Privacy Policy



Purpose of this privacy policy

Your privacy is important to Onetray so we have developed a Privacy Notice that covers how we collect, use, disclose and transfer your personal information.

This privacy notice applies to the processing of personal data (hereinafter, “Personal Data”) of the users (hereinafter, the “User/s” or the “Data Subject/s”) carried out by Onetray , based in Via Edmondo de Amicis 48 – 20123 Milano (MI) through this website, in accordance with Regulation (EU) 2016/679 –  General Data Protection Regulation or the “GDPR” – as well as the Italian Legislative Decree no. 196/2003 as amended by the Legislative Decree no. 101/2018.


Changes to the privacy policy

We keep our privacy policy under regular review. [This version was last updated on [DATE].


Data Controller

The Data Controller is Onetray S.r.l, with registered office in via Edmondo de Amicis 48 – 20123 Milan (MI). Within the scope of its activity and for the purposes indicated above, the Company may make use of services provided by third parties who operate on its behalf and according to its instructions, such as Data Processors and/or Persons in Charge of Processing.


Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.


The data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, products and services.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.


How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Data by filling in forms or by corresponding with us by post, phone, email or otherwise.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data by using cookies.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.


Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.



Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity

(b) Contact

Performance of a contract with you (art. 6(1)(b) of the GDPR).

To manage our relationship with you

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you (art. 6(1)(b) of the GDPR).

(c) Necessary for our legitimate interests (e.g. to keep our records updated) (art. 6(1)(f) of GDPR).

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (e.g. for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (art. 6(1)(f) of GDPR).

(b) Necessary to comply with a legal obligation (art. 6(1)(c) of the GDPR).

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and Communications

Necessary for our legitimate interests (e.g. to develop our products/services and grow our business) (art. 6(1)(f) of GDPR).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Data retention


How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax or accounting requirements.


Your legal rights

You may exercise certain rights with respect to Personal Data processed by the Data Controller, as specified in the GDPR:

  • Right of Access (article 15 of the GDPR) – the right to be informed of and request access to the personal data we process about you;
  • Right to Rectification (article 16 of the GDPR) – the right to request that we amend or update your personal data where it is inaccurate or incomplete;
  • Right to Erasure (article 17 of the GDPR) – the right to request that we delete your personal data;
  • Right to Restrict (article 18 of the GDPR) – the right to request that we temporarily or permanently stop processing all or some of your personal data;
  • Right to Data Portability (article 20 of the GDPR) – the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service;
  • Right to Object (article 21 of the GDPR) –
  • the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
  • the right to object to your personal data being processed for direct marketing purposes; and 
  • Right not to be subject to Automated Decision-making (article 22 of the GDPR) – the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

In order to exercise these rights, you may send a request to the contact information of the Data Controller indicated in this document. These requests are free of charge and performed by the Data Controller in the shortest possible time, in any case no later than 30 days.

Furthermore, if you consider that the processing of your personal data as performed via this website infringes the GDPR, you have the right to lodge a complaint with a Supervisory Authority pursuant to Article 77 of the GDPR (Piazza Venezia n. 11, IT-00187, Roma; Email:; PEC:; Tel.: +39 06696771), or else to bring a judicial proceeding against the controller or processor (Article 79 of the GDPR).