NOTICE ON THE PROCESSING OF PERSONAL DATA PRIVACY POLICY

TITLE I – OWNER OF THE DATA PROCESSING

Name of the company: O.M.B.F. Snc Dei Fratelli Bene Angelo e Giuseppe & C., in the person of its pro tempore legal representative (hereinafter O.M.B.F.).
Legal address: San Marzano Oliveto 14050 (AT) Regione Leiso 113/F, Italy.
VAT number: 01193250055.
Contacts: tel. 0141-831252; fax 0141-831252, mail This email address is being protected from spambots. You need JavaScript enabled to view it.

TITLE II – PREAMBLE

CLAUSE A – PURPOSE OF THE NOTICE

This document refers exclusively to the Site https://ombf.it/it/ (hereinafter referred to with the word “Site)

It is specified that all information contained in our Site refers to the above-mentioned site and are valid for it and not for other web sites, the User might consult through links on the platform. The Owner has no control on these sites and neither on the procedures applied by them for the protection of personal data, therefore we recommend consulting the norms about the privacy of data protection of all subjects with whom you may get in contact before providing personal information.

This document is aimed at informing the User on the data we collect, how we process them, to whom we transfer them, for which purpose they are collected and according to which legal basis.

In implementation of the applicable Italian and EU provisions, The above, includes, by way of example: EU Regulation 2016/679, hereinafter also referred to for brevity as the "GDPR"; the Privacy Code (Legislative Decree No. 196 of 30th June 1993, as amended by Legislative Decree No. 101 of 10th August 2018, hereinafter also referred to for brevity as the Privacy Code), and the provisions and guidelines of the Italian Data Protection Authority (hereinafter also referred to for brevity as the "GPDP").

This document intentionally reproduces, in quotation marks, the contents of the Regulation, the Privacy Code, and the aforementioned Provisions, which the User can also find on the website of the Italian Data Protection Authority (GPDP).

CLAUSE B – TO WHOM THIS NOTICE IS DIRECTED

To the to the ’User, i.e. You, also called the PERSON CONCERNED, the subject consulting the web site, be it a physical person or a subject operating in name and behalf of legal persons providing personal data.

CLAUSE C- MODIFICATIONS

The Owner reserves the right to make changes to the Site, the information published anywhere in the Site at any moment. When consulting the website, the User must always refer to the text published as the current version.

The modifications will become valid at their publication on the Site. Continuing using the Site by the User after the modification will be regarded as the acceptance of said modifications. All Users can verify at any moment by connecting to the Site the latest version of the information as updated by the Data Controller from time to time

This Cookie Policy was updated on 10.09.2025

TITLE III – WHICH DATA WE PROCESS AND WHY

The User assumes responsibility for the personal data of third parties published or shared through this website and guarantees that he or she has the right to communicate or disseminate them, freeing the Data Controller from any liability towards third parties.

CLAUSE A – BROWSING DATA

The computer systems and applications dedicated to the operation of the website https://www.ombf.it/it/ may detect, during the navigation of the Users, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. The data collected include: internet protocol (IP) address Used to connect Your computer to the Internet computer; browser type; la the position, the model and the time zone of your device; parameters of the device used to connect to the site; name of the internet service provider (ISP); date and time of visit; web page of origin of the visitor (referral) and exit; possibly the number of clicks,....and other parameters concerning the operating system and the IT environment used by the User.

Our site collects some of these data and in some cases also through cookies (for more information, please refer to the Cookie Policy) for the following PURPOSES:

1. Security or compliance with legal obligations

In relation to access to the system. The data may be disclosed to the competent authorities, upon their request, for reasons of security and public interest; to fulfill any type of obligation contemplated and required by applicable laws, regulations, related provisions, and commercial practices, particularly those relating to tax/fiscal matters.

LEGAL BASIS: legal obligation, Art. 6, par. 1, letter c) of the GDPR.

NATURE OF THE DATA TRANSFER: necessary

PERIOD OF RETENTION: The data collected are processed for the time necessary to fulfill the aforementioned purposes and as required by law, in any case for a period no longer than that stated by civil law, therefore for 10 years.

2.Technical/Functional Cookies

To make the website usable, enabling basic functionality because the website cannot function properly without these cookies. For more information on which cookies we use, please refer to the cookie policy section on Technical/Functional Cookies.

DATA COLLECTED: Usage data collected with cookies

LEGAL BASIS: Performance of a service, a contract or pre-contractual measures Art. 6, par. 1, letter b)

NATURE OF THE DATA TRANSFER: The provision of data is necessary to make the site and the service requested by users usable.

PERIOD OF RETENTION: according to the retention terms of the tracking systems indicated in the Cookie Policy.

3. Statistics

To collect aggregate information on the number of Users and how they visit the Site, therefore for statistical purposes. For more information on which cookies we use, please refer to the cookie policy in the section on Statistics Cookies.

DATA COLLECTED: Usage data collected with cookies

LEGAL BASIS: consent pursuant to Art. 6, par. 1, letter a) of GDPR.

NATURE OF THE DATA TRANSFER: optional, the consent is expressed by the User through the information banner of the cookies.

PERIOD OF RETENTION: according to the retention terms of the tracking systems indicated in the Cookie Policy.

4. Advertising and Profiling

To encourage users to return to our site by showing them our ads while they browse other websites, to serve personalized ads, and to measure their performance through remarketing cookies. For more information on which cookies we use, please refer to the Marketing/Profiling Cookies section of the cookie policy.

DATA COLLECTED: Usage data collected with cookies

LEGAL BASIS: consent pursuant to Art. 6, par. 1, letter a) of the GDPR.

NATURE OF THE DATA TRANSFER: optional, the conse3nt is expressed by the User through the information banner of the cookies.

PERIOD OF RETENTION: until consent is revoked in accordance with the retention terms of the tracking systems indicated in the Cookie Policy.

CLAUSE B - DATA PROVIDED VOLUNTARILY BY THE USER

The Site may collect other personal data in addition to browsing data, if the User voluntarily uses the services offered by the portal, such as commenting services, communication services (contact forms, quote requests), and newsletter subscriptions.

When providing data is mandatory, this is marked with an asterisk; conversely, all other data is optional but, if provided, will allow the Data Subject to be contacted through other means. His/her data will be used to provide the requested service and also for other purposes, including marketing and profiling where applicable, pursuant to specific legal bases.

You may provide data through the following areas of the Site:

Through the contact area

It allows the User to send requests to the Data Controller via the form, as well as to receive commercial offers upon specific consent where the checkbox is present.

DATA COLLECTED: common data such as: name, surname, email, and telephone number.

Provided for the following PURPOSES.

Request Management

Used to process requests made by Users.

LEGAL BASIS: Performance of a service, a contract, or pre-contractual measures, including quotes, Art. 6, paragraph 1, letter b)

NATURE OF THE DATA TRANSFER: Providing the data marked with an asterisk is necessary to process requests; the other data are optional.

PERIOD OF RETENTION: For the time necessary to process the request or for the validity period of the quote agreed upon between the parties. Conversely, when the data is collected for purposes related to the performance of a contract between the Data Controller and the User, it will be retained until the performance of that contract is completed, and consequently for 10 years from the last registration pursuant to Article 2220 of the Italian Civil Code.

Soft spam

To send commercial communications and information regarding the company's sector or personalized ads and to measure their performance, having as . having as their object purchased Services/Products (when there is a fair balance between the interests of the Owner and the rights of the Customer and a relevant and appropriate relationship exists)

LEGAL BASIS: legitimate interest of the Data Controller, Art. 6, par. 1, letter f) of the GDPR.

NATURE OF THE DATA TRANSFER: Automatic because the user is a customer of the Data Controller, therefore without the need for the express and prior consent of the User, as provided for by Art. 130, paragraph 4, of the Privacy Code; This processing is based on Art. 130, paragraph 4, of the Privacy Code as amended by Legislative Decree no. 101 of 2018

PERIOD OF RETENTION: Until consent is revoked (opt-out)

Direct Marketing

To send commercial communications and information regarding the company's sector or personalized ads and to measure their performance. This includes sending newsletters, including DEM, SMS, and WhatsApp campaigns.

LEGAL BASIS: consent pursuant to Art. 6, par. 1, letter a) of the GDPR, expressed with the double opt-in procedure.

NATURE OF THE DATA TRANSFER: Optional, consent expressed by the User by selecting the relevant box. Failure to do so will only result in the failure to send commercial proposals but will not prevent the processing of requests.

PERIOD OF RETENTION: Until consent is revoked (opt-out).

Through the “online configurator” module

Provided for the following PURPOSE.

Configure the product

This function allows the User to configure a customized solution, equipping any standard machine with customizations or conducting a feasibility study for the creation of a new, specialized machine that perfectly adapts to the specific needs of the wine production line or beverage industry.

LEGAL BASIS: Performance of a service, a contract, or pre-contractual measures, including estimates, Art. 6, paragraph 1, letter b)

NATURE OF THE DATA TRANSFER: Providing the data marked with an asterisk is necessary to process your requests; the other data are optional.

By contacting the Data Controller directly using the contact details provided in the footer.

This allows the User to send requests to the data controller using the contact details provided in the footer.

DATA COLLECTED: those provided by the User spontaneously at the time of contact.

They are collected for the following PURPOSE:

Processing requests

The data are provided for the purpose of managing and processing requests.

LEGAL BASIS: Performance of a service, a contract, or pre-contractual measures (Art. 6, par. 1, letter b).

NATURE OF THE DATA TRANSFER: Providing your data is necessary to process your requests.

TITLE IV – METHODS OF DATA PROCESSING

The Processing of the personal data provided by the Users is performed by means the operations indicated at art. 4 n. 2) of GDPR, and precisely “collection recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data”.

The processing of the data of the interested parties (Users) takes place by using tools and procedures suitable to guarantee a high level of security and confidentiality, pursuant to art. 32 of the GDPR, by specifically authorized parties, in compliance with the provisions of art. 29 of the GDPR, and can be done both through our website and through other electronic means, and sometimes even by telephone or with the aid of paper supports. Specifically, our Site has an SSL certificate and uses the HTTPS protocol to make personal data more secure. By using this protocol, the transactions and the data transmissions on the websites occur with utmost security and the content of the communication is not manipulated by third parties.

TITLE V – RECIPIENTS AND DATA TRANSFER

The Data Controller processes User data in compliance with the personal data protection obligations set forth in applicable legislation. The Data Controller ensures that the duty of confidentiality is also respected by its interns, employees, and/or collaborators and guarantees that your data will not be disclosed to unspecified parties by making it available or consulting it.

CLAUSE A - RECIPIENTS

In relation to the purposes indicated above, personal data are communicated, with this term meaning making them known to one or more specific subjects, to the following subjects:

Autorized

Collaborators or other personnel authorized to process data (for example, administrative, commercial, accounting, and system administrator personnel) to the extent necessary to carry out their duties at the Data Controller, subject to a letter of appointment as an authorized person imposing a duty of confidentiality and security.

External Processors

Parties appointed as external processors pursuant to Art. 28 of the GDPR, including those who provide services for the management of the information system used by the Data Controller and telecommunications networks (email, newsletter, website management, hosting, etc.), or freelancers, firms, or companies providing assistance and consulting services (accountants, lawyers, etc.), or our consultants, to the extent necessary to carry out their duties, with the obligation of confidentiality and security. The following are indicated:

- The website is hosted by GreenGeeks LLC, located in the United States.

- For the development of the website, we use the services provided by Joomla, located in the United States. For more information on the processing locations, please visit https://www.joomla.org/privacy-policy.html.

For spam protection, we use reCAPTCHA provided by Google, located in Ireland and the United States.

- For cookie statistics, we use the Google Analytics tool provided by Google Ireland Limited and its affiliates, located in Ireland and the United States.

- For tracking marketing/profiling cookies, we use the following services: Google ADS provided by Google Ireland Limited and its affiliates, located in Ireland and the United States; Facebook and Instagram provided by Meta Platforms, Inc., located in the United States.

Indipendent Data Controller

Parties operating completely independently as separate, independent data controllers who need to access the data for purposes ancillary to the relationship with the Data Controller (for example, companies that conduct commercial research on behalf of the Data Controller).

Public or private entities that may access the data pursuant to regulations and legal provisions, or to which we have a disclosure obligation, within their respective and specific jurisdiction, always within the limits established therein, such as:

- judicial or tax authorities (e.g., for accounting or tax reasons, etc.) if there is a legal notification requirement;

- other recipients (e.g., banks)

CLAUSE B – DATA TRANSFER

The Data Controller uses exclusively certified service providers, transferring personal data to them only when strictly necessary to perform their duties, subject to prior verification of compliance with confidentiality and security obligations. Some of the providers, already listed in Title V, Clause A of this policy, are:

In EES

The Countries belonging to the European Economic Space (EES, i.e. EU + Norway, Liechtenstein, Iceland).

Extra EES

Those countries whose adequacy is recognized by a decision of the European Commission (Article 45 of EU Regulation 2016/679), specifically:

- in the United States, to third parties that have adhered to the Data Privacy Framework protocol.

Transfers are authorized and no further consent is required, as they occur in accordance with applicable legal provisions and, in particular, Articles 44, 45, 46, 47, 48, and 49 of the GDPR and other applicable laws.

The interested party may request further information by writing to the following email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

TITLE VI – PERIOD OF DATA RETENTION

In compliance with the principles of lawfulness, purpose limitation, retention, and data minimization, pursuant to Article 5 of the GDPR, the retention period for Users' personal data is established for a period of time no longer than is necessary to achieve the purposes for which they were collected and processed, or for the entire duration of the aforementioned purposes. For further information, please refer to TITLE III of this Policy (what data we process and why).

At the end of the retention period, the Data Subjects' Personal Data will be deleted from all physical and electronic media (registry/database) of the Data Controller.

TITLE VII – RIGHTS OF THE USER

CLAUSE A – WHICH ARE YOUR RIGHTS

Below you can find your rights. Please always inform us of any changes to your personal data so we can ensure that the data we collect is accurate and up-to-date.

Access

Access your data as required by Article 15 of the GDPR

Rectification

Request to modify your data as required by Article 16 of the GDPR

Cancellation

Request to cancel your data, pursuant to Art. 17 of GDPR

Limitation

C Request that your data not be subjected to further processing and no longer be modified pursuant to Art. 18 of the GDPR. Please note that the collection of website navigation data, so-called technical or functional cookies (limited to those collected to make the website usable, enabling only basic functions), are essential for the functioning of the site itself. Users, therefore, have no right to limit this processing.

Portability

Possibility to receive personal data concerning him or her, processed by automated means, in a structured, commonly used, and machine-readable format, and to transmit that data to another Data Controller or directly transfer it, pursuant to Art. 20 of the GDPR.

Objection

Right to object to the processing of data concerning you, including the sending of advertising materials, direct sales materials, and market research materials (pursuant to Art. 21 of the GDPR).

Complaint

The right to lodge a complaint or report to the Data Protection Authority (Garante della Privacy), as the supervisory authority for personal data protection, or to appeal to the Judicial Authority.

CLAUSE B - HOW YOU CAN EXERCISE YOUR RIGHTS

The User may exercise the rights listed above by submitting a request to O.M.B.F., pursuant to Article 38 of the GDPR, to the email address: This email address is being protected from spambots. You need JavaScript enabled to view it..

The Data Controller will confirm receipt of your request and provide information on the action taken, with reference to the exercise of your rights provided for in articles 15 to 22 of the GDPR.

In the event that the Data Controller does not comply with the User's request within 1 (one) month of receipt of the request, the latter will be informed of the reasons for non-compliance, informing as of now of the User's right to lodge a complaint with the Supervisory Authority (Guarantor for the protection of personal data - GPDP), as specified pursuant to art. 13, paragraph 2, letter (d) and governed by articles 77 et seq. of the GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.

TITLE VIII – DEFENSE IN COURT

The User's Personal Data may be used by the Controller for the defence in Court or in the stages leading to its possible establishment, in the event of abuses or violations perpetrated by the User. The User also declares to be aware that the Controller may be required to disclose the Data at the request of public authorities.

TITLE IX - MINORS

The Data Controller does not intentionally collect data from minors under 18 through the Site.