Test for free
Test it
Test for free
Protezione dei dati presso onOffice
Protezione dei dati presso onOffice

Privacy Notice on the Processing of Personal Data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

Data Subjects: Customers

Breadcrumb-Navigation

ONOFFICE ITALIA SRL, as the Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”), hereby informs you that the aforementioned legislation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and the protection of your confidentiality and rights.

Your personal data, as well as the personal data of individuals acting on behalf of your company in their capacity as authorized personnel, will be processed in compliance with the provisions of the aforementioned legislation and the confidentiality obligations set forth therein.

Purpose and Legal Basis of Processing

Your data will be processed for the following purposes:

  • Management of the contractual relationship with the customer, including pre-contractual and post-contractual activities (Legal basis: Performance of a contract, Article 6(1)(b) GDPR);
  • Planning, organization, and delivery of educational activities and lessons through digital platforms and online tools (Legal basis: Performance of a contract, Article 6(1)(b) GDPR);
  • Compliance with mandatory legal obligations in the field of taxation and accounting (Legal basis: Legal obligation, Article 6(1)(c) GDPR);
  • Compliance with legal obligations arising from laws, regulations, and national and/or European Union legislation (Legal basis: Legal obligation, Article 6(1)(c) GDPR);
  • Soft marketing activities, including the sending of newsletters and informational communications relating to the services provided (Legal basis: Legitimate interest, Article 6(1)(f) GDPR);
  • Defensive investigations aimed at establishing, exercising, or defending a legal claim before judicial authorities (Legal basis: Legitimate interest of the Data Controller, Article 6(1)(f) GDPR).

The processing of data necessary for the fulfillment of these obligations is required for the proper management of the relationship, and the provision of such data is mandatory in order to achieve the purposes indicated above. Furthermore, the Data Controller informs you that any failure to provide, or incorrect provision of, one of the mandatory data items may result in the impossibility of ensuring the adequacy of the processing itself.

The Data Controller also informs you that, at any time, including at the time of collecting data required for invoicing purposes, the data subject may object to the use of their personal data (specifically contact details) for the sending of communications, newsletters, and marketing activities relating to the services provided. Such processing does not require the consent of the data subject, since, pursuant to Article 6(1)(f) and Recital 47 of the GDPR, as well as Article 130(4) of Legislative Decree No. 196/2003, as amended, the legitimate interest of the Data Controller constitutes the applicable legal basis.

Methods of Processing

Your personal data may be processed by the following means:

  • Processing by electronic and computerized systems;
  • Manual processing through paper-based filing systems.

All processing operations are carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures.

Disclosure of Data

Your data may be disclosed exclusively to public authorities and offices to which tax-related data must be communicated (e.g., the Revenue Agency), as well as banks and credit institutions. Where necessary for the provision of the requested services, your data may also be disclosed to competent parties duly appointed for the performance of services necessary for the proper management of the relationship, such as consultants and service providers, while ensuring the protection of the data subject’s rights.

Your data will be processed exclusively by personnel expressly authorized by the Data Controller.

Dissemination of Data

Your personal data will not be disseminated in any way.

Categories of Data Processed and Retention Period

Please note that, in accordance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the following categories of personal data will be processed for the period strictly necessary to achieve the purposes pursued:

Personal Data:

  • Identification and contact data: retained for 10 years from the termination of the contractual relationship or, in the event of disputes, for the statutory limitation period provided by applicable law for the protection of related rights.
  • Accounting and tax data: retained for 10 years in compliance with obligations concerning the retention of accounting and tax records (Article 2220 of the Italian Civil Code, which requires retention of accounting records for 10 years; Article 22 of Presidential Decree No. 600 of 29 September 1973).
  • Soft marketing data: retained for the entire duration of the contractual or pre-contractual relationship, or until the data subject exercises their right to opt out. Thereafter, the data will be deleted.

Rights of the Data Subject

  1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, and to receive such data in an intelligible form.
  2. The data subject has the right to obtain information regarding:

a) The origin of the personal data;
b) The purposes and methods of processing;
c) The logic applied in the event of processing carried out with the aid of electronic instruments;
d) The identification details of the Data Controller, Data Processors, and the representative designated pursuant to Article 5(2);
e) The entities or categories of entities to whom personal data may be disclosed or who may become aware of such data in their capacity as designated representatives within the territory of the State, Data Processors, or authorized persons.

3. The data subject has the right to obtain:

a) The updating, rectification, or, where interested therein, integration of the data;
b) The erasure, anonymization, or restriction of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which they were collected or subsequently processed;
c) Certification that the operations referred to in points a) and b) have been notified, including their content, to those to whom the data has been disclosed or disseminated, unless this proves impossible or involves a manifestly disproportionate effort compared to the right being protected;
d) Data portability.

4. The data subject has the right to object, in whole or in part:

a) On legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection.

5. The data subject has the right to request the restriction of processing.

You may exercise your rights by sending an email to contatti@onoffice.com or by submitting a written request to the contact details indicated above.

Furthermore, should the data subject consider that the processing of their personal data is contrary to the applicable legislation, they may lodge a complaint with the competent data protection supervisory authority pursuant to Article 77 of Regulation (EU) 2016/679 or submit a report pursuant to Article 144 of Legislative Decree No. 101/2018.