Privacy Policy

This information notice, provided in accordance with current national and Community legislation on the processing of personal data, concerns the websitehttps://orbyta.it/ (hereinafter also "Site"), the social pages of ORBYTA S.r.l., as well as the subjects who send requests or contact ORBYTA S.r.l. via email or telephone contact (hereinafter also "Users" or, individually, "User").

This policy also does not refer to other websites that may be reached and consulted by the User through hyperlinks (links) that may be contained in the Site.

Data controller

The Data Controller, relating to Users who access this Site, is ORBYTA S.r.l., P.IVA 12270430015 , in the person of its legal representative pro tempore, with registered office in Turin, Piazza Castello 113.

Data protection officer

The Data Controller has appointed a Data Protection Officer who can be contacted at dpo@orbyta.it.

Type of data processed

Navigation data

The computer systems and programs used to operate the site collect certain personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses or domain names of the computers used by Users who connect to the site, the URI - Uniform Resource Identifier - addresses of the resources requested, time of the request, method used in submitting the request to the server, size of the file obtained in response, numeric code about the status of the response rendered by the server and other parameters relating to the operating system and the User's computer environment). Although this information is not collected in order to be associated with identified interested parties, by its nature it could, through processing and association with data held by third parties, allow Users to be identified for the sole purpose of obtaining statistical information and to check the proper functioning of the systems. Such data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site.

Data voluntarily provided by the User

To consult the Site and is not required to register on the Site and, therefore, no provision of personal data by the User is required. However, in order to take advantage of all the services made available by the Site, the Data Controller may collect the User's personal data for specific purposes. The personal data collected by the Data Controller are as follows:

  • personal and contact data requested for the compilation of information request forms or conferred directly by the User through the optional, explicit and spontaneous sending of messages, by electronic or traditional mail, to the addresses indicated on the Site entail the subsequent acquisition of the address, including e-mail, of the sender or of the relevant telephone number, necessary to respond to requests, as well as any other personal data included in the relevant communications. Such data will be used for the sole purpose of responding to the User's request and may be disclosed to third parties only if necessary for that purpose. The processing of data for these purposes does not require consent since the processing is necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at his or her request (Art. 6, paragraph 1, letter b) of the Regulations), as well as, where applicable, to fulfill a legal obligation (Art. 6, paragraph 1, letter c) of the Regulations), as well as for the legitimate interest of the Data Controller (Art. 6, paragraph 1, letter f) of the Regulations).
  • Personal and contact data required for filling out newsletter subscription request forms.

The processing of data for the purposes of sending newsletters or promotional communications via e-mail will be carried out only where the User has given his or her specific consent for this purpose.

Data provided through interaction with social pages

ORBYTA S.r.l. may process additional data directly conferred, such as likes, comments, images and in general any content and information eventually posted and shared by Users on the social media pages dedicated to ORBYTA S.r.l. (e.g. Facebook, Instagram, LinkedIn, TikTok) through the social media features that the User has enabled.

Purpose of processing

The User's personal data are processed by the Data Controller for the following purposes:

  • Contact: personal data provided by the User through the information request form are processed in order to contact the User in response to his/her requests;
  • Regulatory compliance: the personal data provided by the User are processed for the purpose of fulfilling the obligations provided for by laws, regulations and EU legislation as well as provisions issued by authorities empowered to do so and by supervisory and control bodies;
  • Newsletters: personal data provided by the User are processed to send informative communications regarding updates, news, events, activities and initiatives of the Data Controller.

Legal basis for processing

The processing of data for the purposes stated in Section 4(a) and (b) of this policy is lawfully carried out, as:

  • is carried out in the performance of a contract to which the User is a party or to the performance of pre-contractual measures taken at his or her request (Art. 6, paragraph 1, letter b) of the Regulations);
  • is necessary to fulfill a legal obligation incumbent on the Data Controller (Art. 6(1)(a) of the Regulations);
  • where applicable, there is a legitimate interest of the Data Controller (Art. 6(1)(f) of the Regulations).

The processing of data for the purposes indicated in section 4 letter c) of this policy is carried out only where the User has given his/her specific consent for this purpose.

Method of treatment

The processing of data will be carried out, by personnel appointed by the owner with procedures, technical and computer tools suitable to protect the confidentiality and security of the User's data and consists of their collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation, destruction of the same including the combination of two or more of the above activities.

Contact methods aimed at the activities mentioned in point 4 letter c) may be automated (e-mail, sms). In particular, the Site uses HubSpot, a customer relationship management (CRM) platform provided by HubSpot, Inc. to manage the sending of newsletters and other commercial communications. This platform makes it possible to improve the management of information about users and to personalize the sending of communications.

The User's personal data (e.g.: first name, last name, e-mail address) that subscribes to the newsletter or provides consent to receive commercial communications will be processed through HubSpot. Such data will be used exclusively of the User for sending promotional communications and will not be shared with third parties for purposes unrelated to the above purposes. For more information on HubSpot's data protection measures, please refer to the privacy policy on the site.

Therefore, the processing of the aforementioned data is based on the express consent of the User (Art. 6(1)(a) of the GDPR). The User may revoke his or her consent at any time by using the unsubscribe link in any communication sent.

In each case the personal data are:

  • treated lawfully, fairly and transparently;
  • collected for the purposes determined above, explicitly and legitimately, and subsequently processed in a manner that is not incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");
  • accurate and, if necessary, updated, deleted and/or corrected;
  • kept in a form that permits identification for a period of time not exceeding the achievement of the purposes for which they are processed;
  • processed in a manner that ensures adequate security of personal data, including protection, through appropriate technical and organizational measures, from unauthorized or unlawful processing and accidental loss, destruction or damage.

Mandatory or optional nature of providing data

The Data Controller will use the personal data voluntarily provided by the User to fulfill the User's requests. The User is not required to provide his/her personal data, however in case of his/her refusal, the Data Controller may not be able to fulfill his/her requests and/or execute his/her contractual obligations.

In particular, subject to the personal autonomy of the person concerned, the provision of personal data is:

  • Strictly necessary for the management and execution of existing or in the process of establishment of contractual relationships, or for the execution of pre-contractual measures taken at the request of the User;
  • mandatory in relation to obligations under laws, regulations and EU legislation as well as provisions issued by authorities empowered to do so and by supervisory and control bodies;
  • Optional for the purposes of 3(c).

Any refusal on the part of the User to provide personal data, or the provision of false and/or inaccurate data, for the purposes indicated in point 3 lett. a) and b) of this notice will result in the impossibility of proceeding to the correct and complete provision of the requested service.

On the other hand, refusal on the part of the User to provide personal data for the purposes indicated in point 3 letter c) does not entail any consequences on existing or ongoing contractual relationships, but only precludes the possibility for the Data Controller to carry out the activities indicated above.

Period of data retention

Personal data will be stored in a form that allows for the identification of the User for a period of time not exceeding the achievement of the purposes for which they are processed, and in any case in compliance with legal obligations regarding data retention times (tax assessments and limitation periods for the exercise of rights).

In particular, personal data will be kept until the User requests the deletion of his/her data. This is without prejudice to the Data Controller's need to retain them for a longer period following a request by the competent authorities or, in any case, in order to assert or defend a right in court (in which case the personal data will be retained for as long as necessary to achieve this purpose).

For the purposes of 3(c), data will be retained until consent is revoked and/or the right to object is exercised.

Data disclosure and dissemination

For the pursuit of the purposes set forth in this statement and within the limits of what is strictly necessary, personal data will be processed by the Data Controller and its employees, collaborators and/or specially appointed officers.

As part of its activities and for the purposes indicated above, the Data Controller may make use of services rendered by third parties who operate on its behalf and according to its instructions, as data processors (or autonomous data controllers): these are subjects who provide the Data Controller with processing or instrumental services (e.g. computer services for the operation of the site), of which the User may request a complete and updated list by contacting the Data Controller directly.

Except for specific legal obligations, personal data are not intended for dissemination.

Transfer abroad

Personal data are processed within the territory of the European Union and are not subject to dissemination. If necessary, for technical and operational reasons, the Data Controller reserves the right to transfer personal data to countries outside the European Union or international organizations for which there are adequacy decisions of the European Commission, i.e. on the basis of adequate guarantees provided by the country to which the data is to be transferred or on the basis of the specific exemptions provided for in EU Regulation 2016/679.

Rights of data subjects

Pursuant to Articles 15 et seq. of the GDPR and current legislation, the User has the right, in addition to lodging a complaint with the Data Protection Authority and to revoke any consent given at any time, to:

  • Obtain confirmation of the existence or otherwise of personal data concerning him/her and their communication in an intelligible form, receiving them in a structured, commonly used and readable format with the possibility of transmitting them to another owner ("Right to portability");
  • obtain information on: (i) the origin of the personal data, the purposes and methods of processing, the logic applied in case of processing carried out with the aid of electronic instruments; (ii) the identification details of the Data Controller, the Data Processor(s) and the Data Protection Officer; (iii) the subjects or categories of subjects to whom the data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, data processor(s) or designee(s).
  • obtain (i) the updating, rectification or integration of the data concerning him or, in case of dispute as to the correctness of the data, the limitation of the processing of the same for the time necessary for the appropriate checks, (ii) the transformation into anonymous form or the blocking of data processed in violation of the law, including those whose retention is necessary in relation to the purposes for which the data were collected or subsequently processed (iii) certification of the fact that the operations referred to in the preceding points have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, unless this requirement proves impossible or involves the use of means manifestly disproportionate to the protected right.
  • to object, in whole or in part (i) to the processing of data concerning him/her, even if pertinent to the purpose of collection, (ii) to the processing of personal data concerning him/her, provided for the purposes of commercial information or sending advertising or direct sales material or for carrying out market research or commercial communication.
  • Obtain deletion without undue delay ("Right to be forgotten") if the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, has been unlawfully processed, or if the User (i) requests or (ii) objects in whole or in part to the processing.
  • obtain the restriction of processing in the event that the data (i) are unlawfully processed but the User objects to their deletion, (ii) are necessary for the User to establish, exercise or defend a right, (iii) an assessment regarding the legitimate grounds for processing by the Controller is pending.

The above rights may be exercised by making a request to the Holder, at the e-mail address privacy@orbyta.it or, with reference to the rights under c), also through the appropriate link at the bottom of any e-mail with promotional or informational content.