Privacy Policy

PRIVACY POLICY

pursuant to Regulation (EU) 2016/679 (GDPR)
 

This notice describes the management methods of the website www.oneonone.it by One on One S.r.l. (Tax code/VAT no. 03747920969), a company specialized in the management of corporate and intercompany wellness areas as well as in the provision of services in favor of wellness facilities, with registered office at 20122 – Milan (MI), Via Durini no. 27, as data controller pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter also “GDPR”), recognizes the importance of the fundamental right to the protection of natural persons with regard to the processing of personal data. Therefore, by virtue of the aforementioned legislation, the processing of the personal data of data subjects will be carried out and protected according to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, accountability and, in any case, in accordance with the GDPR.

  1. DATA CONTROLLER

The data controller, as specified above, is One on One S.r.l. (Tax code/VAT no. 03747920969), represented by its legal representative pro tempore, with registered office at 20122 – Milan (MI), Via Durini no. 27.

The data controller can be contacted at the following email address: privacy@oneonone.eu.

  1. PURPOSES AND LEGAL BASIS OF PROCESSING

The processing of the personal data of data subjects is intended for the following purposes, based on different legal grounds: statutory, contractual, and consensual:

PURPOSES
a. provide the requested services (including responses to users’ requests)
b. register data subjects in company records (paper and electronic) and related management
c. conclusion and performance of any contracts
d. enable access to the site and its proper use
e. manage and resolve legal disputes and ensure the security of the site and users
f. market research through the creation of a database
g. marketing (including sending newsletters and commercial information)

 

Should processing be carried out for purposes other than those set out in the above table, an additional and specific consent will be requested from data subjects.

  1. RECIPIENTS OF PERSONAL DATA

The personal data of data subjects may be disclosed to the following persons or categories of persons:

  1. anyone who has relations and/or contacts with One on One S.r.l. for the purposes under point 2);
  2. data processors;
  3. third parties, such as Law Enforcement Authorities, whenever permitted by law or required by an order or measure of a competent authority.

 

  1. PERSONAL DATA RETENTION PERIOD

The personal data of data subjects will be retained for two (2) years from their collection and, in any case, for the period during which the data controller is subject to storage obligations for tax and/or accounting purposes or for other purposes imposed by mandatory legal provisions, both national and EU.

Specific security measures are observed to prevent the loss of personal data, unlawful or improper use thereof, and unauthorized access, in accordance with the GDPR.

Furthermore, in order to ensure that personal data are always accurate, up-to-date, complete and relevant, please report any changes to the email address privacy@oneonone.eu.

  1. DATA SUBJECT RIGHTS

The data subject, at any time and where applicable, may exercise the following rights recognized by the GDPR by directly contacting the data controller at the email address privacy@oneonone.eu:

  1. request and obtain confirmation as to whether or not processing of personal data concerning them is taking place;
  2. if processing is taking place, request and obtain access to personal data;
  3. request and obtain, without undue delay, the rectification of inaccurate personal data concerning them and the completion of incomplete personal data;
  4. request and obtain, without undue delay, upon the occurrence of one of the conditions provided for in Article 17(1) GDPR, the erasure of personal data concerning them, without prejudice to Article 17(3) GDPR;
  5. request and obtain, in the cases provided for in Article 18(1) GDPR, the restriction of processing of their personal data;
  6. object at any time to the processing of their personal data on grounds relating to their particular situation. Specifically, in case of objection, personal data will no longer be processed, unless there are compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims;
  7. obtain the portability of their personal data, namely the right to receive them from the data controller in a structured, commonly used and machine-readable format and to request their transmission to another data controller, without hindrance;
  8. where consent is required for the processing of personal data, withdraw consent previously given, limited to cases where processing is based on the data subjects’ consent for one or more specific purposes or in the case of processing of special categories of data (e.g., data revealing racial origin, political opinions, religious beliefs, health or sex life). Processing based on consent and carried out before its withdrawal is not affected and therefore remains lawful. Please note that, in case the data subject exercises the right to withdraw consent, the data controller will be unable to comply with the obligations arising from the existing contractual relationship, resulting in early termination of the contract.

 

Moreover, the data subject may lodge a complaint with the Supervisory Authority (Italian Data Protection Authority) if they believe that their rights under the GDPR have been violated. This can be done in accordance with the procedures indicated on the Authority’s website, accessible at www.garanteprivacy.it.

  1. CONSEQUENCES OF FAILURE TO PROVIDE PERSONAL DATA

The provision of personal data is mandatory for the purposes under point 2), letters from a) to e), and failure to provide such data makes it impossible to conclude contracts as well as to provide the requested services.

The provision of personal data is optional for the purposes under point 2), letters from f) to g), and failure to provide such data makes it impossible to pursue those purposes.