PRIVACY POLICY

In this section, in accordance with the European legislation introduced by EU Regulation 679/2016 and with Italian legislation (Legislative Decree no. 196/2003), information is provided regarding the processing of personal data of Users who consult the pages of the website https://ondert.com/ (hereinafter: “Site”) or who use the purchasing services made available on the same (hereinafter “Users” or “Interested Parties”).

This information applies exclusively to the Site and not to any other websites that may be accessed via links on the Site.

Data controller

The Data Controller of the personal data of users of the website: https://ondert.com/ is the company DIALOGA SOLUTIONS LLC – 8 The Green, Dover, DE 19901, United States, e-mail: support @ support.com .

Email to contact the owner and request the deletion of your data, if collected, with your prior consent: support @licensesok .com .

A – Type of data processed

Identification data
In accordance with the European legislation introduced by EU Regulation 679/2016, browsing the Site and any purchase of products sold on the Site may involve the processing of data capable of directly or indirectly identifying a natural person, such as: name, surname, residential address, email address, telephone number, IP address.

The Site does not require the Data Subject to provide so-called “special” data, that is, as provided for by the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If the requested service requires the processing of such data, the Data Subject will receive specific advance notice and be asked to provide explicit consent.

Bank details
When purchasing products on the Site, your banking details will also be processed, such as the card number or bank account number used to make the payment, the cardholder’s name, and the bank account number.

This data may be processed exclusively by third-party companies that manage the payment methods used on the site.

Please note that the Site uses the following payment services, for which reference is made to their respective privacy policies for data processing:

Google Pay: https ://payments .google .com /payments /apis -secure /u /0 /get_legal_document ?ldo =0 &ldt =privacynotice &ldl =en -GB
Visa: https ://usa .visa .com /legal /privacy -policy .html
Mastercard: https ://mea .mastercard .com /en -region -mea /about -mastercard /what -we -do /privacy .html
American Express : https://www.americanexpress.com/it-it/about-us/legal/privacy-center/privacy-statement/​​​​​​​​​​​

Browsing data
Browsing data is data automatically acquired by the systems and programs used to operate the Site and is necessary for the use of web services [e.g., IP addresses, browser used, domain names of the systems used by users to connect to the web portal, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment].

This data is acquired even in the absence of registration on the Site or request for information.

Browsing data is used exclusively in aggregate form to compile anonymous statistics on site usage and to monitor its proper functioning. This data does not allow us to identify the users involved. Furthermore, it is deleted immediately after anonymous processing.

However, they can be used to ascertain responsibility in the event of computer crimes committed against the website.

Data provided voluntarily by the user
The personal data voluntarily provided by the User (such as name, surname, telephone number, email address) for the purpose of sending messages to the Site and/or purchasing the products made available are used only to respond to the interested party’s needs and to comply with legal obligations.

The legal basis for such processing is the fulfillment of the services inherent to the requests formulated and the purchases made, as well as compliance with legal obligations.

The information that the User of the Site deems to make public through the services and tools made available to the same, is provided by the User knowingly and voluntarily, exempting the Site from any liability regarding any violations of the law.

It is the User’s responsibility to verify that they have permission to enter personal data of third parties or content protected by national and international regulations.

Data collected through analytical cookies
The Site also acquires data relating to the User through the use of cookies.

For more information on the data processed through cookies, the types of cookies active, and how to disable them, please refer to the cookie policy.

These cookies are used to track user browsing preferences and collect statistical data. Users can disable these cookies by accessing their browser settings, as indicated in the Site’s cookie policy.

B – Purpose of the processing

The personal data collected is used to:

  • allow the products purchased by the User to be sent via email;
  • respond to contact requests sent by the User;
  • allow the User to use the Customer Service;
  • obtain anonymous statistical information on the use of the web portal;
  • to check the correct functioning of the web portal;
  • Sending communications and newsletters, both in paper and electronic format, to the email address provided by the User: if the User decides to subscribe to the https://ondert.com/ newsletter only after providing specific consent, the personal data will be processed by the Data Controller to send commercial or promotional communications, updates relating, for example, to exclusive offers, special events, and promotions. To unsubscribe from the newsletter, simply click the unsubscribe link at the bottom of the emails received or write to info@support.com .
  • the determination of responsibility in the event of hypothetical computer crimes against the website;
  • compliance with any other legal obligation not included in the previous purposes.
    Data may only be disclosed following a request from the Judicial Authority within the legal timeframe.

C – Legal basis of the processing

The legal basis for processing personal data is the fulfillment of the obligations inherent in the relationship established by signing the Terms and Conditions, the data subject’s consent, compliance with legal obligations, and the Data Controller’s legitimate interest in carrying out the processing necessary for these purposes.

Performance of a contract
The Data Controller processes Personal Data relating to the User when the processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual measures.

Consent of the interested party
The optional, explicit, and voluntary sending of emails, messages, or any other type of communication to the contact details indicated on this Site entails the subsequent acquisition of the sender’s address, telephone number, or any other personal data that will be used to respond to requests. This processing is based on the interested party’s consent.

We ensure that such processing will be based on the principles of lawfulness, fairness, transparency, adequacy, relevance, and necessity pursuant to Article 5, paragraph 1 of the GDPR. Specific summary information will be progressively provided or displayed on the website pages dedicated to specific on-demand services.

Fulfillment of legal obligations
Personal data may be processed without the data subject’s consent if the Data Controller is required to comply with a legal obligation.

Legitimate interest of the Data Controller
The Data Controller processes Personal Data relating to the User in the event that the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

Optional provision of data
Except as specified for fulfilling the contract or legal obligations, cookies, and browsing data, the user is free to choose whether or not to provide personal data. However, failure to provide such data may make it impossible to provide the service.

D – Method and duration of treatment

Personal data is processed using IT tools and in compliance with EU Regulation No. 679/2016.

The processed data will be retained for the time necessary to achieve the purposes described in this policy and, therefore, for the minimum time necessary or until an explicit request from the interested party and in any case in compliance with the time limits imposed by law.

The Data Controller undertakes to adopt all appropriate security measures to prevent the loss and alteration of personal data, as well as any illicit and unauthorized use thereof.

The data will be processed exclusively by persons authorized by the Data Controller, including any data processors, representatives, and public entities required by law to fulfill their obligations, who carry out their respective processing activities as independent data controllers.

The parties authorized by the Data Controller who may process data include, but are not limited to, sales and legal department collaborators, as well as third-party technical service providers, hosting providers, and IT companies (this list is not intended to be exhaustive). The processed data will not, however, be disclosed to unspecified recipients.

The subjects authorised by the Data Controller who may process data for profiling purposes include the online marketing platforms “Klaviyo” ( https ://www .klaviyo .com /legal ).

The security of the information collected cannot be guaranteed against possible hacker attacks and, in general, against violations of the security regulations implemented for data protection.

In the event of attacks or violations, however, these will be communicated to the interested parties and the competent authorities in accordance with the law.

E – Place of processing

The processing relating to the web portal services is carried out by identified and expressly designated personnel based on the specific purposes of the requested and subscribed services.

For the processing in question, the Data Controller may avail itself of the assistance of external companies, shipping companies, consultants, consortia, software providers, and service providers, through identified and designated personnel, within the scope of the intended purposes and in a manner that guarantees maximum data security and confidentiality. In other cases, the personal data collected will not be disclosed to third parties without the express consent of the data subject, except where disclosure to third parties is necessary to comply with obligations imposed by laws, regulations, or orders issued by supervisory authorities, or is essential to protect the rights of other users or the website itself.

Personal data will be processed and stored exclusively for the purposes indicated above and for secure storage and archiving on remote servers managed by industry-leading providers who ensure compliance with high standards of protection regarding the processing of personal data.

This may involve the transfer of data to non-EU countries, where all or part of the aforementioned servers may be located.

In particular, personal data may be transferred outside the European Union to the company “Shopify” ( https ://www .shopify .com /legal /privacy ), an e-commerce plug-in used by the Site managed by the Data Controller.

The processing and storage of data by the aforementioned provider will take place in an “adequate” third country pursuant to the decision taken by the European Commission, in particular the decision regarding the adequacy of the protection provided by the Canadian Personal Information Protection and Electronic Documents Act or the Privacy Shield certification (USA), or on the basis of a contractual obligation or standard contractual clauses approved by the European Commission, or binding corporate rules approved through the specific procedure referred to in Article 47 of the GDPR.

As a general rule, national authorization from the Italian Data Protection Authority is not required for data transfers to non-EU countries. However, authorization from the Italian Data Protection Authority will still be required if a data controller wishes to use specific contractual clauses not recognized as adequate by a European Commission decision or by administrative agreements between public authorities.

F – Rights of interested parties

During processing, the interested party may exercise the following rights at any time:

  • obtain confirmation of the existence or otherwise of the same data and, if so, know their content and origin;
  • verify their accuracy, request the correction of inaccurate data, the integration of incomplete data or the updating of obsolete data;
  • obtain the limitation of processing, where one of the hypotheses provided for by Article 18 of the GDPR applies;
  • request the deletion of data processed in violation of the law, or in the presence of one of the other conditions set forth in Article 17, paragraph 1, letters a), b), c), e) and f) of the GDPR;
  • object in any case, for legitimate reasons, to their processing, or to object to the processing in the other cases provided for by Article 21, paragraphs 2 and 3 and 22 GDPR;
  • revoke at any time your freely given consent to the processing of personal data for the purposes specified below;
  • obtain the release of the personal data undergoing processing in a format compatible with standard IT applications, to allow their transfer to other platforms of your choice, without impeding the direct transmission of the processed data to another Data Controller, where such direct transmission is technically feasible (so-called right to data portability). Requests relating to the exercise of the aforementioned rights should be addressed to the Data Controller by email ( info@licensesok.com ) .

In the event of failure or partial response by the Data Controller to the aforementioned requests, the interested party will have the right to lodge a complaint with the Italian Data Protection Authority ( www.garanteprivacy.it ) or to seek legal action within the terms and according to the procedures established pursuant to Articles 77 et seq. of EU Regulation 2016/679 (GDPR).

G – Information updates

Future regulatory updates may lead to changes to the current information, uploaded on the Site on January 13, 2025.