PRIVACY POLICY

Why this information

Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes the methods for processing personal data. This is an information notice that is provided pursuant to art. 13 GDPR. The information notice is not to be considered valid for other third party websites, possibly accessible through links on this website, for which no responsibility is assumed.

Processed personal data

Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 GDPR). 

Data of contractors / users.

Browsing data

during their ordinary course of operation, the IT systems and software procedures required to run this website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects but, by its very nature, it could enable identification of the users through the processing and matching of data held by third parties. This data category includes IP addresses or domain names of computers used by the users who visit the site, as well as the URI addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply from the server (done, error, etc.) and other parameters related to the operating system and the IT environment of the user. 

Data provided voluntarily by the user

the optional, explicit and voluntary sending of messages to the contact addresses indicated on this website and / or the compilation of data collection forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data inserted.

Information about the processing of personal data carried out through Social Media platforms

Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information notice provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.

Specific information notice

Specific information notice may be present on the websites pages in relation to particular services or processing of the data provided.

 Cookies and other tracking systems. What are? What are they for?

For Cookies and other tracking systems, please see the cookie policy in the footer of the website and at the following link.

1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT?

The Data Controller is OAK INDUSTRIA ARREDAMENTI S.p.A., with registered office in Via Marmolada, 3/5, 22063 Cascina Amata – Cantù (CO), in the person of its Legal Representative, who you can contact for any information by phone 03173711, e-mail privacy@oak.it.

 

2. PURPOSES, LEGAL BASIS, DATA RETENTION, NATURE OF DATA PROVISION 

PURPOSES	LEGAL BASIS	DATA RETENTION	NATURE OF DATA PROVISION
A) POSSIBLE REQUEST FOR CONTACT OR INFORMATION REQUEST, by writing to one of the email addresses on the website.	the processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same; (C44) art. 6 par. 1 letter b) of the GDPR	Maximum 12 months	The provision is necessary. Failure to provide the necessary data will make it impossible to be contacted and receive information.
B) DIRECT MARKETING, for sending advertising or direct sales material or for carrying out market research, approval or commercial and promotional communication, newsletters, by automated means (e-mail). Communications may contain promotional activities. There will be no transfer of personal data. In order to compare and possibly improve the results of automated communications, the Data Controller uses systems with reports. Thanks to the reports, the Data Controller will be able to know, for example: the number of readers, openings, unique “clickers” and “clicks”; the devices and operating systems used to read the communication; details on the activity of individual users; the details of the e-mails sent, e-mails delivered and not, of those forwarded; All these data are used for the purpose of comparing, and possibly improving, the results of communications.	The processing is based on the consent (C42, C43) art. 6 par. 1 letter a) of the GDPR	Until revocation of consent (or opt-out).	The provision is optional. Failure to provide the necessary data will make it impossible to receive direct marketing communications.
C) MANAGEMENT OF YOUR REQUESTS and requests from other data subject, pursuant to art. 15 and following of the GDPR (rights of data subject).	The processing is necessary to fulfill a legal obligation to which the data controller is subject (C45) Art. 6 par. 1 letter c) of the GDPR	5 years from the closing of the request, except for disputes.	The provision is mandatory, as it is essential to execute legal obligations.
D) RESERVED AREA, to create a profile and to access the reserved area.	The processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same; (C44) art. 6 par. 1 letter b) of the GDPR	Until the termination of the contract and the technical time for disabling the credentials.	The provision is necessary. Failure to provide the necessary data will make it impossible to access the reserved area.
E) USE OF COOKIES AND SIMILAR TECHNOLOGIES	For the necessary non-technical cookies and comparable technologies, the processing is based on the consent to the processing of personal data (art. 6 par. 1 letter a and C42, C43 of the GDPR). The consent is given through the banner and the cookie policy of the site.	Please see the cookies policy in the website footer.	Please see the cookies policy in the website footer.

3. WHO WILL THE PERSONAL DATA BE DISCLOSED? PERSONAL DATA RECIPIENTS

The personal data provided, also based on the purposes envisaged in specific areas, will be communicated to recipients, who will process the data as processors (Article 28 of the GDPR), as persons acting under the authority of the Controller and Processor (Article 29 of the GDPR) or autonomous Data Controllers, for the purposes listed above. Precisely, the data will be communicated to: 

• Entities based in Italy, which provide services for the website and communication networks, including e-mail, hosting and website management (including Group companies);
• Third party cookie suppliers;
• Social Network;
• Entities based in Italy, with whom the Data Controller has signed agreements and with prior consent, where required;
• For direct marketing, with prior consent to parties for the management of direct marketing activities;
• Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request.

The list of Data Processors is available by writing to privacy@oak.it or at the other addresses indicated above.

4. WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?

Personal data will not be transferred to non-EEA countries.

5. IS THERE AN AUTOMATED PROCESS?

Personal data will be processed in a traditional manual, electronic and automated manner. Fully automated decision-making processes are not carried out.

6. WHAT ARE YOUR DATA SUBJECT’S RIGHTS?

You may exercise your rights pursuant to article 15 et seq. of the GDPR, contacting the Data Controller at privacy@oak.it. In particular, you have the right, at any time, to request the Data Controller to access your personal data (art. 15), to amend (art. 16), to delete your data (art. 17) or limit their processing (art. 18). The Data Controller informs (art. 19) each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of the processing carried out. The Data Controller informs the Data Subject of these recipients under request.

In the cases provided for, you have the right to the portability of your data (art. 20) and in this case they will be provided to you in a structured format, commonly used and readable, by an automatic device.

Furthermore, you have the right to object, at any time, to processing of your personal data pursuant to art. 6(1)-point (f) GDPR (Data Controller’s legitimate interest).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for this purpose, by sending an e-mail to privacy@oak.it or by clicking on automatic removal link present in the emails that you received (opt-out). In the event that you believe that the processing of personal data carried out by the Data Controller is in violation of the provisions of Regulation (EU) 2016/679, you have the right to lodge a complaint to the Supervisory Authority or to appeal the judge.

7. CHANGES TO THIS PRIVACY POLICY 

The Data Controller reserves the right to amend, update, supplement or remove parts of this Privacy Policy. For your convenience, when we post changes, we will revise the “last update” date of the Privacy Policy. 

Update: 30 marzo 2022