Onesum Portal is committed to protecting your privacy and development technology by providing you with the most powerful and secure online experience. This Privacy Policy applies to the website onesumportal.com and governs data collection and usage.
Onesum Portal, administrative managed by Innovatune srl, with registered office at Via Giulio Zanon, 130D, 35129 Padova PD, Tax Code and VAT no. 05186680285 (hereinafter referred to as the “Data Controller”), in its capacity as data controller, informs you pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003 (hereinafter “Privacy Code”) and art. 13 of EU Regulation no. 2016/679 (hereinafter “GDPR”) that your data will be processed in the manner and for the purposes set out below.
Subject of Processing
The Controller processes personal, identifying, and non-sensitive data (in particular, name, surname, tax code, VAT number, email, telephone number – hereinafter, "personal data" or "data") that you provide during registration on the Controller's website and/or when subscribing to the newsletter service offered by the Controller and/or by filling out forms.
Purpose of Processing
Your personal data are processed:
A) Without your express consent (Art. 24 letters a, b, c of the Privacy Code and Art. 6 letters b, e GDPR) for the following Service Purposes:
- to allow you to register on the website;
- to manage and maintain the website;
- to allow you to subscribe to the newsletter service provided by the Controller and to any other Services you may request;
- to fulfill pre-contractual, contractual, and tax obligations arising from relationships with you;
- to comply with legal obligations, regulations, EU legislation, or orders from authorities;
- to prevent or detect fraudulent or abusive activities harmful to the website;
- to exercise the Controller’s rights, such as the right of defense in court.
B) Only with your specific and distinct consent (Arts. 23 and 130 of the Privacy Code and Art. 7 GDPR), for the following Marketing Purposes:
- to send you via email newsletters, commercial communications, and/or advertising material on products or services offered by the Controller.
Please note that if you are already our client, we may send you commercial communications regarding similar services and products of the Controller, unless you object (Art. 130 paragraph 4 of the Privacy Code).
Methods of Processing
Processing of your personal data is carried out through the operations indicated in Art. 4 of the Privacy Code and Art. 4 no. 2 GDPR, namely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data are processed using both paper and electronic and/or automated tools.
The Controller will process personal data for as long as necessary to fulfill the above purposes and, in any case, for no more than 10 years from the termination of the relationship for Service Purposes and no more than 2 years from data collection for Marketing Purposes.
Access to Data
Your data may be made accessible for the purposes set out in Art. 2.A) and 2.B):
- to employees and collaborators of the Controller, as persons in charge and/or internal managers of processing and/or system administrators;
- to companies with which the Controller collaborates (for example, for technical project management activities, personal data storage, etc.) or to third parties (such as website management and maintenance providers, suppliers, credit institutions, professional firms, etc.) performing outsourcing activities on behalf of the Controller, as external data processors.
Data Communication
Without your express consent (pursuant to Art. 24 letters a), b), d) of the Privacy Code and Art. 6 letters b) and c) GDPR), the Controller may communicate your data for the purposes of Art. 2.A) to supervisory bodies, judicial authorities, as well as to all other entities to whom communication is mandatory by law for the achievement of said purposes. Your data will not be disseminated.
Data Transfer
The management and storage of personal data will take place on servers located within the European Union belonging to the Controller and/or to third-party companies duly appointed as Data Processors. Data will not be transferred outside the European Union. However, the Controller reserves the right, if necessary, to move the location of the servers to Italy and/or within the EU and/or to non-EU countries. In such a case, the Controller ensures that any data transfer outside the EU will be carried out in compliance with applicable legal provisions by entering into, if necessary, agreements that ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
Nature of Data Provision and Consequences of Refusal
The provision of data for the purposes referred to in Art. 2.A) is mandatory. In their absence, we cannot guarantee your registration on the website nor the Services under Art. 2.A).
The provision of data for the purposes referred to in Art. 2.B) is optional. You may therefore choose not to provide any data or to subsequently deny consent for already provided data processing; in this case, you will not receive newsletters, commercial communications, and advertising materials related to the Controller’s Services. However, you will continue to be entitled to the Services referred to in Art. 2.A).
Rights of the Data Subject
As the data subject, you have the rights referred to in Art. 7 of the Privacy Code and Art. 15 of the GDPR, namely the right to:
i. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
ii. obtain information on: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with electronic means; d) identification details of the Controller, processors, and designated representatives pursuant to Art. 5 paragraph 2 of the Privacy Code and Art. 3 paragraph 1 of the GDPR; e) the entities or categories of entities to whom the data may be communicated or who may come to know them as designated representatives in the State’s territory, processors, or persons in charge;
iii. obtain: a) updating, rectification, or, when interested, integration of data; b) deletion, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed; c) certification that the operations under a) and b) have been notified to those to whom the data were communicated or disseminated, unless this proves impossible or involves a disproportionate effort compared with the protected right;
iv. object, wholly or partly: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for sending advertising material or for direct sales or for carrying out market research or commercial communication, using automated calling systems without human intervention via email and/or traditional marketing methods via telephone and/or postal mail. It is noted that the right of objection for direct marketing purposes via automated systems also extends to traditional methods, and it remains possible for the data subject to exercise the right of objection even partially. Therefore, the data subject may choose to receive communications only through traditional means or only via automated means or none at all.
Where applicable, you also have the rights under Arts. 16–21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to objection), as well as the right to lodge a complaint with the Data Protection Authority.
How to Exercise Your Rights
You may at any time exercise your rights by sending:
- a registered letter with return receipt to Onesum Portal., Via Giulio Zanon, 130D, 35129 Padova PD;
- an email to
This email address is being protected from spambots. You need JavaScript enabled to view it.
Minors
This Website and the Controller’s Services are not intended for minors under 18 years of age, and the Controller does not knowingly collect personal information related to minors. Should information about minors be unintentionally recorded, the Controller will promptly delete it upon user request.
Controller, Processors, and Appointees
The Controller of data processing is AOnesum Portal
The updated list of processors and appointees is kept at the Controller’s registered office.
Changes to this Policy
This Policy may be subject to changes. It is therefore recommended to regularly check this Policy and refer to its most recent version.]
