This page contains a description of the ways in which this site manages the processing of the personal data of the users that visit it. It is a policy that has also been prepared pursuant to article 13 of Regulation (EU) 679/2016 (hereinafter the “Regulation”) for those who interact with Oxy.gen Internet services that can be accessed electronically through the Oxy.gen website, www.oxygen.milano.it (hereinafter the “Website”). The policy applies only to this Website and does not apply to other websites which users might access via links. The policy is also based on Recommendation 2/2001, which the European Data Protection Board, through the Working Group established by article 29 of 95/46/EC, adopted on 17 May 2001 to identify the minimum requirements for the collection of personal data online and, in particular, the methods, the timeframe requirements and the nature of the information that data controllers must provide to users when they visit web pages, regardless of the purpose of said visit.
THE “DATA CONTROLLER”
"It is not necessary for users to provide their personal data in order to access the Website; however, information relating to identified or identifiable natural persons may be processed simply as a result of consulting the Website. Moreover, the Website offers a reserved area that users can register for and access, as described more fully below, provided that certain requirements have been met. The Data Controller of the personal data is Zambon, whose registered office is located at Via Lillo del Duca 10, 20091 Bresso (MI) (hereinafter the “Company” or the “Data Controller”)."
DATA PROCESSING LOCATION, PURPOSES AND METHODS
Data processing related to the online services offered by this Website is carried out at the Company’s registered office or, where necessary, at the offices of its service providers whom it has appointed as Data Processors; the processing is performed exclusively by staff or partners of Oxy.gen appointed to this task or, where necessary, by personnel of service providers assigned to perform maintenance and specifically appointed to be Data Processors. No data obtained through online services are transferred or shared. Personal data provided by users who send in service requests are used solely for the purpose of performing or providing the services requested and are not transferred to third parties, unless said transfer is required by law or strictly necessary in order to fulfil the users’ requests. The user is free to choose whether to provide the personnel data reported in the Company’s request forms. Failure to provide the mandatory data (fields marked with an asterisk) may make it impossible to process a user’s data and therefore to provide a response.
TYPE OF DATA PROCESSED
"Browsing data The computer systems and software procedures necessary for the operation of this Website acquire, during their ordinary operation, some Personal Data whose transfer is included in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but could nonetheless, by its very nature, allow users to be identified through processing and association with data held by third parties, to be performed only upon explicit request of the Courts. Data that fall under this category include IP addresses or domain names of the computers used by the users who visit the Website, URI (Uniform Resource Identifier) form addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (a good outcome, error, etc.) and other parameters relating to the user’s operating system and computing environment. These data, which are always deleted immediately following processing, are used by the Company for the sole purposes of gathering anonymous statistical information on site use and checking that the Website is functioning properly. These data could be used to ascertain responsibility in the event of hypothetical computer crimes detrimental to the Website; with the exception of this circumstance, data related to website visits are not kept for more than seven days."
At this link you can find all of the information about cookies installed through this Website and the necessary instructions about how to manage your personal cookie preferences.
DATA PROCESSING METHODS
"Personal data are processed in print format and/or by automated means, for the time necessary to fulfil the purposes for which they were collected. Specific security measures are observed in order to prevent the loss of data, their unlawful or improper use and unauthorized access. In any event, we hereby inform users that communications sent via the Internet, such as emails or webmail, could transit through different countries before being delivered to their recipients. The Data Controller shall not therefore be held responsible for any unauthorized access or loss of personal data that is outside of its control."
The Data Controller may make use of the services of external service providers, specifically appointed as Data Processors, to manage and perform maintenance on this Website. The Data Controller carefully selects all of its service providers, who are bound by the same obligations of confidentiality and compliance with the law in force with regard to personal data processing.
SCOPE OF DATA CIRCULATION
Personal data may be provided to the Courts and Law Enforcement only in those cases where this is provided for under the law and may be used by the Data Controller to defend its rights before the Courts where strictly necessary; in no case, however, will said data be disseminated.
DATA RETENTION PERIOD
The personal data provided by users shall be stored for the amount of time required for the purposes described in this disclosure, as well as for further retention periods required under law. Personal user data shall be erased in any event should the user request that their user account be deactivated.
RIGHTS OF THE DATA SUBJECT
Users may, at any time, exercise their rights as established by articles 15 et seq. of the GDPR free of charge, in particular: to know whether their personal data has been stored by the Data Controller and to learn about said data's content and origin, verify its accuracy or ask for it to be supplemented, updated or corrected; users also have the right to ask for said data to be erased or transformed into anonymous format or to block any personal data being held in violation of the law, as well as to contest, for any reason, the processing of said Data.
If the user believes that their rights are being violated, they may contact the Data Protection Authority, competent pursuant to article 77 of Regulation (EU) 679/2016, without this affecting their right to apply to the Courts.
THE DATA PROTECTION OFFICER (DPO)