contractual and legal protection purposes.
  • Subjects legitimized by legal obligations (e.g., judicial, tax authorities). The data will not be disseminated.

8. Transfer to Third Countries

The data will not be transferred to countries outside the European Economic Area (EEA). In the event of a future transfer, the adoption of adequate guarantees will be ensured according to Articles 44-49 GDPR.

9. Storage Period

Personal data will be stored:

  • For the time necessary to manage the proposal and any contract.
  • Subsequently, for a maximum period of 10 years for legal and documentary protection, unless various legal obligations require a longer retention period.

10. Rights of the Data Subject

The data subject can exercise the rights provided for by Articles 15-22 GDPR, including:

  • Access to data.
  • Rectification or updating.
  • Erasure (right to be forgotten), within the limits of Article 17.
  • Limitation of processing.
  • Opposition to the processing.
  • Data portability, where applicable. To exercise these rights, the data subject may write to the Data Controller at the addresses indicated above.

11. Complaint to the Supervisory Authority

The data subject has the right to complain to the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) (www.garanteprivacy.it), according to Article 77 GDPR, if they believe that the processing of their data is contrary to current legislation.