Privacy policy

on the protection of personal data

Pursuant to articles 12, 13 and 14 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), and in general in compliance with the principle of transparency provided for by the GDPR itself, our company provides the following information in Merit to the processing of personal data (ie any information concerning a natural person identified or identifiable hereinafter "Personal Data"), in relation to the stipulation and execution of the Contract / order concluded with the Customer (also "theInterested").


1. Treatment holder

The Data Controller (i.e. the subject who determines the purposes and means of the processing of personal data) is the company ONILOC Srl - via Thomas A. Edison 7, 25012 Camposampiero (PD) Italy - PEC: onilocsrl@pec.it- Email : contact: info@oniloc.com.

2. The treatment of personal data

The processing of the personal data of the interested party will be carried out both with manual and IT and telematic tools in compliance with the rules in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organization and processing logics. strictly related to the purposes pursued and in any case in such a way as to guarantee the security, integrity and confidentiality of the data processed, in compliance with the organizational, physical and logical measures provided for by the provisions in force. Which will be implemented and increased from time to time also in relation to technological development to ensure confidentiality, availability and integrity of the data processed. There are no automated decision-making processes.


3. Purpose of the treatment

The Personal Data collected will be processed for purpose described below:

 execution of the contract (the "Contract") relating to the Customers, in all its phases, including pre-contractual ones and therefore for purposes strictly related to the management of the contractual relationship with the Customer, including administrative and accounting formalities and obligations (by way of example, acquisition of preliminary information for the conclusion of a Contract; execution of operations on the basis of the obligations deriving from the Contract / order concluded; for operational and managerial needs; for control requirements on the execution of the service; for verification of tax and contribution regularity; for the management of litigation - contractual breaches; warnings; transactions; credit recovery; arbitration; judicial and other disputes procedures for settling any disputes, including out of court, etc.).

  1. fulfillment of regulatory obligations (di fonte sia nazionale che comunitaria) ed alle disposizioni impartite da autorità a ciò legittimo dalla legge e da organi di vigilanza e controllo;
  2. sending commercial proposals (if the interested party does not express dissent) transmission, through the e-mail coordinates provided, communications relating to the direct sale of products or services similar to those already provided, provided that the interested party, adequately informed, does not refuse such use, initially or on the occasion of subsequent communications. These communications may be made by sending e-mails, ordinary mail, by message or even via social media. If the interested party is in a position to receive e-mail messages published by the Data Controller that are no longer of interest, it will be sufficient to click on unsubscribe button placed at the bottom of the same to no longer receive any communication, even through additional contact channels for which consent was obtained.
  3. The Personal Data provided may be processed for the protection of legitimate interests of the Owner including the defense in court. The data processed are briefly:
  • identification data of natural personsidentification data of natural persons
  • contact details relating to communications (via Internet, telephone, etc.), such as landline or mobile telephone numbers, e-mail addresses, provided at the time of stipulation or during the term of the Contract;
  • particular categories of data: not treated

judicial data: not treated.



4. The legal basis

The provision of Personal Data is strictly necessary to carry out the purposes indicated in the previous paragraph "Purpose of the Treatment".

There is no obligation to provide data in the pre-contractual phase for the purposes referred to in letters a) and b), but failure to provide it will make it impossible to conclude the Customer Agreement.

Una volta stipulato il Contratto/ordine, il conferimento dei dati ulteriormente necessari, o l’aggiornamento di quelli già forniti, è obbligatorio per tutto quanto è richiesto dagli obblighi legali e contrattuali per le finalità di cui alle lettere a) e b), e, pertanto, l’eventuale rifiuto a fornirli in tutto o in parte può dar luogo all’impossibilità per la Società di dare esecuzione al Contratto e potrebbe comunque configurare inadempimento contrattuale o violazione di legge da parte del Cliente. I Dati Personali saranno trattati per un periodo di tempo pari al minimo necessario, ossia fino alla cessazione degli eventuali rapporti precontrattuali e contrattuali in essere con il Titolare del Trattamento, tenuto conto dei termini di prescrizione legale ed in ogni caso, i dati saranno conservati per non più di 10 anni dal termine del rapporto che coincidono con i termini civilistici, salvo i tempi necessari per la tutela degli interessi legittimi del Titolare del Trattamento. In ogni caso si applicheranno i principi di necessità, proporzionalità e non eccedenza.

Mentre il trattamento di cui alla finalità c) potrà avvenire salvo che l’Interessato, adeguatamente informato, non rifiuti tale uso, inizialmente o in occasione di successive comunicazioni, come previsto dal comma 4 dell’art. 130 D.Lgs. 196/2003 e successive modifiche. I dati forniti per tali finalità suindicate, saranno conservati per il periodo necessario in relazione alla finalità e comunque, sino al dissenso espresso dell’Interessato.

 Si ricorda che i dati forniti potranno essere trattati per la tutela di interessi legittimi del titolare di cui alla finalità espressa nella lettera d). Anche in questo caso si applicherà il principio di non eccedenza, in tale caso i dati saranno conservati per 10 anni che coincidono con i termini civilistici ovvero per tempi di conservazione maggiori legati se del caso, alle esigenze di tutela anche giudiziale.

5. Diffusione, Trasferimento. Eventuali destinatari o categorie di destinatai dei dati

Diffusion: The data will not be disclosed.

 Transfer. The Personal Data will be processed inside the UE territory.

In the event that for technical and / or operational reasons it will be necessary to make use of subjects located outside the European Union, the transfer of Personal Data, limited to the performance of specific processing activities, will be regulated in accordance with the provisions provided for by Chapter V of the Regulations. All necessary precautions will therefore be taken in order to guarantee the most complete protection of your Personal Data by basing this transfer: (i) on adequacy decisions of the recipient third countries expressed by the European Commission; (ii) on adequate guarantees expressed by the third party recipient pursuant to Article 46 of the Regulation; (iii) on the adoption of binding corporate rules.

Recipient. The data provided will be processed exclusively by persons authorized to process and appropriately trained, as well as through data processors linked to the Data Controller by a specific Contract, for example:

  • Accounting firm
  • Legal counsel
  • Other professionals (natural or legal persons) who, by providing goods or services, work on behalf of the Data Controller (external managers)
  • Banking Institutions for collection management.

It is understood that the data processed will be exclusively those necessary for the achievement of the specific purpose, it follows that the data managed through third parties will be limited to the specific purpose.

The data may also be disclosed to Public Bodies, Police Forces or other Public and Private Entities, but exclusively for the purpose of fulfilling legal obligations, regulations or community legislation.


6. Respect for the rights of the interested party of the interested party: Articles 15, 16, 17, 18, 19, 20, 21, 22 and 77 of the EU Regulation

The GDPR attributes to the interested party the exercise of the following rights with reference to personal data concerning him (the brief description is indicative, and therefore refer to the GDPR, and in particular to articles 15-22):

  1. a) access to personal data (the interested party will therefore have the right to have free information about the personal data held by the Data Controller and related processing, as well as to obtain a copy in an accessible format);
  2. b) rectification of data (the Data Controller will, upon notification of the interested party, correct or integrate the personal data of the interested party - not expression of evaluation elements - incorrect or inaccurate, even if they have become such as they are not updated);
  3. c) withdrawal of consent (if the processing takes place by virtue of the consent expressed by the interested party, but this is not the case with regard to the treatments referred to in this Notice, the same may revoke the consent at any time, without prejudice to the lawfulness of the processing loaned before revocation);

d) deletion of data (right to be forgotten) (for example, when the data are no longer necessary with respect to the purposes for which they were collected or processed; they have been unlawfully processed; when they must be deleted to fulfill a legal obligation; when the interested party has revoked the consent expressed, but this is not the case with regard to the treatments referred to in this information, and there is no other legal basis for the treatment; the interested party opposes, if the conditions exist, the treatment, pursuant to subsequent letter f);

  1. e) limitation of processing (in certain cases - contesting the accuracy of the data, in the time necessary for verification; contesting the lawfulness of the processing with opposition to cancellation; need to use it for the rights of the interested party of defense, while they are no longer useful for the purposes of the processing; if there is opposition to the processing, while the necessary checks are carried out - the data will be stored in such a way that it can possibly be restored, but, in the meantime, they cannot be consulted by the Data Controller except in relation to the validity of the request for limitation by the interested party, or with the consent of the interested party or for the ascertainment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of relevant public interest of the Union or of a Member State;
  2. f) opposition in whole or in part to the processing for legitimate reasons (in whole or in part, for reasons related to the particular situation of the interested party, to the processing carried out on the basis of legitimate interest);
  3. g) data portability (if the processing is based on consent or on a Contract and is carried out by automated means, but this is not the case with regard to the treatments referred to in this Notice, at his request, the interested party will receive in a structured, commonly used and readable by an automatic device, the personal data concerning him and may transmit them to another Data Controller, without impediments by the Data Controller to whom he provided them and, if technically feasible, may obtain that said transmission is carried out directly by the latter);
  4. h) lodging a complaint with the supervisory authority (Guarantor for the protection of personal data - Privacy Guarantor).

The Guarantor for the protection of personal data can be contacted via the contact details indicated on the Authority's website "www.garanteprivacy.it"

For the exercise of rights or for any request or need relating to this information, the interested party may contact the Data Controller at the e-mail address: info@oniloc.com.


The Treatment holder

         ONILOC SRL



The updated version of the information can be found on the website, at www.oniloc.com in the "Privacy" section at the bottom of the Homepage (in the footer).