O.V.S. VILLELLA S.r.l. — www.ovsvillella.it
Last updated: May 2026
A) Browsing data
IT systems automatically collect technical data transmitted by browsers: IP addresses, browser type, operating system, pages visited, access time, session duration. Processed for technical and security purposes. Legal basis: legitimate interest, Article 6(1)(f) GDPR.
B) Voluntarily submitted data
When filling in a contact form or sending an e-mail, the following data are collected: name, surname, e-mail, phone, message text. Processed to respond to the request and, with consent, for commercial communications. Legal basis: Article 6(1)(b) GDPR / consent Article 6(1)(a) GDPR.
C) Cookies and tracking technologies
The website uses technical cookies and, subject to consent, analytics cookies (Google Analytics) and third-party cookies (YouTube, LinkedIn). For details, see the Cookie Policy.
D) Client and supplier data (B2B)
Data of corporate contacts, clients and suppliers are processed for contract management and mandatory tax obligations. Legal basis: Article 6(1)(b) and Article 6(1)(c) GDPR.
| Purpose | Legal basis | Retention |
|---|---|---|
| Navigation and security | Legitimate interest | Max 12 months |
| Response to contact requests | Pre-contractual | 2 years |
| Google Analytics statistics | Consent | 14 months |
| Marketing and commercial communications | Consent | Until withdrawn |
| Contract management | Contract | 10 years |
| Tax and accounting obligations | Legal obligation | 10 years |
Data are processed by electronic and/or paper means, in accordance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity and confidentiality (Article 5 GDPR). Appropriate technical and organisational measures are in place: encryption, pseudonymisation and access controls.
Data are not disclosed to third parties except in the following cases:
Data are never sold to third parties.
Some providers (Google, LinkedIn) may transfer data outside the EU/EEA in compliance with Articles 44 et seq. GDPR, on the basis of:
| Right | Content |
|---|---|
| Access — Art. 15 | Confirmation of processing and copy of data |
| Rectification — Art. 16 | Correction of inaccurate or incomplete data |
| Erasure — Art. 17 | Deletion ("right to be forgotten") |
| Restriction — Art. 18 | Suspension of processing in specific cases |
| Portability — Art. 20 | Receipt of data in a structured, machine-readable format |
| Objection — Art. 21 | Objection to processing for legitimate interest or marketing |
| Withdraw consent — Art. 7 | Withdrawal at any time without prejudice |
| Lodge complaint — Art. 77 | Complaint to the Italian Data Protection Authority |
To exercise your rights: privacy@ovsvillella.it. Response within 30 days (Article 12 GDPR), extendable by 60 days in complex cases.
This website is not intended for persons under 16 and does not knowingly collect data relating to minors. Accidentally collected data will be immediately deleted.
Appropriate technical and organisational security measures are in place: encrypted connections (HTTPS/TLS), access controls, regular backups and system updates. In the event of a data breach posing a risk to data subjects, the Garante will be notified within 72 hours (Article 33 GDPR).
This Privacy Policy may be updated periodically. The date of the last update is shown at the top of the document. Material changes will be announced via a banner on the website.
Garante per la protezione dei dati personali (Italian DPA)
Piazza Venezia 11 — 00187 Rome, Italy
www.garanteprivacy.it — garante@gpdp.it