This Privacy Policy describes the methods of collection, use, sharing, and protection of personal data processed by ONYAX Srl through its websites (hereinafter “Sites”), in compliance with EU Regulation 2016/679 (“GDPR”), Legislative Decree 196/2003 and subsequent amendments, as well as in accordance with the principles of accountability and transparency provided by international reporting standards regarding personal data protection.

The processing of personal data is carried out in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, confidentiality, and accountability.

Data Controller

• ONYAX Srl
• Via Pietro Bertolini 9L – 27029 Vigevano (PV)
• VAT number:  02695200184
• Tel. 0381 88633
• E-mail: info@onyax.com

The Data Controller determines the purposes and means of processing, establishes the data retention periods, identifies the subjects authorized to access the data, and defines the technical and organizational security measures adopted. The updated list of Data Processors is available upon request by writing to the contacts indicated above.

Types of Data Processed

During the use of the Sites, the following data may be processed:

1.Browsing data

The computer systems and software procedures used to operate the Sites acquire, during their normal operation, data whose transmission is implicit in the use of Internet protocols.

This category includes:

• IP addresses
• domain names
• URL addresses of requested resources
• time of request
• method used in submitting the request to the server
• size of the file obtained
• server response status code
• parameters relating to the user’s operating system and IT environment
•  

Such data are processed to ensure the proper functioning of the Sites, for security purposes, and for anonymous statistical purposes.

2.Data voluntarily provided by the user

• First and last name
• Email address
• Phone number
• Billing or shipping address
• Login credentials (where applicable)
• Marketing and cookie preferences

The optional sending of communications to the addresses indicated on the Site entails the acquisition of the sender’s data necessary to respond.

Purposes and legal basis of processing

Personal data are processed for:

• Managing user requests (art. 6, par. 1, lett. b GDPR)
• Providing requested services (art. 6, par. 1, lett. b GDPR)
• Compliance with legal obligations (art. 6, par. 1, lett. c GDPR)
• Protection of the Controller’s rights (art. 6, par. 1, lett. f GDPR)
• Analysis activities and service improvement (art. 6, par. 1, lett. f. e art. 6, par. 1, lett. a GDPR)
• Sending promotional communications, subject to consent (art. 6, par. 1, lett. a GDPR)

Where processing is based on consent, such consent may be withdrawn at any time.

Data Sharing

Data may be communicated to:

• IT service providers, hosting providers, maintenance providers, and Site management providers
• Appointed consultants and professionals
• Administrative or judicial authorities, where required by law

Third parties act as Data Processors or independent Data Controllers. Data may be processed by authorized and adequately trained personnel

Transfers Outside the EU

Personal data are stored in Italy. Should a transfer to non-EU countries become necessary, it will take place in compliance with Articles 44 et seq. GDPR, through appropriate legal instruments (e.g., standard contractual clauses).

Retention Period

Data are retained for the time strictly necessary to achieve the purposes for which they were collected and in any case in compliance with legal obligations. Browsing data are retained for a limited period proportionate to security and technical monitoring purposes.
At the end of the retention period, data will be deleted or irreversibly anonymized, except where legal protection needs or regulatory obligations require otherwise.

Security Measures

The Data Controller adopts technical and organizational measures appropriate to the level of risk, including:

• Authentication and access control systems
• Encryption tools
• Firewall systems and perimeter protection
• Internal access management procedures
• Periodic staff training

Data are stored in protected environments accessible only to authorized personnel.

Privacy by design and risk management

The Data Controller applies the principles of data protection by design and by default (Art. 25 GDPR). Periodic risk assessments are carried out in relation to processing activities, in order to prevent impacts on the rights and freedoms of data subjects.

Data Breach Management

The Data Controller has adopted internal procedures for the detection, management, and notification of any personal data breaches.
In the event of an incident that poses a risk to the rights and freedoms of data subjects, notification will be made to the Supervisory Authority and, where necessary, to the data subjects within the time limits established by applicable law.

Complaints and Reports Regarding Data Protection

Data subjects may submit reports or complaints regarding the processing of personal data by writing to the Data Controller’s contact details. Reports are handled according to internal procedures that ensure traceability, timeliness, and reasoned responses.
The Data Controller periodically monitors any complaints received in order to continuously improve its data protection processes.

Data Subject Rights

The data subject may exercise at any time the rights provided for in Articles 15–22 GDPR, including:

• access to personal data
• rectification or completion
• erasure
• restriction of processing
• objection
• data portability
• withdrawal of consent
• not being subject to automated decision-making, including profiling

Requests may be sent to the Data Controller’s email address: info@onyax.com. The data subject also has the right to lodge a complaint with the Data Protection Authority pursuant to Art. 77 GDPR.

Cookies

The Data Controller receives and records information from your browser when you use our Sites, which may also include personal data. We use cookies to collect this information, which may include, among others: (i) IP address; (ii) unique cookie identifier, cookie information, and information about whether the device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language; (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with our Sites, such as clicks made, purchases, and preferences indicated; and (ix) access times and referring URLs.

Third parties may also collect information from the Sites through cookies. Third parties collect data directly from your web browser and the processing of such data is subject to their respective privacy policies.

We use cookies to monitor the use of the Sites by our customers and to understand their preferences (such as country and language choices). This allows us to provide services to our customers and improve their online experience. We also use cookies to obtain aggregated data relating to site traffic and site interaction, to identify trends and obtain statistics so that we can always improve our Sites.

There are essentially three categories of cookies used on our Sites:

Functional: these cookies are necessary for the basic functionality of the Site and are therefore always enabled. These include cookies that allow users to be remembered while browsing the Site within a single session or, if requested, from one session to another. They help provide assistance for security and regulatory compliance issues.

Performance: these cookies allow us to improve the functionality of our Sites by monitoring their use. In some cases, these cookies improve the speed of processing requests and allow us to store selected site preferences. Refusing these cookies may result in less specific indications and slower site operation.

Social media and advertising:

social media cookies offer the possibility to connect to social networks and share content from our Sites through social media. Advertising cookies (third-party cookies) collect information to help better tailor advertising to your interests, both within and outside our Sites. In some cases, these cookies involve the processing of your personal data. Refusing these cookies may result in the display of advertisements that are not of interest to you or the inability to effectively connect with social networks and/or share content on social media.

For a complete and updated summary of all third parties accessing the web browser, it is advisable to install a web browser plug-in created specifically for this purpose. You may also choose to have your computer send a warning each time a cookie is being sent, or you may choose to disable all cookies. This can be done in your browser settings on each browser and device you use. Each browser is somewhat different, so you will need to consult your browser’s help menu to learn the correct way to modify your cookies. If you disable cookies, you may not have access to many features that make our Sites more efficient and some of our services may not function properly.

QUESTIONS AND FEEDBACK

We welcome questions, comments, and concerns about our Policy. If you wish to provide feedback or if you have questions or concerns or wish to exercise your rights regarding personal data, please contact the references indicated in the Data Controller section.