Data processing methods
The Data Controller processes the personal data of users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, they may have access to the Data categories of persons involved in the organization of the website (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
Place of data processing
The Data is processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the Owner.The User's Personal Data may be transferred to a country other than that in which the User is located. To obtain further information on the processing site, the User can refer to the section concerning the processing of Personal Data.The User has the right to obtain information on the legal basis for the transfer of data outside the European Union or to an international organization of public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures taken by the Data Controller to protect the Data.If one of the transfers described above takes place, the User can refer to the respective sections of this document or request information from the Data Controller by contacting him at the addresses provided above.
The retention of personal data will be in paper and / or electronic / informatic form and for the time strictly necessary in compliance with current regulations and user privacy.
The retention period for personal data corresponds to a 36-month interval for research and analysis activities aimed at developing and optimizing the service offered.
For direct marketing and profiling purposes, personal data will be kept for a maximum period equal to that foreseen by the applicable legislation (respectively equal to 24 and 12 months).
Invoices, accounting documents and the data relating to the transactions will instead be kept for 11 years according to the law (including tax obligations).We also inform you that, for the same purposes described above, the data collected relating to telephonic and telematic traffic are subject to a 72-month retention period pursuant to art. 24 of the Law n. 167/2017 in relation to the implementation of art. 20 of EU Directive 2017/541 concerning the new counter-terrorism measures.
If the user does not exercise any active action on orequo.com (for example browsing, searching, purchasing and any other way of using the service) for a period of 27 months, he will be classified as an inactive user and the personal data relating to him will be deleted automatically.