Privacy Policy
Privacy Policy
The purpose of this document is to inform the natural persons to whom the Personal Data being Processed refers (hereinafter the “Data Subjects”) regarding the Personal Data collected by the Data Controller, as identified below.
The Data Controller may modify or simply update this Privacy Policy, in whole or in part, by informing the Data Subjects accordingly.
Data Controller
The Data Controller is Formitalia srl., with registered office at Via Adriatica No. 10, 73100 Lecce, Tax Code/VAT Number 04128090752, Postal Code 73100, email address info@oxfordlecce.it, certified email address formitaliasrl@pec.formitaliasrl.it, telephone number 0832390312.
Furthermore, please note that your personal data will also be shared with Formitalia srl.’s employees who, in various capacities by virtue of specific appointment or authorization, will process your data for the purposes for which it was collected, in compliance with the provisions of GDPR 2016/679.
For an updated list of Data Processors and Data Processors, please email Info@oxfordlecce.it.
Personal Data Collected
The Data Controller collects the following types of Personal Data:
User identification data requested when registering on the website, such as name, surname, date of birth, city of origin, email address, telephone number, etc.
Browsing Data: The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. This data is used on this site solely for the purpose of obtaining anonymous statistical information on site usage and to verify its proper functioning. The data could be used to ascertain liability in the event of hypothetical cybercrimes against the site. Consent is not required for this data, and only for the aforementioned purpose.
Data provided voluntarily by the user: The optional, explicit, and voluntary sending of emails to the addresses indicated on this site or the completion of forms in specific sections with mandatory and optional fields entails the subsequent acquisition of the sender’s information and address, which is necessary to respond to requests for services and/or information. For this data, and only for the aforementioned purpose, consent is not required.
Data relating to customer activities: such as purchase tracking, customer behavior monitoring, etc.
Failure by the Data Subject to provide Personal Data, for which there is a legal or contractual obligation, or where such data is a necessary requirement for using the service or for the conclusion of the contract, will make it impossible for the Data Controller to provide its services in whole or in part.
A Data Subject who communicates Personal Data of third parties to the Data Controller is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.
Purpose of Processing
The Personal Data collected may be used to fulfill contractual and pre-contractual obligations, comply with legal obligations, and for the following purposes:
follow up on requests or reports from the interested party, offer commercial assistance and customer care services;
perform administrative and accounting management by communicating the Data to the Tax Advisor;
comply with the obligations incumbent on the Data Controller and required by applicable law;
Security of systems, assets, and people;
Management of suppliers and partners (supplier administration, orders, payments, etc.);
Management of user databases;
Management of payments by credit card, bank transfer, or other means;
Sending advertising or commercial communications by any appropriate means;
Commercial affiliation;
Comments and feedback.
Legal basis for processing
The legal basis
The Data Subject’s consent is the basis for processing for all the purposes indicated above.
Processing Methods
Personal Data is processed using paper, computerized, and/or electronic means, in compliance with the provisions of GDPR 2016/679, using organizational methods and procedures strictly related to the purposes indicated.
In some cases, Personal Data may also be accessed by individuals involved in the Data Controller’s organization (such as, for example, personnel management, sales staff, system administrators, etc.) or external parties (such as IT companies, service providers, postal couriers, hosting providers, etc.). These individuals may, where appropriate, be appointed as Data Processors by the Data Controller, access the Data Subjects’ Personal Data whenever necessary, and will be contractually obligated to maintain the confidentiality of the Personal Data.
The updated list of Data Processors can be requested by email at Info@oxfordlecce.it
Place of Processing
Personal Data is processed at the Data Controller’s operating offices and at any other location where the parties involved in the Processing are located. For further information, the Data Subject may contact the Data Controller at the following email address: Info@oxfordlecce.it or at the postal address: Via Adriatica 10, 73100 Lecce.
Automated Decision-Making
All Data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects concerning the data subject or significantly affect him or her.
Transfer of Personal Data
Your data will not be transferred to third countries outside the European Union.
Security Measures
The Processing is carried out using methods and tools suitable for ensuring the security and confidentiality of Personal Data, with the Data Controller having adopted appropriate technical and organizational measures that guarantee and demonstrate that the Processing is carried out in compliance with applicable legislation.
Personal Data Retention Period
The Data Controller will process the Personal Data for the time necessary to fulfill the purposes related to the performance of the contract between the Data Controller and the Data Subject, and for no longer than 10 years from the termination of the relationship with the Data Subject, and in any case until the expiration of the limitation period established by applicable law.
When the Processing of Personal Data is necessary for the pursuit of a legitimate interest of the Data Controller, the Personal Data will be retained until such interest is satisfied.
If the Processing of Personal Data is based on the Data Subject’s consent, the Data Controller may retain the Personal Data until the Data Subject withdraws such consent.
Personal Data may be retained for a longer period if necessary to comply with a legal obligation or by order of an authority.
All Personal Data will be deleted upon expiration of the retention period.
After this period, the rights of access, erasure, rectification, and portability of Personal Data can no longer be exercised.
Rights of the Data Subject
Data Subjects may exercise certain rights regarding the Personal Data processed by the Data Controller.
In particular, the Data Subject has the right to:
withdraw consent at any time;
object to the Processing of their Personal Data;
access their Personal Data;
verify and request rectification;
obtain restriction of Processing;
obtain the erasure of their Personal Data;
receive their Personal Data or have it transferred to another controller;
file a complaint with a data protection supervisory authority and/or take legal action.
To exercise their rights, Data Subjects may send a request to the Data Controller’s contact details indicated in this document (email address: Info@oxfordlecce.it, certified email address: formitaliasrl@pec.formitaliasrl.it).
Requests are made free of charge and will be processed by the Data Controller as quickly as possible, in any case within 30 days.
Last updated: 01/01/2026