INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR THIS WEB SERVICE PURSUANT TO ART. 13 REG. EU 679/2016

​

Dear user, the current regulations require us to provide information regarding the processing of personal data for this web service (hereinafter also referred to as "Service") concerning the processing of personal data of users/visitors who browse and use it. The information is provided in accordance with Regulation EU 2016/679 (hereinafter also "Regulation" or "GDPR") and subsequent modifications to all users interacting with the Service. The validity of the information contained on this page is limited to the Service only and does not extend to other external websites that may be accessible via hyperlinks.

In terms of personal data processing:

a) We, the company One Pump srl, are the "Data Controller"; b) You are the "Data Subject," and you have the rights and obligations explained below.

1. PROCESSING 1.1. The Data Controller, whose details are indicated on the company's institutional website, will process the Data according to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.

2. CATEGORIES OF DATA PROCESSED

2.1. Browsing Data
The IT systems and software programs used to operate the site collect certain personal data, the transmission of which is implicit in the use of Internet communication protocols (e.g., IP addresses or domain names of the computers used by users connecting to the site, URI - Uniform Resource Identifier - addresses of the requested resources, time of the request, the method used to submit the request to the server, the size of the file obtained in response, numeric code about the response status of the server - success, error, etc. - and other parameters relating to the user's operating system and computer environment). Although this information is not collected to be associated with identified subjects, it could, by its nature, allow users to be identified through processing and association with data held by third parties. These data are used only to obtain anonymous statistical information about the use of the Service and to ensure its correct functioning. It should be noted that such data could be used to ascertain responsibility in the event of computer crimes against the Service or other connected or linked websites: apart from this possibility, the web contact data are not retained for more than 7 days.

2.2. Cookies
A cookie is a small text file containing brief information about a user's activity on a website and stored on the device accessing the web service. In compliance with provisions No. 229 of May 8, 2014, and No. 231 of June 10, 2021, from the Data Protection Authority, we inform you that this web service uses only technical cookies (which DO NOT require consent). These are necessary for the operation of the web service and enable access to its functions (so-called navigation cookies). They are mostly session cookies whose use is limited to transmitting session identifiers in the form of numbers generated automatically by the server, necessary to ensure safe and efficient navigation and manage authentication to online services and reserved areas. They are also used to set certain preferences, such as language and for analytical/monitoring functions to collect information, in aggregate form, on the number of users and how they visit the site to perform anonymous statistical analyses to optimize the site without using analytical cookies. Session cookies are not stored permanently on the user's computer and are deleted when the browser is closed. Session cookies used on this site avoid using other potentially harmful techniques to the privacy of users' navigation and do not allow for the acquisition of personal data identifying the user. Other technical cookies have longer durations, specified in the list below. No cookies are used for transmitting personal information. No user profiling cookies are used. The technical cookies used are as follows:

• ASP.NET_SessionId: user session data, used only by the server to ensure continuity. It does not contain personal identification information - session expiration.

• SPID_SessionId: SPID session data, used only by the server to ensure continuity. It does not contain personal identification information - expires in 1 hour.

2.3. Data voluntarily provided by the user
The consultation of the site does not require the provision of any personal data by the user. However, any contact with the Data Controller, for example, by requesting information via a form or the spontaneous sending of messages, emails, or letters to the Data Controller's addresses, implies the acquisition of such personal data of the sender, necessary to respond to the requests, as well as any other personal data voluntarily provided by the user in the relevant communications (the communication of personal data relating to a minor must be made by both parents or by a person exercising parental authority over the minor).

3. PURPOSES AND LEGAL BASES OF PROCESSING

3.1. The Data Controller performs the Processing for the following purposes: a) To allow you to browse and use the Service; b) To execute the requested Service or performance; c) To fulfill administrative, financial, accounting, and/or tax obligations; d) To comply with any legal obligation and/or order from a Public Authority; e) Possibly, to assert or defend a right in court; f) Your data may also be processed to send you public interest or public utility communications.

3.2. The legal bases for processing are as follows: a) The necessity to allow you to browse and access the requested Web Service and to provide the Service; b) To execute what is mentioned in points 3.1 a-f; c) The necessity of processing to perform a task in the public interest or connected to the exercise of public authority vested in the Data Controller; d) In the case of tax data: the necessity to comply with obligations mentioned in points 3.1 c-e.

4. COMMUNICATION TO RECIPIENTS AND DISCLOSURE

4.1. Data may be communicated to third parties (including PA or Judicial Authorities) only to the extent strictly necessary in relation to the purposes outlined above or solely for the necessary compliance related to the Service, or legal obligations or orders from Authorities.

4.2. The categories of Recipients are as follows: a) Parties necessary for the execution of activities related to and consequent to the execution of the Service, bound by a data processing agreement (external processors); b) Individuals and persons authorized by the Data Controller who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g., employees and collaborators of the Data Controller).

4.3. The Data Controller may also be required to communicate Data to comply with legal obligations or respond to orders from public authorities, including the judiciary.

4.4. Data will not be disseminated.

5. DATA RETENTION PERIOD

5.1. The Data Controller retains your Data only for the time strictly necessary to achieve the purposes outlined in section 3.

5.2. These data will be deleted once they are no longer necessary for the above purposes, subject to further retention obligations required by law.

6. NATURE OF DATA COMMUNICATION

6.1. Communication of Personal Data mentioned in point 2.1 is necessary for navigation: failure to provide it would make it impossible.
6.2. Communication of Personal Data mentioned in point 2.3 is optional.

7. CONSEQUENCES OF REFUSAL TO PROVIDE DATA

7.1. As specified in point 6.1, it is not technically possible to refuse to provide browsing Data (insofar as it is Personal Data).
7.2. In the event of refusal to provide Personal Data mentioned in point 2.3, it will not be possible to respond to requests and/or provide the Service.

8. RIGHTS OF THE DATA SUBJECT

8.1. As a Data Subject, you have the right to: a) Access your Data held by the Data Controller and obtain a copy; b) Request its rectification and/or deletion, where and to the extent that conditions apply; c) Request the Restriction of Processing, where and to the extent that conditions apply; d) Object, for reasons related to your particular situation, to the processing of personal data concerning you; e) Lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

9. DATA PROTECTION OFFICER

9.1. The Data Controller has a Data Protection Officer (also "DPO"), whom you can contact at the address indicated on the institutional website of the Entity linked to this Service.

10. UPDATES TO THE INFORMATION

10.1. These details refer to the methods of processing personal data of visitors while browsing and using the web Service. The introduction of new sector regulations, as well as constant review and updates of the Service, could make it necessary to change these methods over time.

We therefore invite you to periodically review this page. To this end, this document indicates the update date.