In accordance with Legislative Decree 196/2003 and Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of processing personal data of users who consult the website accessible via telematics at the following address:

We inform the user that following the consultation of this site, data relating to identified or identifiable individuals may be processed.

These information does not concern other websites, pages, or online services accessible via hyperlinks possibly published on the site.

Data Controller’s Identity

The data controller is OFF-ART INNOVATION S.R.L. represented by its pro tempore legal representative, with registered office in Andria (BT) at Via La Specchia n.36 (email: [email protected], PEC: [email protected], Tel.: 0883011769 (hereinafter also “the Controller”).

Data Source and Types of Data Collected

Data Provided by the User

The Controller collects personal data provided by users:

  1. at the time of purchasing a product. The data collected by the Controller may include, for example: personal data, contact details, location data, company and financial information; credit reliability information, payment information, VAT number.
  2. at the time of creating an account/registration on the Site. The data collected by the Controller may include, for example: personal data, contact details.
  3. at the time of subscribing to the newsletter service offered on the website. The data collected by the Controller may include, for example: personal data (name and surname) and contact details (email address).
  4. when sending a message using contact channels (e.g., LiveChat) and/or contact forms on the site. The optional and voluntary sending of messages to contact addresses, as well as the completion and submission of forms on the site, involves the acquisition of the sender’s contact details necessary to provide a response, as well as all personal data included in the communications.

Navigation Data

The Controller collects data related to the user’s use of the website.

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL addresses (Uniform Resource Identifier/Locator) of requested resources, time of the request, method used in submitting the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server and other parameters related to the user’s operating system and IT environment.

Such data, necessary for the use of web services, are also processed for the purpose of:

obtaining statistical information on the use of services (most visited pages, number of visitors per time or day range, geographical areas of origin, etc.);

checking the proper functioning of the services offered.

Navigation data do not persist for more than seven days and are deleted immediately after their aggregation (except for any needs for crime investigation by the Judicial Authority).

Cookies and Other Tracking Systems

In order to make its services as efficient and easy to use as possible, this Site uses cookies.

Therefore, when visiting the Site, a minimal amount of information is inserted into the User’s device, such as small text files called “cookies,” which are saved in the User’s Web browser directory. There are different types of cookies, but essentially the main purpose of a cookie is to make the Site work more effectively and enable certain functions.

For more information on the cookies used by this website, you can view the cookie policy at the following link.

Purposes of Processing

Depending on the type of processing to be carried out, the data controller uses the data collected and/or provided by the User for the following purposes:

process and fulfill orders, manage payments, communicate with the user regarding orders, manage any returns, provide customer support and allow product collection. They will also be used to acquire pre-contractual data and information; exchange information aimed at executing the contractual relationship, including pre- and post-contractual activities; submit requests or fulfill received requests; manage accounting and tax obligations;

send newsletters for informational or commercial promotion purposes (e.g., event invitations, communications regarding new service offerings, promotional offers). This processing may take place automatically via email and may be carried out if the Data Subject has not revoked their consent for data usage;

carry out activities preliminary and subsequent to registration or account creation on User Account, as well as to fulfill any other obligations arising therefrom;

provide feedback to any communications, requests for information and/or services from users by sending a message using the contact addresses and/or contact forms on the site, as well as through the dedicated LiveChat available to users;

manage and control risks, prevent possible frauds, insolvencies or non-compliances; prevent and manage possible disputes, resort to legal avenues if necessary.

Legal Basis for Processing

With regard to the purposes indicated in the previous paragraph, the legal basis for them is as follows:

the necessity to perform a contract to which the data subject is a party or to take pre-contractual measures at their request;

the express consent of the data subject;

the necessity to perform a contract to which the data subject is a party or to take pre-contractual measures at their request;

the necessity to perform a contract to which the data subject is a party or to take pre-contractual measures at their request;

the necessity to pursue the legitimate interest of the data controller (in particular with regard to fraud prevention and insolvencies).

Recipients of Data

The personal data processed by the Controller are not disclosed or made known to unspecified parties in any form whatsoever, including making them available or simply consulting them.

However, they may be communicated to workers who work under the authority of the Controller as they operate under the authority of the data controller. Based on their roles and job duties, these workers are authorized to process personal data, taking into account their respective skills and in accordance with instructions given by the Controller.

The Controller has appointed third-party service providers in relation to the operation of the website, such as hosting service providers, IT maintenance service providers, as well as service providers that allow integration into other functions on the website that users can use at their discretion.

These service providers, designated as Data Processors, are only provided with personal data necessary to provide their respective services and are not allowed to use or disclose personal data of data subjects for other purposes without prior authorization from the data subject.

Furthermore, data may be communicated, as strictly necessary, to subjects who need to provide goods and/or perform services on behalf of or at the direction of the Controller for order fulfillment or other requests or service performance related to transactions or contractual relationships with the Controller.

Finally, data may be disclosed to parties authorized to access it under laws, regulations, or EU regulations.

Data Transfer

Under no circumstances does the Controller transfer personal data to third countries or international organizations.

Data Retention

The Controller retains and processes personal data for as long as necessary to fulfill the purposes indicated. Subsequently, personal data will be stored and not further processed for a period established by current civil and tax law provisions.

Data provided for commercial promotion purposes for services different from those already acquired by the Data Subject for which they initially gave consent will be retained for 24 months, unless consent the consent given is revoked.

Data collected when creating an account will be retained for the entire duration of the registration and not beyond a maximum period of 12 months of inactivity, or if within that period no services are associated or products are purchased using the same registration.

In case of any disputes, the collected data will be retained for the duration of the dispute, until the expiration of the terms for challenging actions.

It is also necessary to add that if a user provides the data controller with personal data that are not required or necessary for the execution of the requested service or for the provision of a service closely related to it, OFF-ART INNOVATION S.R.L. cannot be considered the controller of this data and will proceed with their deletion as soon as possible.

Rights of the Data Subject

In relation to the data subject’s rights regarding the processing described in this information, the data subject is recognized at any time the right to:

  • request the data controller access to their personal data and information related to them (Art. 15 of the GDPR);
  • request correction of inaccurate data or integration of incomplete data (Art. 16 of the GDPR);
  • request deletion of personal data concerning them (in cases specified in Art. 17, para. 1 of the GDPR and in compliance with exceptions provided in para. 3 of the same article);
  • request restriction of processing of their personal data (in cases specified in Art. 18, para. 1 of the GDPR);
  • request and obtain from the data controller – in cases where the legal basis for processing is a contract or consent, and it is carried out by automated means – their personal data in a structured, commonly used, machine-readable format, and have the right to transmit those data to another controller (right to data portability – Art. 20 of the GDPR);
  • object at any time to the processing of their personal data in situations that concern them specifically (Art. 21 of the GDPR);
  • withdraw consent at any time, limited to cases where processing is based on their consent for one or more specific purposes. Processing based on consent that occurred before its withdrawal remains lawful (Art. 7, para. 3, of the GDPR).

The specific request can be made by contacting the data controller via PEC at: [email protected], email at: [email protected], or by registered letter with acknowledgment of receipt at: Via La Specchia n.36 – Andria (BT).

If the data subject believes that their data is being processed in violation of what is provided by the Regulation, they can lodge a complaint with a supervisory authority (Italian Data Protection Authority –, as provided for in Art. 77 of the GDPR, or take appropriate legal action (Art. 79 of the GDPR).

Refusal to Provide Data

If the Data Subject does not provide their identified data necessary for the performance of the requested service, the Data Controller will not be able to proceed with processing related to managing that service or related obligations.

If the Data Subject does not consent to the processing of personal data for activities that require it, such processing will not occur for those same purposes without affecting the provision of other requested services or those for which they have already given consent. If the Data Subject gives consent and later revokes it or objects to the processing, their data will no longer be processed for those activities without prejudicial consequences for them and any other requested services.

Automated Decision-Making Processes

The Data Controller does not carry out treatments consisting of automated decision-making processes on personal data.