Oglut Logo

Privacy Policy

Last updated: April 2026

1. Introduction

Oglut srl, as Data Controller under Regulation (EU) 2016/679 («GDPR»), considers privacy and personal data protection a primary objective. This Privacy Policy describes the processing activities carried out by Oglut srl through the website oglut.com (including the English pages under the path /en).

Personal data is processed in accordance with the principles of fairness, lawfulness, transparency, purpose and storage limitation, minimisation and accuracy, integrity and confidentiality, as well as the accountability principle under Article 5 of the GDPR.

«Processing» means any operation performed on personal data, such as collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available.

2. Data Controller

The Data Controller is Oglut srl, with registered office at Viale Tito Livio 67, 00136 Rome, Italy, Italian VAT and tax code number 15766701005, represented by the legal representative pro tempore. For any request regarding the processing of personal data you can write to privacy@oglut.com.

3. Applicable Laws and Regulations

The regulatory sources for personal data protection are:

  • Regulation (EU) 2016/679 of 27 April 2016 («GDPR»)
  • Italian Legislative Decree No. 196 of 30 June 2003 («Privacy Code»)
  • Italian Legislative Decree No. 101 of 10 August 2018 aligning national legislation with the GDPR

4. Personal Data Processed

Visiting and browsing the website does not, as a rule, involve the collection and processing of personal data, save for browsing data and cookies (see Cookie Policy). In addition, personal data voluntarily provided by the user may be processed.

4.1 Browsing Data

The IT systems and software procedures used to operate the website acquire certain personal data whose transmission is implicit in the use of the Internet communication protocols. This category includes:

  • IP addresses and domain names of the devices used
  • URIs of the requested resources
  • request timestamp and HTTP method used
  • size of the file obtained and server response status code
  • parameters regarding the user's operating system and browser

This data is used solely for the purpose of obtaining anonymous statistical information on the use of the site, verifying its correct operation, identifying anomalies and/or abuse, and is deleted immediately after processing. It may be used to ascertain liability in the event of alleged computer crimes.

4.2 Data Voluntarily Provided

This Privacy Policy also applies to data voluntarily provided by the user through the site to obtain information or be contacted, in particular through:

  • the contact form on the Contact page (name, email, subject, message)
  • the newsletter subscription form in the footer (email address)
  • any communications sent to our contact email addresses

If the user provides personal data of third parties, they must ensure that the disclosure and subsequent processing comply with the GDPR and applicable law.

4.3 Interaction with Social Networks

The site may contain links to Oglut's profiles on social networks (LinkedIn, Facebook, Instagram). These links are not sharing plug-ins and do not transmit browsing data to social networks until the user actively follows them. If the user chooses to click, the relevant social network may associate the browsing data with any connected account according to its own policies; we therefore invite you to consult the privacy notices of the individual social networks.

4.4 Cookies

For information about the cookies used by the site, please refer to the specific Cookie Policy.

4.5 Special Categories of Data

We do not collect special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, data concerning sexual life or sexual orientation) unless such information is spontaneously provided by the user or is necessary to comply with legal obligations.

5. Purposes of Processing

Personal data is processed for the following purposes:

  1. to enable and ensure the correct browsing of the site
  2. to respond to specific requests for information and contact via email, phone or online form
  3. to send the newsletter and informational communications about Oglut's services and products to users who request them
  4. to comply with obligations under laws, regulations or EU legislation, and to fulfil requests from competent authorities
  5. to assert or defend a legitimate right, of the Controller or of third parties, in court and/or administrative proceedings
  6. for research and statistical analysis on aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the site's operation and user interest

6. Legal Bases and Nature of the Disclosure

Purpose Legal basis Disclosure
Correct browsing of the site (5.1) Art. 6(1)(f) — legitimate interest of the Controller No active disclosure required
Response to information / contact requests (5.2); defence of a right (5.5) Art. 6(1)(b) — pre-contractual measures; Art. 6(1)(f) — legitimate interest Optional; failure to provide prevents handling the request
Newsletter subscription (5.3) Art. 6(1)(a) — explicit consent Optional and revocable at any time
Compliance with legal obligations (5.4) Art. 6(1)(c) — legal obligation Processing is necessary to comply with the law
Aggregated / anonymous statistical analysis (5.6) Does not involve the processing of identifiable personal data

7. Recipients of Personal Data

Personal data may be shared with the following categories of recipients:

  • persons authorised to process data within the Controller's organisation, tasked with managing the site, the IT system and the communication networks, bound to confidentiality
  • parties acting as Data Processors under Article 28 GDPR (hosting providers, cloud services, analytics tools, email and newsletter providers), contractually bound to confidentiality and limited to the information necessary to carry out their respective activities
  • persons, entities or authorities to whom it is mandatory to communicate personal data pursuant to legal provisions or orders of the authorities

The complete and up-to-date list of Data Processors is available upon written request at privacy@oglut.com. Data is not disseminated or communicated for purposes other than those indicated above, except as necessary to comply with legal obligations.

8. Transfers of Data Outside the EU

Personal data is stored on servers located within the European Economic Area (EEA). Should a transfer outside the EEA become necessary due to the use of specific service providers, it will take place — where the conditions are met — pursuant to Art. 45 GDPR to countries covered by an adequacy decision of the European Commission, or, failing such a decision, upon execution of the Standard Contractual Clauses (SCCs) adopted by the Commission pursuant to Art. 46(2)(c), or on the basis of Binding Corporate Rules, or, as a last resort, with the consent of the data subject.

9. Processing Methods and Security

The Controller is committed to protecting the security of the user's personal data and complies with the security provisions laid down by applicable law to avoid data loss, unlawful or illegitimate use and unauthorised access.

The information systems and programs used are configured so as to minimise the use of personal and identifying data; such data is processed only to achieve the specific purposes pursued from time to time.

The Controller adopts appropriate technical and organisational measures, including transit encryption (HTTPS/TLS), role-based access controls, segregation of development and production environments, and periodic backups. The user can help keep their data accurate by promptly communicating any changes to their contact details.

10. Data Retention

Personal data processed for the purposes in sections 5.1 and 5.2 is retained for the time strictly necessary to achieve such purposes; in any case, for the period prescribed by Italian law in order to protect the Controller's interests (Art. 2946 of the Italian Civil Code and following).

Data collected for newsletter delivery (section 5.3) is retained until consent is withdrawn by the data subject, which can be done at any time via the unsubscribe link in every message or by writing to privacy@oglut.com.

Data processed for the purposes in section 5.4 is retained for the period set by the specific applicable legal obligation.

For the purposes in section 5.5, data is processed within the limits of the purposes pursued and/or until the data subject exercises the right to object.

11. Rights of the Data Subject

At any time, the data subject may exercise, before the Controller, the rights provided for in Articles 15 to 22 of the GDPR. In order to exercise these rights correctly, the data subject must be unequivocally identifiable. The Controller undertakes to provide a response within 30 days and, if unable to comply with such deadline, to justify any extension. The response is free of charge, except in cases of manifestly unfounded or excessive requests, for which a reasonable contribution to expenses may be charged, not exceeding the costs actually incurred.

  • Access (Art. 15): obtain confirmation of the existence of processing and access to the data, obtaining a copy within reasonable limits
  • Rectification (Art. 16): obtain the correction of inaccurate data or the completion of incomplete data
  • Erasure (Art. 17): obtain the erasure of data in the cases provided for by the GDPR («right to be forgotten»)
  • Restriction (Art. 18): obtain, in the cases provided for, the marking of stored data with the aim of limiting its future processing
  • Portability (Art. 20): receive in a structured, commonly used and machine-readable format the data provided, and transmit it to another controller without hindrance
  • Objection (Art. 21): object at any time, on grounds relating to the data subject's particular situation, to processing based on legitimate interest, including profiling
  • Withdrawal of consent (Art. 7.3): modify or withdraw at any time the consent given; withdrawal does not affect the lawfulness of processing prior to it
  • No automated decision-making (Art. 22): the Controller does not carry out any automated decision-making process, including profiling, that produces legal or significant effects on the data subject

Rights may be exercised by writing to privacy@oglut.com.

12. Right to Lodge a Complaint

Should the data subject consider that the processing of personal data takes place in breach of the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) pursuant to Art. 77 GDPR and Art. 142 of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, or to bring the matter before the competent judicial authorities (Art. 79 GDPR).

13. Links to Third-Party Websites

The site may contain links to third-party websites, for which the Controller is not responsible for the collection, use or disclosure of data and information. Users are invited to read the privacy notices of the websites they visit before providing any personal information.

14. Changes to the Privacy Policy

The Controller reserves the right to modify or update the content of this Privacy Policy, in part or in full, also as a result of changes in applicable law. Changes will be binding as soon as they are published on the site; users are therefore invited to visit this page periodically to review the most recent version.

15. Contact

To exercise the above rights or for any other request regarding the processing of personal data:

Oglut srl
Viale Tito Livio 67, 00136 Rome, Italy
Italian VAT and tax code number 15766701005
Email: privacy@oglut.com

We use cookies to improve your experience on the site. By continuing to browse you accept our Cookie Policy.

Stay updated on Oglut

Subscribe to the newsletter to receive news about our products and their evolutions.

Thanks! Please check your inbox to confirm the subscription.