Privacy

PRIVACY POLICY

According to Regulation (UE) 2016/679 (GDPR)

 

This information describes how to manage the website www.oneonone.it by One on One S.r.l. (C.F./P.I. 03747920969), a company specialized in the management of corporate and inter-company wellness areas and in the provision of services in favour of wellness facilities, having its registered office in 20122 – Milan (MI), Via Durini n. 27, as data controller pursuant to and for the effects of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter also «GDPR»), recognizes the importance of the fundamental right to the protection of individuals with regard to the processing of personal data. Therefore, by virtue of the aforementioned legislation, the processing of personal data will be carried out and protected according to the principles of lawfulness, correctness, transparency, purpose limitation, data minimization, accuracy, limitation of retention, integrity, confidentiality, accountability and, in any case, in accordance with the provisions of the GDPR.

 

***

  1. DATA CONTROLLER

The data controller, as specified above, is One on One S.r.l. (C.F./P.I. 03747920969), in person of the legal representative pro tempore, with registered office in 20122 – Milan (MI), Via Durini n. 27.

The data controller can be contacted at the following e-mail address: privacy@oneonone.eu.

 

  1. PURPOSE AND LEGAL BASIS OF TREATMENT

The processing of personal data of the data subjects is intended for the following purposes, according to the different legal, contractual and consensual legal bases:

 

PURPOSE
a.        provide the requested services (including answers to users’ requests)
b.       register interested parties in company records (paper and electronic) and related management
c.        conclusion and execution of any contracts
d.       allow access to the site and its correct use
e.        manage and resolve legal disputes and guarantee the security of the site and users
f.         market surveys by creating a database
g.        marketing (including sending newsletters and commercial information)

 

If the processing wanted to be carried out for purposes other than those shown in the table above, a specific consent will be requested from the interested parties.

  1. ADDRESS OF PERSONAL DATA

The personal data of the interested parties may be destined to the following subjects or categories of subjects:

 

  1. Anyone who maintains relations and/or contacts with One on One S.r.l. for the purposes referred to in point 2);
  2. Managers of the treatment;
  3. Third parties, such as Law Enforcement, whenever permitted by law or required by an order or provision of a competent authority.

 

  1. PERIOD OF CONSERVATION OF PERSONAL DATA

The personal data of the interested parties will be kept for a period of two (2) years from their acquisition and, in any case, for the period in which the data controller is subject to conservation obligations for fiscal and/or accounting purposes or for other purposes by laws and imperative rules, both national and Community.

Please note that specific security measures are observed to prevent the loss of personal data, illicit or incorrect use of the same and unauthorized access, in accordance with the provisions of the GDPR.

Furthermore, in order to ensure that personal data are always accurate, up-to-date, complete and relevant, please note any changes made to the e-mail address privacy@oneonone.eu.

 

  1. RIGHTS OF THE INTERESTED PARTY

The interested party, at any time and if the conditions are met, may exercise the following rights, recognized by the GDPR, by contacting the data controller directly to the e-mail address privacy@oneonone.eu:

 

  1. ask and obtain confirmation that personal data concerning them is being processed;
  2. if a treatment is in progress, request and obtain access to personal data;
  3. request and obtain, without undue delay, the correction of inaccurate personal data concerning them and the integration of incomplete personal data;
  4. ask and obtain without unjustified delay, upon the occurrence of one of the conditions set forth in art. 17, paragraph 1, GDPR, the cancellation of personal data concerning them, except for the provisions of art. 17, paragraph 3, GDPR;
  5. ask and obtain, in the cases provided for by art. 18, paragraph 1, GDPR, the limitation of processing of personal data;
  6. oppose, at any time, the processing of personal data, the occurrence of special situations that affect them. Specifically, in the event of opposition, personal data will no longer be processed, except for the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the person concerned or for the assessment, exercise or defence of a right in court;
  7. obtain the portability of personal data concerning them, that is the right to receive them from the data controller in a structured format, commonly used and readable by automatic device and request their transmission to another data controller, without impediments;
  8. in the event that consent is required for the processing of personal data, revoke the consent already given, limited to the cases in which the processing is based on the consent of those concerned for one or more specific purposes or in the case of treatment of particular categories of data (for example, data revealing racial origin, political opinions, religious beliefs, health status or sex life). The treatment based on consent and carried out prior to the revocation of the same does not affect and, therefore, retains its lawfulness. It should be noted that, in the event of exercise by the interested party of the right of revocation, the data controller cannot in any way comply with the obligations arising from the existing contractual relationship, with the consequent early termination of the contract.

 

Furthermore, the interested party may lodge a complaint with the Supervisory Authority (Personal Data Protection Authority), if he/she considers that his/her rights have been violated under the GDPR. This according to the methods indicated on the website of the Guarantor itself, accessible at www.garanteprivacy.it.

  1. CONSEQUENCES OF FAILURE TO COMMUNICATE PERSONAL DATA

 

The provision of personal data is mandatory for the purposes referred to in point 2), let. from a) to e), and the failure to communicate such data implies the impossibility of reaching the conclusion of contracts as well as the impossibility to provide the requested services.

The provision of personal data is optional for the purposes referred to in point 2), let. from f) to g) and the failure to communicate such data makes it impossible to pursue them.