updated to EU Reg 2016/679

(European regulation on the protection of personal data)

  1. Introduction

Orthonsport Srls takes the user’s privacy seriously and undertakes to respect it. This privacy policy (“Privacy Policy”) describes the personal data processing activities carried out by Orthonsport Srls srl through the domain with its subdomains (hereinafter the Site) and the relative commitments undertaken in this regard by the Company. Orthonsport Srls may process the user’s personal data when he visits the Site and uses the services and functions present on the Site. In the sections of the Site where the user’s personal data are collected, a specific information is published pursuant to art. . 13/15 of EU Reg. 2016/679.


Where required by EU Reg. 2016/679, the user’s explicit consent will be required before proceeding with the processing of his personal data. If the user provides personal data of third parties, he must ensure that the communication of the data to Orthonsport Srls and subsequent processing for the purposes specified in the privacy policy is compliant with EU Reg. 2016/679 and applicable legislation.

  1. Identification details of the Data Controller and of the data processor

The Data Controller of personal data is Orthonsport Srls (hereinafter, the “Controller” or Orthonsport Srls).

The data controller of the Site is the owner, in the operational management of personal data for the treatments and purposes explained below.

  1. Type of data processed

The visit and consultation of the Site generally involve the collection of navigation data and cookies, as specified below, in addition to the processing of the user’s personal data functional to the use of the commercial proposals of the Site addressed, in particular, to subscribers. In addition to the so-called “navigation data” (see below), personal data voluntarily provided by the user may be processed when the user interacts with the functionality of the Site or requests to use the services offered on the Site. In compliance with the Privacy Code, the RESPONSIBLE may also collect the user’s personal data from third parties in the performance of their business.

  1. Cookies and navigation data

The Site uses “cookies”. By using the Site, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of the user’s computer. Cookies can be classified as:

“session” cookies, which are deleted immediately when the browser is closed;
“persistent” cookies, which remain in the browser for a certain period of time. They are used, for example, to recognize the device that connects to a site, facilitating authentication operations for the user;
“own” cookies, generated and managed directly by the manager of the website on which the user is browsing;
“third party” cookies, generated and managed by parties other than the manager of the website on which the user is browsing.

There are also two macro-categories of cookies: technical cookies and profiling cookies.
Technical cookies are necessary for the proper functioning of a website and to allow user navigation; without them, the user may not be able to view the pages correctly or use some services. Profiling cookies, on the other hand, have the task of creating user profiles in order to send advertising messages in line with the preferences expressed by the user while browsing.

  1. Cookies used in this site

This Privacy Policy applies only to the Site as defined above.

The Site uses the following types of cookies:

own, session and persistent cookies, necessary to allow navigation on the Site, for internal security and system administration purposes;
third-party, session and persistent cookies, necessary to allow the user to use multimedia elements on the Site, such as images and videos;
persistent third-party cookies used by the Site to send statistical information to the Google Analytics system, through which the MANAGER can perform statistical analysis of accesses / visits to the Site. The cookies used only pursue statistical purposes and collect information in aggregate form. Through a pair of cookies, one of which is persistent and the other of session (expiring when the browser is closed), Google Analytics also saves a register with the start times of the visit to the Site and exit from the same. You can prevent Google from detecting data via cookies and subsequent data processing by downloading and installing the browser plug-in from the following address:


persistent third-party cookies, used by the Site to include the buttons of some social networks (Facebook, Twitter and Google+) on its pages. By selecting one of these buttons, the user can publish the contents of the web page of the site he is visiting on his personal page of the related social network.

The Site may contain links to other sites (so-called third party sites). Then:

The MANAGER does not perform any access or control over cookies, web beacons and other user tracking technologies that could be used by third party sites that the user can access from the Site;
The MANAGER does not carry out any checks on the contents and materials published by or obtained through third party sites, nor on the related methods of processing the user’s personal data, and expressly disclaims any related liability for such eventualities.
The user is required to check the privacy policies of third party sites accessed through the Site and to inquire about the conditions applicable to the processing of their personal data


  1. Personal data retention

Personal data are stored and processed through IT systems by the MANAGER; for more details please refer to section 11 “Right of access” below. The data is processed exclusively by specifically authorized personnel, including personnel appointed to carry out ordinary and extraordinary maintenance operations.

  1. Purposes and methods of data processing

The RESPONSIBLE may process the user’s personal data for the following purposes:

use by users of services and features on the Site,
management of requests and reports from its users,
sending newsletters,
management of applications received through the Site,
other relating to the management of subscriptions or services provided through the Site

Furthermore, with the additional and specific optional consent of the user, the RESPONSIBLE may process personal data for marketing purposes, i.e. to send the user promotional material and / or commercial communications relating to the Company’s services, at the addresses indicated. both through traditional methods and / or means of contact (such as, paper mail, telephone calls with operator, etc.) and automated (such as, communications via internet, fax, e-mail, sms, applications for mobile devices such as smartphones and tablets -cd . APPS-, social network accounts – eg via Facebook or Twitter-, phone calls with automatic operator, etc.). Personal data are processed both in paper and electronic form and entered into the company information system in full compliance with EU Reg. 2016/679, including the security and confidentiality profiles and inspired by the principles of correctness and lawfulness of processing. In compliance with EU Reg. 2016/679, the data are kept and stored for the maximum period provided for by the regulations in force.

  1. Security and quality of personal data

The RESPONSIBLE undertakes to protect the security of the user’s personal data and complies with the security provisions provided for by the applicable legislation in order to avoid data loss, illegitimate or illicit use of data and unauthorized access to the same, with particular reference to the Technical Regulations regarding minimum security measures. In addition, the information systems and computer programs used by the RESPONSIBLE are configured in such a way as to minimize the use of personal and identification data; these data are processed only for the achievement of the specific purposes pursued from time to time. The MANAGER uses multiple advanced security technologies and IT procedures aimed at promoting the protection of users’ personal data; for example, personal data are stored on secure servers, located in places with protected and controlled access. The user can help the RESPONSIBLE to update and keep their personal data correct, communicating any changes relating to their address, their qualification, contact information, etc.

  1. Scope of communication and data access

The user’s personal data may be disclosed to:

all subjects to whom the right of access to such data is recognized by virtue of regulatory provisions and the explicit consent formulated by the data subject;
to our collaborators, employees, as part of their duties;
to all those natural and / or legal persons, public and / or private when the communication is necessary or functional to the performance of our business and in the manner and for the purposes illustrated above;

  1. Nature of provision of personal data

The provision of some personal data by the user is mandatory to allow the Company to manage communications, requests received from the user or to contact the user himself to follow up on his request. This type of data is marked with the asterisk symbol [*] and in this case the provision is mandatory to allow the Company to follow up on the request which, failing that, cannot be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide it will not entail any consequences for the user. The provision of personal data by the user for marketing purposes, as specified in the “Purpose and methods of processing” section is optional and refusal to provide them will have no consequence. The consent given for marketing purposes is intended as extended to the sending of communications made through both automated and traditional methods and / or means of contact, as exemplified above.

  1. Rights of the interested party

11.1 Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679


The interested party has the right to obtain from the RESPONSIBLE the confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:

the purposes of the processing;
the categories of personal data in question;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations;
the retention period of the personal data envisaged or, if this is not possible, the criteria used to determine this period;
the existence of the data subject’s right to ask the Data Controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their processing;
the right to lodge a complaint with a supervisory authority;
the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

11.2 Right pursuant to art. 17 of EU Reg. 2016/679 – right to cancellation (“right to be forgotten”)

  • The interested party has the right to obtain from the RESPONSIBLE the cancellation of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay, if one of the following reasons exists:
    the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
    the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing;
    the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2;
    the personal data have been unlawfully processed;
    personal data must be deleted to fulfill a legal obligation under the law of the Union or of the Member State to which the Data Controller is subject;
    the personal data were collected in relation to the information society service offer referred to in Article 8, paragraph 1 of EU Reg. 2016/679

11.3 Right referred to in art. 18 Right to limitation of treatment


The interested party has the right to obtain from the RESPONSIBLE the limitation of the processing when one of the following hypotheses occurs:

the data subject disputes the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
the processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited;
although the Data Controller no longer needs it for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
the interested party opposed the processing pursuant to Article 21, paragraph 1, EU Reg. 2016/679 pending verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party.

11.4 Right referred to in Article 20 Right to data portability

The interested party has the right to receive in a structured format, in common use (and readable by an automatic device), the personal data concerning him, managed by the RESPONSIBLE and has the right to transmit such data to another data controller without impediments from part of the RESPONSIBLE

  1. Revocation of consent to treatment

The interested party has the right to revoke the consent to the processing of your personal data by sending a registered letter with return receipt to the following address: Orthonsport Srls – Via Grotta Santa 29 – 96100 SR accompanied by a photocopy of his identity document, with the following subject : <>. At the end of this operation, your personal data will be removed from the archives as soon as possible.

  1. Contact Channels

If you wish to have more information on the processing of your personal data, or to exercise the rights referred to in point 11 above, you can send a written communication to or a registered letter with return receipt to the following address: Orthonsport Srls – Via Grotta Santa 29 – 96100 SR. Before providing or changing any information, it may be necessary to verify your identity and answer a few questions. Only in this way will it be possible to respond to requests relating to personal data.