en
Italiano
Last updated: April 2026
Brand Oasi Srl (hereinafter "Controller" or "Company") respects the privacy of its users and is committed to protecting the personal data collected through the website brandoasi.com. This privacy policy describes how personal data is collected, used, stored and protected, in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Italian legislation.
1. Data Controller
The Data Controller is:
- Company name: Brand Oasi Srl
- Registered office: Via Enrico Fermi 2, 25013 Carpenedolo (BS), Italy
- VAT / Tax code: 03566610980
- Certified email (PEC): brandoasisrl@pec.it
- Phone: (+39) 030 7777336
- Email: info@brandoasi.com
2. Types of data collected
The Controller collects the following categories of personal data:
a) Data voluntarily provided by the user
- Identification data: first name, last name, company name.
- Contact data: email address, phone number.
- Communication content: messages sent via the contact forms on the website.
b) Data collected automatically
- Browsing data: IP address, browser type, operating system, pages visited, date and time of access, visit duration.
- Cookies and similar technologies: information collected through technical, analytical and marketing cookies. For more details, please refer to our Cookie Policy.
3. Purposes and legal basis for processing
Personal data is processed for the following purposes, each with its corresponding legal basis under Art. 6 of the GDPR:
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Responding to requests submitted through the contact form | Art. 6(1)(b) – Performance of pre-contractual measures at the request of the data subject |
| Technical operation of the website (necessary cookies) | Art. 6(1)(f) – Legitimate interest of the Controller |
| Statistical analysis of web traffic via Google Analytics 4 | Art. 6(1)(a) – Consent of the data subject |
| Marketing and remarketing via Facebook Pixel and Google Ads | Art. 6(1)(a) – Consent of the data subject |
| Protection of the website from abuse via Google reCAPTCHA v3 | Art. 6(1)(f) – Legitimate interest of the Controller |
| Compliance with legal or tax obligations | Art. 6(1)(c) – Legal obligation |
4. Google Consent Mode v2
The website uses Google Consent Mode v2 to manage the behaviour of Google services (Google Tag Manager, Google Analytics 4, Google Ads) based on the consent preferences expressed by the user through the internal cookie banner.
In the absence of consent:
- Google tags respect the default denied settings (
analytics_storage: denied,ad_storage: denied,ad_user_data: denied,ad_personalization: denied). - No analytical or marketing cookies are installed.
- Google may collect anonymous and aggregated signals (cookieless pings) for conversion modelling, without identifying the user.
When the user grants consent, the parameters are dynamically updated to granted and the corresponding cookies are installed.
5. Data recipients
Personal data may be shared with:
- Google LLC – for Google Tag Manager (GTM-MBLXRJK), Google Analytics 4 and Google Ads services.
- Meta Platforms, Inc. – for the Facebook Pixel service.
- Google LLC – for the reCAPTCHA v3 service.
- IT service providers – for hosting, maintenance and technical support of the website.
- Consultants and professionals – for legal, accounting or tax obligations.
Data will not be disclosed or communicated to parties other than those listed above, except as required by law.
6. Data transfers outside the EU
Some of the third-party services used (Google, Meta) are based in the United States. Data transfers to the US are carried out on the basis of the EU-U.S. Data Privacy Framework (DPF), adopted by the European Commission’s adequacy decision of 10 July 2023.
In the absence of an adequacy decision, transfers are carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission, pursuant to Art. 46(2)(c) of the GDPR.
7. Data retention period
- Contact form data: retained for the time necessary to handle the request and for a maximum of 24 months from collection, unless legal obligations apply.
- Browsing data and cookies: retained according to the durations specified in the Cookie Policy.
- Data for legal obligations: retained for the periods required by applicable law (e.g. 10 years for tax obligations).
8. Rights of the data subject (Arts. 15-22 GDPR)
The user may exercise the following rights at any time:
- Right of access (Art. 15): obtain confirmation of whether personal data is being processed and access such data.
- Right to rectification (Art. 16): obtain the correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): obtain the deletion of personal data, in the cases provided by law.
- Right to restriction of processing (Art. 18): obtain the restriction of processing in certain cases.
- Right to data portability (Art. 20): receive personal data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7): withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, the user may send a request to:
- Email: info@brandoasi.com
- Certified email (PEC): brandoasisrl@pec.it
- Post: Brand Oasi Srl, Via Enrico Fermi 2, 25013 Carpenedolo (BS), Italy
9. Right to lodge a complaint
The data subject has the right to lodge a complaint with the competent supervisory authority:
- Garante per la protezione dei dati personali (Italian Data Protection Authority)
- Website: www.garanteprivacy.it
- Email: garante@gpdp.it
- PEC: protocollo@pec.gpdp.it
10. Changes to this privacy policy
The Controller reserves the right to amend this privacy policy at any time. Any changes will be published on this page with an updated "last updated" date. Users are encouraged to review this page periodically to stay informed about how their data is protected.