This page collects the main privacy information and refers to the full official document published externally.

Information notice pursuant to Article 13 of Regulation (EU) 2016/679

O.R.A.T. S.r.l. (hereinafter, for brevity, “O.R.A.T.” or the “Controller”) informs you that the personal data acquired through browsing this website will be processed in compliance with the applicable legislation on the protection of personal data, including Regulation (EU) 2016/679 (“GDPR”).

This notice describes how the website www.orat.it is managed with reference to the processing of the personal data of users who browse it or interact with O.R.A.T. through the tools and contact details available on the website.

Data Controller

The Data Controller is:

O.R.A.T. S.r.l.
Registered and Operational Office
Viale Martiri della Libertà, 2
29010 – Villanova sull’Arda (PC)
REA Registration: PC – 131194
Share capital: Euro 100,000
VAT No. IT01158690337

Tel. +39 0523 837231
Fax +39 0523 837562
Email: info@orat.it

To exercise the rights provided for by the GDPR, the data subject may contact the Controller at the following email address: info@orat.it.

Types of data collected, purposes and legal basis of processing

2.1 Browsing data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, by way of example, the IP addresses or domain names of the devices used by users connecting to the website, the URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response given by the server, and other parameters relating to the user’s operating system and IT environment.

These data are processed for the following purposes:

  • to allow browsing and use of the website;
  • to obtain statistical information on the use of the website;
  • to check the correct functioning of the website;
  • to ensure the security of the website and prevent any unlawful activities;
  • to ascertain liability in the event of hypothetical computer crimes against the website;
  • to comply with legal obligations or requests from the Judicial Authority.

The legal basis for the processing is, depending on the case, Article 6(1)(b) of the GDPR, as the processing is necessary to allow the user to use the requested service; Article 6(1)(f) of the GDPR, for the Controller’s legitimate interest in the security and correct functioning of the website; and Article 6(1)(c) of the GDPR, for compliance with legal obligations.

2.2 Data provided voluntarily by the user

The voluntary sending of communications to the email addresses available on the website entails the acquisition of the sender’s email address, as well as any additional personal data included in the communication.

These data will be processed exclusively to respond to the requests made by the user, provide the requested information, manage any pre-contractual or contractual relationships, and comply with applicable legal obligations.

The legal basis for the processing is Article 6(1)(b) of the GDPR, as the processing is necessary to respond to the data subject’s request or for the performance of pre-contractual or contractual measures; as well as Article 6(1)(c) of the GDPR, where the processing is necessary to comply with legal obligations.

The data subject is invited not to send, through the website or by email, special categories of personal data, such as health data, biometric data, genetic data, data relating to criminal convictions or offences, or other data belonging to the special categories referred to in Articles 9 and 10 of the GDPR, unless this is strictly necessary in relation to the request made.

Any data that are not relevant or are excessive in relation to the purposes pursued may be deleted.

2.3 Cookies and tracking tools

The website may use technical cookies and similar tools necessary to ensure the proper functioning of the website and allow normal browsing.

The website may also use third-party cookies or tracking tools, including for statistical purposes, the display of external content, or interaction with external platforms, such as, by way of example, statistical analysis services, maps, external fonts and social widgets.

The use of cookies or tracking tools that are not strictly necessary is subject, where required by applicable law, to the user’s prior consent.

For more information on the cookies and tracking tools used by the website, their purposes, retention periods and the methods for managing preferences, please refer to the extended Cookie Policy available on the website.

Nature of data provision

The provision of browsing data is necessary to allow consultation of the website. Failure to provide such data may make it impossible to access or browse the website correctly.

The provision of personal data through voluntary communications, email or other contact tools is optional; however, failure to provide the necessary data may prevent the Controller from providing the requested response.

The provision of consent for non-essential cookies or tracking tools is optional. Failure to provide consent does not affect the possibility of browsing the website, except for the possible unavailability of specific features linked to such tools.

Data retention period

Browsing data will be stored for the time strictly necessary to ensure the functioning of the website and, as a rule, deleted or anonymised within 7 days, except where retention is necessary to ascertain liability in the event of computer crimes or requests from the competent Authority.

Personal data provided voluntarily by users will be stored for the time necessary to provide the requested response and, in any case, for no longer than 15 days after the relevant activity has been completed, unless it is necessary to retain them for a longer period in order to comply with legal, tax, accounting or administrative obligations, or to document the activities carried out and protect the Controller’s rights.

Data processed through cookies and tracking tools will be stored according to the terms indicated in the Cookie Policy and, where applicable, until the consent given by the user is withdrawn.

Processing methods

Personal data will be processed using electronic, IT and telematic tools, as well as, where necessary, paper-based tools, according to methods strictly related to the purposes indicated in this notice.

The Controller adopts appropriate technical and organisational measures to prevent data loss, unlawful or incorrect use, unauthorised access, disclosure, modification or unauthorised destruction of personal data.

The processing of personal data carried out through the website does not involve automated decision-making processes, including profiling, except as may be indicated in the Cookie Policy with reference to specific third-party tools.

Communication of personal data

The personal data collected will not be disseminated.

The data may be communicated, within the limits of the purposes indicated above, to the following categories of subjects:

  • personnel authorised internally by the Controller;
  • technical and IT service providers;
  • hosting providers, system administrators and parties responsible for website maintenance;
  • consultants, professionals, companies or professional firms providing services to the Controller;
  • public or private entities to whom communication is mandatory by law, regulation or order of the Authority.

External parties that process personal data on behalf of the Controller are appointed, where necessary, as Data Processors pursuant to Article 28 of the GDPR.

The updated list of Data Processors is available at the Controller’s premises and may be requested using the contact details indicated in this notice.

Transfer of data to third countries or international organisations

Personal data are mainly processed at the Controller’s premises and by the service providers used for managing the website.

If, through third-party services integrated into the website, personal data are transferred to countries outside the European Economic Area, the transfer will take place in compliance with Articles 44 et seq. of the GDPR, on the basis of an adequacy decision by the European Commission, Standard Contractual Clauses, participation in programmes recognised by the applicable legislation, or other appropriate safeguards provided for by the GDPR.

Further information on any transfers connected to cookies, tracking tools or third-party services is provided in the Cookie Policy or in the privacy notices of the respective providers.

Links to third-party websites or services

This notice is provided exclusively for the website www.orat.it and not for any other websites or services that may be accessed by the user through links on the website.

The managers of third-party websites or services act as independent data controllers, unless otherwise indicated. Users are therefore invited to consult their respective privacy policies.

Rights of the data subject

In relation to the processing described in this notice, the data subject may exercise at any time the rights provided for by Articles 15 et seq. of the GDPR.

In particular, the data subject has the right to:

  • obtain confirmation as to whether or not personal data concerning them are being processed;
  • obtain access to their personal data;
  • request the rectification of inaccurate data or the completion of incomplete data;
  • request the deletion of personal data, in the cases provided for by law;
  • request the restriction of processing, in the cases provided for by law;
  • object to processing, in the cases provided for by law;
  • receive personal data in a structured, commonly used and machine-readable format, where applicable;
  • withdraw consent given, without affecting the lawfulness of processing based on consent before its withdrawal;
  • lodge a complaint with a competent Supervisory Authority.

Requests to exercise these rights may be addressed to the Controller by writing to: info@orat.it.

The Controller will respond within the time limits provided for by the applicable legislation.

Complaint to the Supervisory Authority

If the data subject believes that the processing of personal data concerning them is carried out in breach of the applicable legislation, they have the right to lodge a complaint with the Italyn Data Protection Authority or another competent Supervisory Authority.

Changes to this notice

The Controller reserves the right to amend or update this notice at any time, including as a result of regulatory, technical or organisational changes.

The updated version will be published on the website.

Last updated: 10 June 2026