Dear User,
Omnys is committed to protecting your privacy.
This privacy policy tells You about the collection, use and disclosure of personal data, with respect to the EU General Data Protection Regulation 2016/679 (referred to as “GDPR”).

Data Controller
The Data Controller of such personal data is Omnys S.r.l. having its legal and operational office in Via Frassini, 35 – 36100 Vicenza (Italy) (referred to as “OMNYS” or “Data Controller”).
Data Protection Officer
The Data Protection Officer (referred to as “DPO”) contact points in OMNYS are:
e-mail: dpo@omnys.com
phone: (+39) 0444.521872
address: DPO c/o Omnys Srl, Via Frassini 35 – 36100 Vicenza (Italy)

Data processing methods
Using the App implies the collection of anonymous non-personal data concerning how the App is used and navigated (referred to as “Anonymous Data”), as well as other data such as First Name, Last Name, Phone number, Email address, etc. regarding You, i.e. the user of the App (referred to as “Personal Data”).
All data and information inputted autonomously by the user in the App (referred to as “Operating Data”) are stored in the user’s mobile device; no copy of such data or information are stored on any servers of the Data Controller. Therefore, the user is accountable for adopting any technical and organizational measures to protect the Operating Data.
No data collected or stored through the App are disclosed to third parties.

Data processing purposes
Anonymous Data collected through the App can be used to obtain statistical anonymous information on how the App is being used, to check for the correct use of the App, as well as to verify any possible illicit act committed against the App, the Data Controller or any third-party.
Personal Data collected through the App can be used by OMNYS to communicate with You. Communications may concern information about the App or commercial and marketing information about OMNYS.
Operating Data are not processed at all by the Data Controller.
Data storage
Data are stored in and processed through computer systems owned by the Data Controller and managed by OMNYS or other suppliers of technical services; for more information please refer to the following “Rights of the data subject” section.
Security of Personal Data
Omnys is committed to protecting your Data and complies with all privacy regulations in order to avoid data breach, illicit usage or unallowed access to Data.

Rights of the data subject
Art. 15 (Right of access by the data subject), art. 16 (Right to rectification) of the GDPR
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Art. 17 (Right to erasure (‘right to be forgotten’)) of the GDPR
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
Art. 18 (Right to restriction of processing) of the GDPR
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.