Privacy Policy

Last updated: February 18, 2026

1. DATA CONTROLLER

The Data Controller of personal data is:

Company name: OMBAF s.a.s.
Registered office: Via Casa Celeste 3, 36014 SANTORSO (VI), Italy
VAT number: 00146580246
Email: info@ombaf.it
Certified Email (PEC): ombaf@pec.it

2. TYPES OF DATA COLLECTED

2.1 Data provided voluntarily by the user

Registration data:

  • First and last name
  • Email address
  • Password (encrypted)
  • Phone number (optional)

Order processing data:

  • Billing address
  • Shipping address
  • Payment data (processed through secure gateways)
  • Tax code (if required for invoicing)

Contact data:

  • Name, email, phone number, and message sent through the contact form

2.2 Data collected automatically

Browsing data:

  • IP address
  • Browser and device type
  • Operating system
  • Pages visited and time spent
  • Referrer information
  • Website usage data

Cookies and similar technologies: For detailed information, please refer to our Cookie Policy.

3. PURPOSES AND LEGAL BASIS OF PROCESSING

3.1 Performance of a contract (Art. 6(1)(b) GDPR)

We process data in order to:

  • Process and manage orders
  • Manage payments and invoicing
  • Organize shipments and deliveries
  • Provide customer support
  • Manage returns and refunds

Legal basis: Performance of the sales contract.

3.2 Legal obligations (Art. 6(1)(c) GDPR)

We process data for:

  • Tax and accounting compliance
  • Invoice retention
  • Compliance with legal obligations

Legal basis: Legal obligation
Retention period: 10 years from the end of the relationship (tax obligations).

3.3 Legitimate interest (Art. 6(1)(f) GDPR)

We process data for:

  • Fraud prevention and website security
  • Aggregated statistical analysis
  • Service improvement
  • Management of legal disputes

Legal basis: Legitimate interest of the Data Controller
Retention period: Variable depending on necessity.

3.4 Consent (Art. 6(1)(a) GDPR)

Subject to consent, we process data for:

  • Sending newsletters and commercial communications
  • Direct marketing
  • Profiling for personalized offers
  • Non-technical cookies (see Cookie Policy)

Legal basis: Explicit consent
Right to withdraw: At any time via the link in emails or by contacting us.

4. METHODS OF PROCESSING

Personal data are processed using IT and telematic tools, with organizational and logical methods strictly related to the stated purposes.

Security measures adopted:

  • Password encryption
  • HTTPS/SSL connection
  • Firewalls and antivirus systems
  • Regular backups
  • Restricted access to data to authorized personnel only
  • Staff training on data protection

5. DATA RECIPIENTS

Data may be communicated to:

Entities necessary for service provision:

  • Hosting and cloud service providers
  • Email service providers
  • Tax advisors and accountants

Public authorities:

  • Upon request, for legal compliance (e.g., law enforcement authorities, tax authorities)

All third parties are appointed as Data Processors pursuant to Art. 28 GDPR or act as independent Data Controllers.

6. DATA TRANSFER OUTSIDE THE EU

Some service providers may be located outside the European Union. In such cases, we ensure that the transfer complies with the GDPR through:

  • European Commission adequacy decisions
  • Approved standard contractual clauses
  • Appropriate safeguards provided by the GDPR

7. DATA RETENTION PERIOD

Personal and contact data:

  • Active accounts: until deletion request
  • Inactive accounts: [e.g., 3 years from last login]

Order-related data:

  • 10 years for tax and accounting obligations
  • After that period, only in anonymized form for statistical purposes

Browsing data and logs:

  • Maximum 12 months, unless required for criminal investigations

Marketing and newsletters:

  • Until consent withdrawal or objection to processing

8. DATA SUBJECT RIGHTS

Pursuant to Articles 15–22 of the GDPR, the user has the right to:

8.1 Right of access (Art. 15)

Obtain confirmation of the existence of personal data and receive a copy.

8.2 Right to rectification (Art. 16)

Obtain correction of inaccurate or incomplete data.

8.3 Right to erasure (Art. 17)

Obtain deletion of data (“right to be forgotten”), subject to legal obligations.

8.4 Right to restriction (Art. 18)

Obtain restriction of processing in certain circumstances.

8.5 Right to data portability (Art. 20)

Receive data in a structured format and transmit them to another controller.

8.6 Right to object (Art. 21)

Object to processing for legitimate reasons.

8.7 Right to withdraw consent

Withdraw consent at any time, without affecting the lawfulness of prior processing.

8.8 Right to lodge a complaint

Lodge a complaint with the Italian Data Protection Authority:

Website: www.garanteprivacy.it
Email: garante@gpdp.it
Certified Email (PEC): protocollo@pec.gpdp.it

9. EXERCISING YOUR RIGHTS

To exercise the rights listed above, the user may contact us:

Company name: OMBAF s.a.s.
Registered office: Via Casa Celeste 3, 36014 SANTORSO (VI), Italy
VAT number: 00146580246
Email: info@ombaf.it
Certified Email (PEC): ombaf@pec.it

We will respond within 30 days of the request. In complex cases, the deadline may be extended by an additional 60 days, with prior notice.

10. DATA OF MINORS

The website is not intended for minors under 16 years of age. We do not knowingly collect data from minors. If a parent/guardian becomes aware that a minor has provided data, they may contact us for deletion.

11. CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this Privacy Policy. Changes will be published on this page with an updated date. We encourage you to review this page regularly.

12. CONTACT

For questions regarding this Privacy Policy or data processing:

Email: info@ombaf.it

COOKIE POLICY

Last updated: February 18, 2026

1. WHAT COOKIES ARE

Cookies are small text files that visited websites send to the user’s browser, where they are stored to be retransmitted to the same websites on subsequent visits.

Cookies are used for various purposes: performing IT authentication, session monitoring, storing information, and saving user preferences.

2. TYPES OF COOKIES USED

2.1 Technical Cookies (do not require consent)

Browsing or session cookies:

  • Ensure normal website navigation
  • Duration: session (deleted when the browser is closed)
  • Examples: cart management, login session

First-party analytics cookies:

  • Used in aggregated form to collect statistics on website use
  • Configured to anonymize IP addresses
  • Duration: [e.g., 24 months]

Functionality cookies:

  • Store user preferences (e.g., language, currency)
  • Duration: [e.g., 12 months]

2.2 Profiling Cookies (require consent)

First-party profiling cookies:

  • Used to create user profiles and send targeted advertising messages
  • Duration: [e.g., 12 months]
  • Purpose: personalized marketing

Third-party profiling cookies:

  • Installed by third parties to track behavior
  • Purpose: behavioral advertising, remarketing
  • Duration: varies by provider

2.3 Third-Party Cookies

Our website may include third-party cookies for services such as:

Google Analytics (anonymous statistics)
Provider: Google LLC
Purpose: Traffic and user behavior analysis
Privacy Policy: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout

Facebook Pixel (if used)
Provider: Meta Platforms
Purpose: Remarketing and conversions
Privacy Policy: https://www.facebook.com/privacy/explanation
Duration: [e.g., 90 days]

Google Ads (if used)
Provider: Google LLC
Purpose: Targeted advertising
Privacy Policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com

3. COOKIES INSTALLED ON OUR WEBSITE

To view the updated list of cookies installed on our website, open the cookie banner by clicking the blue icon at the bottom right of the screen.

4. LEGAL BASIS AND CONSENT

4.1 Technical Cookies

Do not require prior consent (Art. 122 Italian Privacy Code, Italian Data Protection Authority Provision of May 8, 2014).

4.2 Profiling Cookies

Require prior, free, specific, and informed user consent before installation.

4.3 Analytics Cookies

If configured to anonymize IP addresses and not combined with other databases, they are treated as technical cookies.

5. CONSENT MANAGEMENT

Upon accessing the website, an information banner is displayed requesting consent for non-technical cookies.

The user may:

  • Accept all cookies
  • Refuse (consent only to technical cookies)
  • Customize by selectively choosing categories
  • Access the full Cookie Policy for more information

Consent is stored for [e.g., 6 months], after which it is requested again.

6. HOW TO MANAGE COOKIES

6.1 Browser management

Users may block or delete cookies through their browser settings:

Chrome: Settings > Privacy and security > Cookies and other site data
Firefox: Options > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Manage Website Data
Edge: Settings > Privacy, search, and services > Cookies and site data
Opera: Settings > Privacy and security > Cookies

6.2 Selective disabling

To disable specific third-party cookies:

Google Analytics: https://tools.google.com/dlpage/gaoptout
Google Ads: https://adssettings.google.com
Facebook: https://www.facebook.com/ads/preferences
Your Online Choices: http://www.youronlinechoices.com/it/

6.3 Consequences of disabling

Disabling technical cookies may compromise certain website functionalities (e.g., cart, login).

Disabling profiling cookies does not affect website use but may make communications less relevant.

7. SOCIAL MEDIA COOKIES

If the website includes social media buttons or widgets (Facebook, Twitter, Instagram, LinkedIn, etc.), these may install third-party cookies.

We recommend consulting their respective policies.

8. FLASH COOKIES

“Local Shared Objects” (Flash cookies) cannot be managed through the browser and require access to Adobe’s website.

9. WEB BEACONS AND PIXEL TAGS

In addition to cookies, we use web beacons (transparent images) to:

  • Monitor email openings
  • Track conversions
  • Analyze browsing behavior

These elements are subject to the same rules as profiling cookies.

10. CHANGES TO THE COOKIE POLICY

We reserve the right to amend this Cookie Policy to comply with regulations, services, or technologies. Changes will be published on this page.

11. FURTHER INFORMATION

For information on personal data processing, please consult the full Privacy Policy.

For specific questions about cookies:

Email: info@ombaf.it

12. USEFUL LINKS

Network Advertising Initiative: www.networkadvertising.org
Italian Data Protection Authority: www.garanteprivacy.it
Your Online Choices: www.youronlinechoices.com/it
All About Cookies: www.allaboutcookies.org

Via Casa Celeste 3
36014 SANTORSO (VI)

+39.0445.540522