Website Privacy Notice

Pursuant to Art. 13 of EU Regulation 2016/679

Dear User,
In accordance with EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003, as amended by
Legislative Decree 101/2018, Wosa Limited S.r.l., in its capacity as Data Controller, provides this privacy
notice regarding the processing of personal data acquired.
This privacy notice applies exclusively to the website www.wosa.co.uk and is not to be considered valid for
other websites that may be accessed via links on the Data Controller’s website.
Users/visitors are advised to carefully read this Privacy Policy before submitting any personal information
and/or completing any electronic form on the website.
1. DATA CONTROLLER
The Data Controller, pursuant to Articles 4 and 24 of EU Regulation 2016/679, is Wosa Limited S.r.l., with
registered office at Lungo canale Palombari dell’Artiglio no. 39, 55049, Viareggio (LU), VAT No.
02483190464.
The Data Controller may be contacted at the following email address: privacywosa@gmail.com
2. TYPES OF PERSONAL DATA PROCESSED
The Data Controller will process the following categories of personal data:
 Data voluntarily provided by the user: identification and contact information provided in the contact
form;
 Data collected automatically through the website (e.g., IP address, location, browser type);
 Cookies and other tracking systems, as outlined in the specific cookie policy.
3. LEGAL BASIS, LAWFULNESS AND PURPOSES OF PROCESSING
We inform you that your personal data will be processed in compliance with the lawfulness conditions under
Art. 6 of EU Regulation 2016/679 and strictly to the extent necessary to fulfil the following purposes:
a) to allow navigation and use of the services available on this website;
b) to respond to requests for information or contact sent to the company.
Should the Data Controller intend to process personal data for a purpose other than that for which the data
were collected, it will provide the data subject with all necessary information in advance and request consent
where required.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data may be communicated to other Data Controllers to comply with legal obligations.
In all other cases, data may be communicated/disclosed only with the user’s separate and explicit consent.
Personal data may also be temporarily made accessible to companies appointed as Data Processors,
pursuant to Art. 28 GDPR, for the management/maintenance of IT systems, communication networks, and
web platforms.

5. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND/OR INTERNATIONAL
ORGANISATION
Personal data will not be transferred to third countries or international organisations.
However, the use of services such as Google Drive or Dropbox may involve the transfer of data to servers
located abroad (both within and outside the EU), always in compliance with applicable legal provisions and in
full security.
6. DATA RETENTION PERIOD OR CRITERIA USED TO DETERMINE SUCH PERIOD
In compliance with Art. 5 GDPR and the principle of data minimisation, personal data will be stored on
secure IT systems for no longer than is necessary to achieve the purposes for which the data were collected.
Specifically:
 for contractual/pre-contractual purposes, personal data will be retained for 10 years;
 for marketing and newsletter purposes, data will be retained for no longer than 24 months from
collection.
 If, for any reason, you believe that the processing purpose has been fulfilled earlier than the
specified period, you must notify the Data Controller in writing; the Data Controller will then proceed
with the immediate deletion of the collected data.
7. RIGHTS OF THE DATA SUBJECT AND HOW TO EXERCISE THEM
As a data subject, you may exercise your rights under Chapter III (Articles 15–22) of EU Regulation
2016/679 by contacting the Data Controller via:
 email: privacywosa@gmail.com
 registered mail to the company’s registered office
 or by submitting a written request.
The rights granted under the GDPR include:
 right of access;
 right to rectification;
 right to erasure;
 right to withdraw consent;
 right to restriction of processing;
 right to object to processing;
 right to data portability.
These rights may be exercised free of charge and without particular formalities.
Without prejudice to any other administrative or judicial remedy, you may also lodge a complaint with the
Supervisory Authority, as provided by EU Regulation 2016/679 and the Privacy Code as amended by
Legislative Decree 101/2018.
8. METHODS OF PERSONAL DATA PROCESSING
Personal data will be processed, managed, and stored using electronic and IT tools, in a manner that
ensures their security and confidentiality.
Processing will be carried out by expressly authorised internal personnel.
No processing involving automated decision-making or profiling will be performed.

9. NATURE OF DATA PROVISION AND CONSENT MANAGEMENT
Providing personal data for the purposes indicated in Section 3 is optional.
Any consent given may be withdrawn at any time, without affecting the lawfulness of processing based on
consent prior to its withdrawal.
Consent provided for different purposes is not binding, and the user may withdraw one without invalidating
the others.
10. DISCLOSURE OF PERSONAL DATA
Personal data collected will not be disseminated under any circumstances to unauthorised third parties and
may be disclosed only upon request by the Judicial, Financial, or Supervisory Authorities, or other entities to
whom disclosure is legally mandatory for the fulfilment of the stated purposes.
Last update 2025, December