Privacy Policy

The purpose of this document is to inform the natural person (hereinafter "Data Subject") regarding the processing of their personal data (hereinafter "Personal Data") collected by the data controller, OASI S.R.L., with registered office at Via Marco Biagi 1, 60039 Staffolo (AN), email address [email protected], (hereinafter "Controller"), through the website https://oasistaffolo.it (hereinafter "Application").

Changes and updates will become binding as soon as they are published on the Application. In case of non-acceptance of the changes made to this Privacy Policy, the Data Subject is required to stop using the Application and may request the Controller to delete their Personal Data.

Categories of Personal Data Processed

The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

• Contact Data: name, surname, email, phone number, any additional information sent by the Data Subject, etc.

The Controller processes the following types of Personal Data collected automatically:

• Technical Data: Personal Data produced by devices, applications, tools, and protocols used, such as information about the device used, IP addresses, browser type, Internet Service Provider (ISP). These Personal Data may leave traces which, especially when combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons.
• Browsing and usage data of the Application: such as visited pages, number of clicks, actions performed, session duration, etc.

Failure to provide Personal Data for which there is a legal, contractual, or necessary requirement for the conclusion of the contract with the Controller will make it impossible for the Controller to establish or continue the relationship with the Data Subject.

The Data Subject who communicates Personal Data of third parties to the Controller is directly and solely responsible for their origin, collection, processing, communication, or disclosure.

Cookies and Similar Technologies

The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect Personal Data from the Data Subject about the pages, links visited, and other actions taken when using the Application. These are stored to be transmitted on the Data Subject’s next visit. The full Cookie Policy can be viewed at the following address: https://oasistaffolo.it/en/cookie-policy

Legal Basis and Purposes of the Processing

The processing of Personal Data is necessary:

• for the performance of a contract with the Data Subject and specifically:

  1. to fulfill all obligations arising from the pre-contractual or contractual relationship with the Data Subject
  2. support and contact with the Data Subject: to respond to the Data Subject's requests

• for compliance with legal obligations and specifically:

  1. to comply with any obligation provided by current laws, regulations, and in particular, tax and fiscal laws

• based on the legitimate interest of the Controller, for:

  1. management, optimization, and monitoring of the technical infrastructure: to identify and resolve technical problems, improve the Application’s performance, manage and organize information in an IT system (e.g., servers, databases, etc.)
  2. statistics with anonymous data: to conduct statistical analyses on aggregated and anonymous data to analyze user behavior and improve the products and/or services provided by the Controller and better meet the expectations of the Data Subject

The Personal Data of the Data Subject may also be used by the Controller to defend itself in court before the competent judicial authorities.

Processing Methods and Recipients of Personal Data

Personal Data are processed using paper and IT tools with organizational methods and logic strictly related to the purposes indicated and by adopting appropriate security measures.

Personal Data are processed exclusively by:

• persons authorized by the Controller who have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality;
• entities that act independently as separate data controllers or as data processors appointed by the Controller to carry out activities necessary for achieving the purposes of this policy (e.g., business partners, consultants, IT companies, service providers, hosting providers);
• entities or authorities to which it is mandatory to communicate the Personal Data by law or by order of the authorities.

The entities listed above are required to use appropriate safeguards to protect Personal Data and may only access data necessary to perform their assigned tasks.

Personal Data will not be disclosed indiscriminately in any way.

Location

Personal Data will not be transferred outside the territory of the European Economic Area (EEA).

Personal Data Retention Period

Personal Data will be retained for the time necessary to fulfill the purposes for which they were collected, specifically:

• for purposes related to the performance of the contract between the Controller and the Data Subject, they will be retained for the entire duration of the contractual relationship and, after termination, for the standard limitation period of 10 years. In the case of legal disputes, for the entire duration of the dispute, until the expiry of the deadlines for appeal;
• for purposes related to the legitimate interest of the Controller, they will be retained until that interest is fulfilled;
• for compliance with legal obligations, by order of an authority, and for legal defense, they will be retained according to the timeframes set by such obligations and laws, and in any case until the expiry of the limitation period provided by applicable law;
• for purposes based on the Data Subject's consent, they will be retained until the consent is revoked.

At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.

Rights of the Data Subject

Data Subjects may exercise certain rights with regard to their Personal Data processed by the Controller. In particular, the Data Subject has the right to:

• be informed about the processing of their Personal Data
• withdraw consent at any time

Last update: 28/07/25